xref: /freebsd/sys/kern/vfs_syscalls.c (revision 5dae51da3da0cc94d17bd67b308fad304ebec7e0)
1 /*-
2  * Copyright (c) 1989, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  * (c) UNIX System Laboratories, Inc.
5  * All or some portions of this file are derived from material licensed
6  * to the University of California by American Telephone and Telegraph
7  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8  * the permission of UNIX System Laboratories, Inc.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  *	@(#)vfs_syscalls.c	8.13 (Berkeley) 4/15/94
35  */
36 
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD$");
39 
40 #include "opt_capsicum.h"
41 #include "opt_compat.h"
42 #include "opt_ktrace.h"
43 
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/bio.h>
47 #include <sys/buf.h>
48 #include <sys/capsicum.h>
49 #include <sys/disk.h>
50 #include <sys/sysent.h>
51 #include <sys/malloc.h>
52 #include <sys/mount.h>
53 #include <sys/mutex.h>
54 #include <sys/sysproto.h>
55 #include <sys/namei.h>
56 #include <sys/filedesc.h>
57 #include <sys/kernel.h>
58 #include <sys/fcntl.h>
59 #include <sys/file.h>
60 #include <sys/filio.h>
61 #include <sys/limits.h>
62 #include <sys/linker.h>
63 #include <sys/rwlock.h>
64 #include <sys/sdt.h>
65 #include <sys/stat.h>
66 #include <sys/sx.h>
67 #include <sys/unistd.h>
68 #include <sys/vnode.h>
69 #include <sys/priv.h>
70 #include <sys/proc.h>
71 #include <sys/dirent.h>
72 #include <sys/jail.h>
73 #include <sys/syscallsubr.h>
74 #include <sys/sysctl.h>
75 #ifdef KTRACE
76 #include <sys/ktrace.h>
77 #endif
78 
79 #include <machine/stdarg.h>
80 
81 #include <security/audit/audit.h>
82 #include <security/mac/mac_framework.h>
83 
84 #include <vm/vm.h>
85 #include <vm/vm_object.h>
86 #include <vm/vm_page.h>
87 #include <vm/uma.h>
88 
89 #include <ufs/ufs/quota.h>
90 
91 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
92 
93 SDT_PROVIDER_DEFINE(vfs);
94 SDT_PROBE_DEFINE2(vfs, , stat, mode, "char *", "int");
95 SDT_PROBE_DEFINE2(vfs, , stat, reg, "char *", "int");
96 
97 static int kern_chflagsat(struct thread *td, int fd, const char *path,
98     enum uio_seg pathseg, u_long flags, int atflag);
99 static int setfflags(struct thread *td, struct vnode *, u_long);
100 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
101 static int getutimens(const struct timespec *, enum uio_seg,
102     struct timespec *, int *);
103 static int setutimes(struct thread *td, struct vnode *,
104     const struct timespec *, int, int);
105 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
106     struct thread *td);
107 
108 /*
109  * Sync each mounted filesystem.
110  */
111 #ifndef _SYS_SYSPROTO_H_
112 struct sync_args {
113 	int     dummy;
114 };
115 #endif
116 /* ARGSUSED */
117 int
118 sys_sync(td, uap)
119 	struct thread *td;
120 	struct sync_args *uap;
121 {
122 	struct mount *mp, *nmp;
123 	int save;
124 
125 	mtx_lock(&mountlist_mtx);
126 	for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
127 		if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
128 			nmp = TAILQ_NEXT(mp, mnt_list);
129 			continue;
130 		}
131 		if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
132 		    vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
133 			save = curthread_pflags_set(TDP_SYNCIO);
134 			vfs_msync(mp, MNT_NOWAIT);
135 			VFS_SYNC(mp, MNT_NOWAIT);
136 			curthread_pflags_restore(save);
137 			vn_finished_write(mp);
138 		}
139 		mtx_lock(&mountlist_mtx);
140 		nmp = TAILQ_NEXT(mp, mnt_list);
141 		vfs_unbusy(mp);
142 	}
143 	mtx_unlock(&mountlist_mtx);
144 	return (0);
145 }
146 
147 /*
148  * Change filesystem quotas.
149  */
150 #ifndef _SYS_SYSPROTO_H_
151 struct quotactl_args {
152 	char *path;
153 	int cmd;
154 	int uid;
155 	caddr_t arg;
156 };
157 #endif
158 int
159 sys_quotactl(td, uap)
160 	struct thread *td;
161 	register struct quotactl_args /* {
162 		char *path;
163 		int cmd;
164 		int uid;
165 		caddr_t arg;
166 	} */ *uap;
167 {
168 	struct mount *mp;
169 	struct nameidata nd;
170 	int error;
171 
172 	AUDIT_ARG_CMD(uap->cmd);
173 	AUDIT_ARG_UID(uap->uid);
174 	if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
175 		return (EPERM);
176 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
177 	    uap->path, td);
178 	if ((error = namei(&nd)) != 0)
179 		return (error);
180 	NDFREE(&nd, NDF_ONLY_PNBUF);
181 	mp = nd.ni_vp->v_mount;
182 	vfs_ref(mp);
183 	vput(nd.ni_vp);
184 	error = vfs_busy(mp, 0);
185 	vfs_rel(mp);
186 	if (error != 0)
187 		return (error);
188 	error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg);
189 
190 	/*
191 	 * Since quota on operation typically needs to open quota
192 	 * file, the Q_QUOTAON handler needs to unbusy the mount point
193 	 * before calling into namei.  Otherwise, unmount might be
194 	 * started between two vfs_busy() invocations (first is our,
195 	 * second is from mount point cross-walk code in lookup()),
196 	 * causing deadlock.
197 	 *
198 	 * Require that Q_QUOTAON handles the vfs_busy() reference on
199 	 * its own, always returning with ubusied mount point.
200 	 */
201 	if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON)
202 		vfs_unbusy(mp);
203 	return (error);
204 }
205 
206 /*
207  * Used by statfs conversion routines to scale the block size up if
208  * necessary so that all of the block counts are <= 'max_size'.  Note
209  * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
210  * value of 'n'.
211  */
212 void
213 statfs_scale_blocks(struct statfs *sf, long max_size)
214 {
215 	uint64_t count;
216 	int shift;
217 
218 	KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
219 
220 	/*
221 	 * Attempt to scale the block counts to give a more accurate
222 	 * overview to userland of the ratio of free space to used
223 	 * space.  To do this, find the largest block count and compute
224 	 * a divisor that lets it fit into a signed integer <= max_size.
225 	 */
226 	if (sf->f_bavail < 0)
227 		count = -sf->f_bavail;
228 	else
229 		count = sf->f_bavail;
230 	count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
231 	if (count <= max_size)
232 		return;
233 
234 	count >>= flsl(max_size);
235 	shift = 0;
236 	while (count > 0) {
237 		shift++;
238 		count >>=1;
239 	}
240 
241 	sf->f_bsize <<= shift;
242 	sf->f_blocks >>= shift;
243 	sf->f_bfree >>= shift;
244 	sf->f_bavail >>= shift;
245 }
246 
247 /*
248  * Get filesystem statistics.
249  */
250 #ifndef _SYS_SYSPROTO_H_
251 struct statfs_args {
252 	char *path;
253 	struct statfs *buf;
254 };
255 #endif
256 int
257 sys_statfs(td, uap)
258 	struct thread *td;
259 	register struct statfs_args /* {
260 		char *path;
261 		struct statfs *buf;
262 	} */ *uap;
263 {
264 	struct statfs sf;
265 	int error;
266 
267 	error = kern_statfs(td, uap->path, UIO_USERSPACE, &sf);
268 	if (error == 0)
269 		error = copyout(&sf, uap->buf, sizeof(sf));
270 	return (error);
271 }
272 
273 int
274 kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
275     struct statfs *buf)
276 {
277 	struct mount *mp;
278 	struct statfs *sp, sb;
279 	struct nameidata nd;
280 	int error;
281 
282 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
283 	    pathseg, path, td);
284 	error = namei(&nd);
285 	if (error != 0)
286 		return (error);
287 	mp = nd.ni_vp->v_mount;
288 	vfs_ref(mp);
289 	NDFREE(&nd, NDF_ONLY_PNBUF);
290 	vput(nd.ni_vp);
291 	error = vfs_busy(mp, 0);
292 	vfs_rel(mp);
293 	if (error != 0)
294 		return (error);
295 #ifdef MAC
296 	error = mac_mount_check_stat(td->td_ucred, mp);
297 	if (error != 0)
298 		goto out;
299 #endif
300 	/*
301 	 * Set these in case the underlying filesystem fails to do so.
302 	 */
303 	sp = &mp->mnt_stat;
304 	sp->f_version = STATFS_VERSION;
305 	sp->f_namemax = NAME_MAX;
306 	sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
307 	error = VFS_STATFS(mp, sp);
308 	if (error != 0)
309 		goto out;
310 	if (priv_check(td, PRIV_VFS_GENERATION)) {
311 		bcopy(sp, &sb, sizeof(sb));
312 		sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
313 		prison_enforce_statfs(td->td_ucred, mp, &sb);
314 		sp = &sb;
315 	}
316 	*buf = *sp;
317 out:
318 	vfs_unbusy(mp);
319 	return (error);
320 }
321 
322 /*
323  * Get filesystem statistics.
324  */
325 #ifndef _SYS_SYSPROTO_H_
326 struct fstatfs_args {
327 	int fd;
328 	struct statfs *buf;
329 };
330 #endif
331 int
332 sys_fstatfs(td, uap)
333 	struct thread *td;
334 	register struct fstatfs_args /* {
335 		int fd;
336 		struct statfs *buf;
337 	} */ *uap;
338 {
339 	struct statfs sf;
340 	int error;
341 
342 	error = kern_fstatfs(td, uap->fd, &sf);
343 	if (error == 0)
344 		error = copyout(&sf, uap->buf, sizeof(sf));
345 	return (error);
346 }
347 
348 int
349 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
350 {
351 	struct file *fp;
352 	struct mount *mp;
353 	struct statfs *sp, sb;
354 	struct vnode *vp;
355 	cap_rights_t rights;
356 	int error;
357 
358 	AUDIT_ARG_FD(fd);
359 	error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSTATFS), &fp);
360 	if (error != 0)
361 		return (error);
362 	vp = fp->f_vnode;
363 	vn_lock(vp, LK_SHARED | LK_RETRY);
364 #ifdef AUDIT
365 	AUDIT_ARG_VNODE1(vp);
366 #endif
367 	mp = vp->v_mount;
368 	if (mp)
369 		vfs_ref(mp);
370 	VOP_UNLOCK(vp, 0);
371 	fdrop(fp, td);
372 	if (mp == NULL) {
373 		error = EBADF;
374 		goto out;
375 	}
376 	error = vfs_busy(mp, 0);
377 	vfs_rel(mp);
378 	if (error != 0)
379 		return (error);
380 #ifdef MAC
381 	error = mac_mount_check_stat(td->td_ucred, mp);
382 	if (error != 0)
383 		goto out;
384 #endif
385 	/*
386 	 * Set these in case the underlying filesystem fails to do so.
387 	 */
388 	sp = &mp->mnt_stat;
389 	sp->f_version = STATFS_VERSION;
390 	sp->f_namemax = NAME_MAX;
391 	sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
392 	error = VFS_STATFS(mp, sp);
393 	if (error != 0)
394 		goto out;
395 	if (priv_check(td, PRIV_VFS_GENERATION)) {
396 		bcopy(sp, &sb, sizeof(sb));
397 		sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
398 		prison_enforce_statfs(td->td_ucred, mp, &sb);
399 		sp = &sb;
400 	}
401 	*buf = *sp;
402 out:
403 	if (mp)
404 		vfs_unbusy(mp);
405 	return (error);
406 }
407 
408 /*
409  * Get statistics on all filesystems.
410  */
411 #ifndef _SYS_SYSPROTO_H_
412 struct getfsstat_args {
413 	struct statfs *buf;
414 	long bufsize;
415 	int flags;
416 };
417 #endif
418 int
419 sys_getfsstat(td, uap)
420 	struct thread *td;
421 	register struct getfsstat_args /* {
422 		struct statfs *buf;
423 		long bufsize;
424 		int flags;
425 	} */ *uap;
426 {
427 	size_t count;
428 	int error;
429 
430 	if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
431 		return (EINVAL);
432 	error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
433 	    UIO_USERSPACE, uap->flags);
434 	if (error == 0)
435 		td->td_retval[0] = count;
436 	return (error);
437 }
438 
439 /*
440  * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
441  *	The caller is responsible for freeing memory which will be allocated
442  *	in '*buf'.
443  */
444 int
445 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
446     size_t *countp, enum uio_seg bufseg, int flags)
447 {
448 	struct mount *mp, *nmp;
449 	struct statfs *sfsp, *sp, sb;
450 	size_t count, maxcount;
451 	int error;
452 
453 	maxcount = bufsize / sizeof(struct statfs);
454 	if (bufsize == 0)
455 		sfsp = NULL;
456 	else if (bufseg == UIO_USERSPACE)
457 		sfsp = *buf;
458 	else /* if (bufseg == UIO_SYSSPACE) */ {
459 		count = 0;
460 		mtx_lock(&mountlist_mtx);
461 		TAILQ_FOREACH(mp, &mountlist, mnt_list) {
462 			count++;
463 		}
464 		mtx_unlock(&mountlist_mtx);
465 		if (maxcount > count)
466 			maxcount = count;
467 		sfsp = *buf = malloc(maxcount * sizeof(struct statfs), M_TEMP,
468 		    M_WAITOK);
469 	}
470 	count = 0;
471 	mtx_lock(&mountlist_mtx);
472 	for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
473 		if (prison_canseemount(td->td_ucred, mp) != 0) {
474 			nmp = TAILQ_NEXT(mp, mnt_list);
475 			continue;
476 		}
477 #ifdef MAC
478 		if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
479 			nmp = TAILQ_NEXT(mp, mnt_list);
480 			continue;
481 		}
482 #endif
483 		if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
484 			nmp = TAILQ_NEXT(mp, mnt_list);
485 			continue;
486 		}
487 		if (sfsp && count < maxcount) {
488 			sp = &mp->mnt_stat;
489 			/*
490 			 * Set these in case the underlying filesystem
491 			 * fails to do so.
492 			 */
493 			sp->f_version = STATFS_VERSION;
494 			sp->f_namemax = NAME_MAX;
495 			sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
496 			/*
497 			 * If MNT_NOWAIT or MNT_LAZY is specified, do not
498 			 * refresh the fsstat cache.
499 			 */
500 			if (flags != MNT_LAZY && flags != MNT_NOWAIT) {
501 				error = VFS_STATFS(mp, sp);
502 				if (error != 0) {
503 					mtx_lock(&mountlist_mtx);
504 					nmp = TAILQ_NEXT(mp, mnt_list);
505 					vfs_unbusy(mp);
506 					continue;
507 				}
508 			}
509 			if (priv_check(td, PRIV_VFS_GENERATION)) {
510 				bcopy(sp, &sb, sizeof(sb));
511 				sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
512 				prison_enforce_statfs(td->td_ucred, mp, &sb);
513 				sp = &sb;
514 			}
515 			if (bufseg == UIO_SYSSPACE)
516 				bcopy(sp, sfsp, sizeof(*sp));
517 			else /* if (bufseg == UIO_USERSPACE) */ {
518 				error = copyout(sp, sfsp, sizeof(*sp));
519 				if (error != 0) {
520 					vfs_unbusy(mp);
521 					return (error);
522 				}
523 			}
524 			sfsp++;
525 		}
526 		count++;
527 		mtx_lock(&mountlist_mtx);
528 		nmp = TAILQ_NEXT(mp, mnt_list);
529 		vfs_unbusy(mp);
530 	}
531 	mtx_unlock(&mountlist_mtx);
532 	if (sfsp && count > maxcount)
533 		*countp = maxcount;
534 	else
535 		*countp = count;
536 	return (0);
537 }
538 
539 #ifdef COMPAT_FREEBSD4
540 /*
541  * Get old format filesystem statistics.
542  */
543 static void cvtstatfs(struct statfs *, struct ostatfs *);
544 
545 #ifndef _SYS_SYSPROTO_H_
546 struct freebsd4_statfs_args {
547 	char *path;
548 	struct ostatfs *buf;
549 };
550 #endif
551 int
552 freebsd4_statfs(td, uap)
553 	struct thread *td;
554 	struct freebsd4_statfs_args /* {
555 		char *path;
556 		struct ostatfs *buf;
557 	} */ *uap;
558 {
559 	struct ostatfs osb;
560 	struct statfs sf;
561 	int error;
562 
563 	error = kern_statfs(td, uap->path, UIO_USERSPACE, &sf);
564 	if (error != 0)
565 		return (error);
566 	cvtstatfs(&sf, &osb);
567 	return (copyout(&osb, uap->buf, sizeof(osb)));
568 }
569 
570 /*
571  * Get filesystem statistics.
572  */
573 #ifndef _SYS_SYSPROTO_H_
574 struct freebsd4_fstatfs_args {
575 	int fd;
576 	struct ostatfs *buf;
577 };
578 #endif
579 int
580 freebsd4_fstatfs(td, uap)
581 	struct thread *td;
582 	struct freebsd4_fstatfs_args /* {
583 		int fd;
584 		struct ostatfs *buf;
585 	} */ *uap;
586 {
587 	struct ostatfs osb;
588 	struct statfs sf;
589 	int error;
590 
591 	error = kern_fstatfs(td, uap->fd, &sf);
592 	if (error != 0)
593 		return (error);
594 	cvtstatfs(&sf, &osb);
595 	return (copyout(&osb, uap->buf, sizeof(osb)));
596 }
597 
598 /*
599  * Get statistics on all filesystems.
