1 /*- 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)vfs_lookup.c 8.4 (Berkeley) 2/16/94 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include "opt_ktrace.h" 41 #include "opt_mac.h" 42 #include "opt_vfs.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/lock.h> 48 #include <sys/mac.h> 49 #include <sys/mutex.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/filedesc.h> 54 #include <sys/proc.h> 55 #include <sys/syscallsubr.h> 56 #include <sys/sysctl.h> 57 #ifdef KTRACE 58 #include <sys/ktrace.h> 59 #endif 60 61 #include <vm/uma.h> 62 63 #define NAMEI_DIAGNOSTIC 1 64 #undef NAMEI_DIAGNOSTIC 65 66 /* 67 * Allocation zone for namei 68 */ 69 uma_zone_t namei_zone; 70 71 static void 72 nameiinit(void *dummy __unused) 73 { 74 namei_zone = uma_zcreate("NAMEI", MAXPATHLEN, NULL, NULL, NULL, NULL, 75 UMA_ALIGN_PTR, 0); 76 77 } 78 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nameiinit, NULL) 79 80 #ifdef LOOKUP_SHARED 81 static int lookup_shared = 1; 82 #else 83 static int lookup_shared = 0; 84 #endif 85 SYSCTL_INT(_vfs, OID_AUTO, lookup_shared, CTLFLAG_RW, &lookup_shared, 0, 86 "Enables/Disables shared locks for path name translation"); 87 88 /* 89 * Convert a pathname into a pointer to a locked inode. 90 * 91 * The FOLLOW flag is set when symbolic links are to be followed 92 * when they occur at the end of the name translation process. 93 * Symbolic links are always followed for all other pathname 94 * components other than the last. 95 * 96 * The segflg defines whether the name is to be copied from user 97 * space or kernel space. 98 * 99 * Overall outline of namei: 100 * 101 * copy in name 102 * get starting directory 103 * while (!done && !error) { 104 * call lookup to search path. 105 * if symbolic link, massage name in buffer and continue 106 * } 107 */ 108 int 109 namei(ndp) 110 register struct nameidata *ndp; 111 { 112 register struct filedesc *fdp; /* pointer to file descriptor state */ 113 register char *cp; /* pointer into pathname argument */ 114 register struct vnode *dp; /* the directory we are searching */ 115 struct iovec aiov; /* uio for reading symbolic links */ 116 struct uio auio; 117 int error, linklen; 118 struct componentname *cnp = &ndp->ni_cnd; 119 struct thread *td = cnp->cn_thread; 120 struct proc *p = td->td_proc; 121 int vfslocked; 122 123 KASSERT((cnp->cn_flags & MPSAFE) != 0 || mtx_owned(&Giant) != 0, 124 ("NOT MPSAFE and Giant not held")); 125 ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_ucred; 126 KASSERT(cnp->cn_cred && p, ("namei: bad cred/proc")); 127 KASSERT((cnp->cn_nameiop & (~OPMASK)) == 0, 128 ("namei: nameiop contaminated with flags")); 129 KASSERT((cnp->cn_flags & OPMASK) == 0, 130 ("namei: flags contaminated with nameiops")); 131 if (!lookup_shared) 132 cnp->cn_flags &= ~LOCKSHARED; 133 fdp = p->p_fd; 134 135 /* 136 * Get a buffer for the name to be translated, and copy the 137 * name into the buffer. 138 */ 139 if ((cnp->cn_flags & HASBUF) == 0) 140 cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK); 141 if (ndp->ni_segflg == UIO_SYSSPACE) 142 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, 143 MAXPATHLEN, (size_t *)&ndp->ni_pathlen); 144 else 145 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, 146 MAXPATHLEN, (size_t *)&ndp->ni_pathlen); 147 148 /* 149 * Don't allow empty pathnames. 