1 /*- 2 * Copyright (c) 1992, 1993, 1994, 1995 Jan-Simon Pendry. 3 * Copyright (c) 1992, 1993, 1994, 1995 4 * The Regents of the University of California. All rights reserved. 5 * 6 * This code is derived from software contributed to Berkeley by 7 * Jan-Simon Pendry. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)union_vnops.c 8.32 (Berkeley) 6/23/95 34 * $FreeBSD$ 35 */ 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/fcntl.h> 40 #include <sys/stat.h> 41 #include <sys/kernel.h> 42 #include <sys/vnode.h> 43 #include <sys/mount.h> 44 #include <sys/namei.h> 45 #include <sys/malloc.h> 46 #include <sys/bio.h> 47 #include <sys/buf.h> 48 #include <sys/lock.h> 49 #include <sys/sysctl.h> 50 #include <sys/unistd.h> 51 #include <sys/acl.h> 52 #include <sys/event.h> 53 #include <sys/extattr.h> 54 #include <sys/mac.h> 55 #include <fs/unionfs/union.h> 56 57 #include <vm/vm.h> 58 #include <vm/vnode_pager.h> 59 60 #include <vm/vm_page.h> 61 #include <vm/vm_object.h> 62 63 int uniondebug = 0; 64 65 #if UDEBUG_ENABLED 66 SYSCTL_INT(_vfs, OID_AUTO, uniondebug, CTLFLAG_RW, &uniondebug, 0, ""); 67 #else 68 SYSCTL_INT(_vfs, OID_AUTO, uniondebug, CTLFLAG_RD, &uniondebug, 0, ""); 69 #endif 70 71 static vop_access_t union_access; 72 static vop_aclcheck_t union_aclcheck; 73 static vop_advlock_t union_advlock; 74 static vop_close_t union_close; 75 static vop_closeextattr_t union_closeextattr; 76 static vop_create_t union_create; 77 static vop_deleteextattr_t union_deleteextattr; 78 static vop_fsync_t union_fsync; 79 static vop_getacl_t union_getacl; 80 static vop_getattr_t union_getattr; 81 static vop_getextattr_t union_getextattr; 82 static vop_inactive_t union_inactive; 83 static vop_ioctl_t union_ioctl; 84 static vop_lease_t union_lease; 85 static vop_link_t union_link; 86 static vop_listextattr_t union_listextattr; 87 static vop_lookup_t union_lookup; 88 static int union_lookup1(struct vnode *udvp, struct vnode **dvp, 89 struct vnode **vpp, 90 struct componentname *cnp); 91 static vop_mkdir_t union_mkdir; 92 static vop_mknod_t union_mknod; 93 static vop_open_t union_open; 94 static vop_openextattr_t union_openextattr; 95 static vop_pathconf_t union_pathconf; 96 static vop_print_t union_print; 97 static vop_read_t union_read; 98 static vop_readdir_t union_readdir; 99 static vop_readlink_t union_readlink; 100 static vop_getwritemount_t union_getwritemount; 101 static vop_reclaim_t union_reclaim; 102 static vop_remove_t union_remove; 103 static vop_rename_t union_rename; 104 static vop_rmdir_t union_rmdir; 105 static vop_poll_t union_poll; 106 static vop_setacl_t union_setacl; 107 static vop_setattr_t union_setattr; 108 static vop_setlabel_t union_setlabel; 109 static vop_setextattr_t union_setextattr; 110 static vop_strategy_t union_strategy; 111 static vop_symlink_t union_symlink; 112 static vop_whiteout_t union_whiteout; 113 static vop_write_t union_write; 114 115 static __inline 116 struct vnode * 117 union_lock_upper(struct union_node *un, struct thread *td) 118 { 119 struct vnode *uppervp; 120 121 if ((uppervp = un->un_uppervp) != NULL) { 122 VREF(uppervp); 123 vn_lock(uppervp, LK_EXCLUSIVE | LK_CANRECURSE | LK_RETRY, td); 124 } 125 KASSERT((uppervp == NULL || vrefcnt(uppervp) > 0), ("uppervp usecount is 0")); 126 return(uppervp); 127 } 128 129 static __inline 130 void 131 union_unlock_upper(struct vnode *uppervp, struct thread *td) 132 { 133 vput(uppervp); 134 } 135 136 static __inline 137 struct vnode * 138 union_lock_other(struct union_node *un, struct thread *td) 139 { 140 struct vnode *vp; 141 142 if (un->un_uppervp != NULL) { 143 vp = union_lock_upper(un, td); 144 } else if ((vp = un->un_lowervp) != NULL) { 145 VREF(vp); 146 vn_lock(vp, LK_EXCLUSIVE | LK_CANRECURSE | LK_RETRY, td); 147 } 148 return(vp); 149 } 150 151 static __inline 152 void 153 union_unlock_other(struct vnode *vp, struct thread *td) 154 { 155 vput(vp); 156 } 157 158 /* 159 * union_lookup: 160 * 161 * udvp must be exclusively locked on call and will remain 162 * exclusively locked on return. This is the mount point 163 * for our filesystem. 164 * 165 * dvp Our base directory, locked and referenced. 166 * The passed dvp will be dereferenced and unlocked on return 167 * and a new dvp will be returned which is locked and 168 * referenced in the same variable. 169 * 170 * vpp is filled in with the result if no error occured, 171 * locked and ref'd. 172 * 173 * If an error is returned, *vpp is set to NULLVP. If no 174 * error occurs, *vpp is returned with a reference and an 175 * exclusive lock. 176 */ 177 178 static int 179 union_lookup1(udvp, pdvp, vpp, cnp) 180 struct vnode *udvp; 181 struct vnode **pdvp; 182 struct vnode **vpp; 183 struct componentname *cnp; 184 { 185 int error; 186 struct thread *td = cnp->cn_thread; 187 struct vnode *dvp = *pdvp; 188 struct vnode *tdvp; 189 struct mount *mp; 190 191 /* 192 * If stepping up the directory tree, check for going 193 * back across the mount point, in which case do what 194 * lookup would do by stepping back down the mount 195 * hierarchy. 196 */ 197 if (cnp->cn_flags & ISDOTDOT) { 198 while ((dvp != udvp) && (dvp->v_vflag & VV_ROOT)) { 199 /* 200 * Don't do the NOCROSSMOUNT check 201 * at this level. By definition, 202 * union fs deals with namespaces, not 203 * filesystems. 204 */ 205 tdvp = dvp; 206 dvp = dvp->v_mount->mnt_vnodecovered; 207 VREF(dvp); 208 vput(tdvp); 209 vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY, td); 210 } 211 } 212 213 /* 214 * Set return dvp to be the upperdvp 'parent directory. 215 */ 216 *pdvp = dvp; 217 218 /* 219 * If the VOP_LOOKUP() call generates an error, tdvp is invalid and 220 * no changes will have been made to dvp, so we are set to return. 221 */ 222 223 error = VOP_LOOKUP(dvp, &tdvp, cnp); 224 if (error) { 225 UDEBUG(("dvp %p error %d flags %lx\n", dvp, error, cnp->cn_flags)); 226 *vpp = NULL; 227 return (error); 228 } 229 230 /* 231 * The parent directory will have been unlocked, unless lookup 232 * found the last component or if dvp == tdvp (tdvp must be locked). 233 * 234 * We want our dvp to remain locked and ref'd. We also want tdvp 235 * to remain locked and ref'd. 236 */ 237 UDEBUG(("parentdir %p result %p flag %lx\n", dvp, tdvp, cnp->cn_flags)); 238 239 if (dvp != tdvp && (cnp->cn_flags & ISLASTCN) == 0) 240 vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY, td); 241 242 /* 243 * Lastly check if the current node is a mount point in 244 * which case walk up the mount hierarchy making sure not to 245 * bump into the root of the mount tree (ie. dvp != udvp). 246 * 247 * We use dvp as a temporary variable here, it is no longer related 248 * to the dvp above. However, we have to ensure that both *pdvp and 249 * tdvp are locked on return. 