1 /*- 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include "opt_capsicum.h" 41 #include "opt_compat.h" 42 #include "opt_ktrace.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/bio.h> 47 #include <sys/buf.h> 48 #include <sys/capsicum.h> 49 #include <sys/disk.h> 50 #include <sys/sysent.h> 51 #include <sys/malloc.h> 52 #include <sys/mount.h> 53 #include <sys/mutex.h> 54 #include <sys/sysproto.h> 55 #include <sys/namei.h> 56 #include <sys/filedesc.h> 57 #include <sys/kernel.h> 58 #include <sys/fcntl.h> 59 #include <sys/file.h> 60 #include <sys/filio.h> 61 #include <sys/limits.h> 62 #include <sys/linker.h> 63 #include <sys/rwlock.h> 64 #include <sys/sdt.h> 65 #include <sys/stat.h> 66 #include <sys/sx.h> 67 #include <sys/unistd.h> 68 #include <sys/vnode.h> 69 #include <sys/priv.h> 70 #include <sys/proc.h> 71 #include <sys/dirent.h> 72 #include <sys/jail.h> 73 #include <sys/syscallsubr.h> 74 #include <sys/sysctl.h> 75 #ifdef KTRACE 76 #include <sys/ktrace.h> 77 #endif 78 79 #include <machine/stdarg.h> 80 81 #include <security/audit/audit.h> 82 #include <security/mac/mac_framework.h> 83 84 #include <vm/vm.h> 85 #include <vm/vm_object.h> 86 #include <vm/vm_page.h> 87 #include <vm/uma.h> 88 89 #include <ufs/ufs/quota.h> 90 91 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information"); 92 93 SDT_PROVIDER_DEFINE(vfs); 94 SDT_PROBE_DEFINE2(vfs, , stat, mode, "char *", "int"); 95 SDT_PROBE_DEFINE2(vfs, , stat, reg, "char *", "int"); 96 97 static int kern_chflagsat(struct thread *td, int fd, const char *path, 98 enum uio_seg pathseg, u_long flags, int atflag); 99 static int setfflags(struct thread *td, struct vnode *, u_long); 100 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *); 101 static int getutimens(const struct timespec *, enum uio_seg, 102 struct timespec *, int *); 103 static int setutimes(struct thread *td, struct vnode *, 104 const struct timespec *, int, int); 105 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred, 106 struct thread *td); 107 108 /* 109 * Sync each mounted filesystem. 110 */ 111 #ifndef _SYS_SYSPROTO_H_ 112 struct sync_args { 113 int dummy; 114 }; 115 #endif 116 /* ARGSUSED */ 117 int 118 sys_sync(struct thread *td, struct sync_args *uap) 119 { 120 struct mount *mp, *nmp; 121 int save; 122 123 mtx_lock(&mountlist_mtx); 124 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) { 125 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) { 126 nmp = TAILQ_NEXT(mp, mnt_list); 127 continue; 128 } 129 if ((mp->mnt_flag & MNT_RDONLY) == 0 && 130 vn_start_write(NULL, &mp, V_NOWAIT) == 0) { 131 save = curthread_pflags_set(TDP_SYNCIO); 132 vfs_msync(mp, MNT_NOWAIT); 133 VFS_SYNC(mp, MNT_NOWAIT); 134 curthread_pflags_restore(save); 135 vn_finished_write(mp); 136 } 137 mtx_lock(&mountlist_mtx); 138 nmp = TAILQ_NEXT(mp, mnt_list); 139 vfs_unbusy(mp); 140 } 141 mtx_unlock(&mountlist_mtx); 142 return (0); 143 } 144 145 /* 146 * Change filesystem quotas. 147 */ 148 #ifndef _SYS_SYSPROTO_H_ 149 struct quotactl_args { 150 char *path; 151 int cmd; 152 int uid; 153 caddr_t arg; 154 }; 155 #endif 156 int 157 sys_quotactl(struct thread *td, struct quotactl_args *uap) 158 { 159 struct mount *mp; 160 struct nameidata nd; 161 int error; 162 163 AUDIT_ARG_CMD(uap->cmd); 164 AUDIT_ARG_UID(uap->uid); 165 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS)) 166 return (EPERM); 167 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 168 uap->path, td); 169 if ((error = namei(&nd)) != 0) 170 return (error); 171 NDFREE(&nd, NDF_ONLY_PNBUF); 172 mp = nd.ni_vp->v_mount; 173 vfs_ref(mp); 174 vput(nd.ni_vp); 175 error = vfs_busy(mp, 0); 176 vfs_rel(mp); 177 if (error != 0) 178 return (error); 179 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg); 180 181 /* 182 * Since quota on operation typically needs to open quota 183 * file, the Q_QUOTAON handler needs to unbusy the mount point 184 * before calling into namei. Otherwise, unmount might be 185 * started between two vfs_busy() invocations (first is our, 186 * second is from mount point cross-walk code in lookup()), 187 * causing deadlock. 188 * 189 * Require that Q_QUOTAON handles the vfs_busy() reference on 190 * its own, always returning with ubusied mount point. 191 */ 192 if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON) 193 vfs_unbusy(mp); 194 return (error); 195 } 196 197 /* 198 * Used by statfs conversion routines to scale the block size up if 199 * necessary so that all of the block counts are <= 'max_size'. Note 200 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero 201 * value of 'n'. 202 */ 203 void 204 statfs_scale_blocks(struct statfs *sf, long max_size) 205 { 206 uint64_t count; 207 int shift; 208 209 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__)); 210 211 /* 212 * Attempt to scale the block counts to give a more accurate 213 * overview to userland of the ratio of free space to used 214 * space. To do this, find the largest block count and compute 215 * a divisor that lets it fit into a signed integer <= max_size. 216 */ 217 if (sf->f_bavail < 0) 218 count = -sf->f_bavail; 219 else 220 count = sf->f_bavail; 221 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count)); 222 if (count <= max_size) 223 return; 224 225 count >>= flsl(max_size); 226 shift = 0; 227 while (count > 0) { 228 shift++; 229 count >>=1; 230 } 231 232 sf->f_bsize <<= shift; 233 sf->f_blocks >>= shift; 234 sf->f_bfree >>= shift; 235 sf->f_bavail >>= shift; 236 } 237 238 static int 239 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf) 240 { 241 struct statfs *sp; 242 int error; 243 244 if (mp == NULL) 245 return (EBADF); 246 error = vfs_busy(mp, 0); 247 vfs_rel(mp); 248 if (error != 0) 249 return (error); 250 #ifdef MAC 251 error = mac_mount_check_stat(td->td_ucred, mp); 252 if (error != 0) 253 goto out; 254 #endif 255 /* 256 * Set these in case the underlying filesystem fails to do so. 257 */ 258 sp = &mp->mnt_stat; 259 sp->f_version = STATFS_VERSION; 260 sp->f_namemax = NAME_MAX; 261 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 262 error = VFS_STATFS(mp, sp); 263 if (error != 0) 264 goto out; 265 *buf = *sp; 266 if (priv_check(td, PRIV_VFS_GENERATION)) { 267 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0; 268 prison_enforce_statfs(td->td_ucred, mp, buf); 269 } 270 out: 271 vfs_unbusy(mp); 272 return (error); 273 } 274 275 /* 276 * Get filesystem statistics. 277 */ 278 #ifndef _SYS_SYSPROTO_H_ 279 struct statfs_args { 280 char *path; 281 struct statfs *buf; 282 }; 283 #endif 284 int 285 sys_statfs(struct thread *td, struct statfs_args *uap) 286 { 287 struct statfs *sfp; 288 int error; 289 290 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 291 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp); 292 if (error == 0) 293 error = copyout(sfp, uap->buf, sizeof(struct statfs)); 294 free(sfp, M_STATFS); 295 return (error); 296 } 297 298 int 299 kern_statfs(struct thread *td, char *path, enum uio_seg pathseg, 300 struct statfs *buf) 301 { 302 struct mount *mp; 303 struct nameidata nd; 304 int error; 305 306 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 307 pathseg, path, td); 308 error = namei(&nd); 309 if (error != 0) 310 return (error); 311 mp = nd.ni_vp->v_mount; 312 vfs_ref(mp); 313 NDFREE(&nd, NDF_ONLY_PNBUF); 314 vput(nd.ni_vp); 315 return (kern_do_statfs(td, mp, buf)); 316 } 317 318 /* 319 * Get filesystem statistics. 320 */ 321 #ifndef _SYS_SYSPROTO_H_ 322 struct fstatfs_args { 323 int fd; 324 struct statfs *buf; 325 }; 326 #endif 327 int 328 sys_fstatfs(struct thread *td, struct fstatfs_args *uap) 329 { 330 struct statfs *sfp; 331 int error; 332 333 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 334 error = kern_fstatfs(td, uap->fd, sfp); 335 if (error == 0) 336 error = copyout(sfp, uap->buf, sizeof(struct statfs)); 337 free(sfp, M_STATFS); 338 return (error); 339 } 340 341 int 342 kern_fstatfs(struct thread *td, int fd, struct statfs *buf) 343 { 344 struct file *fp; 345 struct mount *mp; 346 struct vnode *vp; 347 cap_rights_t rights; 348 int error; 349 350 AUDIT_ARG_FD(fd); 351 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSTATFS), &fp); 352 if (error != 0) 353 return (error); 354 vp = fp->f_vnode; 355 vn_lock(vp, LK_SHARED | LK_RETRY); 356 #ifdef AUDIT 357 AUDIT_ARG_VNODE1(vp); 358 #endif 359 mp = vp->v_mount; 360 if (mp != NULL) 361 vfs_ref(mp); 362 VOP_UNLOCK(vp, 0); 363 fdrop(fp, td); 364 return (kern_do_statfs(td, mp, buf)); 365 } 366 367 /* 368 * Get statistics on all filesystems. 