600  */
601 #ifndef _SYS_SYSPROTO_H_
602 struct freebsd4_getfsstat_args {
603 	struct ostatfs *buf;
604 	long bufsize;
605 	int flags;
606 };
607 #endif
608 int
609 freebsd4_getfsstat(td, uap)
610 	struct thread *td;
611 	register struct freebsd4_getfsstat_args /* {
612 		struct ostatfs *buf;
613 		long bufsize;
614 		int flags;
615 	} */ *uap;
616 {
617 	struct statfs *buf, *sp;
618 	struct ostatfs osb;
619 	size_t count, size;
620 	int error;
621 
622 	if (uap->bufsize < 0)
623 		return (EINVAL);
624 	count = uap->bufsize / sizeof(struct ostatfs);
625 	if (count > SIZE_MAX / sizeof(struct statfs))
626 		return (EINVAL);
627 	size = count * sizeof(struct statfs);
628 	error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
629 	    uap->flags);
630 	td->td_retval[0] = count;
631 	if (size != 0) {
632 		sp = buf;
633 		while (count != 0 && error == 0) {
634 			cvtstatfs(sp, &osb);
635 			error = copyout(&osb, uap->buf, sizeof(osb));
636 			sp++;
637 			uap->buf++;
638 			count--;
639 		}
640 		free(buf, M_TEMP);
641 	}
642 	return (error);
643 }
644 
645 /*
646  * Implement fstatfs() for (NFS) file handles.
647  */
648 #ifndef _SYS_SYSPROTO_H_
649 struct freebsd4_fhstatfs_args {
650 	struct fhandle *u_fhp;
651 	struct ostatfs *buf;
652 };
653 #endif
654 int
655 freebsd4_fhstatfs(td, uap)
656 	struct thread *td;
657 	struct freebsd4_fhstatfs_args /* {
658 		struct fhandle *u_fhp;
659 		struct ostatfs *buf;
660 	} */ *uap;
661 {
662 	struct ostatfs osb;
663 	struct statfs sf;
664 	fhandle_t fh;
665 	int error;
666 
667 	error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
668 	if (error != 0)
669 		return (error);
670 	error = kern_fhstatfs(td, fh, &sf);
671 	if (error != 0)
672 		return (error);
673 	cvtstatfs(&sf, &osb);
674 	return (copyout(&osb, uap->buf, sizeof(osb)));
675 }
676 
677 /*
678  * Convert a new format statfs structure to an old format statfs structure.
679  */
680 static void
681 cvtstatfs(nsp, osp)
682 	struct statfs *nsp;
683 	struct ostatfs *osp;
684 {
685 
686 	statfs_scale_blocks(nsp, LONG_MAX);
687 	bzero(osp, sizeof(*osp));
688 	osp->f_bsize = nsp->f_bsize;
689 	osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
690 	osp->f_blocks = nsp->f_blocks;
691 	osp->f_bfree = nsp->f_bfree;
692 	osp->f_bavail = nsp->f_bavail;
693 	osp->f_files = MIN(nsp->f_files, LONG_MAX);
694 	osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
695 	osp->f_owner = nsp->f_owner;
696 	osp->f_type = nsp->f_type;
697 	osp->f_flags = nsp->f_flags;
698 	osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
699 	osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
700 	osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
701 	osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
702 	strlcpy(osp->f_fstypename, nsp->f_fstypename,
703 	    MIN(MFSNAMELEN, OMFSNAMELEN));
704 	strlcpy(osp->f_mntonname, nsp->f_mntonname,
705 	    MIN(MNAMELEN, OMNAMELEN));
706 	strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
707 	    MIN(MNAMELEN, OMNAMELEN));
708 	osp->f_fsid = nsp->f_fsid;
709 }
710 #endif /* COMPAT_FREEBSD4 */
711 
712 /*
713  * Change current working directory to a given file descriptor.
714  */
715 #ifndef _SYS_SYSPROTO_H_
716 struct fchdir_args {
717 	int	fd;
718 };
719 #endif
720 int
721 sys_fchdir(td, uap)
722 	struct thread *td;
723 	struct fchdir_args /* {
724 		int fd;
725 	} */ *uap;
726 {
727 	struct vnode *vp, *tdp;
728 	struct mount *mp;
729 	struct file *fp;
730 	cap_rights_t rights;
731 	int error;
732 
733 	AUDIT_ARG_FD(uap->fd);
734 	error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_FCHDIR),
735 	    &fp);
736 	if (error != 0)
737 		return (error);
738 	vp = fp->f_vnode;
739 	VREF(vp);
740 	fdrop(fp, td);
741 	vn_lock(vp, LK_SHARED | LK_RETRY);
742 	AUDIT_ARG_VNODE1(vp);
743 	error = change_dir(vp, td);
744 	while (!error && (mp = vp->v_mountedhere) != NULL) {
745 		if (vfs_busy(mp, 0))
746 			continue;
747 		error = VFS_ROOT(mp, LK_SHARED, &tdp);
748 		vfs_unbusy(mp);
749 		if (error != 0)
750 			break;
751 		vput(vp);
752 		vp = tdp;
753 	}
754 	if (error != 0) {
755 		vput(vp);
756 		return (error);
757 	}
758 	VOP_UNLOCK(vp, 0);
759 	pwd_chdir(td, vp);
760 	return (0);
761 }
762 
763 /*
764  * Change current working directory (``.'').
765  */
766 #ifndef _SYS_SYSPROTO_H_
767 struct chdir_args {
768 	char	*path;
769 };
770 #endif
771 int
772 sys_chdir(td, uap)
773 	struct thread *td;
774 	struct chdir_args /* {
775 		char *path;
776 	} */ *uap;
777 {
778 
779 	return (kern_chdir(td, uap->path, UIO_USERSPACE));
780 }
781 
782 int
783 kern_chdir(struct thread *td, char *path, enum uio_seg pathseg)
784 {
785 	struct nameidata nd;
786 	int error;
787 
788 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
789 	    pathseg, path, td);
790 	if ((error = namei(&nd)) != 0)
791 		return (error);
792 	if ((error = change_dir(nd.ni_vp, td)) != 0) {
793 		vput(nd.ni_vp);
794 		NDFREE(&nd, NDF_ONLY_PNBUF);
795 		return (error);
796 	}
797 	VOP_UNLOCK(nd.ni_vp, 0);
798 	NDFREE(&nd, NDF_ONLY_PNBUF);
799 	pwd_chdir(td, nd.ni_vp);
800 	return (0);
801 }
802 
803 /*
804  * Change notion of root (``/'') directory.
805  */
806 #ifndef _SYS_SYSPROTO_H_
807 struct chroot_args {
808 	char	*path;
809 };
810 #endif
811 int
812 sys_chroot(td, uap)
813 	struct thread *td;
814 	struct chroot_args /* {
815 		char *path;
816 	} */ *uap;
817 {
818 	struct nameidata nd;
819 	int error;
820 
821 	error = priv_check(td, PRIV_VFS_CHROOT);
822 	if (error != 0)
823 		return (error);
824 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
825 	    UIO_USERSPACE, uap->path, td);
826 	error = namei(&nd);
827 	if (error != 0)
828 		goto error;
829 	error = change_dir(nd.ni_vp, td);
830 	if (error != 0)
831 		goto e_vunlock;
832 #ifdef MAC
833 	error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
834 	if (error != 0)
835 		goto e_vunlock;
836 #endif
837 	VOP_UNLOCK(nd.ni_vp, 0);
838 	error = pwd_chroot(td, nd.ni_vp);
839 	vrele(nd.ni_vp);
840 	NDFREE(&nd, NDF_ONLY_PNBUF);
841 	return (error);
842 e_vunlock:
843 	vput(nd.ni_vp);
844 error:
845 	NDFREE(&nd, NDF_ONLY_PNBUF);
846 	return (error);
847 }
848 
849 /*
850  * Common routine for chroot and chdir.  Callers must provide a locked vnode
851  * instance.
852  */
853 int
854 change_dir(vp, td)
855 	struct vnode *vp;
856 	struct thread *td;
857 {
858 #ifdef MAC
859 	int error;
860 #endif
861 
862 	ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
863 	if (vp->v_type != VDIR)
864 		return (ENOTDIR);
865 #ifdef MAC
866 	error = mac_vnode_check_chdir(td->td_ucred, vp);
867 	if (error != 0)
868 		return (error);
869 #endif
870 	return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
871 }
872 
873 static __inline void
874 flags_to_rights(int flags, cap_rights_t *rightsp)
875 {
876 
877 	if (flags & O_EXEC) {
878 		cap_rights_set(rightsp, CAP_FEXECVE);
879 	} else {
880 		switch ((flags & O_ACCMODE)) {
881 		case O_RDONLY:
882 			cap_rights_set(rightsp, CAP_READ);
883 			break;
884 		case O_RDWR:
885 			cap_rights_set(rightsp, CAP_READ);
886 			/* FALLTHROUGH */
887 		case O_WRONLY:
888 			cap_rights_set(rightsp, CAP_WRITE);
889 			if (!(flags & (O_APPEND | O_TRUNC)))
890 				cap_rights_set(rightsp, CAP_SEEK);
891 			break;
892 		}
893 	}
894 
895 	if (flags & O_CREAT)
896 		cap_rights_set(rightsp, CAP_CREATE);
897 
898 	if (flags & O_TRUNC)
899 		cap_rights_set(rightsp, CAP_FTRUNCATE);
900 
901 	if (flags & (O_SYNC | O_FSYNC))
902 		cap_rights_set(rightsp, CAP_FSYNC);
903 
904 	if (flags & (O_EXLOCK | O_SHLOCK))
905 		cap_rights_set(rightsp, CAP_FLOCK);
906 }
907 
908 /*
909  * Check permissions, allocate an open file structure, and call the device
910  * open routine if any.
911  */
912 #ifndef _SYS_SYSPROTO_H_
913 struct open_args {
914 	char	*path;
915 	int	flags;
916 	int	mode;
917 };
918 #endif
919 int
920 sys_open(td, uap)
921 	struct thread *td;
922 	register struct open_args /* {
923 		char *path;
924 		int flags;
925 		int mode;
926 	} */ *uap;
927 {
928 
929 	return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
930 	    uap->flags, uap->mode));
931 }
932 
933 #ifndef _SYS_SYSPROTO_H_
934 struct openat_args {
935 	int	fd;
936 	char	*path;
937 	int	flag;
938 	int	mode;
939 };
940 #endif
941 int
942 sys_openat(struct thread *td, struct openat_args *uap)
943 {
944 
945 	AUDIT_ARG_FD(uap->fd);
946 	return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
947 	    uap->mode));
948 }
949 
950 int
951 kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
952     int flags, int mode)
953 {
954 	struct proc *p = td->td_proc;
955 	struct filedesc *fdp = p->p_fd;
956 	struct file *fp;
957 	struct vnode *vp;
958 	struct nameidata nd;
959 	cap_rights_t rights;
960 	int cmode, error, indx;
961 
962 	indx = -1;
963 
964 	AUDIT_ARG_FFLAGS(flags);
965 	AUDIT_ARG_MODE(mode);
966 	cap_rights_init(&rights, CAP_LOOKUP);
967 	flags_to_rights(flags, &rights);
968 	/*
969 	 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
970 	 * may be specified.
971 	 */
972 	if (flags & O_EXEC) {
973 		if (flags & O_ACCMODE)
974 			return (EINVAL);
975 	} else if ((flags & O_ACCMODE) == O_ACCMODE) {
976 		return (EINVAL);
977 	} else {
978 		flags = FFLAGS(flags);
979 	}
980 
981 	/*
982 	 * Allocate a file structure. The descriptor to reference it
983 	 * is allocated and set by finstall() below.
984 	 */
985 	error = falloc_noinstall(td, &fp);
986 	if (error != 0)
987 		return (error);
988 	/*
989 	 * An extra reference on `fp' has been held for us by
990 	 * falloc_noinstall().
991 	 */
992 	/* Set the flags early so the finit in devfs can pick them up. */
993 	fp->f_flag = flags & FMASK;
994 	cmode = ((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
995 	NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
996 	    &rights, td);
997 	td->td_dupfd = -1;		/* XXX check for fdopen */
998 	error = vn_open(&nd, &flags, cmode, fp);
999 	if (error != 0) {
1000 		/*
1001 		 * If the vn_open replaced the method vector, something
1002 		 * wonderous happened deep below and we just pass it up
1003 		 * pretending we know what we do.
1004 		 */
1005 		if (error == ENXIO && fp->f_ops != &badfileops)
1006 			goto success;
1007 
1008 		/*
1009 		 * Handle special fdopen() case. bleh.
1010 		 *
1011 		 * Don't do this for relative (capability) lookups; we don't
1012 		 * understand exactly what would happen, and we don't think
1013 		 * that it ever should.
1014 		 */
1015 		if (nd.ni_strictrelative == 0 &&
1016 		    (error == ENODEV || error == ENXIO) &&
1017 		    td->td_dupfd >= 0) {
1018 			error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1019 			    &indx);
1020 			if (error == 0)
1021 				goto success;
1022 		}
1023 
1024 		goto bad;
1025 	}
1026 	td->td_dupfd = 0;
1027 	NDFREE(&nd, NDF_ONLY_PNBUF);
1028 	vp = nd.ni_vp;
1029 
1030 	/*
1031 	 * Store the vnode, for any f_type. Typically, the vnode use
1032 	 * count is decremented by direct call to vn_closefile() for
1033 	 * files that switched type in the cdevsw fdopen() method.
1034 	 */
1035 	fp->f_vnode = vp;
1036 	/*
1037 	 * If the file wasn't claimed by devfs bind it to the normal
1038 	 * vnode operations here.
1039 	 */
1040 	if (fp->f_ops == &badfileops) {
1041 		KASSERT(vp->v_type != VFIFO, ("Unexpected fifo."));
1042 		fp->f_seqcount = 1;
1043 		finit(fp, (flags & FMASK) | (fp->f_flag & FHASLOCK),
1044 		    DTYPE_VNODE, vp, &vnops);
1045 	}
1046 
1047 	VOP_UNLOCK(vp, 0);
1048 	if (flags & O_TRUNC) {
1049 		error = fo_truncate(fp, 0, td->td_ucred, td);
1050 		if (error != 0)
1051 			goto bad;
1052 	}
1053 success:
1054 	/*
1055 	 * If we haven't already installed the FD (for dupfdopen), do so now.
1056 	 */
1057 	if (indx == -1) {
1058 		struct filecaps *fcaps;
1059 
1060 #ifdef CAPABILITIES
1061 		if (nd.ni_strictrelative == 1)
1062 			fcaps = &nd.ni_filecaps;
1063 		else
1064 #endif
1065 			fcaps = NULL;
1066 		error = finstall(td, fp, &indx, flags, fcaps);
1067 		/* On success finstall() consumes fcaps. */
1068 		if (error != 0) {
1069 			filecaps_free(&nd.ni_filecaps);
1070 			goto bad;
1071 		}
1072 	} else {
1073 		filecaps_free(&nd.ni_filecaps);
1074 	}
1075 
1076 	/*
1077 	 * Release our private reference, leaving the one associated with
1078 	 * the descriptor table intact.
1079 	 */
1080 	fdrop(fp, td);
1081 	td->td_retval[0] = indx;
1082 	return (0);
1083 bad:
1084 	KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1085 	fdrop(fp, td);
1086 	return (error);
1087 }
1088 
1089 #ifdef COMPAT_43
1090 /*
1091  * Create a file.
1092  */
1093 #ifndef _SYS_SYSPROTO_H_
1094 struct ocreat_args {
1095 	char	*path;
1096 	int	mode;
1097 };
1098 #endif
1099 int
1100 ocreat(td, uap)
1101 	struct thread *td;
1102 	register struct ocreat_args /* {
1103 		char *path;
1104 		int mode;
1105 	} */ *uap;
1106 {
1107 
1108 	return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1109 	    O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1110 }
1111 #endif /* COMPAT_43 */
1112 
1113 /*
1114  * Create a special file.
1115  */
1116 #ifndef _SYS_SYSPROTO_H_
1117 struct mknod_args {
1118 	char	*path;
1119 	int	mode;
1120 	int	dev;
1121 };
1122 #endif
1123 int
1124 sys_mknod(td, uap)
1125 	struct thread *td;
1126 	register struct mknod_args /* {
1127 		char *path;
1128 		int mode;
1129 		int dev;
1130 	} */ *uap;
1131 {
1132 
1133 	return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1134 	    uap->mode, uap->dev));
1135 }
1136 
1137 #ifndef _SYS_SYSPROTO_H_
1138 struct mknodat_args {
1139 	int	fd;
1140 	char	*path;
1141 	mode_t	mode;
1142 	dev_t	dev;
1143 };
1144 #endif
1145 int
1146 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1147 {
1148 
1149 	return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1150 	    uap->dev));
1151 }
1152 
1153 int
1154 kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1155     int mode, int dev)
1156 {
1157 	struct vnode *vp;
1158 	struct mount *mp;
1159 	struct vattr vattr;
1160 	struct nameidata nd;
1161 	cap_rights_t rights;
1162 	int error, whiteout = 0;
1163 
1164 	AUDIT_ARG_MODE(mode);
1165 	AUDIT_ARG_DEV(dev);
1166 	switch (mode & S_IFMT) {
1167 	case S_IFCHR:
1168 	case S_IFBLK:
1169 		error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1170 		if (error == 0 && dev == VNOVAL)
1171 			error = EINVAL;
1172 		break;
1173 	case S_IFMT:
1174 		error = priv_check(td, PRIV_VFS_MKNOD_BAD);
1175 		break;
1176 	case S_IFWHT:
1177 		error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1178 		break;
1179 	case S_IFIFO:
1180 		if (dev == 0)
1181 			return (kern_mkfifoat(td, fd, path, pathseg, mode));
1182 		/* FALLTHROUGH */
1183 	default:
1184 		error = EINVAL;
1185 		break;
1186 	}
1187 	if (error != 0)
1188 		return (error);
1189 restart:
1190 	bwillwrite();
1191 	NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1192 	    NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKNODAT),
1193 	    td);
1194 	if ((error = namei(&nd)) != 0)
1195 		return (error);
1196 	vp = nd.ni_vp;
1197 	if (vp != NULL) {
1198 		NDFREE(&nd, NDF_ONLY_PNBUF);
1199 		if (vp == nd.ni_dvp)
1200 			vrele(nd.ni_dvp);
1201 		else
1202 			vput(nd.ni_dvp);
1203 		vrele(vp);
1204 		return (EEXIST);
1205 	} else {
1206 		VATTR_NULL(&vattr);
1207 		vattr.va_mode = (mode & ALLPERMS) &
1208 		    ~td->td_proc->p_fd->fd_cmask;
1209 		vattr.va_rdev = dev;
1210 		whiteout = 0;
1211 
1212 		switch (mode & S_IFMT) {
1213 		case S_IFMT:	/* used by badsect to flag bad sectors */
1214 			vattr.va_type = VBAD;
1215 			break;
1216 		case S_IFCHR:
1217 			vattr.va_type = VCHR;
1218 			break;
1219 		case S_IFBLK:
1220 			vattr.va_type = VBLK;
1221 			break;
1222 		case S_IFWHT:
1223 			whiteout = 1;
1224 			break;
1225 		default:
1226 			panic("kern_mknod: invalid mode");
1227 		}
1228 	}
1229 	if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1230 		NDFREE(&nd, NDF_ONLY_PNBUF);
1231 		vput(nd.ni_dvp);
1232 		if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1233 			return (error);
1234 		goto restart;
1235 	}
1236 #ifdef MAC
1237 	if (error == 0 && !whiteout)
1238 		error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1239 		    &nd.ni_cnd, &vattr);
1240 #endif
1241 	if (error == 0) {
1242 		if (whiteout)
1243 			error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1244 		else {
1245 			error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1246 						&nd.ni_cnd, &vattr);
1247 			if (error == 0)
1248 				vput(nd.ni_vp);
1249 		}
1250 	}
1251 	NDFREE(&nd, NDF_ONLY_PNBUF);
1252 	vput(nd.ni_dvp);
1253 	vn_finished_write(mp);
1254 	return (error);
1255 }
1256 
1257 /*
1258  * Create a named pipe.