250 */ 251 252 dvp = tdvp; 253 while ( 254 dvp != udvp && 255 (dvp->v_type == VDIR) && 256 (mp = dvp->v_mountedhere) 257 ) { 258 int relock_pdvp = 0; 259 260 if (vfs_busy(mp, 0, 0, td)) 261 continue; 262 263 if (dvp == *pdvp) 264 relock_pdvp = 1; 265 vput(dvp); 266 dvp = NULL; 267 error = VFS_ROOT(mp, &dvp, td); 268 269 vfs_unbusy(mp, td); 270 271 if (relock_pdvp) 272 vn_lock(*pdvp, LK_EXCLUSIVE | LK_RETRY, td); 273 274 if (error) { 275 *vpp = NULL; 276 return (error); 277 } 278 } 279 *vpp = dvp; 280 return (0); 281 } 282 283 static int 284 union_lookup(ap) 285 struct vop_lookup_args /* { 286 struct vnodeop_desc *a_desc; 287 struct vnode *a_dvp; 288 struct vnode **a_vpp; 289 struct componentname *a_cnp; 290 } */ *ap; 291 { 292 int error; 293 int uerror, lerror; 294 struct vnode *uppervp, *lowervp; 295 struct vnode *upperdvp, *lowerdvp; 296 struct vnode *dvp = ap->a_dvp; /* starting dir */ 297 struct union_node *dun = VTOUNION(dvp); /* associated union node */ 298 struct componentname *cnp = ap->a_cnp; 299 struct thread *td = cnp->cn_thread; 300 int lockparent = cnp->cn_flags & LOCKPARENT; 301 struct union_mount *um = MOUNTTOUNIONMOUNT(dvp->v_mount); 302 struct ucred *saved_cred = NULL; 303 int iswhiteout; 304 struct vattr va; 305 306 *ap->a_vpp = NULLVP; 307 308 /* 309 * Disallow write attempts to the filesystem mounted read-only. 310 */ 311 if ((cnp->cn_flags & ISLASTCN) && 312 (dvp->v_mount->mnt_flag & MNT_RDONLY) && 313 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 314 return (EROFS); 315 } 316 317 /* 318 * For any lookups we do, always return with the parent locked. 319 */ 320 cnp->cn_flags |= LOCKPARENT; 321 322 lowerdvp = dun->un_lowervp; 323 uppervp = NULLVP; 324 lowervp = NULLVP; 325 iswhiteout = 0; 326 327 uerror = ENOENT; 328 lerror = ENOENT; 329 330 /* 331 * Get a private lock on uppervp and a reference, effectively 332 * taking it out of the union_node's control. 333 * 334 * We must lock upperdvp while holding our lock on dvp 335 * to avoid a deadlock. 336 */ 337 upperdvp = union_lock_upper(dun, td); 338 339 /* 340 * Do the lookup in the upper level. 341 * If that level consumes additional pathnames, 342 * then assume that something special is going 343 * on and just return that vnode. 344 */ 345 if (upperdvp != NULLVP) { 346 /* 347 * We do not have to worry about the DOTDOT case, we've 348 * already unlocked dvp. 349 */ 350 UDEBUG(("A %p\n", upperdvp)); 351 352 /* 353 * Do the lookup. We must supply a locked and referenced 354 * upperdvp to the function and will get a new locked and 355 * referenced upperdvp back, with the old having been 356 * dereferenced. 357 * 358 * If an error is returned, uppervp will be NULLVP. If no 359 * error occurs, uppervp will be the locked and referenced. 360 * Return vnode, or possibly NULL, depending on what is being 361 * requested. It is possible that the returned uppervp 362 * will be the same as upperdvp. 363 */ 364 uerror = union_lookup1(um->um_uppervp, &upperdvp, &uppervp, cnp); 365 UDEBUG(( 366 "uerror %d upperdvp %p %d/%d, uppervp %p ref=%d/lck=%d\n", 367 uerror, 368 upperdvp, 369 vrefcnt(upperdvp), 370 VOP_ISLOCKED(upperdvp, NULL), 371 uppervp, 372 (uppervp ? vrefcnt(uppervp) : -99), 373 (uppervp ? VOP_ISLOCKED(uppervp, NULL) : -99) 374 )); 375 376 /* 377 * Disallow write attempts to the filesystem mounted read-only. 378 */ 379 if (uerror == EJUSTRETURN && (cnp->cn_flags & ISLASTCN) && 380 (dvp->v_mount->mnt_flag & MNT_RDONLY) && 381 (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME)) { 382 error = EROFS; 383 goto out; 384 } 385 386 /* 387 * Special case: If cn_consume != 0 then skip out. The result 388 * of the lookup is transfered to our return variable. If 389 * an error occured we have to throw away the results. 390 */ 391 392 if (cnp->cn_consume != 0) { 393 if ((error = uerror) == 0) { 394 *ap->a_vpp = uppervp; 395 uppervp = NULL; 396 } 397 goto out; 398 } 399 400 /* 401 * Calculate whiteout, fall through. 402 */ 403 404 if (uerror == ENOENT || uerror == EJUSTRETURN) { 405 if (cnp->cn_flags & ISWHITEOUT) { 406 iswhiteout = 1; 407 } else if (lowerdvp != NULLVP) { 408 int terror; 409 410 terror = VOP_GETATTR(upperdvp, &va, 411 cnp->cn_cred, cnp->cn_thread); 412 if (terror == 0 && (va.va_flags & OPAQUE)) 413 iswhiteout = 1; 414 } 415 } 416 } 417 418 /* 419 * In a similar way to the upper layer, do the lookup 420 * in the lower layer. This time, if there is some 421 * component magic going on, then vput whatever we got 422 * back from the upper layer and return the lower vnode 423 * instead. 424 */ 425 426 if (lowerdvp != NULLVP && !iswhiteout) { 427 int nameiop; 428 429 UDEBUG(("B %p\n", lowerdvp)); 430 431 /* 432 * Force only LOOKUPs on the lower node, since 433 * we won't be making changes to it anyway. 434 */ 435 nameiop = cnp->cn_nameiop; 436 cnp->cn_nameiop = LOOKUP; 437 if (um->um_op == UNMNT_BELOW) { 438 saved_cred = cnp->cn_cred; 439 cnp->cn_cred = um->um_cred; 440 } 441 442 /* 443 * We shouldn't have to worry about locking interactions 444 * between the lower layer and our union layer (w.r.t. 445 * `..' processing) because we don't futz with lowervp 446 * locks in the union-node instantiation code path. 447 * 448 * union_lookup1() requires lowervp to be locked on entry, 449 * and it will be unlocked on return. The ref count will 450 * not change. On return lowervp doesn't represent anything 451 * to us so we NULL it out. 452 */ 453 VREF(lowerdvp); 454 vn_lock(lowerdvp, LK_EXCLUSIVE | LK_RETRY, td); 455 lerror = union_lookup1(um->um_lowervp, &lowerdvp, &lowervp, cnp); 456 if (lowerdvp == lowervp) 457 vrele(lowerdvp); 458 else 459 vput(lowerdvp); 460 lowerdvp = NULL; /* lowerdvp invalid after vput */ 461 462 if (um->um_op == UNMNT_BELOW) 463 cnp->cn_cred = saved_cred; 464 cnp->cn_nameiop = nameiop; 465 466 if (cnp->cn_consume != 0 || lerror == EACCES) { 467 if ((error = lerror) == 0) { 468 *ap->a_vpp = lowervp; 469 lowervp = NULL; 470 } 471 goto out; 472 } 473 } else { 474 UDEBUG(("C %p\n", lowerdvp)); 475 if ((cnp->cn_flags & ISDOTDOT) && dun->un_pvp != NULLVP) { 476 if ((lowervp = LOWERVP(dun->un_pvp)) != NULL) { 477 VREF(lowervp); 478 vn_lock(lowervp, LK_EXCLUSIVE | LK_RETRY, td); 479 lerror = 0; 480 } 481 } 482 } 483 484 /* 485 * Ok. Now we have uerror, uppervp, upperdvp, lerror, and lowervp. 486 * 487 * 1. If both layers returned an error, select the upper layer. 488 * 489 * 2. If the upper layer failed and the bottom layer succeeded, 490 * two subcases occur: 491 * 492 * a. The bottom vnode is not a directory, in which case 493 * just return a new union vnode referencing an 494 * empty top layer and the existing bottom layer. 