369 */ 370 #ifndef _SYS_SYSPROTO_H_ 371 struct getfsstat_args { 372 struct statfs *buf; 373 long bufsize; 374 int mode; 375 }; 376 #endif 377 int 378 sys_getfsstat(struct thread *td, struct getfsstat_args *uap) 379 { 380 size_t count; 381 int error; 382 383 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX) 384 return (EINVAL); 385 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count, 386 UIO_USERSPACE, uap->mode); 387 if (error == 0) 388 td->td_retval[0] = count; 389 return (error); 390 } 391 392 /* 393 * If (bufsize > 0 && bufseg == UIO_SYSSPACE) 394 * The caller is responsible for freeing memory which will be allocated 395 * in '*buf'. 396 */ 397 int 398 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize, 399 size_t *countp, enum uio_seg bufseg, int mode) 400 { 401 struct mount *mp, *nmp; 402 struct statfs *sfsp, *sp, *sptmp, *tofree; 403 size_t count, maxcount; 404 int error; 405 406 switch (mode) { 407 case MNT_WAIT: 408 case MNT_NOWAIT: 409 break; 410 default: 411 if (bufseg == UIO_SYSSPACE) 412 *buf = NULL; 413 return (EINVAL); 414 } 415 restart: 416 maxcount = bufsize / sizeof(struct statfs); 417 if (bufsize == 0) { 418 sfsp = NULL; 419 tofree = NULL; 420 } else if (bufseg == UIO_USERSPACE) { 421 sfsp = *buf; 422 tofree = NULL; 423 } else /* if (bufseg == UIO_SYSSPACE) */ { 424 count = 0; 425 mtx_lock(&mountlist_mtx); 426 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 427 count++; 428 } 429 mtx_unlock(&mountlist_mtx); 430 if (maxcount > count) 431 maxcount = count; 432 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs), 433 M_STATFS, M_WAITOK); 434 } 435 count = 0; 436 mtx_lock(&mountlist_mtx); 437 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) { 438 if (prison_canseemount(td->td_ucred, mp) != 0) { 439 nmp = TAILQ_NEXT(mp, mnt_list); 440 continue; 441 } 442 #ifdef MAC 443 if (mac_mount_check_stat(td->td_ucred, mp) != 0) { 444 nmp = TAILQ_NEXT(mp, mnt_list); 445 continue; 446 } 447 #endif 448 if (mode == MNT_WAIT) { 449 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) { 450 /* 451 * If vfs_busy() failed, and MBF_NOWAIT 452 * wasn't passed, then the mp is gone. 453 * Furthermore, because of MBF_MNTLSTLOCK, 454 * the mountlist_mtx was dropped. We have 455 * no other choice than to start over. 456 */ 457 mtx_unlock(&mountlist_mtx); 458 free(tofree, M_STATFS); 459 goto restart; 460 } 461 } else { 462 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) { 463 nmp = TAILQ_NEXT(mp, mnt_list); 464 continue; 465 } 466 } 467 if (sfsp != NULL && count < maxcount) { 468 sp = &mp->mnt_stat; 469 /* 470 * Set these in case the underlying filesystem 471 * fails to do so. 472 */ 473 sp->f_version = STATFS_VERSION; 474 sp->f_namemax = NAME_MAX; 475 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 476 /* 477 * If MNT_NOWAIT is specified, do not refresh 478 * the fsstat cache. 479 */ 480 if (mode != MNT_NOWAIT) { 481 error = VFS_STATFS(mp, sp); 482 if (error != 0) { 483 mtx_lock(&mountlist_mtx); 484 nmp = TAILQ_NEXT(mp, mnt_list); 485 vfs_unbusy(mp); 486 continue; 487 } 488 } 489 if (priv_check(td, PRIV_VFS_GENERATION)) { 490 sptmp = malloc(sizeof(struct statfs), M_STATFS, 491 M_WAITOK); 492 *sptmp = *sp; 493 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0; 494 prison_enforce_statfs(td->td_ucred, mp, sptmp); 495 sp = sptmp; 496 } else 497 sptmp = NULL; 498 if (bufseg == UIO_SYSSPACE) { 499 bcopy(sp, sfsp, sizeof(*sp)); 500 free(sptmp, M_STATFS); 501 } else /* if (bufseg == UIO_USERSPACE) */ { 502 error = copyout(sp, sfsp, sizeof(*sp)); 503 free(sptmp, M_STATFS); 504 if (error != 0) { 505 vfs_unbusy(mp); 506 return (error); 507 } 508 } 509 sfsp++; 510 } 511 count++; 512 mtx_lock(&mountlist_mtx); 513 nmp = TAILQ_NEXT(mp, mnt_list); 514 vfs_unbusy(mp); 515 } 516 mtx_unlock(&mountlist_mtx); 517 if (sfsp != NULL && count > maxcount) 518 *countp = maxcount; 519 else 520 *countp = count; 521 return (0); 522 } 523 524 #ifdef COMPAT_FREEBSD4 525 /* 526 * Get old format filesystem statistics. 527 */ 528 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *); 529 530 #ifndef _SYS_SYSPROTO_H_ 531 struct freebsd4_statfs_args { 532 char *path; 533 struct ostatfs *buf; 534 }; 535 #endif 536 int 537 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap) 538 { 539 struct ostatfs osb; 540 struct statfs *sfp; 541 int error; 542 543 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 544 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp); 545 if (error == 0) { 546 freebsd4_cvtstatfs(sfp, &osb); 547 error = copyout(&osb, uap->buf, sizeof(osb)); 548 } 549 free(sfp, M_STATFS); 550 return (error); 551 } 552 553 /* 554 * Get filesystem statistics. 555 */ 556 #ifndef _SYS_SYSPROTO_H_ 557 struct freebsd4_fstatfs_args { 558 int fd; 559 struct ostatfs *buf; 560 }; 561 #endif 562 int 563 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap) 564 { 565 struct ostatfs osb; 566 struct statfs *sfp; 567 int error; 568 569 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 570 error = kern_fstatfs(td, uap->fd, sfp); 571 if (error == 0) { 572 freebsd4_cvtstatfs(sfp, &osb); 573 error = copyout(&osb, uap->buf, sizeof(osb)); 574 } 575 free(sfp, M_STATFS); 576 return (error); 577 } 578 579 /* 580 * Get statistics on all filesystems. 581 */ 582 #ifndef _SYS_SYSPROTO_H_ 583 struct freebsd4_getfsstat_args { 584 struct ostatfs *buf; 585 long bufsize; 586 int mode; 587 }; 588 #endif 589 int 590 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap) 591 { 592 struct statfs *buf, *sp; 593 struct ostatfs osb; 594 size_t count, size; 595 int error; 596 597 if (uap->bufsize < 0) 598 return (EINVAL); 599 count = uap->bufsize / sizeof(struct ostatfs); 600 if (count > SIZE_MAX / sizeof(struct statfs)) 601 return (EINVAL); 602 size = count * sizeof(struct statfs); 603 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, 604 uap->mode); 605 if (error == 0) 606 td->td_retval[0] = count; 607 if (size != 0) { 608 sp = buf; 609 while (count != 0 && error == 0) { 610 freebsd4_cvtstatfs(sp, &osb); 611 error = copyout(&osb, uap->buf, sizeof(osb)); 612 sp++; 613 uap->buf++; 614 count--; 615 } 616 free(buf, M_STATFS); 617 } 618 return (error); 619 } 620 621 /* 622 * Implement fstatfs() for (NFS) file handles. 623 */ 624 #ifndef _SYS_SYSPROTO_H_ 625 struct freebsd4_fhstatfs_args { 626 struct fhandle *u_fhp; 627 struct ostatfs *buf; 628 }; 629 #endif 630 int 631 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap) 632 { 633 struct ostatfs osb; 634 struct statfs *sfp; 635 fhandle_t fh; 636 int error; 637 638 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 639 if (error != 0) 640 return (error); 641 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 642 error = kern_fhstatfs(td, fh, sfp); 643 if (error == 0) { 644 freebsd4_cvtstatfs(sfp, &osb); 645 error = copyout(&osb, uap->buf, sizeof(osb)); 646 } 647 free(sfp, M_STATFS); 648 return (error); 649 } 650 651 /* 652 * Convert a new format statfs structure to an old format statfs structure. 653 */ 654 static void 655 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp) 656 { 657 658 statfs_scale_blocks(nsp, LONG_MAX); 659 bzero(osp, sizeof(*osp)); 660 osp->f_bsize = nsp->f_bsize; 661 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX); 662 osp->f_blocks = nsp->f_blocks; 663 osp->f_bfree = nsp->f_bfree; 664 osp->f_bavail = nsp->f_bavail; 665 osp->f_files = MIN(nsp->f_files, LONG_MAX); 666 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX); 667 osp->f_owner = nsp->f_owner; 668 osp->f_type = nsp->f_type; 669 osp->f_flags = nsp->f_flags; 670 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX); 671 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX); 672 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX); 673 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX); 674 strlcpy(osp->f_fstypename, nsp->f_fstypename, 675 MIN(MFSNAMELEN, OMFSNAMELEN)); 676 strlcpy(osp->f_mntonname, nsp->f_mntonname, 677 MIN(MNAMELEN, OMNAMELEN)); 678 strlcpy(osp->f_mntfromname, nsp->f_mntfromname, 679 MIN(MNAMELEN, OMNAMELEN)); 680 osp->f_fsid = nsp->f_fsid; 681 } 682 #endif /* COMPAT_FREEBSD4 */ 683 684 #if defined(COMPAT_FREEBSD11) 685 /* 686 * Get old format filesystem statistics. 