1259  */
1260 #ifndef _SYS_SYSPROTO_H_
1261 struct mkfifo_args {
1262 	char	*path;
1263 	int	mode;
1264 };
1265 #endif
1266 int
1267 sys_mkfifo(td, uap)
1268 	struct thread *td;
1269 	register struct mkfifo_args /* {
1270 		char *path;
1271 		int mode;
1272 	} */ *uap;
1273 {
1274 
1275 	return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1276 	    uap->mode));
1277 }
1278 
1279 #ifndef _SYS_SYSPROTO_H_
1280 struct mkfifoat_args {
1281 	int	fd;
1282 	char	*path;
1283 	mode_t	mode;
1284 };
1285 #endif
1286 int
1287 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1288 {
1289 
1290 	return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1291 	    uap->mode));
1292 }
1293 
1294 int
1295 kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1296     int mode)
1297 {
1298 	struct mount *mp;
1299 	struct vattr vattr;
1300 	struct nameidata nd;
1301 	cap_rights_t rights;
1302 	int error;
1303 
1304 	AUDIT_ARG_MODE(mode);
1305 restart:
1306 	bwillwrite();
1307 	NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1308 	    NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKFIFOAT),
1309 	    td);
1310 	if ((error = namei(&nd)) != 0)
1311 		return (error);
1312 	if (nd.ni_vp != NULL) {
1313 		NDFREE(&nd, NDF_ONLY_PNBUF);
1314 		if (nd.ni_vp == nd.ni_dvp)
1315 			vrele(nd.ni_dvp);
1316 		else
1317 			vput(nd.ni_dvp);
1318 		vrele(nd.ni_vp);
1319 		return (EEXIST);
1320 	}
1321 	if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1322 		NDFREE(&nd, NDF_ONLY_PNBUF);
1323 		vput(nd.ni_dvp);
1324 		if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1325 			return (error);
1326 		goto restart;
1327 	}
1328 	VATTR_NULL(&vattr);
1329 	vattr.va_type = VFIFO;
1330 	vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask;
1331 #ifdef MAC
1332 	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1333 	    &vattr);
1334 	if (error != 0)
1335 		goto out;
1336 #endif
1337 	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1338 	if (error == 0)
1339 		vput(nd.ni_vp);
1340 #ifdef MAC
1341 out:
1342 #endif
1343 	vput(nd.ni_dvp);
1344 	vn_finished_write(mp);
1345 	NDFREE(&nd, NDF_ONLY_PNBUF);
1346 	return (error);
1347 }
1348 
1349 /*
1350  * Make a hard file link.
1351  */
1352 #ifndef _SYS_SYSPROTO_H_
1353 struct link_args {
1354 	char	*path;
1355 	char	*link;
1356 };
1357 #endif
1358 int
1359 sys_link(td, uap)
1360 	struct thread *td;
1361 	register struct link_args /* {
1362 		char *path;
1363 		char *link;
1364 	} */ *uap;
1365 {
1366 
1367 	return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link,
1368 	    UIO_USERSPACE, FOLLOW));
1369 }
1370 
1371 #ifndef _SYS_SYSPROTO_H_
1372 struct linkat_args {
1373 	int	fd1;
1374 	char	*path1;
1375 	int	fd2;
1376 	char	*path2;
1377 	int	flag;
1378 };
1379 #endif
1380 int
1381 sys_linkat(struct thread *td, struct linkat_args *uap)
1382 {
1383 	int flag;
1384 
1385 	flag = uap->flag;
1386 	if (flag & ~AT_SYMLINK_FOLLOW)
1387 		return (EINVAL);
1388 
1389 	return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1390 	    UIO_USERSPACE, (flag & AT_SYMLINK_FOLLOW) ? FOLLOW : NOFOLLOW));
1391 }
1392 
1393 int hardlink_check_uid = 0;
1394 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1395     &hardlink_check_uid, 0,
1396     "Unprivileged processes cannot create hard links to files owned by other "
1397     "users");
1398 static int hardlink_check_gid = 0;
1399 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1400     &hardlink_check_gid, 0,
1401     "Unprivileged processes cannot create hard links to files owned by other "
1402     "groups");
1403 
1404 static int
1405 can_hardlink(struct vnode *vp, struct ucred *cred)
1406 {
1407 	struct vattr va;
1408 	int error;
1409 
1410 	if (!hardlink_check_uid && !hardlink_check_gid)
1411 		return (0);
1412 
1413 	error = VOP_GETATTR(vp, &va, cred);
1414 	if (error != 0)
1415 		return (error);
1416 
1417 	if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1418 		error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
1419 		if (error != 0)
1420 			return (error);
1421 	}
1422 
1423 	if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1424 		error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
1425 		if (error != 0)
1426 			return (error);
1427 	}
1428 
1429 	return (0);
1430 }
1431 
1432 int
1433 kern_linkat(struct thread *td, int fd1, int fd2, char *path1, char *path2,
1434     enum uio_seg segflg, int follow)
1435 {
1436 	struct vnode *vp;
1437 	struct mount *mp;
1438 	struct nameidata nd;
1439 	cap_rights_t rights;
1440 	int error;
1441 
1442 again:
1443 	bwillwrite();
1444 	NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, segflg, path1, fd1,
1445 	    cap_rights_init(&rights, CAP_LINKAT_SOURCE), td);
1446 
1447 	if ((error = namei(&nd)) != 0)
1448 		return (error);
1449 	NDFREE(&nd, NDF_ONLY_PNBUF);
1450 	vp = nd.ni_vp;
1451 	if (vp->v_type == VDIR) {
1452 		vrele(vp);
1453 		return (EPERM);		/* POSIX */
1454 	}
1455 	NDINIT_ATRIGHTS(&nd, CREATE,
1456 	    LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflg, path2, fd2,
1457 	    cap_rights_init(&rights, CAP_LINKAT_TARGET), td);
1458 	if ((error = namei(&nd)) == 0) {
1459 		if (nd.ni_vp != NULL) {
1460 			NDFREE(&nd, NDF_ONLY_PNBUF);
1461 			if (nd.ni_dvp == nd.ni_vp)
1462 				vrele(nd.ni_dvp);
1463 			else
1464 				vput(nd.ni_dvp);
1465 			vrele(nd.ni_vp);
1466 			vrele(vp);
1467 			return (EEXIST);
1468 		} else if (nd.ni_dvp->v_mount != vp->v_mount) {
1469 			/*
1470 			 * Cross-device link.  No need to recheck
1471 			 * vp->v_type, since it cannot change, except
1472 			 * to VBAD.
1473 			 */
1474 			NDFREE(&nd, NDF_ONLY_PNBUF);
1475 			vput(nd.ni_dvp);
1476 			vrele(vp);
1477 			return (EXDEV);
1478 		} else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) {
1479 			error = can_hardlink(vp, td->td_ucred);
1480 #ifdef MAC
1481 			if (error == 0)
1482 				error = mac_vnode_check_link(td->td_ucred,
1483 				    nd.ni_dvp, vp, &nd.ni_cnd);
1484 #endif
1485 			if (error != 0) {
1486 				vput(vp);
1487 				vput(nd.ni_dvp);
1488 				NDFREE(&nd, NDF_ONLY_PNBUF);
1489 				return (error);
1490 			}
1491 			error = vn_start_write(vp, &mp, V_NOWAIT);
1492 			if (error != 0) {
1493 				vput(vp);
1494 				vput(nd.ni_dvp);
1495 				NDFREE(&nd, NDF_ONLY_PNBUF);
1496 				error = vn_start_write(NULL, &mp,
1497 				    V_XSLEEP | PCATCH);
1498 				if (error != 0)
1499 					return (error);
1500 				goto again;
1501 			}
1502 			error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1503 			VOP_UNLOCK(vp, 0);
1504 			vput(nd.ni_dvp);
1505 			vn_finished_write(mp);
1506 			NDFREE(&nd, NDF_ONLY_PNBUF);
1507 		} else {
1508 			vput(nd.ni_dvp);
1509 			NDFREE(&nd, NDF_ONLY_PNBUF);
1510 			vrele(vp);
1511 			goto again;
1512 		}
1513 	}
1514 	vrele(vp);
1515 	return (error);
1516 }
1517 
1518 /*
1519  * Make a symbolic link.
1520  */
1521 #ifndef _SYS_SYSPROTO_H_
1522 struct symlink_args {
1523 	char	*path;
1524 	char	*link;
1525 };
1526 #endif
1527 int
1528 sys_symlink(td, uap)
1529 	struct thread *td;
1530 	register struct symlink_args /* {
1531 		char *path;
1532 		char *link;
1533 	} */ *uap;
1534 {
1535 
1536 	return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link,
1537 	    UIO_USERSPACE));
1538 }
1539 
1540 #ifndef _SYS_SYSPROTO_H_
1541 struct symlinkat_args {
1542 	char	*path;
1543 	int	fd;
1544 	char	*path2;
1545 };
1546 #endif
1547 int
1548 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1549 {
1550 
1551 	return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1552 	    UIO_USERSPACE));
1553 }
1554 
1555 int
1556 kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
1557     enum uio_seg segflg)
1558 {
1559 	struct mount *mp;
1560 	struct vattr vattr;
1561 	char *syspath;
1562 	struct nameidata nd;
1563 	int error;
1564 	cap_rights_t rights;
1565 
1566 	if (segflg == UIO_SYSSPACE) {
1567 		syspath = path1;
1568 	} else {
1569 		syspath = uma_zalloc(namei_zone, M_WAITOK);
1570 		if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0)
1571 			goto out;
1572 	}
1573 	AUDIT_ARG_TEXT(syspath);
1574 restart:
1575 	bwillwrite();
1576 	NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1577 	    NOCACHE, segflg, path2, fd, cap_rights_init(&rights, CAP_SYMLINKAT),
1578 	    td);
1579 	if ((error = namei(&nd)) != 0)
1580 		goto out;
1581 	if (nd.ni_vp) {
1582 		NDFREE(&nd, NDF_ONLY_PNBUF);
1583 		if (nd.ni_vp == nd.ni_dvp)
1584 			vrele(nd.ni_dvp);
1585 		else
1586 			vput(nd.ni_dvp);
1587 		vrele(nd.ni_vp);
1588 		error = EEXIST;
1589 		goto out;
1590 	}
1591 	if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1592 		NDFREE(&nd, NDF_ONLY_PNBUF);
1593 		vput(nd.ni_dvp);
1594 		if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1595 			goto out;
1596 		goto restart;
1597 	}
1598 	VATTR_NULL(&vattr);
1599 	vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask;
1600 #ifdef MAC
1601 	vattr.va_type = VLNK;
1602 	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1603 	    &vattr);
1604 	if (error != 0)
1605 		goto out2;
1606 #endif
1607 	error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1608 	if (error == 0)
1609 		vput(nd.ni_vp);
1610 #ifdef MAC
1611 out2:
1612 #endif
1613 	NDFREE(&nd, NDF_ONLY_PNBUF);
1614 	vput(nd.ni_dvp);
1615 	vn_finished_write(mp);
1616 out:
1617 	if (segflg != UIO_SYSSPACE)
1618 		uma_zfree(namei_zone, syspath);
1619 	return (error);
1620 }
1621 
1622 /*
1623  * Delete a whiteout from the filesystem.
1624  */
1625 int
1626 sys_undelete(td, uap)
1627 	struct thread *td;
1628 	register struct undelete_args /* {
1629 		char *path;
1630 	} */ *uap;
1631 {
1632 	struct mount *mp;
1633 	struct nameidata nd;
1634 	int error;
1635 
1636 restart:
1637 	bwillwrite();
1638 	NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1639 	    UIO_USERSPACE, uap->path, td);
1640 	error = namei(&nd);
1641 	if (error != 0)
1642 		return (error);
1643 
1644 	if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1645 		NDFREE(&nd, NDF_ONLY_PNBUF);
1646 		if (nd.ni_vp == nd.ni_dvp)
1647 			vrele(nd.ni_dvp);
1648 		else
1649 			vput(nd.ni_dvp);
1650 		if (nd.ni_vp)
1651 			vrele(nd.ni_vp);
1652 		return (EEXIST);
1653 	}
1654 	if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1655 		NDFREE(&nd, NDF_ONLY_PNBUF);
1656 		vput(nd.ni_dvp);
1657 		if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1658 			return (error);
1659 		goto restart;
1660 	}
1661 	error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1662 	NDFREE(&nd, NDF_ONLY_PNBUF);
1663 	vput(nd.ni_dvp);
1664 	vn_finished_write(mp);
1665 	return (error);
1666 }
1667 
1668 /*
1669  * Delete a name from the filesystem.
1670  */
1671 #ifndef _SYS_SYSPROTO_H_
1672 struct unlink_args {
1673 	char	*path;
1674 };
1675 #endif
1676 int
1677 sys_unlink(td, uap)
1678 	struct thread *td;
1679 	struct unlink_args /* {
1680 		char *path;
1681 	} */ *uap;
1682 {
1683 
1684 	return (kern_unlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 0));
1685 }
1686 
1687 #ifndef _SYS_SYSPROTO_H_
1688 struct unlinkat_args {
1689 	int	fd;
1690 	char	*path;
1691 	int	flag;
1692 };
1693 #endif
1694 int
1695 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1696 {
1697 	int flag = uap->flag;
1698 	int fd = uap->fd;
1699 	char *path = uap->path;
1700 
1701 	if (flag & ~AT_REMOVEDIR)
1702 		return (EINVAL);
1703 
1704 	if (flag & AT_REMOVEDIR)
1705 		return (kern_rmdirat(td, fd, path, UIO_USERSPACE));
1706 	else
1707 		return (kern_unlinkat(td, fd, path, UIO_USERSPACE, 0));
1708 }
1709 
1710 int
1711 kern_unlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1712     ino_t oldinum)
1713 {
1714 	struct mount *mp;
1715 	struct vnode *vp;
1716 	struct nameidata nd;
1717 	struct stat sb;
1718 	cap_rights_t rights;
1719 	int error;
1720 
1721 restart:
1722 	bwillwrite();
1723 	NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
1724 	    pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td);
1725 	if ((error = namei(&nd)) != 0)
1726 		return (error == EINVAL ? EPERM : error);
1727 	vp = nd.ni_vp;
1728 	if (vp->v_type == VDIR && oldinum == 0) {
1729 		error = EPERM;		/* POSIX */
1730 	} else if (oldinum != 0 &&
1731 		  ((error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td)) == 0) &&
1732 		  sb.st_ino != oldinum) {
1733 			error = EIDRM;	/* Identifier removed */
1734 	} else {
1735 		/*
1736 		 * The root of a mounted filesystem cannot be deleted.
1737 		 *
1738 		 * XXX: can this only be a VDIR case?
1739 		 */
1740 		if (vp->v_vflag & VV_ROOT)
1741 			error = EBUSY;
1742 	}
1743 	if (error == 0) {
1744 		if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1745 			NDFREE(&nd, NDF_ONLY_PNBUF);
1746 			vput(nd.ni_dvp);
1747 			if (vp == nd.ni_dvp)
1748 				vrele(vp);
1749 			else
1750 				vput(vp);
1751 			if ((error = vn_start_write(NULL, &mp,
1752 			    V_XSLEEP | PCATCH)) != 0)
1753 				return (error);
1754 			goto restart;
1755 		}
1756 #ifdef MAC
1757 		error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1758 		    &nd.ni_cnd);
1759 		if (error != 0)
1760 			goto out;
1761 #endif
1762 		vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1763 		error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1764 #ifdef MAC
1765 out:
1766 #endif
1767 		vn_finished_write(mp);
1768 	}
1769 	NDFREE(&nd, NDF_ONLY_PNBUF);
1770 	vput(nd.ni_dvp);
1771 	if (vp == nd.ni_dvp)
1772 		vrele(vp);
1773 	else
1774 		vput(vp);
1775 	return (error);
1776 }
1777 
1778 /*
1779  * Reposition read/write file offset.