495 * 496 * b. The bottom vnode is a directory, in which case 497 * create a new directory in the top layer and 498 * and fall through to case 3. 499 * 500 * 3. If the top layer succeeded, then return a new union 501 * vnode referencing whatever the new top layer and 502 * whatever the bottom layer returned. 503 */ 504 505 /* case 1. */ 506 if ((uerror != 0) && (lerror != 0)) { 507 error = uerror; 508 goto out; 509 } 510 511 /* case 2. */ 512 if (uerror != 0 /* && (lerror == 0) */ ) { 513 if (lowervp->v_type == VDIR) { /* case 2b. */ 514 KASSERT(uppervp == NULL, ("uppervp unexpectedly non-NULL")); 515 /* 516 * Oops, uppervp has a problem, we may have to shadow. 517 */ 518 uerror = union_mkshadow(um, upperdvp, cnp, &uppervp); 519 if (uerror) { 520 error = uerror; 521 goto out; 522 } 523 } 524 } 525 526 /* 527 * Must call union_allocvp() with both the upper and lower vnodes 528 * referenced and the upper vnode locked. ap->a_vpp is returned 529 * referenced and locked. lowervp, uppervp, and upperdvp are 530 * absorbed by union_allocvp() whether it succeeds or fails. 531 * 532 * upperdvp is the parent directory of uppervp which may be 533 * different, depending on the path, from dvp->un_uppervp. That's 534 * why it is a separate argument. Note that it must be unlocked. 535 * 536 * dvp must be locked on entry to the call and will be locked on 537 * return. 538 */ 539 540 if (uppervp && uppervp != upperdvp) 541 VOP_UNLOCK(uppervp, 0, td); 542 if (lowervp) 543 VOP_UNLOCK(lowervp, 0, td); 544 if (upperdvp) 545 VOP_UNLOCK(upperdvp, 0, td); 546 547 error = union_allocvp(ap->a_vpp, dvp->v_mount, dvp, upperdvp, cnp, 548 uppervp, lowervp, 1); 549 550 UDEBUG(("Create %p = %p %p refs=%d\n", *ap->a_vpp, uppervp, lowervp, (*ap->a_vpp) ? vrefcnt(*ap->a_vpp) : -99)); 551 552 uppervp = NULL; 553 upperdvp = NULL; 554 lowervp = NULL; 555 556 /* 557 * Termination Code 558 * 559 * - put away any extra junk laying around. Note that lowervp 560 * (if not NULL) will never be the same as *ap->a_vp and 561 * neither will uppervp, because when we set that state we 562 * NULL-out lowervp or uppervp. On the otherhand, upperdvp 563 * may match uppervp or *ap->a_vpp. 564 * 565 * - relock/unlock dvp if appropriate. 566 */ 567 568 out: 569 if (upperdvp) { 570 if (upperdvp == uppervp || upperdvp == *ap->a_vpp) 571 vrele(upperdvp); 572 else 573 vput(upperdvp); 574 } 575 576 if (uppervp) 577 vput(uppervp); 578 579 if (lowervp) 580 vput(lowervp); 581 582 /* 583 * Restore LOCKPARENT state 584 */ 585 586 if (!lockparent) 587 cnp->cn_flags &= ~LOCKPARENT; 588 589 UDEBUG(("Out %d vpp %p/%d lower %p upper %p\n", error, *ap->a_vpp, 590 ((*ap->a_vpp) ? vrefcnt(*ap->a_vpp) : -99), 591 lowervp, uppervp)); 592 593 if (error == 0 || error == EJUSTRETURN) { 594 /* 595 * dvp lock state, determine whether to relock dvp. 596 * We are expected to unlock dvp unless: 597 * 598 * - there was an error (other than EJUSTRETURN), or 599 * - we hit the last component and lockparent is true 600 */ 601 if (*ap->a_vpp != dvp) { 602 if (!lockparent || (cnp->cn_flags & ISLASTCN) == 0) 603 VOP_UNLOCK(dvp, 0, td); 604 } 605 606 if (cnp->cn_namelen == 1 && 607 cnp->cn_nameptr[0] == '.' && 608 *ap->a_vpp != dvp) { 609 #ifdef DIAGNOSTIC 610 vprint("union_lookup: vp", *ap->a_vpp); 611 vprint("union_lookup: dvp", dvp); 612 #endif 613 panic("union_lookup returning . (%p) != startdir (%p)", 614 *ap->a_vpp, dvp); 615 } 616 } 617 618 return (error); 619 } 620 621 /* 622 * union_create: 623 * 624 * a_dvp is locked on entry and remains locked on return. a_vpp is returned 625 * locked if no error occurs, otherwise it is garbage. 626 */ 627 628 static int 629 union_create(ap) 630 struct vop_create_args /* { 631 struct vnode *a_dvp; 632 struct vnode **a_vpp; 633 struct componentname *a_cnp; 634 struct vattr *a_vap; 635 } */ *ap; 636 { 637 struct union_node *dun = VTOUNION(ap->a_dvp); 638 struct componentname *cnp = ap->a_cnp; 639 struct thread *td = cnp->cn_thread; 640 struct vnode *dvp; 641 int error = EROFS; 642 643 if ((dvp = union_lock_upper(dun, td)) != NULL) { 644 struct vnode *vp; 645 struct mount *mp; 646 647 error = VOP_CREATE(dvp, &vp, cnp, ap->a_vap); 648 if (error == 0) { 649 mp = ap->a_dvp->v_mount; 650 VOP_UNLOCK(vp, 0, td); 651 UDEBUG(("ALLOCVP-1 FROM %p REFS %d\n", vp, vrefcnt(vp))); 652 error = union_allocvp(ap->a_vpp, mp, NULLVP, NULLVP, 653 cnp, vp, NULLVP, 1); 654 UDEBUG(("ALLOCVP-2B FROM %p REFS %d\n", *ap->a_vpp, vrefcnt(vp))); 655 } 656 union_unlock_upper(dvp, td); 657 } 658 return (error); 659 } 660 661 static int 662 union_whiteout(ap) 663 struct vop_whiteout_args /* { 664 struct vnode *a_dvp; 665 struct componentname *a_cnp; 666 int a_flags; 667 } */ *ap; 668 { 669 struct union_node *un = VTOUNION(ap->a_dvp); 670 struct componentname *cnp = ap->a_cnp; 671 struct vnode *uppervp; 672 int error; 673 674 switch (ap->a_flags) { 675 case CREATE: 676 case DELETE: 677 uppervp = union_lock_upper(un, cnp->cn_thread); 678 if (uppervp != NULLVP) { 679 error = VOP_WHITEOUT(un->un_uppervp, cnp, ap->a_flags); 680 union_unlock_upper(uppervp, cnp->cn_thread); 681 } else 682 error = EOPNOTSUPP; 683 break; 684 case LOOKUP: 685 error = EOPNOTSUPP; 686 break; 687 default: 688 panic("union_whiteout: unknown op"); 689 } 690 return (error); 691 } 692 693 /* 694 * union_mknod: 695 * 696 * a_dvp is locked on entry and should remain locked on return. 697 * a_vpp is garbagre whether an error occurs or not. 698 */ 699 700 static int 701 union_mknod(ap) 702 struct vop_mknod_args /* { 703 struct vnode *a_dvp; 704 struct vnode **a_vpp; 705 struct componentname *a_cnp; 706 struct vattr *a_vap; 707 } */ *ap; 708 { 709 struct union_node *dun = VTOUNION(ap->a_dvp); 710 struct componentname *cnp = ap->a_cnp; 711 struct vnode *dvp; 712 int error = EROFS; 713 714 if ((dvp = union_lock_upper(dun, cnp->cn_thread)) != NULL) { 715 error = VOP_MKNOD(dvp, ap->a_vpp, cnp, ap->a_vap); 716 union_unlock_upper(dvp, cnp->cn_thread); 717 } 718 return (error); 719 } 720 721 /* 722 * union_open: 723 * 724 * run open VOP. When opening the underlying vnode we have to mimic 725 * vn_open(). What we *really* need to do to avoid screwups if the 726 * open semantics change is to call vn_open(). For example, ufs blows 727 * up if you open a file but do not vmio it prior to writing. 