687 */ 688 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *); 689 690 int 691 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap) 692 { 693 struct freebsd11_statfs osb; 694 struct statfs *sfp; 695 int error; 696 697 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 698 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp); 699 if (error == 0) { 700 freebsd11_cvtstatfs(sfp, &osb); 701 error = copyout(&osb, uap->buf, sizeof(osb)); 702 } 703 free(sfp, M_STATFS); 704 return (error); 705 } 706 707 /* 708 * Get filesystem statistics. 709 */ 710 int 711 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap) 712 { 713 struct freebsd11_statfs osb; 714 struct statfs *sfp; 715 int error; 716 717 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 718 error = kern_fstatfs(td, uap->fd, sfp); 719 if (error == 0) { 720 freebsd11_cvtstatfs(sfp, &osb); 721 error = copyout(&osb, uap->buf, sizeof(osb)); 722 } 723 free(sfp, M_STATFS); 724 return (error); 725 } 726 727 /* 728 * Get statistics on all filesystems. 729 */ 730 int 731 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap) 732 { 733 struct freebsd11_statfs osb; 734 struct statfs *buf, *sp; 735 size_t count, size; 736 int error; 737 738 count = uap->bufsize / sizeof(struct ostatfs); 739 size = count * sizeof(struct statfs); 740 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, 741 uap->mode); 742 if (error == 0) 743 td->td_retval[0] = count; 744 if (size > 0) { 745 sp = buf; 746 while (count > 0 && error == 0) { 747 freebsd11_cvtstatfs(sp, &osb); 748 error = copyout(&osb, uap->buf, sizeof(osb)); 749 sp++; 750 uap->buf++; 751 count--; 752 } 753 free(buf, M_STATFS); 754 } 755 return (error); 756 } 757 758 /* 759 * Implement fstatfs() for (NFS) file handles. 760 */ 761 int 762 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap) 763 { 764 struct freebsd11_statfs osb; 765 struct statfs *sfp; 766 fhandle_t fh; 767 int error; 768 769 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 770 if (error) 771 return (error); 772 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 773 error = kern_fhstatfs(td, fh, sfp); 774 if (error == 0) { 775 freebsd11_cvtstatfs(sfp, &osb); 776 error = copyout(&osb, uap->buf, sizeof(osb)); 777 } 778 free(sfp, M_STATFS); 779 return (error); 780 } 781 782 /* 783 * Convert a new format statfs structure to an old format statfs structure. 784 */ 785 static void 786 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp) 787 { 788 789 bzero(osp, sizeof(*osp)); 790 osp->f_version = FREEBSD11_STATFS_VERSION; 791 osp->f_type = nsp->f_type; 792 osp->f_flags = nsp->f_flags; 793 osp->f_bsize = nsp->f_bsize; 794 osp->f_iosize = nsp->f_iosize; 795 osp->f_blocks = nsp->f_blocks; 796 osp->f_bfree = nsp->f_bfree; 797 osp->f_bavail = nsp->f_bavail; 798 osp->f_files = nsp->f_files; 799 osp->f_ffree = nsp->f_ffree; 800 osp->f_syncwrites = nsp->f_syncwrites; 801 osp->f_asyncwrites = nsp->f_asyncwrites; 802 osp->f_syncreads = nsp->f_syncreads; 803 osp->f_asyncreads = nsp->f_asyncreads; 804 osp->f_namemax = nsp->f_namemax; 805 osp->f_owner = nsp->f_owner; 806 osp->f_fsid = nsp->f_fsid; 807 strlcpy(osp->f_fstypename, nsp->f_fstypename, 808 MIN(MFSNAMELEN, sizeof(osp->f_fstypename))); 809 strlcpy(osp->f_mntonname, nsp->f_mntonname, 810 MIN(MNAMELEN, sizeof(osp->f_mntonname))); 811 strlcpy(osp->f_mntfromname, nsp->f_mntfromname, 812 MIN(MNAMELEN, sizeof(osp->f_mntfromname))); 813 } 814 #endif /* COMPAT_FREEBSD11 */ 815 816 /* 817 * Change current working directory to a given file descriptor. 818 */ 819 #ifndef _SYS_SYSPROTO_H_ 820 struct fchdir_args { 821 int fd; 822 }; 823 #endif 824 int 825 sys_fchdir(struct thread *td, struct fchdir_args *uap) 826 { 827 struct vnode *vp, *tdp; 828 struct mount *mp; 829 struct file *fp; 830 cap_rights_t rights; 831 int error; 832 833 AUDIT_ARG_FD(uap->fd); 834 error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_FCHDIR), 835 &fp); 836 if (error != 0) 837 return (error); 838 vp = fp->f_vnode; 839 vrefact(vp); 840 fdrop(fp, td); 841 vn_lock(vp, LK_SHARED | LK_RETRY); 842 AUDIT_ARG_VNODE1(vp); 843 error = change_dir(vp, td); 844 while (!error && (mp = vp->v_mountedhere) != NULL) { 845 if (vfs_busy(mp, 0)) 846 continue; 847 error = VFS_ROOT(mp, LK_SHARED, &tdp); 848 vfs_unbusy(mp); 849 if (error != 0) 850 break; 851 vput(vp); 852 vp = tdp; 853 } 854 if (error != 0) { 855 vput(vp); 856 return (error); 857 } 858 VOP_UNLOCK(vp, 0); 859 pwd_chdir(td, vp); 860 return (0); 861 } 862 863 /* 864 * Change current working directory (``.''). 865 */ 866 #ifndef _SYS_SYSPROTO_H_ 867 struct chdir_args { 868 char *path; 869 }; 870 #endif 871 int 872 sys_chdir(struct thread *td, struct chdir_args *uap) 873 { 874 875 return (kern_chdir(td, uap->path, UIO_USERSPACE)); 876 } 877 878 int 879 kern_chdir(struct thread *td, char *path, enum uio_seg pathseg) 880 { 881 struct nameidata nd; 882 int error; 883 884 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 885 pathseg, path, td); 886 if ((error = namei(&nd)) != 0) 887 return (error); 888 if ((error = change_dir(nd.ni_vp, td)) != 0) { 889 vput(nd.ni_vp); 890 NDFREE(&nd, NDF_ONLY_PNBUF); 891 return (error); 892 } 893 VOP_UNLOCK(nd.ni_vp, 0); 894 NDFREE(&nd, NDF_ONLY_PNBUF); 895 pwd_chdir(td, nd.ni_vp); 896 return (0); 897 } 898 899 /* 900 * Change notion of root (``/'') directory. 901 */ 902 #ifndef _SYS_SYSPROTO_H_ 903 struct chroot_args { 904 char *path; 905 }; 906 #endif 907 int 908 sys_chroot(struct thread *td, struct chroot_args *uap) 909 { 910 struct nameidata nd; 911 int error; 912 913 error = priv_check(td, PRIV_VFS_CHROOT); 914 if (error != 0) 915 return (error); 916 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 917 UIO_USERSPACE, uap->path, td); 918 error = namei(&nd); 919 if (error != 0) 920 goto error; 921 error = change_dir(nd.ni_vp, td); 922 if (error != 0) 923 goto e_vunlock; 924 #ifdef MAC 925 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp); 926 if (error != 0) 927 goto e_vunlock; 928 #endif 929 VOP_UNLOCK(nd.ni_vp, 0); 930 error = pwd_chroot(td, nd.ni_vp); 931 vrele(nd.ni_vp); 932 NDFREE(&nd, NDF_ONLY_PNBUF); 933 return (error); 934 e_vunlock: 935 vput(nd.ni_vp); 936 error: 937 NDFREE(&nd, NDF_ONLY_PNBUF); 938 return (error); 939 } 940 941 /* 942 * Common routine for chroot and chdir. Callers must provide a locked vnode 943 * instance. 944 */ 945 int 946 change_dir(struct vnode *vp, struct thread *td) 947 { 948 #ifdef MAC 949 int error; 950 #endif 951 952 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked"); 953 if (vp->v_type != VDIR) 954 return (ENOTDIR); 955 #ifdef MAC 956 error = mac_vnode_check_chdir(td->td_ucred, vp); 957 if (error != 0) 958 return (error); 959 #endif 960 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td)); 961 } 962 963 static __inline void 964 flags_to_rights(int flags, cap_rights_t *rightsp) 965 { 966 967 if (flags & O_EXEC) { 968 cap_rights_set(rightsp, CAP_FEXECVE); 969 } else { 970 switch ((flags & O_ACCMODE)) { 971 case O_RDONLY: 972 cap_rights_set(rightsp, CAP_READ); 973 break; 974 case O_RDWR: 975 cap_rights_set(rightsp, CAP_READ); 976 /* FALLTHROUGH */ 977 case O_WRONLY: 978 cap_rights_set(rightsp, CAP_WRITE); 979 if (!(flags & (O_APPEND | O_TRUNC))) 980 cap_rights_set(rightsp, CAP_SEEK); 981 break; 982 } 983 } 984 985 if (flags & O_CREAT) 986 cap_rights_set(rightsp, CAP_CREATE); 987 988 if (flags & O_TRUNC) 989 cap_rights_set(rightsp, CAP_FTRUNCATE); 990 991 if (flags & (O_SYNC | O_FSYNC)) 992 cap_rights_set(rightsp, CAP_FSYNC); 993 994 if (flags & (O_EXLOCK | O_SHLOCK)) 995 cap_rights_set(rightsp, CAP_FLOCK); 996 } 997 998 /* 999 * Check permissions, allocate an open file structure, and call the device 1000 * open routine if any. 1001 */ 1002 #ifndef _SYS_SYSPROTO_H_ 1003 struct open_args { 1004 char *path; 1005 int flags; 1006 int mode; 1007 }; 1008 #endif 1009 int 1010 sys_open(struct thread *td, struct open_args *uap) 1011 { 1012 1013 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1014 uap->flags, uap->mode)); 1015 } 1016 1017 #ifndef _SYS_SYSPROTO_H_ 1018 struct openat_args { 1019 int fd; 1020 char *path; 1021 int flag; 1022 int mode; 1023 }; 1024 #endif 1025 int 1026 sys_openat(struct thread *td, struct openat_args *uap) 1027 { 1028 1029 AUDIT_ARG_FD(uap->fd); 1030 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag, 1031 uap->mode)); 1032 } 1033 1034 int 1035 kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1036 int flags, int mode) 1037 { 1038 struct proc *p = td->td_proc; 1039 struct filedesc *fdp = p->p_fd; 1040 struct file *fp; 1041 struct vnode *vp; 1042 struct nameidata nd; 1043 cap_rights_t rights; 1044 int cmode, error, indx; 1045 1046 indx = -1; 1047 1048 AUDIT_ARG_FFLAGS(flags); 1049 AUDIT_ARG_MODE(mode); 1050 cap_rights_init(&rights, CAP_LOOKUP); 1051 flags_to_rights(flags, &rights); 1052 /* 1053 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags 1054 * may be specified. 