150 */ 151 if (!error && *cnp->cn_pnbuf == '\0') 152 error = ENOENT; 153 154 if (error) { 155 uma_zfree(namei_zone, cnp->cn_pnbuf); 156 #ifdef DIAGNOSTIC 157 cnp->cn_pnbuf = NULL; 158 cnp->cn_nameptr = NULL; 159 #endif 160 ndp->ni_vp = NULL; 161 return (error); 162 } 163 ndp->ni_loopcnt = 0; 164 #ifdef KTRACE 165 if (KTRPOINT(td, KTR_NAMEI)) { 166 KASSERT(cnp->cn_thread == curthread, 167 ("namei not using curthread")); 168 ktrnamei(cnp->cn_pnbuf); 169 } 170 #endif 171 172 /* 173 * Get starting point for the translation. 174 */ 175 FILEDESC_LOCK(fdp); 176 ndp->ni_rootdir = fdp->fd_rdir; 177 ndp->ni_topdir = fdp->fd_jdir; 178 179 dp = fdp->fd_cdir; 180 vfslocked = VFS_LOCK_GIANT(dp->v_mount); 181 VREF(dp); 182 FILEDESC_UNLOCK(fdp); 183 for (;;) { 184 /* 185 * Check if root directory should replace current directory. 186 * Done at start of translation and after symbolic link. 187 */ 188 cnp->cn_nameptr = cnp->cn_pnbuf; 189 if (*(cnp->cn_nameptr) == '/') { 190 vrele(dp); 191 VFS_UNLOCK_GIANT(vfslocked); 192 while (*(cnp->cn_nameptr) == '/') { 193 cnp->cn_nameptr++; 194 ndp->ni_pathlen--; 195 } 196 dp = ndp->ni_rootdir; 197 vfslocked = VFS_LOCK_GIANT(dp->v_mount); 198 VREF(dp); 199 } 200 if (vfslocked) 201 ndp->ni_cnd.cn_flags |= GIANTHELD; 202 ndp->ni_startdir = dp; 203 error = lookup(ndp); 204 if (error) { 205 uma_zfree(namei_zone, cnp->cn_pnbuf); 206 #ifdef DIAGNOSTIC 207 cnp->cn_pnbuf = NULL; 208 cnp->cn_nameptr = NULL; 209 #endif 210 return (error); 211 } 212 vfslocked = (ndp->ni_cnd.cn_flags & GIANTHELD) != 0; 213 ndp->ni_cnd.cn_flags &= ~GIANTHELD; 214 /* 215 * Check for symbolic link 216 */ 217 if ((cnp->cn_flags & ISSYMLINK) == 0) { 218 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) { 219 uma_zfree(namei_zone, cnp->cn_pnbuf); 220 #ifdef DIAGNOSTIC 221 cnp->cn_pnbuf = NULL; 222 cnp->cn_nameptr = NULL; 223 #endif 224 } else 225 cnp->cn_flags |= HASBUF; 226 227 if ((cnp->cn_flags & MPSAFE) == 0) { 228 VFS_UNLOCK_GIANT(vfslocked); 229 } else if (vfslocked) 230 ndp->ni_cnd.cn_flags |= GIANTHELD; 231 return (0); 232 } 233 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 234 error = ELOOP; 235 break; 236 } 237 #ifdef MAC 238 if ((cnp->cn_flags & NOMACCHECK) == 0) { 239 error = mac_check_vnode_readlink(td->td_ucred, 240 ndp->ni_vp); 241 if (error) 242 break; 243 } 244 #endif 245 if (ndp->ni_pathlen > 1) 246 cp = uma_zalloc(namei_zone, M_WAITOK); 247 else 248 cp = cnp->cn_pnbuf; 249 aiov.iov_base = cp; 250 aiov.iov_len = MAXPATHLEN; 251 auio.uio_iov = &aiov; 252 auio.uio_iovcnt = 1; 253 auio.uio_offset = 0; 254 auio.uio_rw = UIO_READ; 255 auio.uio_segflg = UIO_SYSSPACE; 256 auio.uio_td = (struct thread *)0; 257 auio.uio_resid = MAXPATHLEN; 258 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred); 259 if (error) { 260 if (ndp->ni_pathlen > 1) 261 uma_zfree(namei_zone, cp); 262 break; 263 } 264 linklen = MAXPATHLEN - auio.uio_resid; 265 if (linklen == 0) { 266 if (ndp->ni_pathlen > 1) 267 uma_zfree(namei_zone, cp); 268 error = ENOENT; 269 break; 270 } 271 if (linklen + ndp->ni_pathlen >= MAXPATHLEN) { 272 if (ndp->ni_pathlen > 1) 273 uma_zfree(namei_zone, cp); 274 error = ENAMETOOLONG; 275 break; 276 } 277 if (ndp->ni_pathlen > 1) { 278 bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen); 279 uma_zfree(namei_zone, cnp->cn_pnbuf); 280 cnp->cn_pnbuf = cp; 281 } else 282 cnp->cn_pnbuf[linklen] = '\0'; 283 ndp->ni_pathlen += linklen; 284 vput(ndp->ni_vp); 285 dp = ndp->ni_dvp; 286 } 287 uma_zfree(namei_zone, cnp->cn_pnbuf); 288 #ifdef DIAGNOSTIC 289 cnp->cn_pnbuf = NULL; 290 cnp->cn_nameptr = NULL; 291 #endif 292 vput(ndp->ni_vp); 293 ndp->ni_vp = NULL; 294 vrele(ndp->ni_dvp); 295 VFS_UNLOCK_GIANT(vfslocked); 296 return (error); 297 } 298 299 /* 300 * Search a pathname. 301 * This is a very central and rather complicated routine. 