728 */ 729 730 static int 731 union_open(ap) 732 struct vop_open_args /* { 733 struct vnodeop_desc *a_desc; 734 struct vnode *a_vp; 735 int a_mode; 736 struct ucred *a_cred; 737 struct thread *a_td; 738 } */ *ap; 739 { 740 struct union_node *un = VTOUNION(ap->a_vp); 741 struct vnode *tvp; 742 int mode = ap->a_mode; 743 struct ucred *cred = ap->a_cred; 744 struct thread *td = ap->a_td; 745 int error = 0; 746 int tvpisupper = 1; 747 748 /* 749 * If there is an existing upper vp then simply open that. 750 * The upper vp takes precedence over the lower vp. When opening 751 * a lower vp for writing copy it to the uppervp and then open the 752 * uppervp. 753 * 754 * At the end of this section tvp will be left locked. 755 */ 756 if ((tvp = union_lock_upper(un, td)) == NULLVP) { 757 /* 758 * If the lower vnode is being opened for writing, then 759 * copy the file contents to the upper vnode and open that, 760 * otherwise can simply open the lower vnode. 761 */ 762 tvp = un->un_lowervp; 763 if ((ap->a_mode & FWRITE) && (tvp->v_type == VREG)) { 764 int docopy = !(mode & O_TRUNC); 765 error = union_copyup(un, docopy, cred, td); 766 tvp = union_lock_upper(un, td); 767 } else { 768 un->un_openl++; 769 VREF(tvp); 770 vn_lock(tvp, LK_EXCLUSIVE | LK_RETRY, td); 771 tvpisupper = 0; 772 } 773 } 774 775 /* 776 * We are holding the correct vnode, open it. 777 */ 778 779 if (error == 0) 780 error = VOP_OPEN(tvp, mode, cred, td, -1); 781 782 /* 783 * Release any locks held. 784 */ 785 if (tvpisupper) { 786 if (tvp) 787 union_unlock_upper(tvp, td); 788 } else { 789 vput(tvp); 790 } 791 return (error); 792 } 793 794 /* 795 * union_close: 796 * 797 * It is unclear whether a_vp is passed locked or unlocked. Whatever 798 * the case we do not change it. 799 */ 800 801 static int 802 union_close(ap) 803 struct vop_close_args /* { 804 struct vnode *a_vp; 805 int a_fflag; 806 struct ucred *a_cred; 807 struct thread *a_td; 808 } */ *ap; 809 { 810 struct union_node *un = VTOUNION(ap->a_vp); 811 struct vnode *vp; 812 813 if ((vp = un->un_uppervp) == NULLVP) { 814 #ifdef UNION_DIAGNOSTIC 815 if (un->un_openl <= 0) 816 panic("union: un_openl cnt"); 817 #endif 818 --un->un_openl; 819 vp = un->un_lowervp; 820 } 821 ap->a_vp = vp; 822 return (VOP_CLOSE_AP(ap)); 823 } 824 825 /* 826 * Check access permission on the union vnode. 827 * The access check being enforced is to check 828 * against both the underlying vnode, and any 829 * copied vnode. This ensures that no additional 830 * file permissions are given away simply because 831 * the user caused an implicit file copy. 832 */ 833 static int 834 union_access(ap) 835 struct vop_access_args /* { 836 struct vnodeop_desc *a_desc; 837 struct vnode *a_vp; 838 int a_mode; 839 struct ucred *a_cred; 840 struct thread *a_td; 841 } */ *ap; 842 { 843 struct union_node *un = VTOUNION(ap->a_vp); 844 struct thread *td = ap->a_td; 845 int error = EACCES; 846 struct vnode *vp; 847 848 /* 849 * Disallow write attempts on filesystems mounted read-only. 850 */ 851 if ((ap->a_mode & VWRITE) && 852 (ap->a_vp->v_mount->mnt_flag & MNT_RDONLY)) { 853 switch (ap->a_vp->v_type) { 854 case VREG: 855 case VDIR: 856 case VLNK: 857 return (EROFS); 858 default: 859 break; 860 } 861 } 862 863 if ((vp = union_lock_upper(un, td)) != NULLVP) { 864 ap->a_vp = vp; 865 error = VOP_ACCESS_AP(ap); 866 union_unlock_upper(vp, td); 867 return(error); 868 } 869 870 if ((vp = un->un_lowervp) != NULLVP) { 871 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 872 ap->a_vp = vp; 873 874 /* 875 * Remove VWRITE from a_mode if our mount point is RW, because 876 * we want to allow writes and lowervp may be read-only. 877 */ 878 if ((un->un_vnode->v_mount->mnt_flag & MNT_RDONLY) == 0) 879 ap->a_mode &= ~VWRITE; 880 881 error = VOP_ACCESS_AP(ap); 882 if (error == 0) { 883 struct union_mount *um; 884 885 um = MOUNTTOUNIONMOUNT(un->un_vnode->v_mount); 886 887 if (um->um_op == UNMNT_BELOW) { 888 ap->a_cred = um->um_cred; 889 error = VOP_ACCESS_AP(ap); 890 } 891 } 892 VOP_UNLOCK(vp, 0, td); 893 } 894 return(error); 895 } 896 897 /* 898 * We handle getattr only to change the fsid and 899 * track object sizes 900 * 901 * It's not clear whether VOP_GETATTR is to be 902 * called with the vnode locked or not. stat() calls 903 * it with (vp) locked, and fstat() calls it with 904 * (vp) unlocked. 905 * 906 * Because of this we cannot use our normal locking functions 907 * if we do not intend to lock the main a_vp node. At the moment 908 * we are running without any specific locking at all, but beware 909 * to any programmer that care must be taken if locking is added 910 * to this function. 911 */ 912 913 static int 914 union_getattr(ap) 915 struct vop_getattr_args /* { 916 struct vnode *a_vp; 917 struct vattr *a_vap; 918 struct ucred *a_cred; 919 struct thread *a_td; 920 } */ *ap; 921 { 922 int error; 923 struct union_node *un = VTOUNION(ap->a_vp); 924 struct union_mount *um = MOUNTTOUNIONMOUNT(ap->a_vp->v_mount); 925 struct vnode *vp; 926 struct vattr *vap; 927 struct vattr va; 928 929 /* 930 * Some programs walk the filesystem hierarchy by counting 931 * links to directories to avoid stat'ing all the time. 932 * This means the link count on directories needs to be "correct". 933 * The only way to do that is to call getattr on both layers 934 * and fix up the link count. The link count will not necessarily 935 * be accurate but will be large enough to defeat the tree walkers. 936 */ 937 938 vap = ap->a_vap; 939 940 if ((vp = un->un_uppervp) != NULLVP) { 941 error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_td); 942 if (error) 943 return (error); 944 /* XXX isn't this dangerous without a lock? */ 945 union_newsize(ap->a_vp, vap->va_size, VNOVAL); 946 } 947 948 if (vp == NULLVP) { 949 vp = un->un_lowervp; 950 } else if (vp->v_type == VDIR && un->un_lowervp != NULLVP) { 951 vp = un->un_lowervp; 952 vap = &va; 953 } else { 954 vp = NULLVP; 955 } 956 957 if (vp != NULLVP) { 958 error = VOP_GETATTR(vp, vap, ap->a_cred, ap->a_td); 959 if (error) 960 return (error); 961 /* XXX isn't this dangerous without a lock? */ 962 union_newsize(ap->a_vp, VNOVAL, vap->va_size); 963 } 964 965 if (ap->a_vap->va_fsid == um->um_upperdev) 966 ap->a_vap->va_fsid = ap->a_vp->v_mount->mnt_stat.f_fsid.val[0]; 967 968 if ((vap != ap->a_vap) && (vap->va_type == VDIR)) 969 ap->a_vap->va_nlink += vap->va_nlink; 970 return (0); 971 } 972 973 static int 974 union_setattr(ap) 975 struct vop_setattr_args /* { 976 struct vnode *a_vp; 977 struct vattr *a_vap; 978 struct ucred *a_cred; 979 struct thread *a_td; 980 } */ *ap; 981 { 982 struct union_node *un = VTOUNION(ap->a_vp); 983 struct thread *td = ap->a_td; 984 struct vattr *vap = ap->a_vap; 985 struct vnode *uppervp; 986 int error; 987 988 /* 989 * Disallow write attempts on filesystems mounted read-only. 990 */ 991 if ((ap->a_vp->v_mount->mnt_flag & MNT_RDONLY) && 992 (vap->va_flags != VNOVAL || vap->va_uid != (uid_t)VNOVAL || 993 vap->va_gid != (gid_t)VNOVAL || vap->va_atime.tv_sec != VNOVAL || 994 vap->va_mtime.tv_sec != VNOVAL || 995 vap->va_mode != (mode_t)VNOVAL)) { 996 return (EROFS); 997 } 998 999 /* 1000 * Handle case of truncating lower object to zero size 1001 * by creating a zero length upper object. This is to 1002 * handle the case of open with O_TRUNC and O_CREAT. 