1055 */ 1056 if (flags & O_EXEC) { 1057 if (flags & O_ACCMODE) 1058 return (EINVAL); 1059 } else if ((flags & O_ACCMODE) == O_ACCMODE) { 1060 return (EINVAL); 1061 } else { 1062 flags = FFLAGS(flags); 1063 } 1064 1065 /* 1066 * Allocate a file structure. The descriptor to reference it 1067 * is allocated and set by finstall() below. 1068 */ 1069 error = falloc_noinstall(td, &fp); 1070 if (error != 0) 1071 return (error); 1072 /* 1073 * An extra reference on `fp' has been held for us by 1074 * falloc_noinstall(). 1075 */ 1076 /* Set the flags early so the finit in devfs can pick them up. */ 1077 fp->f_flag = flags & FMASK; 1078 cmode = ((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT; 1079 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd, 1080 &rights, td); 1081 td->td_dupfd = -1; /* XXX check for fdopen */ 1082 error = vn_open(&nd, &flags, cmode, fp); 1083 if (error != 0) { 1084 /* 1085 * If the vn_open replaced the method vector, something 1086 * wonderous happened deep below and we just pass it up 1087 * pretending we know what we do. 1088 */ 1089 if (error == ENXIO && fp->f_ops != &badfileops) 1090 goto success; 1091 1092 /* 1093 * Handle special fdopen() case. bleh. 1094 * 1095 * Don't do this for relative (capability) lookups; we don't 1096 * understand exactly what would happen, and we don't think 1097 * that it ever should. 1098 */ 1099 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) == 0 && 1100 (error == ENODEV || error == ENXIO) && 1101 td->td_dupfd >= 0) { 1102 error = dupfdopen(td, fdp, td->td_dupfd, flags, error, 1103 &indx); 1104 if (error == 0) 1105 goto success; 1106 } 1107 1108 goto bad; 1109 } 1110 td->td_dupfd = 0; 1111 NDFREE(&nd, NDF_ONLY_PNBUF); 1112 vp = nd.ni_vp; 1113 1114 /* 1115 * Store the vnode, for any f_type. Typically, the vnode use 1116 * count is decremented by direct call to vn_closefile() for 1117 * files that switched type in the cdevsw fdopen() method. 1118 */ 1119 fp->f_vnode = vp; 1120 /* 1121 * If the file wasn't claimed by devfs bind it to the normal 1122 * vnode operations here. 1123 */ 1124 if (fp->f_ops == &badfileops) { 1125 KASSERT(vp->v_type != VFIFO, ("Unexpected fifo.")); 1126 fp->f_seqcount = 1; 1127 finit(fp, (flags & FMASK) | (fp->f_flag & FHASLOCK), 1128 DTYPE_VNODE, vp, &vnops); 1129 } 1130 1131 VOP_UNLOCK(vp, 0); 1132 if (flags & O_TRUNC) { 1133 error = fo_truncate(fp, 0, td->td_ucred, td); 1134 if (error != 0) 1135 goto bad; 1136 } 1137 success: 1138 /* 1139 * If we haven't already installed the FD (for dupfdopen), do so now. 1140 */ 1141 if (indx == -1) { 1142 struct filecaps *fcaps; 1143 1144 #ifdef CAPABILITIES 1145 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) != 0) 1146 fcaps = &nd.ni_filecaps; 1147 else 1148 #endif 1149 fcaps = NULL; 1150 error = finstall(td, fp, &indx, flags, fcaps); 1151 /* On success finstall() consumes fcaps. */ 1152 if (error != 0) { 1153 filecaps_free(&nd.ni_filecaps); 1154 goto bad; 1155 } 1156 } else { 1157 filecaps_free(&nd.ni_filecaps); 1158 } 1159 1160 /* 1161 * Release our private reference, leaving the one associated with 1162 * the descriptor table intact. 1163 */ 1164 fdrop(fp, td); 1165 td->td_retval[0] = indx; 1166 return (0); 1167 bad: 1168 KASSERT(indx == -1, ("indx=%d, should be -1", indx)); 1169 fdrop(fp, td); 1170 return (error); 1171 } 1172 1173 #ifdef COMPAT_43 1174 /* 1175 * Create a file. 1176 */ 1177 #ifndef _SYS_SYSPROTO_H_ 1178 struct ocreat_args { 1179 char *path; 1180 int mode; 1181 }; 1182 #endif 1183 int 1184 ocreat(struct thread *td, struct ocreat_args *uap) 1185 { 1186 1187 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1188 O_WRONLY | O_CREAT | O_TRUNC, uap->mode)); 1189 } 1190 #endif /* COMPAT_43 */ 1191 1192 /* 1193 * Create a special file. 1194 */ 1195 #ifndef _SYS_SYSPROTO_H_ 1196 struct mknodat_args { 1197 int fd; 1198 char *path; 1199 mode_t mode; 1200 dev_t dev; 1201 }; 1202 #endif 1203 int 1204 sys_mknodat(struct thread *td, struct mknodat_args *uap) 1205 { 1206 1207 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode, 1208 uap->dev)); 1209 } 1210 1211 #if defined(COMPAT_FREEBSD11) 1212 int 1213 freebsd11_mknod(struct thread *td, 1214 struct freebsd11_mknod_args *uap) 1215 { 1216 1217 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1218 uap->mode, uap->dev)); 1219 } 1220 1221 int 1222 freebsd11_mknodat(struct thread *td, 1223 struct freebsd11_mknodat_args *uap) 1224 { 1225 1226 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode, 1227 uap->dev)); 1228 } 1229 #endif /* COMPAT_FREEBSD11 */ 1230 1231 int 1232 kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1233 int mode, dev_t dev) 1234 { 1235 struct vnode *vp; 1236 struct mount *mp; 1237 struct vattr vattr; 1238 struct nameidata nd; 1239 cap_rights_t rights; 1240 int error, whiteout = 0; 1241 1242 AUDIT_ARG_MODE(mode); 1243 AUDIT_ARG_DEV(dev); 1244 switch (mode & S_IFMT) { 1245 case S_IFCHR: 1246 case S_IFBLK: 1247 error = priv_check(td, PRIV_VFS_MKNOD_DEV); 1248 if (error == 0 && dev == VNOVAL) 1249 error = EINVAL; 1250 break; 1251 case S_IFMT: 1252 error = priv_check(td, PRIV_VFS_MKNOD_BAD); 1253 break; 1254 case S_IFWHT: 1255 error = priv_check(td, PRIV_VFS_MKNOD_WHT); 1256 break; 1257 case S_IFIFO: 1258 if (dev == 0) 1259 return (kern_mkfifoat(td, fd, path, pathseg, mode)); 1260 /* FALLTHROUGH */ 1261 default: 1262 error = EINVAL; 1263 break; 1264 } 1265 if (error != 0) 1266 return (error); 1267 restart: 1268 bwillwrite(); 1269 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 1270 NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKNODAT), 1271 td); 1272 if ((error = namei(&nd)) != 0) 1273 return (error); 1274 vp = nd.ni_vp; 1275 if (vp != NULL) { 1276 NDFREE(&nd, NDF_ONLY_PNBUF); 1277 if (vp == nd.ni_dvp) 1278 vrele(nd.ni_dvp); 1279 else 1280 vput(nd.ni_dvp); 1281 vrele(vp); 1282 return (EEXIST); 1283 } else { 1284 VATTR_NULL(&vattr); 1285 vattr.va_mode = (mode & ALLPERMS) & 1286 ~td->td_proc->p_fd->fd_cmask; 1287 vattr.va_rdev = dev; 1288 whiteout = 0; 1289 1290 switch (mode & S_IFMT) { 1291 case S_IFMT: /* used by badsect to flag bad sectors */ 1292 vattr.va_type = VBAD; 1293 break; 1294 case S_IFCHR: 1295 vattr.va_type = VCHR; 1296 break; 1297 case S_IFBLK: 1298 vattr.va_type = VBLK; 1299 break; 1300 case S_IFWHT: 1301 whiteout = 1; 1302 break; 1303 default: 1304 panic("kern_mknod: invalid mode"); 1305 } 1306 } 1307 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1308 NDFREE(&nd, NDF_ONLY_PNBUF); 1309 vput(nd.ni_dvp); 1310 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1311 return (error); 1312 goto restart; 1313 } 1314 #ifdef MAC 1315 if (error == 0 && !whiteout) 1316 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, 1317 &nd.ni_cnd, &vattr); 1318 #endif 1319 if (error == 0) { 1320 if (whiteout) 1321 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE); 1322 else { 1323 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, 1324 &nd.ni_cnd, &vattr); 1325 if (error == 0) 1326 vput(nd.ni_vp); 1327 } 1328 } 1329 NDFREE(&nd, NDF_ONLY_PNBUF); 1330 vput(nd.ni_dvp); 1331 vn_finished_write(mp); 1332 return (error); 1333 } 1334 1335 /* 1336 * Create a named pipe. 1337 */ 1338 #ifndef _SYS_SYSPROTO_H_ 1339 struct mkfifo_args { 1340 char *path; 1341 int mode; 1342 }; 1343 #endif 1344 int 1345 sys_mkfifo(struct thread *td, struct mkfifo_args *uap) 1346 { 1347 1348 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1349 