302 * 303 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 304 * The starting directory is taken from ni_startdir. The pathname is 305 * descended until done, or a symbolic link is encountered. The variable 306 * ni_more is clear if the path is completed; it is set to one if a 307 * symbolic link needing interpretation is encountered. 308 * 309 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 310 * whether the name is to be looked up, created, renamed, or deleted. 311 * When CREATE, RENAME, or DELETE is specified, information usable in 312 * creating, renaming, or deleting a directory entry may be calculated. 313 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 314 * locked. If flag has WANTPARENT or'ed into it, the parent directory is 315 * returned unlocked. Otherwise the parent directory is not returned. If 316 * the target of the pathname exists and LOCKLEAF is or'ed into the flag 317 * the target is returned locked, otherwise it is returned unlocked. 318 * When creating or renaming and LOCKPARENT is specified, the target may not 319 * be ".". When deleting and LOCKPARENT is specified, the target may be ".". 320 * 321 * Overall outline of lookup: 322 * 323 * dirloop: 324 * identify next component of name at ndp->ni_ptr 325 * handle degenerate case where name is null string 326 * if .. and crossing mount points and on mounted filesys, find parent 327 * call VOP_LOOKUP routine for next component name 328 * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set 329 * component vnode returned in ni_vp (if it exists), locked. 330 * if result vnode is mounted on and crossing mount points, 331 * find mounted on vnode 332 * if more components of name, do next level at dirloop 333 * return the answer in ni_vp, locked if LOCKLEAF set 334 * if LOCKPARENT set, return locked parent in ni_dvp 335 * if WANTPARENT set, return unlocked parent in ni_dvp 336 */ 337 int 338 lookup(ndp) 339 register struct nameidata *ndp; 340 { 341 register char *cp; /* pointer into pathname argument */ 342 register struct vnode *dp = 0; /* the directory we are searching */ 343 struct vnode *tdp; /* saved dp */ 344 struct mount *mp; /* mount table entry */ 345 int docache; /* == 0 do not cache last component */ 346 int wantparent; /* 1 => wantparent or lockparent flag */ 347 int rdonly; /* lookup read-only flag bit */ 348 int trailing_slash; 349 int error = 0; 350 int dpunlocked = 0; /* dp has already been unlocked */ 351 struct componentname *cnp = &ndp->ni_cnd; 352 struct thread *td = cnp->cn_thread; 353 int vfslocked; 354 int tvfslocked; 355 356 /* 357 * Setup: break out flag bits into variables. 358 */ 359 vfslocked = (ndp->ni_cnd.cn_flags & GIANTHELD) != 0; 360 ndp->ni_cnd.cn_flags &= ~GIANTHELD; 361 wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT); 362 KASSERT(cnp->cn_nameiop == LOOKUP || wantparent, 363 ("CREATE, DELETE, RENAME require LOCKPARENT or WANTPARENT.")); 364 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 365 if (cnp->cn_nameiop == DELETE || 366 (wantparent && cnp->cn_nameiop != CREATE && 367 cnp->cn_nameiop != LOOKUP)) 368 docache = 0; 369 rdonly = cnp->cn_flags & RDONLY; 370 cnp->cn_flags &= ~ISSYMLINK; 371 ndp->ni_dvp = NULL; 372 /* 373 * We use shared locks until we hit the parent of the last cn then 374 * we adjust based on the requesting flags. 375 */ 376 if (lookup_shared) 377 cnp->cn_lkflags = LK_SHARED; 378 else 379 cnp->cn_lkflags = LK_EXCLUSIVE; 380 dp = ndp->ni_startdir; 381 ndp->ni_startdir = NULLVP; 382 vn_lock(dp, cnp->cn_lkflags | LK_RETRY, td); 383 384 dirloop: 385 /* 386 * Search a new directory. 