1003 */ 1004 if (un->un_uppervp == NULLVP && (un->un_lowervp->v_type == VREG)) { 1005 error = union_copyup(un, (ap->a_vap->va_size != 0), 1006 ap->a_cred, ap->a_td); 1007 if (error) 1008 return (error); 1009 } 1010 1011 /* 1012 * Try to set attributes in upper layer, 1013 * otherwise return read-only filesystem error. 1014 */ 1015 error = EROFS; 1016 if ((uppervp = union_lock_upper(un, td)) != NULLVP) { 1017 error = VOP_SETATTR(un->un_uppervp, ap->a_vap, 1018 ap->a_cred, ap->a_td); 1019 if ((error == 0) && (ap->a_vap->va_size != VNOVAL)) 1020 union_newsize(ap->a_vp, ap->a_vap->va_size, VNOVAL); 1021 union_unlock_upper(uppervp, td); 1022 } 1023 return (error); 1024 } 1025 1026 static int 1027 union_read(ap) 1028 struct vop_read_args /* { 1029 struct vnode *a_vp; 1030 struct uio *a_uio; 1031 int a_ioflag; 1032 struct ucred *a_cred; 1033 } */ *ap; 1034 { 1035 struct union_node *un = VTOUNION(ap->a_vp); 1036 struct thread *td = ap->a_uio->uio_td; 1037 struct vnode *uvp; 1038 int error; 1039 1040 uvp = union_lock_other(un, td); 1041 KASSERT(uvp != NULL, ("union_read: backing vnode missing!")); 1042 1043 error = VOP_READ(uvp, ap->a_uio, ap->a_ioflag, ap->a_cred); 1044 union_unlock_other(uvp, td); 1045 1046 /* 1047 * XXX 1048 * Perhaps the size of the underlying object has changed under 1049 * our feet. Take advantage of the offset information present 1050 * in the uio structure. 1051 */ 1052 if (error == 0) { 1053 struct union_node *un = VTOUNION(ap->a_vp); 1054 off_t cur = ap->a_uio->uio_offset; 1055 1056 if (uvp == un->un_uppervp) { 1057 if (cur > un->un_uppersz) 1058 union_newsize(ap->a_vp, cur, VNOVAL); 1059 } else { 1060 if (cur > un->un_lowersz) 1061 union_newsize(ap->a_vp, VNOVAL, cur); 1062 } 1063 } 1064 return (error); 1065 } 1066 1067 static int 1068 union_write(ap) 1069 struct vop_write_args /* { 1070 struct vnode *a_vp; 1071 struct uio *a_uio; 1072 int a_ioflag; 1073 struct ucred *a_cred; 1074 } */ *ap; 1075 { 1076 struct union_node *un = VTOUNION(ap->a_vp); 1077 struct thread *td = ap->a_uio->uio_td; 1078 struct vnode *uppervp; 1079 int error; 1080 1081 if ((uppervp = union_lock_upper(un, td)) == NULLVP) 1082 panic("union: missing upper layer in write"); 1083 1084 error = VOP_WRITE(uppervp, ap->a_uio, ap->a_ioflag, ap->a_cred); 1085 1086 /* 1087 * The size of the underlying object may be changed by the 1088 * write. 1089 */ 1090 if (error == 0) { 1091 off_t cur = ap->a_uio->uio_offset; 1092 1093 if (cur > un->un_uppersz) 1094 union_newsize(ap->a_vp, cur, VNOVAL); 1095 } 1096 union_unlock_upper(uppervp, td); 1097 return (error); 1098 } 1099 1100 static int 1101 union_lease(ap) 1102 struct vop_lease_args /* { 1103 struct vnode *a_vp; 1104 struct thread *a_td; 1105 struct ucred *a_cred; 1106 int a_flag; 1107 } */ *ap; 1108 { 1109 struct vnode *ovp = OTHERVP(ap->a_vp); 1110 1111 ap->a_vp = ovp; 1112 return (VOP_LEASE_AP(ap)); 1113 } 1114 1115 static int 1116 union_ioctl(ap) 1117 struct vop_ioctl_args /* { 1118 struct vnode *a_vp; 1119 u_long a_command; 1120 caddr_t a_data; 1121 int a_fflag; 1122 struct ucred *a_cred; 1123 struct thread *a_td; 1124 } */ *ap; 1125 { 1126 struct vnode *ovp = OTHERVP(ap->a_vp); 1127 1128 ap->a_vp = ovp; 1129 return (VOP_IOCTL_AP(ap)); 1130 } 1131 1132 static int 1133 union_poll(ap) 1134 struct vop_poll_args /* { 1135 struct vnode *a_vp; 1136 int a_events; 1137 struct ucred *a_cred; 1138 struct thread *a_td; 1139 } */ *ap; 1140 { 1141 struct vnode *ovp = OTHERVP(ap->a_vp); 1142 1143 ap->a_vp = ovp; 1144 return (VOP_POLL_AP(ap)); 1145 } 1146 1147 static int 1148 union_fsync(ap) 1149 struct vop_fsync_args /* { 1150 struct vnode *a_vp; 1151 struct ucred *a_cred; 1152 int a_waitfor; 1153 struct thread *a_td; 1154 } */ *ap; 1155 { 1156 int error = 0; 1157 struct thread *td = ap->a_td; 1158 struct vnode *targetvp; 1159 struct union_node *un = VTOUNION(ap->a_vp); 1160 1161 if ((targetvp = union_lock_other(un, td)) != NULLVP) { 1162 error = VOP_FSYNC(targetvp, ap->a_waitfor, td); 1163 union_unlock_other(targetvp, td); 1164 } 1165 1166 return (error); 1167 } 1168 1169 /* 1170 * union_remove: 1171 * 1172 * Remove the specified cnp. The dvp and vp are passed to us locked 1173 * and must remain locked on return. 1174 */ 1175 1176 static int 1177 union_remove(ap) 1178 struct vop_remove_args /* { 1179 struct vnode *a_dvp; 1180 struct vnode *a_vp; 1181 struct componentname *a_cnp; 1182 } */ *ap; 1183 { 1184 struct union_node *dun = VTOUNION(ap->a_dvp); 1185 struct union_node *un = VTOUNION(ap->a_vp); 1186 struct componentname *cnp = ap->a_cnp; 1187 struct thread *td = cnp->cn_thread; 1188 struct vnode *uppervp; 1189 struct vnode *upperdvp; 1190 int error; 1191 1192 if ((upperdvp = union_lock_upper(dun, td)) == NULLVP) 1193 panic("union remove: null upper vnode"); 1194 1195 if ((uppervp = union_lock_upper(un, td)) != NULLVP) { 1196 if (union_dowhiteout(un, cnp->cn_cred, td)) 1197 cnp->cn_flags |= DOWHITEOUT; 1198 if (cnp->cn_flags & DOWHITEOUT) /* XXX fs corruption */ 1199 error = EOPNOTSUPP; 1200 else 1201 error = VOP_REMOVE(upperdvp, uppervp, cnp); 1202 if (!error) 1203 union_removed_upper(un); 1204 union_unlock_upper(uppervp, td); 1205 } else { 1206 error = union_mkwhiteout( 1207 MOUNTTOUNIONMOUNT(ap->a_dvp->v_mount), 1208 upperdvp, ap->a_cnp, un->un_path); 1209 } 1210 union_unlock_upper(upperdvp, td); 1211 return (error); 1212 } 1213 1214 /* 1215 * union_link: 1216 * 1217 * tdvp and vp will be locked on entry. 1218 * tdvp and vp should remain locked on return. 1219 */ 1220 1221 static int 1222 union_link(ap) 1223 struct vop_link_args /* { 1224 struct vnode *a_tdvp; 1225 struct vnode *a_vp; 1226 struct componentname *a_cnp; 1227 } */ *ap; 1228 { 1229 struct componentname *cnp = ap->a_cnp; 1230 struct thread *td = cnp->cn_thread; 1231 struct union_node *dun = VTOUNION(ap->a_tdvp); 1232 struct vnode *vp; 1233 struct vnode *tdvp; 1234 int error = 0; 1235 1236 if (ap->a_tdvp->v_op != ap->a_vp->v_op) { 1237 vp = ap->a_vp; 1238 } else { 1239 struct union_node *tun = VTOUNION(ap->a_vp); 1240 1241 if (tun->un_uppervp == NULLVP) { 1242 #if 0 1243 if (dun->un_uppervp == tun->un_dirvp) { 1244 if (dun->un_flags & UN_ULOCK) { 1245 dun->un_flags &= ~UN_ULOCK; 1246 VOP_UNLOCK(dun->un_uppervp, 0, td); 1247 } 1248 } 1249 #endif 1250 error = union_copyup(tun, 1, cnp->cn_cred, td); 1251 #if 0 1252 if (dun->un_uppervp == tun->un_dirvp) { 1253 vn_lock(dun->un_uppervp, 1254 LK_EXCLUSIVE | LK_RETRY, td); 1255 dun->un_flags |= UN_ULOCK; 1256 } 1257 #endif 1258 if (error) 1259 return (error); 1260 } 1261 vp = tun->un_uppervp; 1262 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 1263 } 1264 1265 /* 1266 * Make sure upper is locked, then unlock the union directory we were 1267 * called with to avoid a deadlock while we are calling VOP_LINK() on 1268 * the upper (with tdvp locked and vp not locked). Our ap->a_tdvp 1269 * is expected to be locked on return. 