1780  */
1781 #ifndef _SYS_SYSPROTO_H_
1782 struct lseek_args {
1783 	int	fd;
1784 	int	pad;
1785 	off_t	offset;
1786 	int	whence;
1787 };
1788 #endif
1789 int
1790 sys_lseek(td, uap)
1791 	struct thread *td;
1792 	register struct lseek_args /* {
1793 		int fd;
1794 		int pad;
1795 		off_t offset;
1796 		int whence;
1797 	} */ *uap;
1798 {
1799 	struct file *fp;
1800 	cap_rights_t rights;
1801 	int error;
1802 
1803 	AUDIT_ARG_FD(uap->fd);
1804 	error = fget(td, uap->fd, cap_rights_init(&rights, CAP_SEEK), &fp);
1805 	if (error != 0)
1806 		return (error);
1807 	error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
1808 	    fo_seek(fp, uap->offset, uap->whence, td) : ESPIPE;
1809 	fdrop(fp, td);
1810 	return (error);
1811 }
1812 
1813 #if defined(COMPAT_43)
1814 /*
1815  * Reposition read/write file offset.
1816  */
1817 #ifndef _SYS_SYSPROTO_H_
1818 struct olseek_args {
1819 	int	fd;
1820 	long	offset;
1821 	int	whence;
1822 };
1823 #endif
1824 int
1825 olseek(td, uap)
1826 	struct thread *td;
1827 	register struct olseek_args /* {
1828 		int fd;
1829 		long offset;
1830 		int whence;
1831 	} */ *uap;
1832 {
1833 	struct lseek_args /* {
1834 		int fd;
1835 		int pad;
1836 		off_t offset;
1837 		int whence;
1838 	} */ nuap;
1839 
1840 	nuap.fd = uap->fd;
1841 	nuap.offset = uap->offset;
1842 	nuap.whence = uap->whence;
1843 	return (sys_lseek(td, &nuap));
1844 }
1845 #endif /* COMPAT_43 */
1846 
1847 #if defined(COMPAT_FREEBSD6)
1848 /* Version with the 'pad' argument */
1849 int
1850 freebsd6_lseek(td, uap)
1851 	struct thread *td;
1852 	register struct freebsd6_lseek_args *uap;
1853 {
1854 	struct lseek_args ouap;
1855 
1856 	ouap.fd = uap->fd;
1857 	ouap.offset = uap->offset;
1858 	ouap.whence = uap->whence;
1859 	return (sys_lseek(td, &ouap));
1860 }
1861 #endif
1862 
1863 /*
1864  * Check access permissions using passed credentials.
1865  */
1866 static int
1867 vn_access(vp, user_flags, cred, td)
1868 	struct vnode	*vp;
1869 	int		user_flags;
1870 	struct ucred	*cred;
1871 	struct thread	*td;
1872 {
1873 	accmode_t accmode;
1874 	int error;
1875 
1876 	/* Flags == 0 means only check for existence. */
1877 	if (user_flags == 0)
1878 		return (0);
1879 
1880 	accmode = 0;
1881 	if (user_flags & R_OK)
1882 		accmode |= VREAD;
1883 	if (user_flags & W_OK)
1884 		accmode |= VWRITE;
1885 	if (user_flags & X_OK)
1886 		accmode |= VEXEC;
1887 #ifdef MAC
1888 	error = mac_vnode_check_access(cred, vp, accmode);
1889 	if (error != 0)
1890 		return (error);
1891 #endif
1892 	if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
1893 		error = VOP_ACCESS(vp, accmode, cred, td);
1894 	return (error);
1895 }
1896 
1897 /*
1898  * Check access permissions using "real" credentials.
1899  */
1900 #ifndef _SYS_SYSPROTO_H_
1901 struct access_args {
1902 	char	*path;
1903 	int	amode;
1904 };
1905 #endif
1906 int
1907 sys_access(td, uap)
1908 	struct thread *td;
1909 	register struct access_args /* {
1910 		char *path;
1911 		int amode;
1912 	} */ *uap;
1913 {
1914 
1915 	return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1916 	    0, uap->amode));
1917 }
1918 
1919 #ifndef _SYS_SYSPROTO_H_
1920 struct faccessat_args {
1921 	int	dirfd;
1922 	char	*path;
1923 	int	amode;
1924 	int	flag;
1925 }
1926 #endif
1927 int
1928 sys_faccessat(struct thread *td, struct faccessat_args *uap)
1929 {
1930 
1931 	return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1932 	    uap->amode));
1933 }
1934 
1935 int
1936 kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1937     int flag, int amode)
1938 {
1939 	struct ucred *cred, *usecred;
1940 	struct vnode *vp;
1941 	struct nameidata nd;
1942 	cap_rights_t rights;
1943 	int error;
1944 
1945 	if (flag & ~AT_EACCESS)
1946 		return (EINVAL);
1947 	if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
1948 		return (EINVAL);
1949 
1950 	/*
1951 	 * Create and modify a temporary credential instead of one that
1952 	 * is potentially shared (if we need one).
1953 	 */
1954 	cred = td->td_ucred;
1955 	if ((flag & AT_EACCESS) == 0 &&
1956 	    ((cred->cr_uid != cred->cr_ruid ||
1957 	    cred->cr_rgid != cred->cr_groups[0]))) {
1958 		usecred = crdup(cred);
1959 		usecred->cr_uid = cred->cr_ruid;
1960 		usecred->cr_groups[0] = cred->cr_rgid;
1961 		td->td_ucred = usecred;
1962 	} else
1963 		usecred = cred;
1964 	AUDIT_ARG_VALUE(amode);
1965 	NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
1966 	    AUDITVNODE1, pathseg, path, fd, cap_rights_init(&rights, CAP_FSTAT),
1967 	    td);
1968 	if ((error = namei(&nd)) != 0)
1969 		goto out;
1970 	vp = nd.ni_vp;
1971 
1972 	error = vn_access(vp, amode, usecred, td);
1973 	NDFREE(&nd, NDF_ONLY_PNBUF);
1974 	vput(vp);
1975 out:
1976 	if (usecred != cred) {
1977 		td->td_ucred = cred;
1978 		crfree(usecred);
1979 	}
1980 	return (error);
1981 }
1982 
1983 /*
1984  * Check access permissions using "effective" credentials.
1985  */
1986 #ifndef _SYS_SYSPROTO_H_
1987 struct eaccess_args {
1988 	char	*path;
1989 	int	amode;
1990 };
1991 #endif
1992 int
1993 sys_eaccess(td, uap)
1994 	struct thread *td;
1995 	register struct eaccess_args /* {
1996 		char *path;
1997 		int amode;
1998 	} */ *uap;
1999 {
2000 
2001 	return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2002 	    AT_EACCESS, uap->amode));
2003 }
2004 
2005 #if defined(COMPAT_43)
2006 /*
2007  * Get file status; this version follows links.
2008  */
2009 #ifndef _SYS_SYSPROTO_H_
2010 struct ostat_args {
2011 	char	*path;
2012 	struct ostat *ub;
2013 };
2014 #endif
2015 int
2016 ostat(td, uap)
2017 	struct thread *td;
2018 	register struct ostat_args /* {
2019 		char *path;
2020 		struct ostat *ub;
2021 	} */ *uap;
2022 {
2023 	struct stat sb;
2024 	struct ostat osb;
2025 	int error;
2026 
2027 	error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2028 	    &sb, NULL);
2029 	if (error != 0)
2030 		return (error);
2031 	cvtstat(&sb, &osb);
2032 	return (copyout(&osb, uap->ub, sizeof (osb)));
2033 }
2034 
2035 /*
2036  * Get file status; this version does not follow links.
2037  */
2038 #ifndef _SYS_SYSPROTO_H_
2039 struct olstat_args {
2040 	char	*path;
2041 	struct ostat *ub;
2042 };
2043 #endif
2044 int
2045 olstat(td, uap)
2046 	struct thread *td;
2047 	register struct olstat_args /* {
2048 		char *path;
2049 		struct ostat *ub;
2050 	} */ *uap;
2051 {
2052 	struct stat sb;
2053 	struct ostat osb;
2054 	int error;
2055 
2056 	error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2057 	    UIO_USERSPACE, &sb, NULL);
2058 	if (error != 0)
2059 		return (error);
2060 	cvtstat(&sb, &osb);
2061 	return (copyout(&osb, uap->ub, sizeof (osb)));
2062 }
2063 
2064 /*
2065  * Convert from an old to a new stat structure.
2066  */
2067 void
2068 cvtstat(st, ost)
2069 	struct stat *st;
2070 	struct ostat *ost;
2071 {
2072 
2073 	bzero(ost, sizeof(*ost));
2074 	ost->st_dev = st->st_dev;
2075 	ost->st_ino = st->st_ino;
2076 	ost->st_mode = st->st_mode;
2077 	ost->st_nlink = st->st_nlink;
2078 	ost->st_uid = st->st_uid;
2079 	ost->st_gid = st->st_gid;
2080 	ost->st_rdev = st->st_rdev;
2081 	if (st->st_size < (quad_t)1 << 32)
2082 		ost->st_size = st->st_size;
2083 	else
2084 		ost->st_size = -2;
2085 	ost->st_atim = st->st_atim;
2086 	ost->st_mtim = st->st_mtim;
2087 	ost->st_ctim = st->st_ctim;
2088 	ost->st_blksize = st->st_blksize;
2089 	ost->st_blocks = st->st_blocks;
2090 	ost->st_flags = st->st_flags;
2091 	ost->st_gen = st->st_gen;
2092 }
2093 #endif /* COMPAT_43 */
2094 
2095 /*
2096  * Get file status; this version follows links.
2097  */
2098 #ifndef _SYS_SYSPROTO_H_
2099 struct stat_args {
2100 	char	*path;
2101 	struct stat *ub;
2102 };
2103 #endif
2104 int
2105 sys_stat(td, uap)
2106 	struct thread *td;
2107 	register struct stat_args /* {
2108 		char *path;
2109 		struct stat *ub;
2110 	} */ *uap;
2111 {
2112 	struct stat sb;
2113 	int error;
2114 
2115 	error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2116 	    &sb, NULL);
2117 	if (error == 0)
2118 		error = copyout(&sb, uap->ub, sizeof (sb));
2119 	return (error);
2120 }
2121 
2122 #ifndef _SYS_SYSPROTO_H_
2123 struct fstatat_args {
2124 	int	fd;
2125 	char	*path;
2126 	struct stat	*buf;
2127 	int	flag;
2128 }
2129 #endif
2130 int
2131 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2132 {
2133 	struct stat sb;
2134 	int error;
2135 
2136 	error = kern_statat(td, uap->flag, uap->fd, uap->path,
2137 	    UIO_USERSPACE, &sb, NULL);
2138 	if (error == 0)
2139 		error = copyout(&sb, uap->buf, sizeof (sb));
2140 	return (error);
2141 }
2142 
2143 int
2144 kern_statat(struct thread *td, int flag, int fd, char *path,
2145     enum uio_seg pathseg, struct stat *sbp,
2146     void (*hook)(struct vnode *vp, struct stat *sbp))
2147 {
2148 	struct nameidata nd;
2149 	struct stat sb;
2150 	cap_rights_t rights;
2151 	int error;
2152 
2153 	if (flag & ~AT_SYMLINK_NOFOLLOW)
2154 		return (EINVAL);
2155 
2156 	NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
2157 	    FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd,
2158 	    cap_rights_init(&rights, CAP_FSTAT), td);
2159 
2160 	if ((error = namei(&nd)) != 0)
2161 		return (error);
2162 	error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td);
2163 	if (error == 0) {
2164 		SDT_PROBE2(vfs, , stat, mode, path, sb.st_mode);
2165 		if (S_ISREG(sb.st_mode))
2166 			SDT_PROBE2(vfs, , stat, reg, path, pathseg);
2167 		if (__predict_false(hook != NULL))
2168 			hook(nd.ni_vp, &sb);
2169 	}
2170 	NDFREE(&nd, NDF_ONLY_PNBUF);
2171 	vput(nd.ni_vp);
2172 	if (error != 0)
2173 		return (error);
2174 	*sbp = sb;
2175 #ifdef KTRACE
2176 	if (KTRPOINT(td, KTR_STRUCT))
2177 		ktrstat(&sb);
2178 #endif
2179 	return (0);
2180 }
2181 
2182 /*
2183  * Get file status; this version does not follow links.
2184  */
2185 #ifndef _SYS_SYSPROTO_H_
2186 struct lstat_args {
2187 	char	*path;
2188 	struct stat *ub;
2189 };
2190 #endif
2191 int
2192 sys_lstat(td, uap)
2193 	struct thread *td;
2194 	register struct lstat_args /* {
2195 		char *path;
2196 		struct stat *ub;
2197 	} */ *uap;
2198 {
2199 	struct stat sb;
2200 	int error;
2201 
2202 	error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2203 	    UIO_USERSPACE, &sb, NULL);
2204 	if (error == 0)
2205 		error = copyout(&sb, uap->ub, sizeof (sb));
2206 	return (error);
2207 }
2208 
2209 /*
2210  * Implementation of the NetBSD [l]stat() functions.
2211  */
2212 void
2213 cvtnstat(sb, nsb)
2214 	struct stat *sb;
2215 	struct nstat *nsb;
2216 {
2217 
2218 	bzero(nsb, sizeof *nsb);
2219 	nsb->st_dev = sb->st_dev;
2220 	nsb->st_ino = sb->st_ino;
2221 	nsb->st_mode = sb->st_mode;
2222 	nsb->st_nlink = sb->st_nlink;
2223 	nsb->st_uid = sb->st_uid;
2224 	nsb->st_gid = sb->st_gid;
2225 	nsb->st_rdev = sb->st_rdev;
2226 	nsb->st_atim = sb->st_atim;
2227 	nsb->st_mtim = sb->st_mtim;
2228 	nsb->st_ctim = sb->st_ctim;
2229 	nsb->st_size = sb->st_size;
2230 	nsb->st_blocks = sb->st_blocks;
2231 	nsb->st_blksize = sb->st_blksize;
2232 	nsb->st_flags = sb->st_flags;
2233 	nsb->st_gen = sb->st_gen;
2234 	nsb->st_birthtim = sb->st_birthtim;
2235 }
2236 
2237 #ifndef _SYS_SYSPROTO_H_
2238 struct nstat_args {
2239 	char	*path;
2240 	struct nstat *ub;
2241 };
2242 #endif
2243 int
2244 sys_nstat(td, uap)
2245 	struct thread *td;
2246 	register struct nstat_args /* {
2247 		char *path;
2248 		struct nstat *ub;
2249 	} */ *uap;
2250 {
2251 	struct stat sb;
2252 	struct nstat nsb;
2253 	int error;
2254 
2255 	error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2256 	    &sb, NULL);
2257 	if (error != 0)
2258 		return (error);
2259 	cvtnstat(&sb, &nsb);
2260 	return (copyout(&nsb, uap->ub, sizeof (nsb)));
2261 }
2262 
2263 /*
2264  * NetBSD lstat.  Get file status; this version does not follow links.
2265  */
2266 #ifndef _SYS_SYSPROTO_H_
2267 struct lstat_args {
2268 	char	*path;
2269 	struct stat *ub;
2270 };
2271 #endif
2272 int
2273 sys_nlstat(td, uap)
2274 	struct thread *td;
2275 	register struct nlstat_args /* {
2276 		char *path;
2277 		struct nstat *ub;
2278 	} */ *uap;
2279 {
2280 	struct stat sb;
2281 	struct nstat nsb;
2282 	int error;
2283 
2284 	error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2285 	    UIO_USERSPACE, &sb, NULL);
2286 	if (error != 0)
2287 		return (error);
2288 	cvtnstat(&sb, &nsb);
2289 	return (copyout(&nsb, uap->ub, sizeof (nsb)));
2290 }
2291 
2292 /*
2293  * Get configurable pathname variables.
2294  */
2295 #ifndef _SYS_SYSPROTO_H_
2296 struct pathconf_args {
2297 	char	*path;
2298 	int	name;
2299 };
2300 #endif
2301 int
2302 sys_pathconf(td, uap)
2303 	struct thread *td;
2304 	register struct pathconf_args /* {
2305 		char *path;
2306 		int name;
2307 	} */ *uap;
2308 {
2309 
2310 	return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW));
2311 }
2312 
2313 #ifndef _SYS_SYSPROTO_H_
2314 struct lpathconf_args {
2315 	char	*path;
2316 	int	name;
2317 };
2318 #endif
2319 int
2320 sys_lpathconf(td, uap)
2321 	struct thread *td;
2322 	register struct lpathconf_args /* {
2323 		char *path;
2324 		int name;
2325 	} */ *uap;
2326 {
2327 
2328 	return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2329 	    NOFOLLOW));
2330 }
2331 
2332 int
2333 kern_pathconf(struct thread *td, char *path, enum uio_seg pathseg, int name,
2334     u_long flags)
2335 {
2336 	struct nameidata nd;
2337 	int error;
2338 
2339 	NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2340 	    pathseg, path, td);
2341 	if ((error = namei(&nd)) != 0)
2342 		return (error);
2343 	NDFREE(&nd, NDF_ONLY_PNBUF);
2344 
2345 	error = VOP_PATHCONF(nd.ni_vp, name, td->td_retval);
2346 	vput(nd.ni_vp);
2347 	return (error);
2348 }
2349 
2350 /*
2351  * Return target name of a symbolic link.