uap->mode)); 1350 } 1351 1352 #ifndef _SYS_SYSPROTO_H_ 1353 struct mkfifoat_args { 1354 int fd; 1355 char *path; 1356 mode_t mode; 1357 }; 1358 #endif 1359 int 1360 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap) 1361 { 1362 1363 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE, 1364 uap->mode)); 1365 } 1366 1367 int 1368 kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1369 int mode) 1370 { 1371 struct mount *mp; 1372 struct vattr vattr; 1373 struct nameidata nd; 1374 cap_rights_t rights; 1375 int error; 1376 1377 AUDIT_ARG_MODE(mode); 1378 restart: 1379 bwillwrite(); 1380 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 1381 NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKFIFOAT), 1382 td); 1383 if ((error = namei(&nd)) != 0) 1384 return (error); 1385 if (nd.ni_vp != NULL) { 1386 NDFREE(&nd, NDF_ONLY_PNBUF); 1387 if (nd.ni_vp == nd.ni_dvp) 1388 vrele(nd.ni_dvp); 1389 else 1390 vput(nd.ni_dvp); 1391 vrele(nd.ni_vp); 1392 return (EEXIST); 1393 } 1394 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1395 NDFREE(&nd, NDF_ONLY_PNBUF); 1396 vput(nd.ni_dvp); 1397 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1398 return (error); 1399 goto restart; 1400 } 1401 VATTR_NULL(&vattr); 1402 vattr.va_type = VFIFO; 1403 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask; 1404 #ifdef MAC 1405 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 1406 &vattr); 1407 if (error != 0) 1408 goto out; 1409 #endif 1410 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 1411 if (error == 0) 1412 vput(nd.ni_vp); 1413 #ifdef MAC 1414 out: 1415 #endif 1416 vput(nd.ni_dvp); 1417 vn_finished_write(mp); 1418 NDFREE(&nd, NDF_ONLY_PNBUF); 1419 return (error); 1420 } 1421 1422 /* 1423 * Make a hard file link. 1424 */ 1425 #ifndef _SYS_SYSPROTO_H_ 1426 struct link_args { 1427 char *path; 1428 char *link; 1429 }; 1430 #endif 1431 int 1432 sys_link(struct thread *td, struct link_args *uap) 1433 { 1434 1435 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link, 1436 UIO_USERSPACE, FOLLOW)); 1437 } 1438 1439 #ifndef _SYS_SYSPROTO_H_ 1440 struct linkat_args { 1441 int fd1; 1442 char *path1; 1443 int fd2; 1444 char *path2; 1445 int flag; 1446 }; 1447 #endif 1448 int 1449 sys_linkat(struct thread *td, struct linkat_args *uap) 1450 { 1451 int flag; 1452 1453 flag = uap->flag; 1454 if (flag & ~AT_SYMLINK_FOLLOW) 1455 return (EINVAL); 1456 1457 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2, 1458 UIO_USERSPACE, (flag & AT_SYMLINK_FOLLOW) ? FOLLOW : NOFOLLOW)); 1459 } 1460 1461 int hardlink_check_uid = 0; 1462 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW, 1463 &hardlink_check_uid, 0, 1464 "Unprivileged processes cannot create hard links to files owned by other " 1465 "users"); 1466 static int hardlink_check_gid = 0; 1467 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW, 1468 &hardlink_check_gid, 0, 1469 "Unprivileged processes cannot create hard links to files owned by other " 1470 "groups"); 1471 1472 static int 1473 can_hardlink(struct vnode *vp, struct ucred *cred) 1474 { 1475 struct vattr va; 1476 int error; 1477 1478 if (!hardlink_check_uid && !hardlink_check_gid) 1479 return (0); 1480 1481 error = VOP_GETATTR(vp, &va, cred); 1482 if (error != 0) 1483 return (error); 1484 1485 if (hardlink_check_uid && cred->cr_uid != va.va_uid) { 1486 error = priv_check_cred(cred, PRIV_VFS_LINK, 0); 1487 if (error != 0) 1488 return (error); 1489 } 1490 1491 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) { 1492 error = priv_check_cred(cred, PRIV_VFS_LINK, 0); 1493 if (error != 0) 1494 return (error); 1495 } 1496 1497 return (0); 1498 } 1499 1500 int 1501 kern_linkat(struct thread *td, int fd1, int fd2, char *path1, char *path2, 1502 enum uio_seg segflg, int follow) 1503 { 1504 struct vnode *vp; 1505 struct mount *mp; 1506 struct nameidata nd; 1507 cap_rights_t rights; 1508 int error; 1509 1510 again: 1511 bwillwrite(); 1512 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, segflg, path1, fd1, 1513 cap_rights_init(&rights, CAP_LINKAT_SOURCE), td); 1514 1515 if ((error = namei(&nd)) != 0) 1516 return (error); 1517 NDFREE(&nd, NDF_ONLY_PNBUF); 1518 vp = nd.ni_vp; 1519 if (vp->v_type == VDIR) { 1520 vrele(vp); 1521 return (EPERM); /* POSIX */ 1522 } 1523 NDINIT_ATRIGHTS(&nd, CREATE, 1524 LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflg, path2, fd2, 1525 cap_rights_init(&rights, CAP_LINKAT_TARGET), td); 1526 if ((error = namei(&nd)) == 0) { 1527 if (nd.ni_vp != NULL) { 1528 NDFREE(&nd, NDF_ONLY_PNBUF); 1529 if (nd.ni_dvp == nd.ni_vp) 1530 vrele(nd.ni_dvp); 1531 else 1532 vput(nd.ni_dvp); 1533 vrele(nd.ni_vp); 1534 vrele(vp); 1535 return (EEXIST); 1536 } else if (nd.ni_dvp->v_mount != vp->v_mount) { 1537 /* 1538 * Cross-device link. No need to recheck 1539 * vp->v_type, since it cannot change, except 1540 * to VBAD. 1541 */ 1542 NDFREE(&nd, NDF_ONLY_PNBUF); 1543 vput(nd.ni_dvp); 1544 vrele(vp); 1545 return (EXDEV); 1546 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) { 1547 error = can_hardlink(vp, td->td_ucred); 1548 #ifdef MAC 1549 if (error == 0) 1550 error = mac_vnode_check_link(td->td_ucred, 1551 nd.ni_dvp, vp, &nd.ni_cnd); 1552 #endif 1553 if (error != 0) { 1554 vput(vp); 1555 vput(nd.ni_dvp); 1556 NDFREE(&nd, NDF_ONLY_PNBUF); 1557 return (error); 1558 } 1559 error = vn_start_write(vp, &mp, V_NOWAIT); 1560 if (error != 0) { 1561 vput(vp); 1562 vput(nd.ni_dvp); 1563 NDFREE(&nd, NDF_ONLY_PNBUF); 1564 error = vn_start_write(NULL, &mp, 1565 V_XSLEEP | PCATCH); 1566 if (error != 0) 1567 return (error); 1568 goto again; 1569 } 1570 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd); 1571 VOP_UNLOCK(vp, 0); 1572 vput(nd.ni_dvp); 1573 vn_finished_write(mp); 1574 NDFREE(&nd, NDF_ONLY_PNBUF); 1575 } else { 1576 vput(nd.ni_dvp); 1577 NDFREE(&nd, NDF_ONLY_PNBUF); 1578 vrele(vp); 1579 goto again; 1580 } 1581 } 1582 vrele(vp); 1583 return (error); 1584 } 1585 1586 /* 1587 * Make a symbolic link. 1588 */ 1589 #ifndef _SYS_SYSPROTO_H_ 1590 struct symlink_args { 1591 char *path; 1592 char *link; 1593 }; 1594 #endif 1595 int 1596 sys_symlink(struct thread *td, struct symlink_args *uap) 1597 { 1598 1599 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link, 1600 UIO_USERSPACE)); 1601 } 1602 1603 #ifndef _SYS_SYSPROTO_H_ 1604 struct symlinkat_args { 1605 char *path; 1606 int fd; 1607 char *path2; 1608 }; 1609 #endif 1610 int 1611 sys_symlinkat(struct thread *td, struct symlinkat_args *uap) 1612 { 1613 1614 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2, 1615 UIO_USERSPACE)); 1616 } 1617 1618 int 1619 kern_symlinkat(struct thread *td, char *path1, int fd, char *path2, 1620 enum uio_seg segflg) 1621 { 1622 struct mount *mp; 1623 struct vattr vattr; 1624 char *syspath; 1625 struct nameidata nd; 1626 int error; 1627 cap_rights_t rights; 1628 1629 if (segflg == UIO_SYSSPACE) { 1630 syspath = path1; 1631 } else { 1632 syspath = uma_zalloc(namei_zone, M_WAITOK); 1633 if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0) 1634 goto out; 1635 } 1636 AUDIT_ARG_TEXT(syspath); 1637 restart: 1638 bwillwrite(); 1639 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 1640 NOCACHE, segflg, path2, fd, cap_rights_init(&rights, CAP_SYMLINKAT), 1641 td); 1642 if ((error = namei(&nd)) != 0) 1643 goto out; 1644 if (nd.ni_vp) { 1645 NDFREE(&nd, NDF_ONLY_PNBUF); 1646 if (nd.ni_vp == nd.ni_dvp) 1647 vrele(nd.ni_dvp); 1648 else 1649 vput(nd.ni_dvp); 1650 vrele(nd.ni_vp); 1651 error = EEXIST; 1652 goto out; 1653 } 1654 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1655 NDFREE(&nd, NDF_ONLY_PNBUF); 1656 vput(nd.ni_dvp); 1657 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1658 goto out; 1659 goto restart; 1660 } 1661 VATTR_NULL(&vattr); 1662 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask; 1663 #ifdef MAC 1664 vattr.va_type = VLNK; 1665 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 1666 &vattr); 1667 if (error != 0) 1668 goto out2; 1669 #endif 1670 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath); 1671 if (error == 0) 1672 vput(nd.ni_vp); 1673 #ifdef MAC 1674 out2: 1675 #endif 1676 NDFREE(&nd, NDF_ONLY_PNBUF); 1677 vput(nd.ni_dvp); 1678 vn_finished_write(mp); 1679 out: 1680 if (segflg != UIO_SYSSPACE) 1681 uma_zfree(namei_zone, syspath); 1682 return (error); 1683 } 1684 1685 /* 1686 * Delete a whiteout from the filesystem. 