1270 */ 1271 1272 if ((tdvp = union_lock_upper(dun, td)) == NULLVP) 1273 return (EROFS); 1274 1275 VOP_UNLOCK(ap->a_tdvp, 0, td); /* unlock calling node */ 1276 error = VOP_LINK(tdvp, vp, cnp); /* call link on upper */ 1277 1278 /* 1279 * Unlock tun->un_uppervp if we locked it above. 1280 */ 1281 if (ap->a_tdvp->v_op == ap->a_vp->v_op) 1282 VOP_UNLOCK(vp, 0, td); 1283 /* 1284 * We have to unlock tdvp prior to relocking our calling node in 1285 * order to avoid a deadlock. We also have to unlock ap->a_vp 1286 * before relocking the directory, but then we have to relock 1287 * ap->a_vp as our caller expects. 1288 */ 1289 VOP_UNLOCK(ap->a_vp, 0, td); 1290 union_unlock_upper(tdvp, td); 1291 vn_lock(ap->a_tdvp, LK_EXCLUSIVE | LK_RETRY, td); 1292 vn_lock(ap->a_vp, LK_EXCLUSIVE | LK_RETRY, td); 1293 return (error); 1294 } 1295 1296 static int 1297 union_rename(ap) 1298 struct vop_rename_args /* { 1299 struct vnode *a_fdvp; 1300 struct vnode *a_fvp; 1301 struct componentname *a_fcnp; 1302 struct vnode *a_tdvp; 1303 struct vnode *a_tvp; 1304 struct componentname *a_tcnp; 1305 } */ *ap; 1306 { 1307 int error; 1308 struct vnode *fdvp = ap->a_fdvp; 1309 struct vnode *fvp = ap->a_fvp; 1310 struct vnode *tdvp = ap->a_tdvp; 1311 struct vnode *tvp = ap->a_tvp; 1312 1313 /* 1314 * Figure out what fdvp to pass to our upper or lower vnode. If we 1315 * replace the fdvp, release the original one and ref the new one. 1316 */ 1317 1318 if (fdvp->v_op == &union_vnodeops) { /* always true */ 1319 struct union_node *un = VTOUNION(fdvp); 1320 if (un->un_uppervp == NULLVP) { 1321 /* 1322 * this should never happen in normal 1323 * operation but might if there was 1324 * a problem creating the top-level shadow 1325 * directory. 1326 */ 1327 error = EXDEV; 1328 goto bad; 1329 } 1330 fdvp = un->un_uppervp; 1331 VREF(fdvp); 1332 vrele(ap->a_fdvp); 1333 } 1334 1335 /* 1336 * Figure out what fvp to pass to our upper or lower vnode. If we 1337 * replace the fvp, release the original one and ref the new one. 1338 */ 1339 1340 if (fvp->v_op == &union_vnodeops) { /* always true */ 1341 struct union_node *un = VTOUNION(fvp); 1342 #if 0 1343 struct union_mount *um = MOUNTTOUNIONMOUNT(fvp->v_mount); 1344 #endif 1345 1346 if (un->un_uppervp == NULLVP) { 1347 switch(fvp->v_type) { 1348 case VREG: 1349 vn_lock(un->un_vnode, LK_EXCLUSIVE | LK_RETRY, ap->a_fcnp->cn_thread); 1350 error = union_copyup(un, 1, ap->a_fcnp->cn_cred, ap->a_fcnp->cn_thread); 1351 VOP_UNLOCK(un->un_vnode, 0, ap->a_fcnp->cn_thread); 1352 if (error) 1353 goto bad; 1354 break; 1355 case VDIR: 1356 /* 1357 * XXX not yet. 1358 * 1359 * There is only one way to rename a directory 1360 * based in the lowervp, and that is to copy 1361 * the entire directory hierarchy. Otherwise 1362 * it would not last across a reboot. 1363 */ 1364 #if 0 1365 vrele(fvp); 1366 fvp = NULL; 1367 vn_lock(fdvp, LK_EXCLUSIVE | LK_RETRY, ap->a_fcnp->cn_thread); 1368 error = union_mkshadow(um, fdvp, 1369 ap->a_fcnp, &un->un_uppervp); 1370 VOP_UNLOCK(fdvp, 0, ap->a_fcnp->cn_thread); 1371 if (un->un_uppervp) 1372 VOP_UNLOCK(un->un_uppervp, 0, ap->a_fcnp->cn_thread); 1373 if (error) 1374 goto bad; 1375 break; 1376 #endif 1377 default: 1378 error = EXDEV; 1379 goto bad; 1380 } 1381 } 1382 1383 if (un->un_lowervp != NULLVP) 1384 ap->a_fcnp->cn_flags |= DOWHITEOUT; 1385 fvp = un->un_uppervp; 1386 VREF(fvp); 1387 vrele(ap->a_fvp); 1388 } 1389 1390 /* 1391 * Figure out what tdvp (destination directory) to pass to the 1392 * lower level. If we replace it with uppervp, we need to vput the 1393 * old one. The exclusive lock is transfered to what we will pass 1394 * down in the VOP_RENAME() and we replace uppervp with a simple 1395 * reference. 1396 */ 1397 1398 if (tdvp->v_op == &union_vnodeops) { 1399 struct union_node *un = VTOUNION(tdvp); 1400 1401 if (un->un_uppervp == NULLVP) { 1402 /* 1403 * This should never happen in normal 1404 * operation but might if there was 1405 * a problem creating the top-level shadow 1406 * directory. 1407 */ 1408 error = EXDEV; 1409 goto bad; 1410 } 1411 1412 /* 1413 * New tdvp is a lock and reference on uppervp. 1414 * Put away the old tdvp. 1415 */ 1416 tdvp = union_lock_upper(un, ap->a_tcnp->cn_thread); 1417 vput(ap->a_tdvp); 1418 } 1419 1420 /* 1421 * Figure out what tvp (destination file) to pass to the 1422 * lower level. 1423 * 1424 * If the uppervp file does not exist, put away the (wrong) 1425 * file and change tvp to NULL. 1426 */ 1427 1428 if (tvp != NULLVP && tvp->v_op == &union_vnodeops) { 1429 struct union_node *un = VTOUNION(tvp); 1430 1431 tvp = union_lock_upper(un, ap->a_tcnp->cn_thread); 1432 vput(ap->a_tvp); 1433 /* note: tvp may be NULL */ 1434 } 1435 1436 /* 1437 * VOP_RENAME() releases/vputs prior to returning, so we have no 1438 * cleanup to do. 1439 */ 1440 1441 return (VOP_RENAME(fdvp, fvp, ap->a_fcnp, tdvp, tvp, ap->a_tcnp)); 1442 1443 /* 1444 * Error. We still have to release / vput the various elements. 1445 */ 1446 1447 bad: 1448 vrele(fdvp); 1449 if (fvp) 1450 vrele(fvp); 1451 vput(tdvp); 1452 if (tvp != NULLVP) { 1453 if (tvp != tdvp) 1454 vput(tvp); 1455 else 1456 vrele(tvp); 1457 } 1458 return (error); 1459 } 1460 1461 static int 1462 union_mkdir(ap) 1463 struct vop_mkdir_args /* { 1464 struct vnode *a_dvp; 1465 struct vnode **a_vpp; 1466 struct componentname *a_cnp; 1467 struct vattr *a_vap; 1468 } */ *ap; 1469 { 1470 struct union_node *dun = VTOUNION(ap->a_dvp); 1471 struct componentname *cnp = ap->a_cnp; 1472 struct thread *td = cnp->cn_thread; 1473 struct vnode *upperdvp; 1474 int error = EROFS; 1475 1476 if ((upperdvp = union_lock_upper(dun, td)) != NULLVP) { 1477 struct vnode *vp; 1478 1479 error = VOP_MKDIR(upperdvp, &vp, cnp, ap->a_vap); 1480 union_unlock_upper(upperdvp, td); 1481 1482 if (error == 0) { 1483 VOP_UNLOCK(vp, 0, td); 1484 UDEBUG(("ALLOCVP-2 FROM %p REFS %d\n", vp, vrefcnt(vp))); 1485 error = union_allocvp(ap->a_vpp, ap->a_dvp->v_mount, 1486 ap->a_dvp, NULLVP, cnp, vp, NULLVP, 1); 1487 UDEBUG(("ALLOCVP-2B FROM %p REFS %d\n", *ap->a_vpp, vrefcnt(vp))); 1488 } 1489 } 1490 return (error); 1491 } 1492 1493 static int 1494 union_rmdir(ap) 