2352  */
2353 #ifndef _SYS_SYSPROTO_H_
2354 struct readlink_args {
2355 	char	*path;
2356 	char	*buf;
2357 	size_t	count;
2358 };
2359 #endif
2360 int
2361 sys_readlink(td, uap)
2362 	struct thread *td;
2363 	register struct readlink_args /* {
2364 		char *path;
2365 		char *buf;
2366 		size_t count;
2367 	} */ *uap;
2368 {
2369 
2370 	return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2371 	    uap->buf, UIO_USERSPACE, uap->count));
2372 }
2373 #ifndef _SYS_SYSPROTO_H_
2374 struct readlinkat_args {
2375 	int	fd;
2376 	char	*path;
2377 	char	*buf;
2378 	size_t	bufsize;
2379 };
2380 #endif
2381 int
2382 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2383 {
2384 
2385 	return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2386 	    uap->buf, UIO_USERSPACE, uap->bufsize));
2387 }
2388 
2389 int
2390 kern_readlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2391     char *buf, enum uio_seg bufseg, size_t count)
2392 {
2393 	struct vnode *vp;
2394 	struct iovec aiov;
2395 	struct uio auio;
2396 	struct nameidata nd;
2397 	int error;
2398 
2399 	if (count > IOSIZE_MAX)
2400 		return (EINVAL);
2401 
2402 	NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
2403 	    pathseg, path, fd, td);
2404 
2405 	if ((error = namei(&nd)) != 0)
2406 		return (error);
2407 	NDFREE(&nd, NDF_ONLY_PNBUF);
2408 	vp = nd.ni_vp;
2409 #ifdef MAC
2410 	error = mac_vnode_check_readlink(td->td_ucred, vp);
2411 	if (error != 0) {
2412 		vput(vp);
2413 		return (error);
2414 	}
2415 #endif
2416 	if (vp->v_type != VLNK)
2417 		error = EINVAL;
2418 	else {
2419 		aiov.iov_base = buf;
2420 		aiov.iov_len = count;
2421 		auio.uio_iov = &aiov;
2422 		auio.uio_iovcnt = 1;
2423 		auio.uio_offset = 0;
2424 		auio.uio_rw = UIO_READ;
2425 		auio.uio_segflg = bufseg;
2426 		auio.uio_td = td;
2427 		auio.uio_resid = count;
2428 		error = VOP_READLINK(vp, &auio, td->td_ucred);
2429 		td->td_retval[0] = count - auio.uio_resid;
2430 	}
2431 	vput(vp);
2432 	return (error);
2433 }
2434 
2435 /*
2436  * Common implementation code for chflags() and fchflags().
2437  */
2438 static int
2439 setfflags(td, vp, flags)
2440 	struct thread *td;
2441 	struct vnode *vp;
2442 	u_long flags;
2443 {
2444 	struct mount *mp;
2445 	struct vattr vattr;
2446 	int error;
2447 
2448 	/* We can't support the value matching VNOVAL. */
2449 	if (flags == VNOVAL)
2450 		return (EOPNOTSUPP);
2451 
2452 	/*
2453 	 * Prevent non-root users from setting flags on devices.  When
2454 	 * a device is reused, users can retain ownership of the device
2455 	 * if they are allowed to set flags and programs assume that
2456 	 * chown can't fail when done as root.
2457 	 */
2458 	if (vp->v_type == VCHR || vp->v_type == VBLK) {
2459 		error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2460 		if (error != 0)
2461 			return (error);
2462 	}
2463 
2464 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2465 		return (error);
2466 	VATTR_NULL(&vattr);
2467 	vattr.va_flags = flags;
2468 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2469 #ifdef MAC
2470 	error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2471 	if (error == 0)
2472 #endif
2473 		error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2474 	VOP_UNLOCK(vp, 0);
2475 	vn_finished_write(mp);
2476 	return (error);
2477 }
2478 
2479 /*
2480  * Change flags of a file given a path name.
2481  */
2482 #ifndef _SYS_SYSPROTO_H_
2483 struct chflags_args {
2484 	const char *path;
2485 	u_long	flags;
2486 };
2487 #endif
2488 int
2489 sys_chflags(td, uap)
2490 	struct thread *td;
2491 	register struct chflags_args /* {
2492 		const char *path;
2493 		u_long flags;
2494 	} */ *uap;
2495 {
2496 
2497 	return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2498 	    uap->flags, 0));
2499 }
2500 
2501 #ifndef _SYS_SYSPROTO_H_
2502 struct chflagsat_args {
2503 	int	fd;
2504 	const char *path;
2505 	u_long	flags;
2506 	int	atflag;
2507 }
2508 #endif
2509 int
2510 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2511 {
2512 	int fd = uap->fd;
2513 	const char *path = uap->path;
2514 	u_long flags = uap->flags;
2515 	int atflag = uap->atflag;
2516 
2517 	if (atflag & ~AT_SYMLINK_NOFOLLOW)
2518 		return (EINVAL);
2519 
2520 	return (kern_chflagsat(td, fd, path, UIO_USERSPACE, flags, atflag));
2521 }
2522 
2523 /*
2524  * Same as chflags() but doesn't follow symlinks.
2525  */
2526 int
2527 sys_lchflags(td, uap)
2528 	struct thread *td;
2529 	register struct lchflags_args /* {
2530 		const char *path;
2531 		u_long flags;
2532 	} */ *uap;
2533 {
2534 
2535 	return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2536 	    uap->flags, AT_SYMLINK_NOFOLLOW));
2537 }
2538 
2539 static int
2540 kern_chflagsat(struct thread *td, int fd, const char *path,
2541     enum uio_seg pathseg, u_long flags, int atflag)
2542 {
2543 	struct nameidata nd;
2544 	cap_rights_t rights;
2545 	int error, follow;
2546 
2547 	AUDIT_ARG_FFLAGS(flags);
2548 	follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2549 	NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2550 	    cap_rights_init(&rights, CAP_FCHFLAGS), td);
2551 	if ((error = namei(&nd)) != 0)
2552 		return (error);
2553 	NDFREE(&nd, NDF_ONLY_PNBUF);
2554 	error = setfflags(td, nd.ni_vp, flags);
2555 	vrele(nd.ni_vp);
2556 	return (error);
2557 }
2558 
2559 /*
2560  * Change flags of a file given a file descriptor.
2561  */
2562 #ifndef _SYS_SYSPROTO_H_
2563 struct fchflags_args {
2564 	int	fd;
2565 	u_long	flags;
2566 };
2567 #endif
2568 int
2569 sys_fchflags(td, uap)
2570 	struct thread *td;
2571 	register struct fchflags_args /* {
2572 		int fd;
2573 		u_long flags;
2574 	} */ *uap;
2575 {
2576 	struct file *fp;
2577 	cap_rights_t rights;
2578 	int error;
2579 
2580 	AUDIT_ARG_FD(uap->fd);
2581 	AUDIT_ARG_FFLAGS(uap->flags);
2582 	error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_FCHFLAGS),
2583 	    &fp);
2584 	if (error != 0)
2585 		return (error);
2586 #ifdef AUDIT
2587 	vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2588 	AUDIT_ARG_VNODE1(fp->f_vnode);
2589 	VOP_UNLOCK(fp->f_vnode, 0);
2590 #endif
2591 	error = setfflags(td, fp->f_vnode, uap->flags);
2592 	fdrop(fp, td);
2593 	return (error);
2594 }
2595 
2596 /*
2597  * Common implementation code for chmod(), lchmod() and fchmod().
2598  */
2599 int
2600 setfmode(td, cred, vp, mode)
2601 	struct thread *td;
2602 	struct ucred *cred;
2603 	struct vnode *vp;
2604 	int mode;
2605 {
2606 	struct mount *mp;
2607 	struct vattr vattr;
2608 	int error;
2609 
2610 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2611 		return (error);
2612 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2613 	VATTR_NULL(&vattr);
2614 	vattr.va_mode = mode & ALLPERMS;
2615 #ifdef MAC
2616 	error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2617 	if (error == 0)
2618 #endif
2619 		error = VOP_SETATTR(vp, &vattr, cred);
2620 	VOP_UNLOCK(vp, 0);
2621 	vn_finished_write(mp);
2622 	return (error);
2623 }
2624 
2625 /*
2626  * Change mode of a file given path name.
2627  */
2628 #ifndef _SYS_SYSPROTO_H_
2629 struct chmod_args {
2630 	char	*path;
2631 	int	mode;
2632 };
2633 #endif
2634 int
2635 sys_chmod(td, uap)
2636 	struct thread *td;
2637 	register struct chmod_args /* {
2638 		char *path;
2639 		int mode;
2640 	} */ *uap;
2641 {
2642 
2643 	return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2644 	    uap->mode, 0));
2645 }
2646 
2647 #ifndef _SYS_SYSPROTO_H_
2648 struct fchmodat_args {
2649 	int	dirfd;
2650 	char	*path;
2651 	mode_t	mode;
2652 	int	flag;
2653 }
2654 #endif
2655 int
2656 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2657 {
2658 	int flag = uap->flag;
2659 	int fd = uap->fd;
2660 	char *path = uap->path;
2661 	mode_t mode = uap->mode;
2662 
2663 	if (flag & ~AT_SYMLINK_NOFOLLOW)
2664 		return (EINVAL);
2665 
2666 	return (kern_fchmodat(td, fd, path, UIO_USERSPACE, mode, flag));
2667 }
2668 
2669 /*
2670  * Change mode of a file given path name (don't follow links.)
2671  */
2672 #ifndef _SYS_SYSPROTO_H_
2673 struct lchmod_args {
2674 	char	*path;
2675 	int	mode;
2676 };
2677 #endif
2678 int
2679 sys_lchmod(td, uap)
2680 	struct thread *td;
2681 	register struct lchmod_args /* {
2682 		char *path;
2683 		int mode;
2684 	} */ *uap;
2685 {
2686 
2687 	return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2688 	    uap->mode, AT_SYMLINK_NOFOLLOW));
2689 }
2690 
2691 int
2692 kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2693     mode_t mode, int flag)
2694 {
2695 	struct nameidata nd;
2696 	cap_rights_t rights;
2697 	int error, follow;
2698 
2699 	AUDIT_ARG_MODE(mode);
2700 	follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2701 	NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2702 	    cap_rights_init(&rights, CAP_FCHMOD), td);
2703 	if ((error = namei(&nd)) != 0)
2704 		return (error);
2705 	NDFREE(&nd, NDF_ONLY_PNBUF);
2706 	error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2707 	vrele(nd.ni_vp);
2708 	return (error);
2709 }
2710 
2711 /*
2712  * Change mode of a file given a file descriptor.
2713  */
2714 #ifndef _SYS_SYSPROTO_H_
2715 struct fchmod_args {
2716 	int	fd;
2717 	int	mode;
2718 };
2719 #endif
2720 int
2721 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2722 {
2723 	struct file *fp;
2724 	cap_rights_t rights;
2725 	int error;
2726 
2727 	AUDIT_ARG_FD(uap->fd);
2728 	AUDIT_ARG_MODE(uap->mode);
2729 
2730 	error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHMOD), &fp);
2731 	if (error != 0)
2732 		return (error);
2733 	error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2734 	fdrop(fp, td);
2735 	return (error);
2736 }
2737 
2738 /*
2739  * Common implementation for chown(), lchown(), and fchown()
2740  */
2741 int
2742 setfown(td, cred, vp, uid, gid)
2743 	struct thread *td;
2744 	struct ucred *cred;
2745 	struct vnode *vp;
2746 	uid_t uid;
2747 	gid_t gid;
2748 {
2749 	struct mount *mp;
2750 	struct vattr vattr;
2751 	int error;
2752 
2753 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2754 		return (error);
2755 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2756 	VATTR_NULL(&vattr);
2757 	vattr.va_uid = uid;
2758 	vattr.va_gid = gid;
2759 #ifdef MAC
2760 	error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2761 	    vattr.va_gid);
2762 	if (error == 0)
2763 #endif
2764 		error = VOP_SETATTR(vp, &vattr, cred);
2765 	VOP_UNLOCK(vp, 0);
2766 	vn_finished_write(mp);
2767 	return (error);
2768 }
2769 
2770 /*
2771  * Set ownership given a path name.
2772  */
2773 #ifndef _SYS_SYSPROTO_H_
2774 struct chown_args {
2775 	char	*path;
2776 	int	uid;
2777 	int	gid;
2778 };
2779 #endif
2780 int
2781 sys_chown(td, uap)
2782 	struct thread *td;
2783 	register struct chown_args /* {
2784 		char *path;
2785 		int uid;
2786 		int gid;
2787 	} */ *uap;
2788 {
2789 
2790 	return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid,
2791 	    uap->gid, 0));
2792 }
2793 
2794 #ifndef _SYS_SYSPROTO_H_
2795 struct fchownat_args {
2796 	int fd;
2797 	const char * path;
2798 	uid_t uid;
2799 	gid_t gid;
2800 	int flag;
2801 };
2802 #endif
2803 int
2804 sys_fchownat(struct thread *td, struct fchownat_args *uap)
2805 {
2806 	int flag;
2807 
2808 	flag = uap->flag;
2809 	if (flag & ~AT_SYMLINK_NOFOLLOW)
2810 		return (EINVAL);
2811 
2812 	return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
2813 	    uap->gid, uap->flag));
2814 }
2815 
2816 int
2817 kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2818     int uid, int gid, int flag)
2819 {
2820 	struct nameidata nd;
2821 	cap_rights_t rights;
2822 	int error, follow;
2823 
2824 	AUDIT_ARG_OWNER(uid, gid);
2825 	follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2826 	NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2827 	    cap_rights_init(&rights, CAP_FCHOWN), td);
2828 
2829 	if ((error = namei(&nd)) != 0)
2830 		return (error);
2831 	NDFREE(&nd, NDF_ONLY_PNBUF);
2832 	error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
2833 	vrele(nd.ni_vp);
2834 	return (error);
2835 }
2836 
2837 /*
2838  * Set ownership given a path name, do not cross symlinks.
2839  */
2840 #ifndef _SYS_SYSPROTO_H_
2841 struct lchown_args {
2842 	char	*path;
2843 	int	uid;
2844 	int	gid;
2845 };
2846 #endif
2847 int
2848 sys_lchown(td, uap)
2849 	struct thread *td;
2850 	register struct lchown_args /* {
2851 		char *path;
2852 		int uid;
2853 		int gid;
2854 	} */ *uap;
2855 {
2856 
2857 	return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2858 	    uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW));
2859 }
2860 
2861 /*
2862  * Set ownership given a file descriptor.
2863  */
2864 #ifndef _SYS_SYSPROTO_H_
2865 struct fchown_args {
2866 	int	fd;
2867 	int	uid;
2868 	int	gid;
2869 };
2870 #endif
2871 int
2872 sys_fchown(td, uap)
2873 	struct thread *td;
2874 	register struct fchown_args /* {
2875 		int fd;
2876 		int uid;
2877 		int gid;
2878 	} */ *uap;
2879 {
2880 	struct file *fp;
2881 	cap_rights_t rights;
2882 	int error;
2883 
2884 	AUDIT_ARG_FD(uap->fd);
2885 	AUDIT_ARG_OWNER(uap->uid, uap->gid);
2886 	error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHOWN), &fp);
2887 	if (error != 0)
2888 		return (error);
2889 	error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
2890 	fdrop(fp, td);
2891 	return (error);
2892 }
2893 
2894 /*
2895  * Common implementation code for utimes(), lutimes(), and futimes().
2896  */
2897 static int
2898 getutimes(usrtvp, tvpseg, tsp)
2899 	const struct timeval *usrtvp;
2900 	enum uio_seg tvpseg;
2901 	struct timespec *tsp;
2902 {
2903 	struct timeval tv[2];
2904 	const struct timeval *tvp;
2905 	int error;
2906 
2907 	if (usrtvp == NULL) {
2908 		vfs_timestamp(&tsp[0]);
2909 		tsp[1] = tsp[0];
2910 	} else {
2911 		if (tvpseg == UIO_SYSSPACE) {
2912 			tvp = usrtvp;
2913 		} else {
2914 			if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
2915 				return (error);
2916 			tvp = tv;
2917 		}
2918 
2919 		if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
2920 		    tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
2921 			return (EINVAL);
2922 		TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
2923 		TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
2924 	}
2925 	return (0);
2926 }
2927 
2928 /*
2929  * Common implementation code for futimens(), utimensat().
2930  */
2931 #define	UTIMENS_NULL	0x1
2932 #define	UTIMENS_EXIT	0x2
2933 static int
2934 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
2935     struct timespec *tsp, int *retflags)
2936 {
2937 	struct timespec tsnow;
2938 	int error;
2939 
2940 	vfs_timestamp(&tsnow);
2941 	*retflags = 0;
2942 	if (usrtsp == NULL) {
2943 		tsp[0] = tsnow;
2944 		tsp[1] = tsnow;
2945 		*retflags |= UTIMENS_NULL;
2946 		return (0);
2947 	}
2948 	if (tspseg == UIO_SYSSPACE) {
2949 		tsp[0] = usrtsp[0];
2950 		tsp[1] = usrtsp[1];
2951 	} else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
2952 		return (error);
2953 	if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
2954 		*retflags |= UTIMENS_EXIT;
2955 	if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
2956 		*retflags |= UTIMENS_NULL;
2957 	if (tsp[0].tv_nsec == UTIME_OMIT)
2958 		tsp[0].tv_sec = VNOVAL;
2959 	else if (tsp[0].tv_nsec == UTIME_NOW)
2960 		tsp[0] = tsnow;
2961 	else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
2962 		return (EINVAL);
2963 	if (tsp[1].tv_nsec == UTIME_OMIT)
2964 		tsp[1].tv_sec = VNOVAL;
2965 	else if (tsp[1].tv_nsec == UTIME_NOW)
2966 		tsp[1] = tsnow;
2967 	else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
2968 		return (EINVAL);
2969 
2970 	return (0);
2971 }
2972 
2973 /*
2974  * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
2975  * and utimensat().