1687 */ 1688 #ifndef _SYS_SYSPROTO_H_ 1689 struct undelete_args { 1690 char *path; 1691 }; 1692 #endif 1693 int 1694 sys_undelete(struct thread *td, struct undelete_args *uap) 1695 { 1696 struct mount *mp; 1697 struct nameidata nd; 1698 int error; 1699 1700 restart: 1701 bwillwrite(); 1702 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1, 1703 UIO_USERSPACE, uap->path, td); 1704 error = namei(&nd); 1705 if (error != 0) 1706 return (error); 1707 1708 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) { 1709 NDFREE(&nd, NDF_ONLY_PNBUF); 1710 if (nd.ni_vp == nd.ni_dvp) 1711 vrele(nd.ni_dvp); 1712 else 1713 vput(nd.ni_dvp); 1714 if (nd.ni_vp) 1715 vrele(nd.ni_vp); 1716 return (EEXIST); 1717 } 1718 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1719 NDFREE(&nd, NDF_ONLY_PNBUF); 1720 vput(nd.ni_dvp); 1721 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1722 return (error); 1723 goto restart; 1724 } 1725 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE); 1726 NDFREE(&nd, NDF_ONLY_PNBUF); 1727 vput(nd.ni_dvp); 1728 vn_finished_write(mp); 1729 return (error); 1730 } 1731 1732 /* 1733 * Delete a name from the filesystem. 1734 */ 1735 #ifndef _SYS_SYSPROTO_H_ 1736 struct unlink_args { 1737 char *path; 1738 }; 1739 #endif 1740 int 1741 sys_unlink(struct thread *td, struct unlink_args *uap) 1742 { 1743 1744 return (kern_unlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 0)); 1745 } 1746 1747 #ifndef _SYS_SYSPROTO_H_ 1748 struct unlinkat_args { 1749 int fd; 1750 char *path; 1751 int flag; 1752 }; 1753 #endif 1754 int 1755 sys_unlinkat(struct thread *td, struct unlinkat_args *uap) 1756 { 1757 int flag = uap->flag; 1758 int fd = uap->fd; 1759 char *path = uap->path; 1760 1761 if (flag & ~AT_REMOVEDIR) 1762 return (EINVAL); 1763 1764 if (flag & AT_REMOVEDIR) 1765 return (kern_rmdirat(td, fd, path, UIO_USERSPACE)); 1766 else 1767 return (kern_unlinkat(td, fd, path, UIO_USERSPACE, 0)); 1768 } 1769 1770 int 1771 kern_unlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1772 ino_t oldinum) 1773 { 1774 struct mount *mp; 1775 struct vnode *vp; 1776 struct nameidata nd; 1777 struct stat sb; 1778 cap_rights_t rights; 1779 int error; 1780 1781 restart: 1782 bwillwrite(); 1783 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1, 1784 pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td); 1785 if ((error = namei(&nd)) != 0) 1786 return (error == EINVAL ? EPERM : error); 1787 vp = nd.ni_vp; 1788 if (vp->v_type == VDIR && oldinum == 0) { 1789 error = EPERM; /* POSIX */ 1790 } else if (oldinum != 0 && 1791 ((error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td)) == 0) && 1792 sb.st_ino != oldinum) { 1793 error = EIDRM; /* Identifier removed */ 1794 } else { 1795 /* 1796 * The root of a mounted filesystem cannot be deleted. 1797 * 1798 * XXX: can this only be a VDIR case? 1799 */ 1800 if (vp->v_vflag & VV_ROOT) 1801 error = EBUSY; 1802 } 1803 if (error == 0) { 1804 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1805 NDFREE(&nd, NDF_ONLY_PNBUF); 1806 vput(nd.ni_dvp); 1807 if (vp == nd.ni_dvp) 1808 vrele(vp); 1809 else 1810 vput(vp); 1811 if ((error = vn_start_write(NULL, &mp, 1812 V_XSLEEP | PCATCH)) != 0) 1813 return (error); 1814 goto restart; 1815 } 1816 #ifdef MAC 1817 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp, 1818 &nd.ni_cnd); 1819 if (error != 0) 1820 goto out; 1821 #endif 1822 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK); 1823 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); 1824 #ifdef MAC 1825 out: 1826 #endif 1827 vn_finished_write(mp); 1828 } 1829 NDFREE(&nd, NDF_ONLY_PNBUF); 1830 vput(nd.ni_dvp); 1831 if (vp == nd.ni_dvp) 1832 vrele(vp); 1833 else 1834 vput(vp); 1835 return (error); 1836 } 1837 1838 /* 1839 * Reposition read/write file offset. 1840 */ 1841 #ifndef _SYS_SYSPROTO_H_ 1842 struct lseek_args { 1843 int fd; 1844 int pad; 1845 off_t offset; 1846 int whence; 1847 }; 1848 #endif 1849 int 1850 sys_lseek(struct thread *td, struct lseek_args *uap) 1851 { 1852 1853 return (kern_lseek(td, uap->fd, uap->offset, uap->whence)); 1854 } 1855 1856 int 1857 kern_lseek(struct thread *td, int fd, off_t offset, int whence) 1858 { 1859 struct file *fp; 1860 cap_rights_t rights; 1861 int error; 1862 1863 AUDIT_ARG_FD(fd); 1864 error = fget(td, fd, cap_rights_init(&rights, CAP_SEEK), &fp); 1865 if (error != 0) 1866 return (error); 1867 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ? 1868 fo_seek(fp, offset, whence, td) : ESPIPE; 1869 fdrop(fp, td); 1870 return (error); 1871 } 1872 1873 #if defined(COMPAT_43) 1874 /* 1875 * Reposition read/write file offset. 1876 */ 1877 #ifndef _SYS_SYSPROTO_H_ 1878 struct olseek_args { 1879 int fd; 1880 long offset; 1881 int whence; 1882 }; 1883 #endif 1884 int 1885 olseek(struct thread *td, struct olseek_args *uap) 1886 { 1887 1888 return (kern_lseek(td, uap->fd, uap->offset, uap->whence)); 1889 } 1890 #endif /* COMPAT_43 */ 1891 1892 #if defined(COMPAT_FREEBSD6) 1893 /* Version with the 'pad' argument */ 1894 int 1895 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap) 1896 { 1897 1898 return (kern_lseek(td, uap->fd, uap->offset, uap->whence)); 1899 } 1900 #endif 1901 1902 /* 1903 * Check access permissions using passed credentials. 1904 */ 1905 static int 1906 vn_access(struct vnode *vp, int user_flags, struct ucred *cred, 1907 struct thread *td) 1908 { 1909 accmode_t accmode; 1910 int error; 1911 1912 /* Flags == 0 means only check for existence. */ 1913 if (user_flags == 0) 1914 return (0); 1915 1916 accmode = 0; 1917 if (user_flags & R_OK) 1918 accmode |= VREAD; 1919 if (user_flags & W_OK) 1920 accmode |= VWRITE; 1921 if (user_flags & X_OK) 1922 accmode |= VEXEC; 1923 #ifdef MAC 1924 error = mac_vnode_check_access(cred, vp, accmode); 1925 if (error != 0) 1926 return (error); 1927 #endif 1928 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0) 1929 error = VOP_ACCESS(vp, accmode, cred, td); 1930 return (error); 1931 } 1932 1933 /* 1934 * Check access permissions using "real" credentials. 1935 */ 1936 #ifndef _SYS_SYSPROTO_H_ 1937 struct access_args { 1938 char *path; 1939 int amode; 1940 }; 1941 #endif 1942 int 1943 sys_access(struct thread *td, struct access_args *uap) 1944 { 1945 1946 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1947 0, uap->amode)); 1948 } 1949 1950 #ifndef _SYS_SYSPROTO_H_ 1951 struct faccessat_args { 1952 int dirfd; 1953 char *path; 1954 int amode; 1955 int flag; 1956 } 1957 #endif 1958 int 1959 sys_faccessat(struct thread *td, struct faccessat_args *uap) 1960 { 1961 1962 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag, 1963 uap->amode)); 1964 } 1965 1966 int 1967 kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1968 int flag, int amode) 1969 { 1970 struct ucred *cred, *usecred; 1971 struct vnode *vp; 1972 struct nameidata nd; 1973 cap_rights_t rights; 1974 int error; 1975 1976 if (flag & ~AT_EACCESS) 1977 return (EINVAL); 1978 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0) 1979 return (EINVAL); 1980 1981 /* 1982 * Create and modify a temporary credential instead of one that 1983 * is potentially shared (if we need one). 1984 */ 1985 cred = td->td_ucred; 1986 if ((flag & AT_EACCESS) == 0 && 1987 ((cred->cr_uid != cred->cr_ruid || 1988 cred->cr_rgid != cred->cr_groups[0]))) { 1989 usecred = crdup(cred); 1990 usecred->cr_uid = cred->cr_ruid; 1991 usecred->cr_groups[0] = cred->cr_rgid; 1992 td->td_ucred = usecred; 1993 } else 1994 usecred = cred; 1995 AUDIT_ARG_VALUE(amode); 1996 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | 1997 AUDITVNODE1, pathseg, path, fd, cap_rights_init(&rights, CAP_FSTAT), 1998 td); 1999 if ((error = namei(&nd)) != 0) 2000 goto out; 2001 vp = nd.ni_vp; 2002 2003 error = vn_access(vp, amode, usecred, td); 2004 NDFREE(&nd, NDF_ONLY_PNBUF); 2005 vput(vp); 2006 out: 2007 if (usecred != cred) { 2008 td->td_ucred = cred; 2009 crfree(usecred); 2010 } 2011 return (error); 2012 } 2013 2014 /* 2015 * Check access permissions using "effective" credentials. 