1495 struct vop_rmdir_args /* { 1496 struct vnode *a_dvp; 1497 struct vnode *a_vp; 1498 struct componentname *a_cnp; 1499 } */ *ap; 1500 { 1501 struct union_node *dun = VTOUNION(ap->a_dvp); 1502 struct union_node *un = VTOUNION(ap->a_vp); 1503 struct componentname *cnp = ap->a_cnp; 1504 struct thread *td = cnp->cn_thread; 1505 struct vnode *upperdvp; 1506 struct vnode *uppervp; 1507 int error; 1508 1509 if ((upperdvp = union_lock_upper(dun, td)) == NULLVP) 1510 panic("union rmdir: null upper vnode"); 1511 1512 if ((uppervp = union_lock_upper(un, td)) != NULLVP) { 1513 if (union_dowhiteout(un, cnp->cn_cred, td)) 1514 cnp->cn_flags |= DOWHITEOUT; 1515 if (cnp->cn_flags & DOWHITEOUT) /* XXX fs corruption */ 1516 error = EOPNOTSUPP; 1517 else 1518 error = VOP_RMDIR(upperdvp, uppervp, ap->a_cnp); 1519 if (!error) 1520 union_removed_upper(un); 1521 union_unlock_upper(uppervp, td); 1522 } else { 1523 error = union_mkwhiteout( 1524 MOUNTTOUNIONMOUNT(ap->a_dvp->v_mount), 1525 dun->un_uppervp, ap->a_cnp, un->un_path); 1526 } 1527 union_unlock_upper(upperdvp, td); 1528 return (error); 1529 } 1530 1531 /* 1532 * union_symlink: 1533 * 1534 * dvp is locked on entry and remains locked on return. a_vpp is garbage 1535 * (unused). 1536 */ 1537 1538 static int 1539 union_symlink(ap) 1540 struct vop_symlink_args /* { 1541 struct vnode *a_dvp; 1542 struct vnode **a_vpp; 1543 struct componentname *a_cnp; 1544 struct vattr *a_vap; 1545 char *a_target; 1546 } */ *ap; 1547 { 1548 struct union_node *dun = VTOUNION(ap->a_dvp); 1549 struct componentname *cnp = ap->a_cnp; 1550 struct thread *td = cnp->cn_thread; 1551 struct vnode *dvp; 1552 int error = EROFS; 1553 1554 if ((dvp = union_lock_upper(dun, td)) != NULLVP) { 1555 error = VOP_SYMLINK(dvp, ap->a_vpp, cnp, ap->a_vap, 1556 ap->a_target); 1557 union_unlock_upper(dvp, td); 1558 } 1559 return (error); 1560 } 1561 1562 /* 1563 * union_readdir ()works in concert with getdirentries() and 1564 * readdir(3) to provide a list of entries in the unioned 1565 * directories. getdirentries() is responsible for walking 1566 * down the union stack. readdir(3) is responsible for 1567 * eliminating duplicate names from the returned data stream. 1568 */ 1569 static int 1570 union_readdir(ap) 1571 struct vop_readdir_args /* { 1572 struct vnode *a_vp; 1573 struct uio *a_uio; 1574 struct ucred *a_cred; 1575 int *a_eofflag; 1576 u_long *a_cookies; 1577 int a_ncookies; 1578 } */ *ap; 1579 { 1580 struct union_node *un = VTOUNION(ap->a_vp); 1581 struct thread *td = ap->a_uio->uio_td; 1582 struct vnode *uvp; 1583 int error = 0; 1584 1585 if ((uvp = union_lock_upper(un, td)) != NULLVP) { 1586 ap->a_vp = uvp; 1587 error = VOP_READDIR_AP(ap); 1588 union_unlock_upper(uvp, td); 1589 } 1590 return(error); 1591 } 1592 1593 static int 1594 union_readlink(ap) 1595 struct vop_readlink_args /* { 1596 struct vnode *a_vp; 1597 struct uio *a_uio; 1598 struct ucred *a_cred; 1599 } */ *ap; 1600 { 1601 int error; 1602 struct union_node *un = VTOUNION(ap->a_vp); 1603 struct uio *uio = ap->a_uio; 1604 struct thread *td = uio->uio_td; 1605 struct vnode *vp; 1606 1607 vp = union_lock_other(un, td); 1608 KASSERT(vp != NULL, ("union_readlink: backing vnode missing!")); 1609 1610 ap->a_vp = vp; 1611 error = VOP_READLINK_AP(ap); 1612 union_unlock_other(vp, td); 1613 1614 return (error); 1615 } 1616 1617 static int 1618 union_getwritemount(ap) 1619 struct vop_getwritemount_args /* { 1620 struct vnode *a_vp; 1621 struct mount **a_mpp; 1622 } */ *ap; 1623 { 1624 struct vnode *vp = ap->a_vp; 1625 struct vnode *uvp = UPPERVP(vp); 1626 1627 if (uvp == NULL) { 1628 VI_LOCK(vp); 1629 if (vp->v_iflag & VI_FREE) { 1630 VI_UNLOCK(vp); 1631 return (EOPNOTSUPP); 1632 } 1633 VI_UNLOCK(vp); 1634 return (EACCES); 1635 } 1636 return(VOP_GETWRITEMOUNT(uvp, ap->a_mpp)); 1637 } 1638 1639 /* 1640 * union_inactive: 1641 * 1642 * Called with the vnode locked. We are expected to unlock the vnode. 1643 */ 1644 1645 static int 1646 union_inactive(ap) 1647 struct vop_inactive_args /* { 1648 struct vnode *a_vp; 1649 struct thread *a_td; 1650 } */ *ap; 1651 { 1652 struct vnode *vp = ap->a_vp; 1653 struct thread *td = ap->a_td; 1654 struct union_node *un = VTOUNION(vp); 1655 1656 /* 1657 * Do nothing (and _don't_ bypass). 1658 * Wait to vrele lowervp until reclaim, 1659 * so that until then our union_node is in the 1660 * cache and reusable. 1661 * 1662 */ 1663 1664 if (un->un_dircache != NULL) 1665 union_dircache_free(un); 1666 1667 #if 0 1668 if ((un->un_flags & UN_ULOCK) && un->un_uppervp) { 1669 un->un_flags &= ~UN_ULOCK; 1670 VOP_UNLOCK(un->un_uppervp, 0, td); 1671 } 1672 #endif 1673 1674 VOP_UNLOCK(vp, 0, td); 1675 1676 if ((un->un_flags & UN_CACHED) == 0) 1677 vgone(vp); 1678 1679 return (0); 1680 } 1681 1682 static int 1683 union_reclaim(ap) 1684 struct vop_reclaim_args /* { 1685 struct vnode *a_vp; 1686 } */ *ap; 1687 { 1688 union_freevp(ap->a_vp); 1689 1690 return (0); 1691 } 1692 1693 static int 1694 union_print(ap) 1695 struct vop_print_args /* { 1696 struct vnode *a_vp; 1697 } */ *ap; 1698 { 1699 struct vnode *vp = ap->a_vp; 1700 1701 printf("\tvp=%p, uppervp=%p, lowervp=%p\n", 1702 vp, UPPERVP(vp), LOWERVP(vp)); 1703 if (UPPERVP(vp) != NULLVP) 1704 vprint("union: upper", UPPERVP(vp)); 1705 if (LOWERVP(vp) != NULLVP) 1706 vprint("union: lower", LOWERVP(vp)); 1707 1708 return (0); 1709 } 1710 1711 static int 1712 union_pathconf(ap) 1713 struct vop_pathconf_args /* { 1714 struct vnode *a_vp; 1715 int a_name; 1716 int *a_retval; 1717 } */ *ap; 1718 { 1719 int error; 1720 struct thread *td = curthread; /* XXX */ 1721 struct union_node *un = VTOUNION(ap->a_vp); 1722 struct vnode *vp; 1723 1724 vp = union_lock_other(un, td); 1725 KASSERT(vp != NULL, ("union_pathconf: backing vnode missing!")); 1726 1727 ap->a_vp = vp; 1728 error = VOP_PATHCONF_AP(ap); 1729 union_unlock_other(vp, td); 1730 1731 return (error); 1732 } 1733 1734 static int 1735 union_advlock(ap) 1736 struct vop_advlock_args /* { 1737 struct vnode *a_vp; 1738 caddr_t a_id; 1739 int a_op; 1740 struct flock *a_fl; 1741 int a_flags; 1742 } */ *ap; 1743 { 1744 register struct vnode *ovp = OTHERVP(ap->a_vp); 1745 1746 ap->a_vp = ovp; 1747 return (VOP_ADVLOCK_AP(ap)); 1748 } 1749 1750 1751 /* 1752 * XXX - vop_strategy must be hand coded because it has no 1753 * YYY - and it is not coherent with anything 1754 * 1755 * vnode in its arguments. 1756 * This goes away with a merged VM/buffer cache. 