2976  */
2977 static int
2978 setutimes(td, vp, ts, numtimes, nullflag)
2979 	struct thread *td;
2980 	struct vnode *vp;
2981 	const struct timespec *ts;
2982 	int numtimes;
2983 	int nullflag;
2984 {
2985 	struct mount *mp;
2986 	struct vattr vattr;
2987 	int error, setbirthtime;
2988 
2989 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2990 		return (error);
2991 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2992 	setbirthtime = 0;
2993 	if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) &&
2994 	    timespeccmp(&ts[1], &vattr.va_birthtime, < ))
2995 		setbirthtime = 1;
2996 	VATTR_NULL(&vattr);
2997 	vattr.va_atime = ts[0];
2998 	vattr.va_mtime = ts[1];
2999 	if (setbirthtime)
3000 		vattr.va_birthtime = ts[1];
3001 	if (numtimes > 2)
3002 		vattr.va_birthtime = ts[2];
3003 	if (nullflag)
3004 		vattr.va_vaflags |= VA_UTIMES_NULL;
3005 #ifdef MAC
3006 	error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3007 	    vattr.va_mtime);
3008 #endif
3009 	if (error == 0)
3010 		error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3011 	VOP_UNLOCK(vp, 0);
3012 	vn_finished_write(mp);
3013 	return (error);
3014 }
3015 
3016 /*
3017  * Set the access and modification times of a file.
3018  */
3019 #ifndef _SYS_SYSPROTO_H_
3020 struct utimes_args {
3021 	char	*path;
3022 	struct	timeval *tptr;
3023 };
3024 #endif
3025 int
3026 sys_utimes(td, uap)
3027 	struct thread *td;
3028 	register struct utimes_args /* {
3029 		char *path;
3030 		struct timeval *tptr;
3031 	} */ *uap;
3032 {
3033 
3034 	return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3035 	    uap->tptr, UIO_USERSPACE));
3036 }
3037 
3038 #ifndef _SYS_SYSPROTO_H_
3039 struct futimesat_args {
3040 	int fd;
3041 	const char * path;
3042 	const struct timeval * times;
3043 };
3044 #endif
3045 int
3046 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3047 {
3048 
3049 	return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3050 	    uap->times, UIO_USERSPACE));
3051 }
3052 
3053 int
3054 kern_utimesat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
3055     struct timeval *tptr, enum uio_seg tptrseg)
3056 {
3057 	struct nameidata nd;
3058 	struct timespec ts[2];
3059 	cap_rights_t rights;
3060 	int error;
3061 
3062 	if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3063 		return (error);
3064 	NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3065 	    cap_rights_init(&rights, CAP_FUTIMES), td);
3066 
3067 	if ((error = namei(&nd)) != 0)
3068 		return (error);
3069 	NDFREE(&nd, NDF_ONLY_PNBUF);
3070 	error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3071 	vrele(nd.ni_vp);
3072 	return (error);
3073 }
3074 
3075 /*
3076  * Set the access and modification times of a file.
3077  */
3078 #ifndef _SYS_SYSPROTO_H_
3079 struct lutimes_args {
3080 	char	*path;
3081 	struct	timeval *tptr;
3082 };
3083 #endif
3084 int
3085 sys_lutimes(td, uap)
3086 	struct thread *td;
3087 	register struct lutimes_args /* {
3088 		char *path;
3089 		struct timeval *tptr;
3090 	} */ *uap;
3091 {
3092 
3093 	return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3094 	    UIO_USERSPACE));
3095 }
3096 
3097 int
3098 kern_lutimes(struct thread *td, char *path, enum uio_seg pathseg,
3099     struct timeval *tptr, enum uio_seg tptrseg)
3100 {
3101 	struct timespec ts[2];
3102 	struct nameidata nd;
3103 	int error;
3104 
3105 	if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3106 		return (error);
3107 	NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td);
3108 	if ((error = namei(&nd)) != 0)
3109 		return (error);
3110 	NDFREE(&nd, NDF_ONLY_PNBUF);
3111 	error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3112 	vrele(nd.ni_vp);
3113 	return (error);
3114 }
3115 
3116 /*
3117  * Set the access and modification times of a file.
3118  */
3119 #ifndef _SYS_SYSPROTO_H_
3120 struct futimes_args {
3121 	int	fd;
3122 	struct	timeval *tptr;
3123 };
3124 #endif
3125 int
3126 sys_futimes(td, uap)
3127 	struct thread *td;
3128 	register struct futimes_args /* {
3129 		int  fd;
3130 		struct timeval *tptr;
3131 	} */ *uap;
3132 {
3133 
3134 	return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3135 }
3136 
3137 int
3138 kern_futimes(struct thread *td, int fd, struct timeval *tptr,
3139     enum uio_seg tptrseg)
3140 {
3141 	struct timespec ts[2];
3142 	struct file *fp;
3143 	cap_rights_t rights;
3144 	int error;
3145 
3146 	AUDIT_ARG_FD(fd);
3147 	error = getutimes(tptr, tptrseg, ts);
3148 	if (error != 0)
3149 		return (error);
3150 	error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp);
3151 	if (error != 0)
3152 		return (error);
3153 #ifdef AUDIT
3154 	vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3155 	AUDIT_ARG_VNODE1(fp->f_vnode);
3156 	VOP_UNLOCK(fp->f_vnode, 0);
3157 #endif
3158 	error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3159 	fdrop(fp, td);
3160 	return (error);
3161 }
3162 
3163 int
3164 sys_futimens(struct thread *td, struct futimens_args *uap)
3165 {
3166 
3167 	return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3168 }
3169 
3170 int
3171 kern_futimens(struct thread *td, int fd, struct timespec *tptr,
3172     enum uio_seg tptrseg)
3173 {
3174 	struct timespec ts[2];
3175 	struct file *fp;
3176 	cap_rights_t rights;
3177 	int error, flags;
3178 
3179 	AUDIT_ARG_FD(fd);
3180 	error = getutimens(tptr, tptrseg, ts, &flags);
3181 	if (error != 0)
3182 		return (error);
3183 	if (flags & UTIMENS_EXIT)
3184 		return (0);
3185 	error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp);
3186 	if (error != 0)
3187 		return (error);
3188 #ifdef AUDIT
3189 	vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3190 	AUDIT_ARG_VNODE1(fp->f_vnode);
3191 	VOP_UNLOCK(fp->f_vnode, 0);
3192 #endif
3193 	error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3194 	fdrop(fp, td);
3195 	return (error);
3196 }
3197 
3198 int
3199 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3200 {
3201 
3202 	return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3203 	    uap->times, UIO_USERSPACE, uap->flag));
3204 }
3205 
3206 int
3207 kern_utimensat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
3208     struct timespec *tptr, enum uio_seg tptrseg, int flag)
3209 {
3210 	struct nameidata nd;
3211 	struct timespec ts[2];
3212 	cap_rights_t rights;
3213 	int error, flags;
3214 
3215 	if (flag & ~AT_SYMLINK_NOFOLLOW)
3216 		return (EINVAL);
3217 
3218 	if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3219 		return (error);
3220 	NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
3221 	    FOLLOW) | AUDITVNODE1, pathseg, path, fd,
3222 	    cap_rights_init(&rights, CAP_FUTIMES), td);
3223 	if ((error = namei(&nd)) != 0)
3224 		return (error);
3225 	/*
3226 	 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3227 	 * POSIX states:
3228 	 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3229 	 * "Search permission is denied by a component of the path prefix."
3230 	 */
3231 	NDFREE(&nd, NDF_ONLY_PNBUF);
3232 	if ((flags & UTIMENS_EXIT) == 0)
3233 		error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3234 	vrele(nd.ni_vp);
3235 	return (error);
3236 }
3237 
3238 /*
3239  * Truncate a file given its path name.
3240  */
3241 #ifndef _SYS_SYSPROTO_H_
3242 struct truncate_args {
3243 	char	*path;
3244 	int	pad;
3245 	off_t	length;
3246 };
3247 #endif
3248 int
3249 sys_truncate(td, uap)
3250 	struct thread *td;
3251 	register struct truncate_args /* {
3252 		char *path;
3253 		int pad;
3254 		off_t length;
3255 	} */ *uap;
3256 {
3257 
3258 	return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3259 }
3260 
3261 int
3262 kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length)
3263 {
3264 	struct mount *mp;
3265 	struct vnode *vp;
3266 	void *rl_cookie;
3267 	struct vattr vattr;
3268 	struct nameidata nd;
3269 	int error;
3270 
3271 	if (length < 0)
3272 		return(EINVAL);
3273 	NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
3274 	if ((error = namei(&nd)) != 0)
3275 		return (error);
3276 	vp = nd.ni_vp;
3277 	rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3278 	if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
3279 		vn_rangelock_unlock(vp, rl_cookie);
3280 		vrele(vp);
3281 		return (error);
3282 	}
3283 	NDFREE(&nd, NDF_ONLY_PNBUF);
3284 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3285 	if (vp->v_type == VDIR)
3286 		error = EISDIR;
3287 #ifdef MAC
3288 	else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) {
3289 	}
3290 #endif
3291 	else if ((error = vn_writechk(vp)) == 0 &&
3292 	    (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
3293 		VATTR_NULL(&vattr);
3294 		vattr.va_size = length;
3295 		error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3296 	}
3297 	VOP_UNLOCK(vp, 0);
3298 	vn_finished_write(mp);
3299 	vn_rangelock_unlock(vp, rl_cookie);
3300 	vrele(vp);
3301 	return (error);
3302 }
3303 
3304 #if defined(COMPAT_43)
3305 /*
3306  * Truncate a file given its path name.
3307  */
3308 #ifndef _SYS_SYSPROTO_H_
3309 struct otruncate_args {
3310 	char	*path;
3311 	long	length;
3312 };
3313 #endif
3314 int
3315 otruncate(td, uap)
3316 	struct thread *td;
3317 	register struct otruncate_args /* {
3318 		char *path;
3319 		long length;
3320 	} */ *uap;
3321 {
3322 	struct truncate_args /* {
3323 		char *path;
3324 		int pad;
3325 		off_t length;
3326 	} */ nuap;
3327 
3328 	nuap.path = uap->path;
3329 	nuap.length = uap->length;
3330 	return (sys_truncate(td, &nuap));
3331 }
3332 #endif /* COMPAT_43 */
3333 
3334 #if defined(COMPAT_FREEBSD6)
3335 /* Versions with the pad argument */
3336 int
3337 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3338 {
3339 	struct truncate_args ouap;
3340 
3341 	ouap.path = uap->path;
3342 	ouap.length = uap->length;
3343 	return (sys_truncate(td, &ouap));
3344 }
3345 
3346 int
3347 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3348 {
3349 	struct ftruncate_args ouap;
3350 
3351 	ouap.fd = uap->fd;
3352 	ouap.length = uap->length;
3353 	return (sys_ftruncate(td, &ouap));
3354 }
3355 #endif
3356 
3357 int
3358 kern_fsync(struct thread *td, int fd, bool fullsync)
3359 {
3360 	struct vnode *vp;
3361 	struct mount *mp;
3362 	struct file *fp;
3363 	cap_rights_t rights;
3364 	int error, lock_flags;
3365 
3366 	AUDIT_ARG_FD(fd);
3367 	error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSYNC), &fp);
3368 	if (error != 0)
3369 		return (error);
3370 	vp = fp->f_vnode;
3371 #if 0
3372 	if (!fullsync)
3373 		/* XXXKIB: compete outstanding aio writes */;
3374 #endif
3375 	error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3376 	if (error != 0)
3377 		goto drop;
3378 	if (MNT_SHARED_WRITES(mp) ||
3379 	    ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) {
3380 		lock_flags = LK_SHARED;
3381 	} else {
3382 		lock_flags = LK_EXCLUSIVE;
3383 	}
3384 	vn_lock(vp, lock_flags | LK_RETRY);
3385 	AUDIT_ARG_VNODE1(vp);
3386 	if (vp->v_object != NULL) {
3387 		VM_OBJECT_WLOCK(vp->v_object);
3388 		vm_object_page_clean(vp->v_object, 0, 0, 0);
3389 		VM_OBJECT_WUNLOCK(vp->v_object);
3390 	}
3391 	error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td);
3392 	VOP_UNLOCK(vp, 0);
3393 	vn_finished_write(mp);
3394 drop:
3395 	fdrop(fp, td);
3396 	return (error);
3397 }
3398 
3399 /*
3400  * Sync an open file.
3401  */
3402 #ifndef _SYS_SYSPROTO_H_
3403 struct fsync_args {
3404 	int	fd;
3405 };
3406 #endif
3407 int
3408 sys_fsync(struct thread *td, struct fsync_args *uap)
3409 {
3410 
3411 	return (kern_fsync(td, uap->fd, true));
3412 }
3413 
3414 int
3415 sys_fdatasync(struct thread *td, struct fdatasync_args *uap)
3416 {
3417 
3418 	return (kern_fsync(td, uap->fd, false));
3419 }
3420 
3421 /*
3422  * Rename files.  Source and destination must either both be directories, or
3423  * both not be directories.  If target is a directory, it must be empty.
3424  */
3425 #ifndef _SYS_SYSPROTO_H_
3426 struct rename_args {
3427 	char	*from;
3428 	char	*to;
3429 };
3430 #endif
3431 int
3432 sys_rename(td, uap)
3433 	struct thread *td;
3434 	register struct rename_args /* {
3435 		char *from;
3436 		char *to;
3437 	} */ *uap;
3438 {
3439 
3440 	return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD,
3441 	    uap->to, UIO_USERSPACE));
3442 }
3443 
3444 #ifndef _SYS_SYSPROTO_H_
3445 struct renameat_args {
3446 	int	oldfd;
3447 	char	*old;
3448 	int	newfd;
3449 	char	*new;
3450 };
3451 #endif
3452 int
3453 sys_renameat(struct thread *td, struct renameat_args *uap)
3454 {
3455 
3456 	return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3457 	    UIO_USERSPACE));
3458 }
3459 
3460 int
3461 kern_renameat(struct thread *td, int oldfd, char *old, int newfd, char *new,
3462     enum uio_seg pathseg)
3463 {
3464 	struct mount *mp = NULL;
3465 	struct vnode *tvp, *fvp, *tdvp;
3466 	struct nameidata fromnd, tond;
3467 	cap_rights_t rights;
3468 	int error;
3469 
3470 again:
3471 	bwillwrite();
3472 #ifdef MAC
3473 	NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
3474 	    AUDITVNODE1, pathseg, old, oldfd,
3475 	    cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td);
3476 #else
3477 	NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1,
3478 	    pathseg, old, oldfd,
3479 	    cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td);
3480 #endif
3481 
3482 	if ((error = namei(&fromnd)) != 0)
3483 		return (error);
3484 #ifdef MAC
3485 	error = mac_vnode_check_rename_from(td->td_ucred, fromnd.ni_dvp,
3486 	    fromnd.ni_vp, &fromnd.ni_cnd);
3487 	VOP_UNLOCK(fromnd.ni_dvp, 0);
3488 	if (fromnd.ni_dvp != fromnd.ni_vp)
3489 		VOP_UNLOCK(fromnd.ni_vp, 0);
3490 #endif
3491 	fvp = fromnd.ni_vp;
3492 	NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE |
3493 	    SAVESTART | AUDITVNODE2, pathseg, new, newfd,
3494 	    cap_rights_init(&rights, CAP_RENAMEAT_TARGET), td);
3495 	if (fromnd.ni_vp->v_type == VDIR)
3496 		tond.ni_cnd.cn_flags |= WILLBEDIR;
3497 	if ((error = namei(&tond)) != 0) {
3498 		/* Translate error code for rename("dir1", "dir2/."). */
3499 		if (error == EISDIR && fvp->v_type == VDIR)
3500 			error = EINVAL;
3501 		NDFREE(&fromnd, NDF_ONLY_PNBUF);
3502 		vrele(fromnd.ni_dvp);
3503 		vrele(fvp);
3504 		goto out1;
3505 	}
3506 	tdvp = tond.ni_dvp;
3507 	tvp = tond.ni_vp;
3508 	error = vn_start_write(fvp, &mp, V_NOWAIT);
3509 	if (error != 0) {
3510 		NDFREE(&fromnd, NDF_ONLY_PNBUF);
3511 		NDFREE(&tond, NDF_ONLY_PNBUF);
3512 		if (tvp != NULL)
3513 			vput(tvp);
3514 		if (tdvp == tvp)
3515 			vrele(tdvp);
3516 		else
3517 			vput(tdvp);
3518 		vrele(fromnd.ni_dvp);
3519 		vrele(fvp);
3520 		vrele(tond.ni_startdir);
3521 		if (fromnd.ni_startdir != NULL)
3522 			vrele(fromnd.ni_startdir);
3523 		error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
3524 		if (error != 0)
3525 			return (error);
3526 		goto again;
3527 	}
3528 	if (tvp != NULL) {
3529 		if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3530 			error = ENOTDIR;
3531 			goto out;
3532 		} else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3533 			error = EISDIR;
3534 			goto out;
3535 		}
3536 #ifdef CAPABILITIES
3537 		if (newfd != AT_FDCWD) {
3538 			/*
3539 			 * If the target already exists we require CAP_UNLINKAT
3540 			 * from 'newfd'.
3541 			 */
3542 			error = cap_check(&tond.ni_filecaps.fc_rights,
3543 			    cap_rights_init(&rights, CAP_UNLINKAT));
3544 			if (error != 0)
3545 				goto out;
3546 		}
3547 #endif
3548 	}
3549 	if (fvp == tdvp) {
3550 		error = EINVAL;
3551 		goto out;
3552 	}
3553 	/*
3554 	 * If the source is the same as the destination (that is, if they
3555 	 * are links to the same vnode), then there is nothing to do.