2016 */ 2017 #ifndef _SYS_SYSPROTO_H_ 2018 struct eaccess_args { 2019 char *path; 2020 int amode; 2021 }; 2022 #endif 2023 int 2024 sys_eaccess(struct thread *td, struct eaccess_args *uap) 2025 { 2026 2027 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2028 AT_EACCESS, uap->amode)); 2029 } 2030 2031 #if defined(COMPAT_43) 2032 /* 2033 * Get file status; this version follows links. 2034 */ 2035 #ifndef _SYS_SYSPROTO_H_ 2036 struct ostat_args { 2037 char *path; 2038 struct ostat *ub; 2039 }; 2040 #endif 2041 int 2042 ostat(struct thread *td, struct ostat_args *uap) 2043 { 2044 struct stat sb; 2045 struct ostat osb; 2046 int error; 2047 2048 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, 2049 &sb, NULL); 2050 if (error != 0) 2051 return (error); 2052 cvtstat(&sb, &osb); 2053 return (copyout(&osb, uap->ub, sizeof (osb))); 2054 } 2055 2056 /* 2057 * Get file status; this version does not follow links. 2058 */ 2059 #ifndef _SYS_SYSPROTO_H_ 2060 struct olstat_args { 2061 char *path; 2062 struct ostat *ub; 2063 }; 2064 #endif 2065 int 2066 olstat(struct thread *td, struct olstat_args *uap) 2067 { 2068 struct stat sb; 2069 struct ostat osb; 2070 int error; 2071 2072 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path, 2073 UIO_USERSPACE, &sb, NULL); 2074 if (error != 0) 2075 return (error); 2076 cvtstat(&sb, &osb); 2077 return (copyout(&osb, uap->ub, sizeof (osb))); 2078 } 2079 2080 /* 2081 * Convert from an old to a new stat structure. 2082 */ 2083 void 2084 cvtstat(struct stat *st, struct ostat *ost) 2085 { 2086 2087 bzero(ost, sizeof(*ost)); 2088 ost->st_dev = st->st_dev; 2089 ost->st_ino = st->st_ino; 2090 ost->st_mode = st->st_mode; 2091 ost->st_nlink = st->st_nlink; 2092 ost->st_uid = st->st_uid; 2093 ost->st_gid = st->st_gid; 2094 ost->st_rdev = st->st_rdev; 2095 if (st->st_size < (quad_t)1 << 32) 2096 ost->st_size = st->st_size; 2097 else 2098 ost->st_size = -2; 2099 ost->st_atim = st->st_atim; 2100 ost->st_mtim = st->st_mtim; 2101 ost->st_ctim = st->st_ctim; 2102 ost->st_blksize = st->st_blksize; 2103 ost->st_blocks = st->st_blocks; 2104 ost->st_flags = st->st_flags; 2105 ost->st_gen = st->st_gen; 2106 } 2107 #endif /* COMPAT_43 */ 2108 2109 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11) 2110 int ino64_trunc_error; 2111 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW, 2112 &ino64_trunc_error, 0, 2113 "Error on truncation of inode number, device id or link count"); 2114 int 2115 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost) 2116 { 2117 2118 ost->st_dev = st->st_dev; 2119 ost->st_ino = st->st_ino; 2120 if (ost->st_ino != st->st_ino) { 2121 switch (ino64_trunc_error) { 2122 default: 2123 case 0: 2124 break; 2125 case 1: 2126 return (EOVERFLOW); 2127 case 2: 2128 ost->st_ino = UINT32_MAX; 2129 break; 2130 } 2131 } 2132 ost->st_mode = st->st_mode; 2133 ost->st_nlink = st->st_nlink; 2134 if (ost->st_nlink != st->st_nlink) { 2135 switch (ino64_trunc_error) { 2136 default: 2137 case 0: 2138 break; 2139 case 1: 2140 return (EOVERFLOW); 2141 case 2: 2142 ost->st_nlink = UINT16_MAX; 2143 break; 2144 } 2145 } 2146 ost->st_uid = st->st_uid; 2147 ost->st_gid = st->st_gid; 2148 ost->st_rdev = st->st_rdev; 2149 ost->st_atim = st->st_atim; 2150 ost->st_mtim = st->st_mtim; 2151 ost->st_ctim = st->st_ctim; 2152 ost->st_size = st->st_size; 2153 ost->st_blocks = st->st_blocks; 2154 ost->st_blksize = st->st_blksize; 2155 ost->st_flags = st->st_flags; 2156 ost->st_gen = st->st_gen; 2157 ost->st_lspare = 0; 2158 ost->st_birthtim = st->st_birthtim; 2159 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim), 2160 sizeof(*ost) - offsetof(struct freebsd11_stat, 2161 st_birthtim) - sizeof(ost->st_birthtim)); 2162 return (0); 2163 } 2164 2165 int 2166 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap) 2167 { 2168 struct stat sb; 2169 struct freebsd11_stat osb; 2170 int error; 2171 2172 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, 2173 &sb, NULL); 2174 if (error != 0) 2175 return (error); 2176 error = freebsd11_cvtstat(&sb, &osb); 2177 if (error == 0) 2178 error = copyout(&osb, uap->ub, sizeof(osb)); 2179 return (error); 2180 } 2181 2182 int 2183 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap) 2184 { 2185 struct stat sb; 2186 struct freebsd11_stat osb; 2187 int error; 2188 2189 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path, 2190 UIO_USERSPACE, &sb, NULL); 2191 if (error != 0) 2192 return (error); 2193 error = freebsd11_cvtstat(&sb, &osb); 2194 if (error == 0) 2195 error = copyout(&osb, uap->ub, sizeof(osb)); 2196 return (error); 2197 } 2198 2199 int 2200 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap) 2201 { 2202 struct fhandle fh; 2203 struct stat sb; 2204 struct freebsd11_stat osb; 2205 int error; 2206 2207 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 2208 if (error != 0) 2209 return (error); 2210 error = kern_fhstat(td, fh, &sb); 2211 if (error != 0) 2212 return (error); 2213 error = freebsd11_cvtstat(&sb, &osb); 2214 if (error == 0) 2215 error = copyout(&osb, uap->sb, sizeof(osb)); 2216 return (error); 2217 } 2218 2219 int 2220 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap) 2221 { 2222 struct stat sb; 2223 struct freebsd11_stat osb; 2224 int error; 2225 2226 error = kern_statat(td, uap->flag, uap->fd, uap->path, 2227 UIO_USERSPACE, &sb, NULL); 2228 if (error != 0) 2229 return (error); 2230 error = freebsd11_cvtstat(&sb, &osb); 2231 if (error == 0) 2232 error = copyout(&osb, uap->buf, sizeof(osb)); 2233 return (error); 2234 } 2235 #endif /* COMPAT_FREEBSD11 */ 2236 2237 /* 2238 * Get file status 2239 */ 2240 #ifndef _SYS_SYSPROTO_H_ 2241 struct fstatat_args { 2242 int fd; 2243 char *path; 2244 struct stat *buf; 2245 int flag; 2246 } 2247 #endif 2248 int 2249 sys_fstatat(struct thread *td, struct fstatat_args *uap) 2250 { 2251 struct stat sb; 2252 int error; 2253 2254 error = kern_statat(td, uap->flag, uap->fd, uap->path, 2255 UIO_USERSPACE, &sb, NULL); 2256 if (error == 0) 2257 error = copyout(&sb, uap->buf, sizeof (sb)); 2258 return (error); 2259 } 2260 2261 int 2262 kern_statat(struct thread *td, int flag, int fd, char *path, 2263 enum uio_seg pathseg, struct stat *sbp, 2264 void (*hook)(struct vnode *vp, struct stat *sbp)) 2265 { 2266 struct nameidata nd; 2267 struct stat sb; 2268 cap_rights_t rights; 2269 int error; 2270 2271 if (flag & ~AT_SYMLINK_NOFOLLOW) 2272 return (EINVAL); 2273 2274 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : 2275 FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd, 2276 cap_rights_init(&rights, CAP_FSTAT), td); 2277 2278 if ((error = namei(&nd)) != 0) 2279 return (error); 2280 error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td); 2281 if (error == 0) { 2282 SDT_PROBE2(vfs, , stat, mode, path, sb.st_mode); 2283 if (S_ISREG(sb.st_mode)) 2284 SDT_PROBE2(vfs, , stat, reg, path, pathseg); 2285 if (__predict_false(hook != NULL)) 2286 hook(nd.ni_vp, &sb); 2287 } 2288 NDFREE(&nd, NDF_ONLY_PNBUF); 2289 vput(nd.ni_vp); 2290 if (error != 0) 2291 return (error); 2292 #ifdef __STAT_TIME_T_EXT 2293 sb.st_atim_ext = 0; 2294 sb.st_mtim_ext = 0; 2295 sb.st_ctim_ext = 0; 2296 sb.st_btim_ext = 0; 2297 #endif 2298 *sbp = sb; 2299 #ifdef KTRACE 2300 if (KTRPOINT(td, KTR_STRUCT)) 2301 ktrstat(&sb); 2302 #endif 2303 return (0); 2304 } 2305 2306 #if defined(COMPAT_FREEBSD11) 2307 /* 2308 * Implementation of the NetBSD [l]stat() functions. 2309 */ 2310 void 2311 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb) 2312 { 2313 2314 bzero(nsb, sizeof(*nsb)); 2315 nsb->st_dev = sb->st_dev; 2316 nsb->st_ino = sb->st_ino; 2317 nsb->st_mode = sb->st_mode; 2318 nsb->st_nlink = sb->st_nlink; 2319 nsb->st_uid = sb->st_uid; 2320 nsb->st_gid = sb->st_gid; 2321 nsb->st_rdev = sb->st_rdev; 2322 nsb->st_atim = sb->st_atim; 2323 nsb->st_mtim = sb->st_mtim; 2324 nsb->st_ctim = sb->st_ctim; 2325 nsb->st_size = sb->st_size; 2326 nsb->st_blocks = sb->st_blocks; 2327 nsb->st_blksize = sb->st_blksize; 2328 nsb->st_flags = sb->st_flags; 2329 nsb->st_gen = sb->st_gen; 2330 nsb->st_birthtim = sb->st_birthtim; 2331 } 2332 2333 #ifndef _SYS_SYSPROTO_H_ 2334 struct freebsd11_nstat_args { 2335 char *path; 2336 struct nstat *ub; 2337 }; 2338 #endif 2339 int 2340 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap) 2341 { 2342 struct stat sb; 2343 struct nstat nsb; 2344 int error; 2345 2346 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, 2347 &sb, NULL); 2348 if (error != 0) 2349 return (error); 2350 freebsd11_cvtnstat(&sb, &nsb); 2351 return (copyout(&nsb, uap->ub, sizeof (nsb))); 2352 } 2353 2354 /* 2355 * NetBSD lstat. Get file status; this version does not follow links. 