387 * 388 * The last component of the filename is left accessible via 389 * cnp->cn_nameptr for callers that need the name. Callers needing 390 * the name set the SAVENAME flag. When done, they assume 391 * responsibility for freeing the pathname buffer. 392 */ 393 cnp->cn_consume = 0; 394 for (cp = cnp->cn_nameptr; *cp != 0 && *cp != '/'; cp++) 395 continue; 396 cnp->cn_namelen = cp - cnp->cn_nameptr; 397 if (cnp->cn_namelen > NAME_MAX) { 398 error = ENAMETOOLONG; 399 goto bad; 400 } 401 #ifdef NAMEI_DIAGNOSTIC 402 { char c = *cp; 403 *cp = '\0'; 404 printf("{%s}: ", cnp->cn_nameptr); 405 *cp = c; } 406 #endif 407 ndp->ni_pathlen -= cnp->cn_namelen; 408 ndp->ni_next = cp; 409 410 /* 411 * Replace multiple slashes by a single slash and trailing slashes 412 * by a null. This must be done before VOP_LOOKUP() because some 413 * fs's don't know about trailing slashes. Remember if there were 414 * trailing slashes to handle symlinks, existing non-directories 415 * and non-existing files that won't be directories specially later. 416 */ 417 trailing_slash = 0; 418 while (*cp == '/' && (cp[1] == '/' || cp[1] == '\0')) { 419 cp++; 420 ndp->ni_pathlen--; 421 if (*cp == '\0') { 422 trailing_slash = 1; 423 *ndp->ni_next = '\0'; /* XXX for direnter() ... */ 424 } 425 } 426 ndp->ni_next = cp; 427 428 cnp->cn_flags |= MAKEENTRY; 429 if (*cp == '\0' && docache == 0) 430 cnp->cn_flags &= ~MAKEENTRY; 431 if (cnp->cn_namelen == 2 && 432 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 433 cnp->cn_flags |= ISDOTDOT; 434 else 435 cnp->cn_flags &= ~ISDOTDOT; 436 if (*ndp->ni_next == 0) 437 cnp->cn_flags |= ISLASTCN; 438 else 439 cnp->cn_flags &= ~ISLASTCN; 440 441 442 /* 443 * Check for degenerate name (e.g. / or "") 444 * which is a way of talking about a directory, 445 * e.g. like "/." or ".". 446 */ 447 if (cnp->cn_nameptr[0] == '\0') { 448 if (dp->v_type != VDIR) { 449 error = ENOTDIR; 450 goto bad; 451 } 452 if (cnp->cn_nameiop != LOOKUP) { 453 error = EISDIR; 454 goto bad; 455 } 456 if (wantparent) { 457 ndp->ni_dvp = dp; 458 VREF(dp); 459 } 460 ndp->ni_vp = dp; 461 if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF))) 462 VOP_UNLOCK(dp, 0, td); 463 /* XXX This should probably move to the top of function. */ 464 if (cnp->cn_flags & SAVESTART) 465 panic("lookup: SAVESTART"); 466 goto success; 467 } 468 469 /* 470 * Handle "..": two special cases. 471 * 1. If at root directory (e.g. after chroot) 472 * or at absolute root directory 473 * then ignore it so can't get out. 474 * 2. If this vnode is the root of a mounted 475 * filesystem, then replace it with the 476 * vnode which was mounted on so we take the 477 * .. in the other filesystem. 478 * 3. If the vnode is the top directory of 479 * the jail or chroot, don't let them out. 480 */ 481 if (cnp->cn_flags & ISDOTDOT) { 482 for (;;) { 483 if (dp == ndp->ni_rootdir || 484 dp == ndp->ni_topdir || 485 dp == rootvnode) { 486 ndp->ni_dvp = dp; 487 ndp->ni_vp = dp; 488 VREF(dp); 489 goto nextname; 490 } 491 if ((dp->v_vflag & VV_ROOT) == 0 || 492 (cnp->cn_flags & NOCROSSMOUNT)) 493 break; 494 if (dp->v_mount == NULL) { /* forced unmount */ 495 error = EBADF; 496 goto bad; 497 } 498 tdp = dp; 499 dp = dp->v_mount->mnt_vnodecovered; 500 tvfslocked = vfslocked; 501 vfslocked = VFS_LOCK_GIANT(dp->v_mount); 502 VREF(dp); 503 vput(tdp); 504 VFS_UNLOCK_GIANT(tvfslocked); 505 vn_lock(dp, cnp->cn_lkflags | LK_RETRY, td); 506 } 507 } 508 509 /* 510 * We now have a segment name to search for, and a directory to search. 