3556 	 */
3557 	if (fvp == tvp)
3558 		error = -1;
3559 #ifdef MAC
3560 	else
3561 		error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3562 		    tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3563 #endif
3564 out:
3565 	if (error == 0) {
3566 		error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3567 		    tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3568 		NDFREE(&fromnd, NDF_ONLY_PNBUF);
3569 		NDFREE(&tond, NDF_ONLY_PNBUF);
3570 	} else {
3571 		NDFREE(&fromnd, NDF_ONLY_PNBUF);
3572 		NDFREE(&tond, NDF_ONLY_PNBUF);
3573 		if (tvp != NULL)
3574 			vput(tvp);
3575 		if (tdvp == tvp)
3576 			vrele(tdvp);
3577 		else
3578 			vput(tdvp);
3579 		vrele(fromnd.ni_dvp);
3580 		vrele(fvp);
3581 	}
3582 	vrele(tond.ni_startdir);
3583 	vn_finished_write(mp);
3584 out1:
3585 	if (fromnd.ni_startdir)
3586 		vrele(fromnd.ni_startdir);
3587 	if (error == -1)
3588 		return (0);
3589 	return (error);
3590 }
3591 
3592 /*
3593  * Make a directory file.
3594  */
3595 #ifndef _SYS_SYSPROTO_H_
3596 struct mkdir_args {
3597 	char	*path;
3598 	int	mode;
3599 };
3600 #endif
3601 int
3602 sys_mkdir(td, uap)
3603 	struct thread *td;
3604 	register struct mkdir_args /* {
3605 		char *path;
3606 		int mode;
3607 	} */ *uap;
3608 {
3609 
3610 	return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3611 	    uap->mode));
3612 }
3613 
3614 #ifndef _SYS_SYSPROTO_H_
3615 struct mkdirat_args {
3616 	int	fd;
3617 	char	*path;
3618 	mode_t	mode;
3619 };
3620 #endif
3621 int
3622 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3623 {
3624 
3625 	return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3626 }
3627 
3628 int
3629 kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg,
3630     int mode)
3631 {
3632 	struct mount *mp;
3633 	struct vnode *vp;
3634 	struct vattr vattr;
3635 	struct nameidata nd;
3636 	cap_rights_t rights;
3637 	int error;
3638 
3639 	AUDIT_ARG_MODE(mode);
3640 restart:
3641 	bwillwrite();
3642 	NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
3643 	    NOCACHE, segflg, path, fd, cap_rights_init(&rights, CAP_MKDIRAT),
3644 	    td);
3645 	nd.ni_cnd.cn_flags |= WILLBEDIR;
3646 	if ((error = namei(&nd)) != 0)
3647 		return (error);
3648 	vp = nd.ni_vp;
3649 	if (vp != NULL) {
3650 		NDFREE(&nd, NDF_ONLY_PNBUF);
3651 		/*
3652 		 * XXX namei called with LOCKPARENT but not LOCKLEAF has
3653 		 * the strange behaviour of leaving the vnode unlocked
3654 		 * if the target is the same vnode as the parent.
3655 		 */
3656 		if (vp == nd.ni_dvp)
3657 			vrele(nd.ni_dvp);
3658 		else
3659 			vput(nd.ni_dvp);
3660 		vrele(vp);
3661 		return (EEXIST);
3662 	}
3663 	if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3664 		NDFREE(&nd, NDF_ONLY_PNBUF);
3665 		vput(nd.ni_dvp);
3666 		if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3667 			return (error);
3668 		goto restart;
3669 	}
3670 	VATTR_NULL(&vattr);
3671 	vattr.va_type = VDIR;
3672 	vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask;
3673 #ifdef MAC
3674 	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3675 	    &vattr);
3676 	if (error != 0)
3677 		goto out;
3678 #endif
3679 	error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3680 #ifdef MAC
3681 out:
3682 #endif
3683 	NDFREE(&nd, NDF_ONLY_PNBUF);
3684 	vput(nd.ni_dvp);
3685 	if (error == 0)
3686 		vput(nd.ni_vp);
3687 	vn_finished_write(mp);
3688 	return (error);
3689 }
3690 
3691 /*
3692  * Remove a directory file.
3693  */
3694 #ifndef _SYS_SYSPROTO_H_
3695 struct rmdir_args {
3696 	char	*path;
3697 };
3698 #endif
3699 int
3700 sys_rmdir(td, uap)
3701 	struct thread *td;
3702 	struct rmdir_args /* {
3703 		char *path;
3704 	} */ *uap;
3705 {
3706 
3707 	return (kern_rmdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE));
3708 }
3709 
3710 int
3711 kern_rmdirat(struct thread *td, int fd, char *path, enum uio_seg pathseg)
3712 {
3713 	struct mount *mp;
3714 	struct vnode *vp;
3715 	struct nameidata nd;
3716 	cap_rights_t rights;
3717 	int error;
3718 
3719 restart:
3720 	bwillwrite();
3721 	NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
3722 	    pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td);
3723 	if ((error = namei(&nd)) != 0)
3724 		return (error);
3725 	vp = nd.ni_vp;
3726 	if (vp->v_type != VDIR) {
3727 		error = ENOTDIR;
3728 		goto out;
3729 	}
3730 	/*
3731 	 * No rmdir "." please.
3732 	 */
3733 	if (nd.ni_dvp == vp) {
3734 		error = EINVAL;
3735 		goto out;
3736 	}
3737 	/*
3738 	 * The root of a mounted filesystem cannot be deleted.
3739 	 */
3740 	if (vp->v_vflag & VV_ROOT) {
3741 		error = EBUSY;
3742 		goto out;
3743 	}
3744 #ifdef MAC
3745 	error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3746 	    &nd.ni_cnd);
3747 	if (error != 0)
3748 		goto out;
3749 #endif
3750 	if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3751 		NDFREE(&nd, NDF_ONLY_PNBUF);
3752 		vput(vp);
3753 		if (nd.ni_dvp == vp)
3754 			vrele(nd.ni_dvp);
3755 		else
3756 			vput(nd.ni_dvp);
3757 		if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3758 			return (error);
3759 		goto restart;
3760 	}
3761 	vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3762 	error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3763 	vn_finished_write(mp);
3764 out:
3765 	NDFREE(&nd, NDF_ONLY_PNBUF);
3766 	vput(vp);
3767 	if (nd.ni_dvp == vp)
3768 		vrele(nd.ni_dvp);
3769 	else
3770 		vput(nd.ni_dvp);
3771 	return (error);
3772 }
3773 
3774 #ifdef COMPAT_43
3775 /*
3776  * Read a block of directory entries in a filesystem independent format.
3777  */
3778 #ifndef _SYS_SYSPROTO_H_
3779 struct ogetdirentries_args {
3780 	int	fd;
3781 	char	*buf;
3782 	u_int	count;
3783 	long	*basep;
3784 };
3785 #endif
3786 int
3787 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
3788 {
3789 	long loff;
3790 	int error;
3791 
3792 	error = kern_ogetdirentries(td, uap, &loff);
3793 	if (error == 0)
3794 		error = copyout(&loff, uap->basep, sizeof(long));
3795 	return (error);
3796 }
3797 
3798 int
3799 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
3800     long *ploff)
3801 {
3802 	struct vnode *vp;
3803 	struct file *fp;
3804 	struct uio auio, kuio;
3805 	struct iovec aiov, kiov;
3806 	struct dirent *dp, *edp;
3807 	cap_rights_t rights;
3808 	caddr_t dirbuf;
3809 	int error, eofflag, readcnt;
3810 	long loff;
3811 	off_t foffset;
3812 
3813 	/* XXX arbitrary sanity limit on `count'. */
3814 	if (uap->count > 64 * 1024)
3815 		return (EINVAL);
3816 	error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_READ), &fp);
3817 	if (error != 0)
3818 		return (error);
3819 	if ((fp->f_flag & FREAD) == 0) {
3820 		fdrop(fp, td);
3821 		return (EBADF);
3822 	}
3823 	vp = fp->f_vnode;
3824 	foffset = foffset_lock(fp, 0);
3825 unionread:
3826 	if (vp->v_type != VDIR) {
3827 		foffset_unlock(fp, foffset, 0);
3828 		fdrop(fp, td);
3829 		return (EINVAL);
3830 	}
3831 	aiov.iov_base = uap->buf;
3832 	aiov.iov_len = uap->count;
3833 	auio.uio_iov = &aiov;
3834 	auio.uio_iovcnt = 1;
3835 	auio.uio_rw = UIO_READ;
3836 	auio.uio_segflg = UIO_USERSPACE;
3837 	auio.uio_td = td;
3838 	auio.uio_resid = uap->count;
3839 	vn_lock(vp, LK_SHARED | LK_RETRY);
3840 	loff = auio.uio_offset = foffset;
3841 #ifdef MAC
3842 	error = mac_vnode_check_readdir(td->td_ucred, vp);
3843 	if (error != 0) {
3844 		VOP_UNLOCK(vp, 0);
3845 		foffset_unlock(fp, foffset, FOF_NOUPDATE);
3846 		fdrop(fp, td);
3847 		return (error);
3848 	}
3849 #endif
3850 #	if (BYTE_ORDER != LITTLE_ENDIAN)
3851 		if (vp->v_mount->mnt_maxsymlinklen <= 0) {
3852 			error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
3853 			    NULL, NULL);
3854 			foffset = auio.uio_offset;
3855 		} else
3856 #	endif
3857 	{
3858 		kuio = auio;
3859 		kuio.uio_iov = &kiov;
3860 		kuio.uio_segflg = UIO_SYSSPACE;
3861 		kiov.iov_len = uap->count;
3862 		dirbuf = malloc(uap->count, M_TEMP, M_WAITOK);
3863 		kiov.iov_base = dirbuf;
3864 		error = VOP_READDIR(vp, &kuio, fp->f_cred, &eofflag,
3865 			    NULL, NULL);
3866 		foffset = kuio.uio_offset;
3867 		if (error == 0) {
3868 			readcnt = uap->count - kuio.uio_resid;
3869 			edp = (struct dirent *)&dirbuf[readcnt];
3870 			for (dp = (struct dirent *)dirbuf; dp < edp; ) {
3871 #				if (BYTE_ORDER == LITTLE_ENDIAN)
3872 					/*
3873 					 * The expected low byte of
3874 					 * dp->d_namlen is our dp->d_type.
3875 					 * The high MBZ byte of dp->d_namlen
3876 					 * is our dp->d_namlen.
3877 					 */
3878 					dp->d_type = dp->d_namlen;
3879 					dp->d_namlen = 0;
3880 #				else
3881 					/*
3882 					 * The dp->d_type is the high byte
3883 					 * of the expected dp->d_namlen,
3884 					 * so must be zero'ed.
3885 					 */
3886 					dp->d_type = 0;
3887 #				endif
3888 				if (dp->d_reclen > 0) {
3889 					dp = (struct dirent *)
3890 					    ((char *)dp + dp->d_reclen);
3891 				} else {
3892 					error = EIO;
3893 					break;
3894 				}
3895 			}
3896 			if (dp >= edp)
3897 				error = uiomove(dirbuf, readcnt, &auio);
3898 		}
3899 		free(dirbuf, M_TEMP);
3900 	}
3901 	if (error != 0) {
3902 		VOP_UNLOCK(vp, 0);
3903 		foffset_unlock(fp, foffset, 0);
3904 		fdrop(fp, td);
3905 		return (error);
3906 	}
3907 	if (uap->count == auio.uio_resid &&
3908 	    (vp->v_vflag & VV_ROOT) &&
3909 	    (vp->v_mount->mnt_flag & MNT_UNION)) {
3910 		struct vnode *tvp = vp;
3911 		vp = vp->v_mount->mnt_vnodecovered;
3912 		VREF(vp);
3913 		fp->f_vnode = vp;
3914 		fp->f_data = vp;
3915 		foffset = 0;
3916 		vput(tvp);
3917 		goto unionread;
3918 	}
3919 	VOP_UNLOCK(vp, 0);
3920 	foffset_unlock(fp, foffset, 0);
3921 	fdrop(fp, td);
3922 	td->td_retval[0] = uap->count - auio.uio_resid;
3923 	if (error == 0)
3924 		*ploff = loff;
3925 	return (error);
3926 }
3927 #endif /* COMPAT_43 */
3928 
3929 /*
3930  * Read a block of directory entries in a filesystem independent format.
3931  */
3932 #ifndef _SYS_SYSPROTO_H_
3933 struct getdirentries_args {
3934 	int	fd;
3935 	char	*buf;
3936 	u_int	count;
3937 	long	*basep;
3938 };
3939 #endif
3940 int
3941 sys_getdirentries(td, uap)
3942 	struct thread *td;
3943 	register struct getdirentries_args /* {
3944 		int fd;
3945 		char *buf;
3946 		u_int count;
3947 		long *basep;
3948 	} */ *uap;
3949 {
3950 	long base;
3951 	int error;
3952 
3953 	error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
3954 	    NULL, UIO_USERSPACE);
3955 	if (error != 0)
3956 		return (error);
3957 	if (uap->basep != NULL)
3958 		error = copyout(&base, uap->basep, sizeof(long));
3959 	return (error);
3960 }
3961 
3962 int
3963 kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
3964     long *basep, ssize_t *residp, enum uio_seg bufseg)
3965 {
3966 	struct vnode *vp;
3967 	struct file *fp;
3968 	struct uio auio;
3969 	struct iovec aiov;
3970 	cap_rights_t rights;
3971 	long loff;
3972 	int error, eofflag;
3973 	off_t foffset;
3974 
3975 	AUDIT_ARG_FD(fd);
3976 	if (count > IOSIZE_MAX)
3977 		return (EINVAL);
3978 	auio.uio_resid = count;
3979 	error = getvnode(td, fd, cap_rights_init(&rights, CAP_READ), &fp);
3980 	if (error != 0)
3981 		return (error);
3982 	if ((fp->f_flag & FREAD) == 0) {
3983 		fdrop(fp, td);
3984 		return (EBADF);
3985 	}
3986 	vp = fp->f_vnode;
3987 	foffset = foffset_lock(fp, 0);
3988 unionread:
3989 	if (vp->v_type != VDIR) {
3990 		error = EINVAL;
3991 		goto fail;
3992 	}
3993 	aiov.iov_base = buf;
3994 	aiov.iov_len = count;
3995 	auio.uio_iov = &aiov;
3996 	auio.uio_iovcnt = 1;
3997 	auio.uio_rw = UIO_READ;
3998 	auio.uio_segflg = bufseg;
3999 	auio.uio_td = td;
4000 	vn_lock(vp, LK_SHARED | LK_RETRY);
4001 	AUDIT_ARG_VNODE1(vp);
4002 	loff = auio.uio_offset = foffset;
4003 #ifdef MAC
4004 	error = mac_vnode_check_readdir(td->td_ucred, vp);
4005 	if (error == 0)
4006 #endif
4007 		error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4008 		    NULL);
4009 	foffset = auio.uio_offset;
4010 	if (error != 0) {
4011 		VOP_UNLOCK(vp, 0);
4012 		goto fail;
4013 	}
4014 	if (count == auio.uio_resid &&
4015 	    (vp->v_vflag & VV_ROOT) &&
4016 	    (vp->v_mount->mnt_flag & MNT_UNION)) {
4017 		struct vnode *tvp = vp;
4018 
4019 		vp = vp->v_mount->mnt_vnodecovered;
4020 		VREF(vp);
4021 		fp->f_vnode = vp;
4022 		fp->f_data = vp;
4023 		foffset = 0;
4024 		vput(tvp);
4025 		goto unionread;
4026 	}
4027 	VOP_UNLOCK(vp, 0);
4028 	*basep = loff;
4029 	if (residp != NULL)
4030 		*residp = auio.uio_resid;
4031 	td->td_retval[0] = count - auio.uio_resid;
4032 fail:
4033 	foffset_unlock(fp, foffset, 0);
4034 	fdrop(fp, td);
4035 	return (error);
4036 }
4037 
4038 #ifndef _SYS_SYSPROTO_H_
4039 struct getdents_args {
4040 	int fd;
4041 	char *buf;
4042 	size_t count;
4043 };
4044 #endif
4045 int
4046 sys_getdents(td, uap)
4047 	struct thread *td;
4048 	register struct getdents_args /* {
4049 		int fd;
4050 		char *buf;
4051 		u_int count;
4052 	} */ *uap;
4053 {
4054 	struct getdirentries_args ap;
4055 
4056 	ap.fd = uap->fd;
4057 	ap.buf = uap->buf;
4058 	ap.count = uap->count;
4059 	ap.basep = NULL;
4060 	return (sys_getdirentries(td, &ap));
4061 }
4062 
4063 /*
4064  * Set the mode mask for creation of filesystem nodes.
4065  */
4066 #ifndef _SYS_SYSPROTO_H_
4067 struct umask_args {
4068 	int	newmask;
4069 };
4070 #endif
4071 int
4072 sys_umask(td, uap)
4073 	struct thread *td;
4074 	struct umask_args /* {
4075 		int newmask;
4076 	} */ *uap;
4077 {
4078 	struct filedesc *fdp;
4079 
4080 	fdp = td->td_proc->p_fd;
4081 	FILEDESC_XLOCK(fdp);
4082 	td->td_retval[0] = fdp->fd_cmask;
4083 	fdp->fd_cmask = uap->newmask & ALLPERMS;
4084 	FILEDESC_XUNLOCK(fdp);
4085 	return (0);
4086 }
4087 
4088 /*
4089  * Void all references to file by ripping underlying filesystem away from
4090  * vnode.
4091  */
4092 #ifndef _SYS_SYSPROTO_H_
4093 struct revoke_args {
4094 	char	*path;
4095 };
4096 #endif
4097 int
4098 sys_revoke(td, uap)
4099 	struct thread *td;
4100 	register struct revoke_args /* {
4101 		char *path;
4102 	} */ *uap;
4103 {
4104 	struct vnode *vp;
4105 	struct vattr vattr;
4106 	struct nameidata nd;
4107 	int error;
4108 
4109 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4110 	    uap->path, td);
4111 	if ((error = namei(&nd)) != 0)
4112 		return (error);
4113 	vp = nd.ni_vp;
4114 	NDFREE(&nd, NDF_ONLY_PNBUF);
4115 	if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4116 		error = EINVAL;
4117 		goto out;
4118 	}
4119 #ifdef MAC
4120 	error = mac_vnode_check_revoke(td->td_ucred, vp);
4121 	if (error != 0)
4122 		goto out;
4123 #endif
4124 	error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4125 	if (error != 0)
4126 		goto out;
4127 	if (td->td_ucred->cr_uid != vattr.va_uid) {
4128 		error = priv_check(td, PRIV_VFS_ADMIN);
4129 		if (error != 0)
4130 			goto out;
4131 	}
4132 	if (vcount(vp) > 1)
4133 		VOP_REVOKE(vp, REVOKEALL);
4134 out:
4135 	vput(vp);
4136 	return (error);
4137 }
4138 
4139 /*
4140  * Convert a user file descriptor to a kernel file entry and check that, if it
4141  * is a capability, the correct rights are present. A reference on the file
4142  * entry is held upon returning.