1757 */ 1758 static int 1759 union_strategy(ap) 1760 struct vop_strategy_args /* { 1761 struct vnode *a_vp; 1762 struct buf *a_bp; 1763 } */ *ap; 1764 { 1765 struct buf *bp = ap->a_bp; 1766 struct vnode *othervp = OTHERVP(ap->a_vp); 1767 1768 #ifdef DIAGNOSTIC 1769 if (othervp == NULLVP) 1770 panic("union_strategy: nil vp"); 1771 if ((bp->b_iocmd == BIO_WRITE) && 1772 (othervp == LOWERVP(ap->a_vp))) 1773 panic("union_strategy: writing to lowervp"); 1774 #endif 1775 return (VOP_STRATEGY(othervp, bp)); 1776 } 1777 1778 static int 1779 union_getacl(ap) 1780 struct vop_getacl_args /* { 1781 struct vnode *a_vp; 1782 acl_type_t a_type; 1783 struct acl *a_aclp; 1784 struct ucred *a_cred; 1785 struct thread *a_td; 1786 } */ *ap; 1787 { 1788 int error; 1789 struct union_node *un = VTOUNION(ap->a_vp); 1790 struct vnode *vp; 1791 1792 vp = union_lock_other(un, ap->a_td); 1793 ap->a_vp = vp; 1794 error = VOP_GETACL_AP(ap); 1795 union_unlock_other(vp, ap->a_td); 1796 1797 return (error); 1798 } 1799 1800 static int 1801 union_setacl(ap) 1802 struct vop_setacl_args /* { 1803 struct vnode *a_vp; 1804 acl_type_t a_type; 1805 struct acl *a_aclp; 1806 struct ucred *a_cred; 1807 struct thread *a_td; 1808 } */ *ap; 1809 { 1810 int error; 1811 struct union_node *un = VTOUNION(ap->a_vp); 1812 struct vnode *vp; 1813 1814 vp = union_lock_other(un, ap->a_td); 1815 ap->a_vp = vp; 1816 error = VOP_SETACL_AP(ap); 1817 union_unlock_other(vp, ap->a_td); 1818 1819 return (error); 1820 } 1821 1822 static int 1823 union_aclcheck(ap) 1824 struct vop_aclcheck_args /* { 1825 struct vnode *a_vp; 1826 acl_type_t a_type; 1827 struct acl *a_aclp; 1828 struct ucred *a_cred; 1829 struct thread *a_td; 1830 } */ *ap; 1831 { 1832 struct vnode *ovp = OTHERVP(ap->a_vp); 1833 1834 ap->a_vp = ovp; 1835 return (VOP_ACLCHECK_AP(ap)); 1836 } 1837 1838 static int 1839 union_closeextattr(ap) 1840 struct vop_closeextattr_args /* { 1841 struct vnode *a_vp; 1842 int a_commit; 1843 struct ucred *a_cred; 1844 struct thread *a_td; 1845 } */ *ap; 1846 { 1847 int error; 1848 struct union_node *un = VTOUNION(ap->a_vp); 1849 struct vnode *vp; 1850 1851 vp = union_lock_other(un, ap->a_td); 1852 ap->a_vp = vp; 1853 error = VOP_CLOSEEXTATTR_AP(ap); 1854 union_unlock_other(vp, ap->a_td); 1855 1856 return (error); 1857 } 1858 1859 static int 1860 union_getextattr(ap) 1861 struct vop_getextattr_args /* { 1862 struct vnode *a_vp; 1863 int a_attrnamespace; 1864 const char *a_name; 1865 struct uio *a_uio; 1866 size_t *a_size; 1867 struct ucred *a_cred; 1868 struct thread *a_td; 1869 } */ *ap; 1870 { 1871 int error; 1872 struct union_node *un = VTOUNION(ap->a_vp); 1873 struct vnode *vp; 1874 1875 vp = union_lock_other(un, ap->a_td); 1876 ap->a_vp = vp; 1877 error = VOP_GETEXTATTR_AP(ap); 1878 union_unlock_other(vp, ap->a_td); 1879 1880 return (error); 1881 } 1882 1883 static int 1884 union_listextattr(ap) 1885 struct vop_listextattr_args /* { 1886 struct vnode *a_vp; 1887 int a_attrnamespace; 1888 struct uio *a_uio; 1889 size_t *a_size; 1890 struct ucred *a_cred; 1891 struct thread *a_td; 1892 } */ *ap; 1893 { 1894 int error; 1895 struct union_node *un = VTOUNION(ap->a_vp); 1896 struct vnode *vp; 1897 1898 vp = union_lock_other(un, ap->a_td); 1899 ap->a_vp = vp; 1900 error = VOP_LISTEXTATTR_AP(ap); 1901 union_unlock_other(vp, ap->a_td); 1902 1903 return (error); 1904 } 1905 1906 static int 1907 union_openextattr(ap) 1908 struct vop_openextattr_args /* { 1909 struct vnode *a_vp; 1910 struct ucred *a_cred; 1911 struct thread *a_td; 1912 } */ *ap; 1913 { 1914 int error; 1915 struct union_node *un = VTOUNION(ap->a_vp); 1916 struct vnode *vp; 1917 1918 vp = union_lock_other(un, ap->a_td); 1919 ap->a_vp = vp; 1920 error = VOP_OPENEXTATTR_AP(ap); 1921 union_unlock_other(vp, ap->a_td); 1922 1923 return (error); 1924 } 1925 1926 static int 1927 union_deleteextattr(ap) 1928 struct vop_deleteextattr_args /* { 1929 struct vnode *a_vp; 1930 int a_attrnamespace; 1931 const char *a_name; 1932 struct ucred *a_cred; 1933 struct thread *a_td; 1934 } */ *ap; 1935 { 1936 int error; 1937 struct union_node *un = VTOUNION(ap->a_vp); 1938 struct vnode *vp; 1939 1940 vp = union_lock_other(un, ap->a_td); 1941 ap->a_vp = vp; 1942 error = VOP_DELETEEXTATTR_AP(ap); 1943 union_unlock_other(vp, ap->a_td); 1944 1945 return (error); 1946 } 1947 1948 static int 1949 union_setextattr(ap) 1950 struct vop_setextattr_args /* { 1951 struct vnode *a_vp; 1952 int a_attrnamespace; 1953 const char *a_name; 1954 struct uio *a_uio; 1955 struct ucred *a_cred; 1956 struct thread *a_td; 1957 } */ *ap; 1958 { 1959 int error; 1960 struct union_node *un = VTOUNION(ap->a_vp); 1961 struct vnode *vp; 1962 1963 vp = union_lock_other(un, ap->a_td); 1964 ap->a_vp = vp; 1965 error = VOP_SETEXTATTR_AP(ap); 1966 union_unlock_other(vp, ap->a_td); 1967 1968 return (error); 1969 } 1970 1971 static int 1972 union_setlabel(ap) 1973 struct vop_setlabel_args /* { 1974 struct vnode *a_vp; 1975 struct label *a_label; 1976 struct ucred *a_cred; 1977 struct thread *a_td; 1978 } */ *ap; 1979 { 1980 int error; 1981 struct union_node *un = VTOUNION(ap->a_vp); 1982 struct vnode *vp; 1983 1984 vp = union_lock_other(un, ap->a_td); 1985 ap->a_vp = vp; 1986 error = VOP_SETLABEL_AP(ap); 1987 union_unlock_other(vp, ap->a_td); 1988 1989 return (error); 1990 } 1991 1992 /* 1993 * Global vfs data structures 1994 */ 1995 struct vop_vector union_vnodeops = { 1996 .vop_default = &default_vnodeops, 1997 1998 .vop_access = union_access, 1999 .vop_aclcheck = union_aclcheck, 2000 .vop_advlock = union_advlock, 2001 .vop_bmap = VOP_EOPNOTSUPP, 2002 .vop_close = union_close, 2003 .vop_closeextattr = union_closeextattr, 2004 .vop_create = union_create, 2005 .vop_deleteextattr = union_deleteextattr, 2006 .vop_fsync = union_fsync, 2007 .vop_getacl = union_getacl, 2008 .vop_getattr = union_getattr, 2009 .vop_getextattr = union_getextattr, 2010 .vop_getwritemount = union_getwritemount, 2011 .vop_inactive = union_inactive, 2012 .vop_ioctl = union_ioctl, 2013 .vop_lease = union_lease, 2014 .vop_link = union_link, 2015 .vop_listextattr = union_listextattr, 2016 .vop_lookup = union_lookup, 2017 .vop_mkdir = union_mkdir, 2018 .vop_mknod = union_mknod, 2019 .vop_open = union_open, 2020 .vop_openextattr = union_openextattr, 2021 .vop_pathconf = union_pathconf, 2022 .vop_poll = union_poll, 2023 .vop_print = union_print, 2024 .vop_read = union_read, 2025 .vop_readdir = union_readdir, 2026 .vop_readlink = union_readlink, 2027 .vop_reclaim = union_reclaim, 2028 .vop_remove = union_remove, 2029 .vop_rename = union_rename, 2030 .vop_rmdir = union_rmdir, 2031 .vop_setacl = union_setacl, 2032 .vop_setattr = union_setattr, 2033 .vop_setextattr = union_setextattr, 2034 .vop_setlabel = union_setlabel, 2035 .vop_strategy = union_strategy, 2036 .vop_symlink = union_symlink, 2037 .vop_whiteout = union_whiteout, 2038 .vop_write = union_write, 2039 }; 2040