511 */ 512 unionlookup: 513 #ifdef MAC 514 if ((cnp->cn_flags & NOMACCHECK) == 0) { 515 error = mac_check_vnode_lookup(td->td_ucred, dp, cnp); 516 if (error) 517 goto bad; 518 } 519 #endif 520 ndp->ni_dvp = dp; 521 ndp->ni_vp = NULL; 522 ASSERT_VOP_LOCKED(dp, "lookup"); 523 /* 524 * If we have a shared lock we may need to upgrade the lock for the 525 * last operation. 526 */ 527 if (VOP_ISLOCKED(dp, td) == LK_SHARED && 528 (cnp->cn_flags & ISLASTCN) && (cnp->cn_flags & LOCKPARENT)) 529 vn_lock(dp, LK_UPGRADE|LK_RETRY, td); 530 /* 531 * If we're looking up the last component and we need an exclusive 532 * lock, adjust our lkflags. 533 */ 534 if ((cnp->cn_flags & (ISLASTCN|LOCKSHARED|LOCKLEAF)) == 535 (ISLASTCN|LOCKLEAF)) 536 cnp->cn_lkflags = LK_EXCLUSIVE; 537 #ifdef NAMEI_DIAGNOSTIC 538 vprint("lookup in", dp); 539 #endif 540 if ((error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp)) != 0) { 541 KASSERT(ndp->ni_vp == NULL, ("leaf should be empty")); 542 #ifdef NAMEI_DIAGNOSTIC 543 printf("not found\n"); 544 #endif 545 if ((error == ENOENT) && 546 (dp->v_vflag & VV_ROOT) && (dp->v_mount != NULL) && 547 (dp->v_mount->mnt_flag & MNT_UNION)) { 548 tdp = dp; 549 dp = dp->v_mount->mnt_vnodecovered; 550 tvfslocked = vfslocked; 551 vfslocked = VFS_LOCK_GIANT(dp->v_mount); 552 VREF(dp); 553 vput(tdp); 554 VFS_UNLOCK_GIANT(tvfslocked); 555 vn_lock(dp, cnp->cn_lkflags | LK_RETRY, td); 556 goto unionlookup; 557 } 558 559 if (error != EJUSTRETURN) 560 goto bad; 561 /* 562 * If creating and at end of pathname, then can consider 563 * allowing file to be created. 564 */ 565 if (rdonly) { 566 error = EROFS; 567 goto bad; 568 } 569 if (*cp == '\0' && trailing_slash && 570 !(cnp->cn_flags & WILLBEDIR)) { 571 error = ENOENT; 572 goto bad; 573 } 574 if ((cnp->cn_flags & LOCKPARENT) == 0) 575 VOP_UNLOCK(dp, 0, td); 576 /* 577 * This is a temporary assert to make sure I know what the 578 * behavior here was. 579 */ 580 KASSERT((cnp->cn_flags & (WANTPARENT|LOCKPARENT)) != 0, 581 ("lookup: Unhandled case.")); 582 /* 583 * We return with ni_vp NULL to indicate that the entry 584 * doesn't currently exist, leaving a pointer to the 585 * (possibly locked) directory inode in ndp->ni_dvp. 586 */ 587 if (cnp->cn_flags & SAVESTART) { 588 ndp->ni_startdir = ndp->ni_dvp; 589 VREF(ndp->ni_startdir); 590 } 591 goto success; 592 } 593 #ifdef NAMEI_DIAGNOSTIC 594 printf("found\n"); 595 #endif 596 /* 597 * Take into account any additional components consumed by 598 * the underlying filesystem. 599 */ 600 if (cnp->cn_consume > 0) { 601 cnp->cn_nameptr += cnp->cn_consume; 602 ndp->ni_next += cnp->cn_consume; 603 ndp->ni_pathlen -= cnp->cn_consume; 604 cnp->cn_consume = 0; 605 } 606 607 dp = ndp->ni_vp; 608 609 /* 610 * Check to see if the vnode has been mounted on; 611 * if so find the root of the mounted filesystem. 612 */ 613 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) && 614 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 615 KASSERT(dp != ndp->ni_dvp, ("XXX")); 616 if (vfs_busy(mp, 0, 0, td)) 617 continue; 618 vput(dp); 619 tvfslocked = VFS_LOCK_GIANT(mp); 620 VFS_UNLOCK_GIANT(vfslocked); 621 vfslocked = tvfslocked; 622 VOP_UNLOCK(ndp->ni_dvp, 0, td); 623 error = VFS_ROOT(mp, cnp->cn_lkflags, &tdp, td); 624 VOP_LOCK(ndp->ni_dvp, cnp->cn_lkflags | LK_RETRY, td); 625 vfs_unbusy(mp, td); 626 if (error) { 627 dpunlocked = 1; 628 goto bad2; 629 } 630 ndp->ni_vp = dp = tdp; 631 } 632 633 /* 634 * Check for symbolic link 635 */ 636 if ((dp->v_type == VLNK) && 637 ((cnp->cn_flags & FOLLOW) || trailing_slash || 638 *ndp->ni_next == '/')) { 639 cnp->cn_flags |= ISSYMLINK; 640 if (dp->v_mount == NULL) { 641 /* We can't know whether the directory was mounted with 642 * NOSYMFOLLOW, so we can't follow safely. */ 643 error = EBADF; 644 goto bad2; 645 } 646 if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) { 647 error = EACCES; 648 goto bad2; 649 } 650 /* 651 * Symlink code always expects an unlocked dvp. 652 */ 653 if (ndp->ni_dvp != ndp->ni_vp) 654 VOP_UNLOCK(ndp->ni_dvp, 0, td); 655 goto success; 656 } 657 658 /* 659 * Check for bogus trailing slashes. 660 */ 661 if (trailing_slash && dp->v_type != VDIR) { 662 error = ENOTDIR; 663 goto bad2; 664 } 665 666 nextname: 667 /* 668 * Not a symbolic link. If more pathname, 669 * continue at next component, else return. 670 */ 671 KASSERT((cnp->cn_flags & ISLASTCN) || *ndp->ni_next == '/', 672 ("lookup: invalid path state.")); 673 if (*ndp->ni_next == '/') { 674 cnp->cn_nameptr = ndp->ni_next; 675 while (*cnp->cn_nameptr == '/') { 676 cnp->cn_nameptr++; 677 ndp->ni_pathlen--; 678 } 679 if (ndp->ni_dvp != dp) 680 vput(ndp->ni_dvp); 681 else 682 vrele(ndp->ni_dvp); 683 goto dirloop; 684 } 685 /* 686 * Disallow directory write attempts on read-only filesystems. 687 */ 688 if (rdonly && 689 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 690 error = EROFS; 691 goto bad2; 692 } 693 if (cnp->cn_flags & SAVESTART) { 694 ndp->ni_startdir = ndp->ni_dvp; 695 VREF(ndp->ni_startdir); 696 } 697 if (!wantparent) { 698 if (ndp->ni_dvp != dp) 699 vput(ndp->ni_dvp); 700 else 701 vrele(ndp->ni_dvp); 702 } else if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp != dp) 703 VOP_UNLOCK(ndp->ni_dvp, 0, td); 704 705 if ((cnp->cn_flags & LOCKLEAF) == 0) 706 VOP_UNLOCK(dp, 0, td); 707 success: 708 if (vfslocked) 709 ndp->ni_cnd.cn_flags |= GIANTHELD; 710 return (0); 711 712 bad2: 713 if (dp != ndp->ni_dvp) 714 vput(ndp->ni_dvp); 715 else 716 vrele(ndp->ni_dvp); 717 bad: 718 if (!dpunlocked) 719 vput(dp); 720 VFS_UNLOCK_GIANT(vfslocked); 721 ndp->ni_cnd.cn_flags &= ~GIANTHELD; 722 ndp->ni_vp = NULL; 723 return (error); 724 } 725 726 /* 727 * relookup - lookup a path name component 728 * Used by lookup to re-aquire things. 729 */ 730 int 731 relookup(dvp, vpp, cnp) 732 struct vnode *dvp, **vpp; 733 struct componentname *cnp; 734 { 735 struct thread *td = cnp->cn_thread; 736 struct vnode *dp = 0; /* the directory we are searching */ 737 int wantparent; /* 1 => wantparent or lockparent flag */ 738 int rdonly; /* lookup read-only flag bit */ 739 int error = 0; 740 741 KASSERT(cnp->cn_flags & ISLASTCN, 742 ("relookup: Not given last component.")); 743 /* 744 * Setup: break out flag bits into variables. 745 */ 746 wantparent = cnp->cn_flags & (LOCKPARENT|WANTPARENT); 747 KASSERT(wantparent, ("relookup: parent not wanted.")); 748 rdonly = cnp->cn_flags & RDONLY; 749 cnp->cn_flags &= ~ISSYMLINK; 750 dp = dvp; 751 cnp->cn_lkflags = LK_EXCLUSIVE; 752 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td); 753 754 /* 755 * Search a new directory. 756 * 757 * The last component of the filename is left accessible via 758 * cnp->cn_nameptr for callers that need the name. Callers needing 759 * the name set the SAVENAME flag. When done, they assume 760 * responsibility for freeing the pathname buffer. 761 */ 762 #ifdef NAMEI_DIAGNOSTIC 763 printf("{%s}: ", cnp->cn_nameptr); 764 #endif 765 766 /* 767 * Check for degenerate name (e.g. / or "") 768 * which is a way of talking about a directory, 769 * e.g. like "/." or ".". 