4143  */
4144 int
4145 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
4146 {
4147 	struct file *fp;
4148 	int error;
4149 
4150 	error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp, NULL);
4151 	if (error != 0)
4152 		return (error);
4153 
4154 	/*
4155 	 * The file could be not of the vnode type, or it may be not
4156 	 * yet fully initialized, in which case the f_vnode pointer
4157 	 * may be set, but f_ops is still badfileops.  E.g.,
4158 	 * devfs_open() transiently create such situation to
4159 	 * facilitate csw d_fdopen().
4160 	 *
4161 	 * Dupfdopen() handling in kern_openat() installs the
4162 	 * half-baked file into the process descriptor table, allowing
4163 	 * other thread to dereference it. Guard against the race by
4164 	 * checking f_ops.
4165 	 */
4166 	if (fp->f_vnode == NULL || fp->f_ops == &badfileops) {
4167 		fdrop(fp, td);
4168 		return (EINVAL);
4169 	}
4170 	*fpp = fp;
4171 	return (0);
4172 }
4173 
4174 
4175 /*
4176  * Get an (NFS) file handle.
4177  */
4178 #ifndef _SYS_SYSPROTO_H_
4179 struct lgetfh_args {
4180 	char	*fname;
4181 	fhandle_t *fhp;
4182 };
4183 #endif
4184 int
4185 sys_lgetfh(td, uap)
4186 	struct thread *td;
4187 	register struct lgetfh_args *uap;
4188 {
4189 	struct nameidata nd;
4190 	fhandle_t fh;
4191 	register struct vnode *vp;
4192 	int error;
4193 
4194 	error = priv_check(td, PRIV_VFS_GETFH);
4195 	if (error != 0)
4196 		return (error);
4197 	NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4198 	    uap->fname, td);
4199 	error = namei(&nd);
4200 	if (error != 0)
4201 		return (error);
4202 	NDFREE(&nd, NDF_ONLY_PNBUF);
4203 	vp = nd.ni_vp;
4204 	bzero(&fh, sizeof(fh));
4205 	fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4206 	error = VOP_VPTOFH(vp, &fh.fh_fid);
4207 	vput(vp);
4208 	if (error == 0)
4209 		error = copyout(&fh, uap->fhp, sizeof (fh));
4210 	return (error);
4211 }
4212 
4213 #ifndef _SYS_SYSPROTO_H_
4214 struct getfh_args {
4215 	char	*fname;
4216 	fhandle_t *fhp;
4217 };
4218 #endif
4219 int
4220 sys_getfh(td, uap)
4221 	struct thread *td;
4222 	register struct getfh_args *uap;
4223 {
4224 	struct nameidata nd;
4225 	fhandle_t fh;
4226 	register struct vnode *vp;
4227 	int error;
4228 
4229 	error = priv_check(td, PRIV_VFS_GETFH);
4230 	if (error != 0)
4231 		return (error);
4232 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4233 	    uap->fname, td);
4234 	error = namei(&nd);
4235 	if (error != 0)
4236 		return (error);
4237 	NDFREE(&nd, NDF_ONLY_PNBUF);
4238 	vp = nd.ni_vp;
4239 	bzero(&fh, sizeof(fh));
4240 	fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4241 	error = VOP_VPTOFH(vp, &fh.fh_fid);
4242 	vput(vp);
4243 	if (error == 0)
4244 		error = copyout(&fh, uap->fhp, sizeof (fh));
4245 	return (error);
4246 }
4247 
4248 /*
4249  * syscall for the rpc.lockd to use to translate a NFS file handle into an
4250  * open descriptor.
4251  *
4252  * warning: do not remove the priv_check() call or this becomes one giant
4253  * security hole.
4254  */
4255 #ifndef _SYS_SYSPROTO_H_
4256 struct fhopen_args {
4257 	const struct fhandle *u_fhp;
4258 	int flags;
4259 };
4260 #endif
4261 int
4262 sys_fhopen(td, uap)
4263 	struct thread *td;
4264 	struct fhopen_args /* {
4265 		const struct fhandle *u_fhp;
4266 		int flags;
4267 	} */ *uap;
4268 {
4269 	struct mount *mp;
4270 	struct vnode *vp;
4271 	struct fhandle fhp;
4272 	struct file *fp;
4273 	int fmode, error;
4274 	int indx;
4275 
4276 	error = priv_check(td, PRIV_VFS_FHOPEN);
4277 	if (error != 0)
4278 		return (error);
4279 	indx = -1;
4280 	fmode = FFLAGS(uap->flags);
4281 	/* why not allow a non-read/write open for our lockd? */
4282 	if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4283 		return (EINVAL);
4284 	error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4285 	if (error != 0)
4286 		return(error);
4287 	/* find the mount point */
4288 	mp = vfs_busyfs(&fhp.fh_fsid);
4289 	if (mp == NULL)
4290 		return (ESTALE);
4291 	/* now give me my vnode, it gets returned to me locked */
4292 	error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4293 	vfs_unbusy(mp);
4294 	if (error != 0)
4295 		return (error);
4296 
4297 	error = falloc_noinstall(td, &fp);
4298 	if (error != 0) {
4299 		vput(vp);
4300 		return (error);
4301 	}
4302 	/*
4303 	 * An extra reference on `fp' has been held for us by
4304 	 * falloc_noinstall().
4305 	 */
4306 
4307 #ifdef INVARIANTS
4308 	td->td_dupfd = -1;
4309 #endif
4310 	error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4311 	if (error != 0) {
4312 		KASSERT(fp->f_ops == &badfileops,
4313 		    ("VOP_OPEN in fhopen() set f_ops"));
4314 		KASSERT(td->td_dupfd < 0,
4315 		    ("fhopen() encountered fdopen()"));
4316 
4317 		vput(vp);
4318 		goto bad;
4319 	}
4320 #ifdef INVARIANTS
4321 	td->td_dupfd = 0;
4322 #endif
4323 	fp->f_vnode = vp;
4324 	fp->f_seqcount = 1;
4325 	finit(fp, (fmode & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE, vp,
4326 	    &vnops);
4327 	VOP_UNLOCK(vp, 0);
4328 	if ((fmode & O_TRUNC) != 0) {
4329 		error = fo_truncate(fp, 0, td->td_ucred, td);
4330 		if (error != 0)
4331 			goto bad;
4332 	}
4333 
4334 	error = finstall(td, fp, &indx, fmode, NULL);
4335 bad:
4336 	fdrop(fp, td);
4337 	td->td_retval[0] = indx;
4338 	return (error);
4339 }
4340 
4341 /*
4342  * Stat an (NFS) file handle.
4343  */
4344 #ifndef _SYS_SYSPROTO_H_
4345 struct fhstat_args {
4346 	struct fhandle *u_fhp;
4347 	struct stat *sb;
4348 };
4349 #endif
4350 int
4351 sys_fhstat(td, uap)
4352 	struct thread *td;
4353 	register struct fhstat_args /* {
4354 		struct fhandle *u_fhp;
4355 		struct stat *sb;
4356 	} */ *uap;
4357 {
4358 	struct stat sb;
4359 	struct fhandle fh;
4360 	int error;
4361 
4362 	error = copyin(uap->u_fhp, &fh, sizeof(fh));
4363 	if (error != 0)
4364 		return (error);
4365 	error = kern_fhstat(td, fh, &sb);
4366 	if (error == 0)
4367 		error = copyout(&sb, uap->sb, sizeof(sb));
4368 	return (error);
4369 }
4370 
4371 int
4372 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4373 {
4374 	struct mount *mp;
4375 	struct vnode *vp;
4376 	int error;
4377 
4378 	error = priv_check(td, PRIV_VFS_FHSTAT);
4379 	if (error != 0)
4380 		return (error);
4381 	if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4382 		return (ESTALE);
4383 	error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4384 	vfs_unbusy(mp);
4385 	if (error != 0)
4386 		return (error);
4387 	error = vn_stat(vp, sb, td->td_ucred, NOCRED, td);
4388 	vput(vp);
4389 	return (error);
4390 }
4391 
4392 /*
4393  * Implement fstatfs() for (NFS) file handles.
4394  */
4395 #ifndef _SYS_SYSPROTO_H_
4396 struct fhstatfs_args {
4397 	struct fhandle *u_fhp;
4398 	struct statfs *buf;
4399 };
4400 #endif
4401 int
4402 sys_fhstatfs(td, uap)
4403 	struct thread *td;
4404 	struct fhstatfs_args /* {
4405 		struct fhandle *u_fhp;
4406 		struct statfs *buf;
4407 	} */ *uap;
4408 {
4409 	struct statfs sf;
4410 	fhandle_t fh;
4411 	int error;
4412 
4413 	error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4414 	if (error != 0)
4415 		return (error);
4416 	error = kern_fhstatfs(td, fh, &sf);
4417 	if (error != 0)
4418 		return (error);
4419 	return (copyout(&sf, uap->buf, sizeof(sf)));
4420 }
4421 
4422 int
4423 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4424 {
4425 	struct statfs *sp;
4426 	struct mount *mp;
4427 	struct vnode *vp;
4428 	int error;
4429 
4430 	error = priv_check(td, PRIV_VFS_FHSTATFS);
4431 	if (error != 0)
4432 		return (error);
4433 	if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4434 		return (ESTALE);
4435 	error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4436 	if (error != 0) {
4437 		vfs_unbusy(mp);
4438 		return (error);
4439 	}
4440 	vput(vp);
4441 	error = prison_canseemount(td->td_ucred, mp);
4442 	if (error != 0)
4443 		goto out;
4444 #ifdef MAC
4445 	error = mac_mount_check_stat(td->td_ucred, mp);
4446 	if (error != 0)
4447 		goto out;
4448 #endif
4449 	/*
4450 	 * Set these in case the underlying filesystem fails to do so.
4451 	 */
4452 	sp = &mp->mnt_stat;
4453 	sp->f_version = STATFS_VERSION;
4454 	sp->f_namemax = NAME_MAX;
4455 	sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4456 	error = VFS_STATFS(mp, sp);
4457 	if (error == 0)
4458 		*buf = *sp;
4459 out:
4460 	vfs_unbusy(mp);
4461 	return (error);
4462 }
4463 
4464 int
4465 kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len)
4466 {
4467 	struct file *fp;
4468 	struct mount *mp;
4469 	struct vnode *vp;
4470 	cap_rights_t rights;
4471 	off_t olen, ooffset;
4472 	int error;
4473 
4474 	if (offset < 0 || len <= 0)
4475 		return (EINVAL);
4476 	/* Check for wrap. */
4477 	if (offset > OFF_MAX - len)
4478 		return (EFBIG);
4479 	error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
4480 	if (error != 0)
4481 		return (error);
4482 	if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4483 		error = ESPIPE;
4484 		goto out;
4485 	}
4486 	if ((fp->f_flag & FWRITE) == 0) {
4487 		error = EBADF;
4488 		goto out;
4489 	}
4490 	if (fp->f_type != DTYPE_VNODE) {
4491 		error = ENODEV;
4492 		goto out;
4493 	}
4494 	vp = fp->f_vnode;
4495 	if (vp->v_type != VREG) {
4496 		error = ENODEV;
4497 		goto out;
4498 	}
4499 
4500 	/* Allocating blocks may take a long time, so iterate. */
4501 	for (;;) {
4502 		olen = len;
4503 		ooffset = offset;
4504 
4505 		bwillwrite();
4506 		mp = NULL;
4507 		error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
4508 		if (error != 0)
4509 			break;
4510 		error = vn_lock(vp, LK_EXCLUSIVE);
4511 		if (error != 0) {
4512 			vn_finished_write(mp);
4513 			break;
4514 		}
4515 #ifdef MAC
4516 		error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
4517 		if (error == 0)
4518 #endif
4519 			error = VOP_ALLOCATE(vp, &offset, &len);
4520 		VOP_UNLOCK(vp, 0);
4521 		vn_finished_write(mp);
4522 
4523 		if (olen + ooffset != offset + len) {
4524 			panic("offset + len changed from %jx/%jx to %jx/%jx",
4525 			    ooffset, olen, offset, len);
4526 		}
4527 		if (error != 0 || len == 0)
4528 			break;
4529 		KASSERT(olen > len, ("Iteration did not make progress?"));
4530 		maybe_yield();
4531 	}
4532  out:
4533 	fdrop(fp, td);
4534 	return (error);
4535 }
4536 
4537 int
4538 sys_posix_fallocate(struct thread *td, struct posix_fallocate_args *uap)
4539 {
4540 	int error;
4541 
4542 	error = kern_posix_fallocate(td, uap->fd, uap->offset, uap->len);
4543 	return (kern_posix_error(td, error));
4544 }
4545 
4546 /*
4547  * Unlike madvise(2), we do not make a best effort to remember every
4548  * possible caching hint.  Instead, we remember the last setting with
4549  * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4550  * region of any current setting.
4551  */
4552 int
4553 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4554     int advice)
4555 {
4556 	struct fadvise_info *fa, *new;
4557 	struct file *fp;
4558 	struct vnode *vp;
4559 	cap_rights_t rights;
4560 	off_t end;
4561 	int error;
4562 
4563 	if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4564 		return (EINVAL);
4565 	switch (advice) {
4566 	case POSIX_FADV_SEQUENTIAL:
4567 	case POSIX_FADV_RANDOM:
4568 	case POSIX_FADV_NOREUSE:
4569 		new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4570 		break;
4571 	case POSIX_FADV_NORMAL:
4572 	case POSIX_FADV_WILLNEED:
4573 	case POSIX_FADV_DONTNEED:
4574 		new = NULL;
4575 		break;
4576 	default:
4577 		return (EINVAL);
4578 	}
4579 	/* XXX: CAP_POSIX_FADVISE? */
4580 	error = fget(td, fd, cap_rights_init(&rights), &fp);
4581 	if (error != 0)
4582 		goto out;
4583 	if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4584 		error = ESPIPE;
4585 		goto out;
4586 	}
4587 	if (fp->f_type != DTYPE_VNODE) {
4588 		error = ENODEV;
4589 		goto out;
4590 	}
4591 	vp = fp->f_vnode;
4592 	if (vp->v_type != VREG) {
4593 		error = ENODEV;
4594 		goto out;
4595 	}
4596 	if (len == 0)
4597 		end = OFF_MAX;
4598 	else
4599 		end = offset + len - 1;
4600 	switch (advice) {
4601 	case POSIX_FADV_SEQUENTIAL:
4602 	case POSIX_FADV_RANDOM:
4603 	case POSIX_FADV_NOREUSE:
4604 		/*
4605 		 * Try to merge any existing non-standard region with
4606 		 * this new region if possible, otherwise create a new
4607 		 * non-standard region for this request.
4608 		 */
4609 		mtx_pool_lock(mtxpool_sleep, fp);
4610 		fa = fp->f_advice;
4611 		if (fa != NULL && fa->fa_advice == advice &&
4612 		    ((fa->fa_start <= end && fa->fa_end >= offset) ||
4613 		    (end != OFF_MAX && fa->fa_start == end + 1) ||
4614 		    (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4615 			if (offset < fa->fa_start)
4616 				fa->fa_start = offset;
4617 			if (end > fa->fa_end)
4618 				fa->fa_end = end;
4619 		} else {
4620 			new->fa_advice = advice;
4621 			new->fa_start = offset;
4622 			new->fa_end = end;
4623 			fp->f_advice = new;
4624 			new = fa;
4625 		}
4626 		mtx_pool_unlock(mtxpool_sleep, fp);
4627 		break;
4628 	case POSIX_FADV_NORMAL:
4629 		/*
4630 		 * If a the "normal" region overlaps with an existing
4631 		 * non-standard region, trim or remove the
4632 		 * non-standard region.
4633 		 */
4634 		mtx_pool_lock(mtxpool_sleep, fp);
4635 		fa = fp->f_advice;
4636 		if (fa != NULL) {
4637 			if (offset <= fa->fa_start && end >= fa->fa_end) {
4638 				new = fa;
4639 				fp->f_advice = NULL;
4640 			} else if (offset <= fa->fa_start &&
4641 			    end >= fa->fa_start)
4642 				fa->fa_start = end + 1;
4643 			else if (offset <= fa->fa_end && end >= fa->fa_end)
4644 				fa->fa_end = offset - 1;
4645 			else if (offset >= fa->fa_start && end <= fa->fa_end) {
4646 				/*
4647 				 * If the "normal" region is a middle
4648 				 * portion of the existing
4649 				 * non-standard region, just remove
4650 				 * the whole thing rather than picking
4651 				 * one side or the other to
4652 				 * preserve.
4653 				 */
4654 				new = fa;
4655 				fp->f_advice = NULL;
4656 			}
4657 		}
4658 		mtx_pool_unlock(mtxpool_sleep, fp);
4659 		break;
4660 	case POSIX_FADV_WILLNEED:
4661 	case POSIX_FADV_DONTNEED:
4662 		error = VOP_ADVISE(vp, offset, end, advice);
4663 		break;
4664 	}
4665 out:
4666 	if (fp != NULL)
4667 		fdrop(fp, td);
4668 	free(new, M_FADVISE);
4669 	return (error);
4670 }
4671 
4672 int
4673 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4674 {
4675 	int error;
4676 
4677 	error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len,
4678 	    uap->advice);
4679 	return (kern_posix_error(td, error));
4680 }
4681