770 */ 771 if (cnp->cn_nameptr[0] == '\0') { 772 if (cnp->cn_nameiop != LOOKUP || wantparent) { 773 error = EISDIR; 774 goto bad; 775 } 776 if (dp->v_type != VDIR) { 777 error = ENOTDIR; 778 goto bad; 779 } 780 if (!(cnp->cn_flags & LOCKLEAF)) 781 VOP_UNLOCK(dp, 0, td); 782 *vpp = dp; 783 /* XXX This should probably move to the top of function. */ 784 if (cnp->cn_flags & SAVESTART) 785 panic("lookup: SAVESTART"); 786 return (0); 787 } 788 789 if (cnp->cn_flags & ISDOTDOT) 790 panic ("relookup: lookup on dot-dot"); 791 792 /* 793 * We now have a segment name to search for, and a directory to search. 794 */ 795 #ifdef NAMEI_DIAGNOSTIC 796 vprint("search in:", dp); 797 #endif 798 if ((error = VOP_LOOKUP(dp, vpp, cnp)) != 0) { 799 KASSERT(*vpp == NULL, ("leaf should be empty")); 800 if (error != EJUSTRETURN) 801 goto bad; 802 /* 803 * If creating and at end of pathname, then can consider 804 * allowing file to be created. 805 */ 806 if (rdonly) { 807 error = EROFS; 808 goto bad; 809 } 810 /* ASSERT(dvp == ndp->ni_startdir) */ 811 if (cnp->cn_flags & SAVESTART) 812 VREF(dvp); 813 if ((cnp->cn_flags & LOCKPARENT) == 0) 814 VOP_UNLOCK(dp, 0, td); 815 /* 816 * This is a temporary assert to make sure I know what the 817 * behavior here was. 818 */ 819 KASSERT((cnp->cn_flags & (WANTPARENT|LOCKPARENT)) != 0, 820 ("relookup: Unhandled case.")); 821 /* 822 * We return with ni_vp NULL to indicate that the entry 823 * doesn't currently exist, leaving a pointer to the 824 * (possibly locked) directory inode in ndp->ni_dvp. 825 */ 826 return (0); 827 } 828 dp = *vpp; 829 830 /* 831 * Disallow directory write attempts on read-only filesystems. 832 */ 833 if (rdonly && 834 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 835 if (dvp == dp) 836 vrele(dvp); 837 else 838 vput(dvp); 839 error = EROFS; 840 goto bad; 841 } 842 /* 843 * Set the parent lock/ref state to the requested state. 844 */ 845 if ((cnp->cn_flags & LOCKPARENT) == 0 && dvp != dp) { 846 if (wantparent) 847 VOP_UNLOCK(dvp, 0, td); 848 else 849 vput(dvp); 850 } else if (!wantparent) 851 vrele(dvp); 852 /* 853 * Check for symbolic link 854 */ 855 KASSERT(dp->v_type != VLNK || !(cnp->cn_flags & FOLLOW), 856 ("relookup: symlink found.\n")); 857 858 /* ASSERT(dvp == ndp->ni_startdir) */ 859 if (cnp->cn_flags & SAVESTART) 860 VREF(dvp); 861 862 if ((cnp->cn_flags & LOCKLEAF) == 0) 863 VOP_UNLOCK(dp, 0, td); 864 return (0); 865 bad: 866 vput(dp); 867 *vpp = NULL; 868 return (error); 869 } 870 871 /* 872 * Free data allocated by namei(); see namei(9) for details. 873 */ 874 void 875 NDFREE(ndp, flags) 876 struct nameidata *ndp; 877 const u_int flags; 878 { 879 int unlock_dvp; 880 int unlock_vp; 881 882 unlock_dvp = 0; 883 unlock_vp = 0; 884 885 if (!(flags & NDF_NO_FREE_PNBUF) && 886 (ndp->ni_cnd.cn_flags & HASBUF)) { 887 uma_zfree(namei_zone, ndp->ni_cnd.cn_pnbuf); 888 ndp->ni_cnd.cn_flags &= ~HASBUF; 889 } 890 if (!(flags & NDF_NO_VP_UNLOCK) && 891 (ndp->ni_cnd.cn_flags & LOCKLEAF) && ndp->ni_vp) 892 unlock_vp = 1; 893 if (!(flags & NDF_NO_VP_RELE) && ndp->ni_vp) { 894 if (unlock_vp) { 895 vput(ndp->ni_vp); 896 unlock_vp = 0; 897 } else 898 vrele(ndp->ni_vp); 899 ndp->ni_vp = NULL; 900 } 901 if (unlock_vp) 902 VOP_UNLOCK(ndp->ni_vp, 0, ndp->ni_cnd.cn_thread); 903 if (!(flags & NDF_NO_DVP_UNLOCK) && 904 (ndp->ni_cnd.cn_flags & LOCKPARENT) && 905 ndp->ni_dvp != ndp->ni_vp) 906 unlock_dvp = 1; 907 if (!(flags & NDF_NO_DVP_RELE) && 908 (ndp->ni_cnd.cn_flags & (LOCKPARENT|WANTPARENT))) { 909 if (unlock_dvp) { 910 vput(ndp->ni_dvp); 911 unlock_dvp = 0; 912 } else 913 vrele(ndp->ni_dvp); 914 ndp->ni_dvp = NULL; 915 } 916 if (unlock_dvp) 917 VOP_UNLOCK(ndp->ni_dvp, 0, ndp->ni_cnd.cn_thread); 918 if (!(flags & NDF_NO_STARTDIR_RELE) && 919 (ndp->ni_cnd.cn_flags & SAVESTART)) { 920 vrele(ndp->ni_startdir); 921 ndp->ni_startdir = NULL; 922 } 923 } 924 925 /* 926 * Determine if there is a suitable alternate filename under the specified 927 * prefix for the specified path. If the create flag is set, then the 928 * alternate prefix will be used so long as the parent directory exists. 929 * This is used by the various compatiblity ABIs so that Linux binaries prefer 930 * files under /compat/linux for example. The chosen path (whether under 931 * the prefix or under /) is returned in a kernel malloc'd buffer pointed 932 * to by pathbuf. The caller is responsible for free'ing the buffer from 933 * the M_TEMP bucket if one is returned. 934 */ 935 int 936 kern_alternate_path(struct thread *td, const char *prefix, char *path, 937 enum uio_seg pathseg, char **pathbuf, int create) 938 { 939 struct nameidata nd, ndroot; 940 char *ptr, *buf, *cp; 941 size_t len, sz; 942 int error; 943 944 buf = (char *) malloc(MAXPATHLEN, M_TEMP, M_WAITOK); 945 *pathbuf = buf; 946 947 /* Copy the prefix into the new pathname as a starting point. */ 948 len = strlcpy(buf, prefix, MAXPATHLEN); 949 if (len >= MAXPATHLEN) { 950 *pathbuf = NULL; 951 free(buf, M_TEMP); 952 return (EINVAL); 953 } 954 sz = MAXPATHLEN - len; 955 ptr = buf + len; 956 957 /* Append the filename to the prefix. */ 958 if (pathseg == UIO_SYSSPACE) 959 error = copystr(path, ptr, sz, &len); 960 else 961 error = copyinstr(path, ptr, sz, &len); 962 963 if (error) { 964 *pathbuf = NULL; 965 free(buf, M_TEMP); 966 return (error); 967 } 968 969 /* Only use a prefix with absolute pathnames. */ 970 if (*ptr != '/') { 971 error = EINVAL; 972 goto keeporig; 973 } 974 975 /* 976 * We know that there is a / somewhere in this pathname. 977 * Search backwards for it, to find the file's parent dir 978 * to see if it exists in the alternate tree. If it does, 979 * and we want to create a file (cflag is set). We don't 980 * need to worry about the root comparison in this case. 981 */ 982 983 if (create) { 984 for (cp = &ptr[len] - 1; *cp != '/'; cp--); 985 *cp = '\0'; 986 987 NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE, buf, td); 988 error = namei(&nd); 989 *cp = '/'; 990 if (error != 0) 991 goto keeporig; 992 } else { 993 NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE, buf, td); 994 995 error = namei(&nd); 996 if (error != 0) 997 goto keeporig; 998 999 /* 1000 * We now compare the vnode of the prefix to the one 1001 * vnode asked. If they resolve to be the same, then we 1002 * ignore the match so that the real root gets used. 1003 * This avoids the problem of traversing "../.." to find the 1004 * root directory and never finding it, because "/" resolves 1005 * to the emulation root directory. This is expensive :-( 1006 */ 1007 NDINIT(&ndroot, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE, prefix, 1008 td); 1009 1010 /* We shouldn't ever get an error from this namei(). */ 1011 error = namei(&ndroot); 1012 if (error == 0) { 1013 if (nd.ni_vp == ndroot.ni_vp) 1014 error = ENOENT; 1015 1016 NDFREE(&ndroot, NDF_ONLY_PNBUF); 1017 vrele(ndroot.ni_vp); 1018 VFS_UNLOCK_GIANT(NDHASGIANT(&ndroot)); 1019 } 1020 } 1021 1022 NDFREE(&nd, NDF_ONLY_PNBUF); 1023 vrele(nd.ni_vp); 1024 VFS_UNLOCK_GIANT(NDHASGIANT(&nd)); 1025 1026 keeporig: 1027 /* If there was an error, use the original path name. */ 1028 if (error) 1029 bcopy(ptr, buf, len); 1030 return (error); 1031 } 1032