2356 */ 2357 #ifndef _SYS_SYSPROTO_H_ 2358 struct freebsd11_nlstat_args { 2359 char *path; 2360 struct nstat *ub; 2361 }; 2362 #endif 2363 int 2364 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap) 2365 { 2366 struct stat sb; 2367 struct nstat nsb; 2368 int error; 2369 2370 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path, 2371 UIO_USERSPACE, &sb, NULL); 2372 if (error != 0) 2373 return (error); 2374 freebsd11_cvtnstat(&sb, &nsb); 2375 return (copyout(&nsb, uap->ub, sizeof (nsb))); 2376 } 2377 #endif /* COMPAT_FREEBSD11 */ 2378 2379 /* 2380 * Get configurable pathname variables. 2381 */ 2382 #ifndef _SYS_SYSPROTO_H_ 2383 struct pathconf_args { 2384 char *path; 2385 int name; 2386 }; 2387 #endif 2388 int 2389 sys_pathconf(struct thread *td, struct pathconf_args *uap) 2390 { 2391 2392 return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW)); 2393 } 2394 2395 #ifndef _SYS_SYSPROTO_H_ 2396 struct lpathconf_args { 2397 char *path; 2398 int name; 2399 }; 2400 #endif 2401 int 2402 sys_lpathconf(struct thread *td, struct lpathconf_args *uap) 2403 { 2404 2405 return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, 2406 NOFOLLOW)); 2407 } 2408 2409 int 2410 kern_pathconf(struct thread *td, char *path, enum uio_seg pathseg, int name, 2411 u_long flags) 2412 { 2413 struct nameidata nd; 2414 int error; 2415 2416 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags, 2417 pathseg, path, td); 2418 if ((error = namei(&nd)) != 0) 2419 return (error); 2420 NDFREE(&nd, NDF_ONLY_PNBUF); 2421 2422 error = VOP_PATHCONF(nd.ni_vp, name, td->td_retval); 2423 vput(nd.ni_vp); 2424 return (error); 2425 } 2426 2427 /* 2428 * Return target name of a symbolic link. 2429 */ 2430 #ifndef _SYS_SYSPROTO_H_ 2431 struct readlink_args { 2432 char *path; 2433 char *buf; 2434 size_t count; 2435 }; 2436 #endif 2437 int 2438 sys_readlink(struct thread *td, struct readlink_args *uap) 2439 { 2440 2441 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2442 uap->buf, UIO_USERSPACE, uap->count)); 2443 } 2444 #ifndef _SYS_SYSPROTO_H_ 2445 struct readlinkat_args { 2446 int fd; 2447 char *path; 2448 char *buf; 2449 size_t bufsize; 2450 }; 2451 #endif 2452 int 2453 sys_readlinkat(struct thread *td, struct readlinkat_args *uap) 2454 { 2455 2456 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE, 2457 uap->buf, UIO_USERSPACE, uap->bufsize)); 2458 } 2459 2460 int 2461 kern_readlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 2462 char *buf, enum uio_seg bufseg, size_t count) 2463 { 2464 struct vnode *vp; 2465 struct iovec aiov; 2466 struct uio auio; 2467 struct nameidata nd; 2468 int error; 2469 2470 if (count > IOSIZE_MAX) 2471 return (EINVAL); 2472 2473 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 2474 pathseg, path, fd, td); 2475 2476 if ((error = namei(&nd)) != 0) 2477 return (error); 2478 NDFREE(&nd, NDF_ONLY_PNBUF); 2479 vp = nd.ni_vp; 2480 #ifdef MAC 2481 error = mac_vnode_check_readlink(td->td_ucred, vp); 2482 if (error != 0) { 2483 vput(vp); 2484 return (error); 2485 } 2486 #endif 2487 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0) 2488 error = EINVAL; 2489 else { 2490 aiov.iov_base = buf; 2491 aiov.iov_len = count; 2492 auio.uio_iov = &aiov; 2493 auio.uio_iovcnt = 1; 2494 auio.uio_offset = 0; 2495 auio.uio_rw = UIO_READ; 2496 auio.uio_segflg = bufseg; 2497 auio.uio_td = td; 2498 auio.uio_resid = count; 2499 error = VOP_READLINK(vp, &auio, td->td_ucred); 2500 td->td_retval[0] = count - auio.uio_resid; 2501 } 2502 vput(vp); 2503 return (error); 2504 } 2505 2506 /* 2507 * Common implementation code for chflags() and fchflags(). 2508 */ 2509 static int 2510 setfflags(struct thread *td, struct vnode *vp, u_long flags) 2511 { 2512 struct mount *mp; 2513 struct vattr vattr; 2514 int error; 2515 2516 /* We can't support the value matching VNOVAL. */ 2517 if (flags == VNOVAL) 2518 return (EOPNOTSUPP); 2519 2520 /* 2521 * Prevent non-root users from setting flags on devices. When 2522 * a device is reused, users can retain ownership of the device 2523 * if they are allowed to set flags and programs assume that 2524 * chown can't fail when done as root. 2525 */ 2526 if (vp->v_type == VCHR || vp->v_type == VBLK) { 2527 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV); 2528 if (error != 0) 2529 return (error); 2530 } 2531 2532 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 2533 return (error); 2534 VATTR_NULL(&vattr); 2535 vattr.va_flags = flags; 2536 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 2537 #ifdef MAC 2538 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags); 2539 if (error == 0) 2540 #endif 2541 error = VOP_SETATTR(vp, &vattr, td->td_ucred); 2542 VOP_UNLOCK(vp, 0); 2543 vn_finished_write(mp); 2544 return (error); 2545 } 2546 2547 /* 2548 * Change flags of a file given a path name. 2549 */ 2550 #ifndef _SYS_SYSPROTO_H_ 2551 struct chflags_args { 2552 const char *path; 2553 u_long flags; 2554 }; 2555 #endif 2556 int 2557 sys_chflags(struct thread *td, struct chflags_args *uap) 2558 { 2559 2560 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2561 uap->flags, 0)); 2562 } 2563 2564 #ifndef _SYS_SYSPROTO_H_ 2565 struct chflagsat_args { 2566 int fd; 2567 const char *path; 2568 u_long flags; 2569 int atflag; 2570 } 2571 #endif 2572 int 2573 sys_chflagsat(struct thread *td, struct chflagsat_args *uap) 2574 { 2575 int fd = uap->fd; 2576 const char *path = uap->path; 2577 u_long flags = uap->flags; 2578 int atflag = uap->atflag; 2579 2580 if (atflag & ~AT_SYMLINK_NOFOLLOW) 2581 return (EINVAL); 2582 2583 return (kern_chflagsat(td, fd, path, UIO_USERSPACE, flags, atflag)); 2584 } 2585 2586 /* 2587 * Same as chflags() but doesn't follow symlinks. 2588 */ 2589 #ifndef _SYS_SYSPROTO_H_ 2590 struct lchflags_args { 2591 const char *path; 2592 u_long flags; 2593 }; 2594 #endif 2595 int 2596 sys_lchflags(struct thread *td, struct lchflags_args *uap) 2597 { 2598 2599 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2600 uap->flags, AT_SYMLINK_NOFOLLOW)); 2601 } 2602 2603 static int 2604 kern_chflagsat(struct thread *td, int fd, const char *path, 2605 enum uio_seg pathseg, u_long flags, int atflag) 2606 { 2607 struct nameidata nd; 2608 cap_rights_t rights; 2609 int error, follow; 2610 2611 AUDIT_ARG_FFLAGS(flags); 2612 follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; 2613 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, 2614 cap_rights_init(&rights, CAP_FCHFLAGS), td); 2615 if ((error = namei(&nd)) != 0) 2616 return (error); 2617 NDFREE(&nd, NDF_ONLY_PNBUF); 2618 error = setfflags(td, nd.ni_vp, flags); 2619 vrele(nd.ni_vp); 2620 return (error); 2621 } 2622 2623 /* 2624 * Change flags of a file given a file descriptor. 2625 */ 2626 #ifndef _SYS_SYSPROTO_H_ 2627 struct fchflags_args { 2628 int fd; 2629 u_long flags; 2630 }; 2631 #endif 2632 int 2633 sys_fchflags(struct thread *td, struct fchflags_args *uap) 2634 { 2635 struct file *fp; 2636 cap_rights_t rights; 2637 int error; 2638 2639 AUDIT_ARG_FD(uap->fd); 2640 AUDIT_ARG_FFLAGS(uap->flags); 2641 error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_FCHFLAGS), 2642 &fp); 2643 if (error != 0) 2644 return (error); 2645 #ifdef AUDIT 2646 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY); 2647 AUDIT_ARG_VNODE1(fp->f_vnode); 2648 VOP_UNLOCK(fp->f_vnode, 0); 2649 #endif 2650 error = setfflags(td, fp->f_vnode, uap->flags); 2651 fdrop(fp, td); 2652 return (error); 2653 } 2654 2655 /* 2656 * Common implementation code for chmod(), lchmod() and fchmod(). 2657 */ 2658 int 2659 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode) 2660 { 2661 struct mount *mp; 2662 struct vattr vattr; 2663 int error; 2664 2665 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 2666 return (error); 2667 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 2668 VATTR_NULL(&vattr); 2669 vattr.va_mode = mode & ALLPERMS; 2670 #ifdef MAC 2671 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode); 2672 if (error == 0) 2673 #endif 2674 error = VOP_SETATTR(vp, &vattr, cred); 2675 VOP_UNLOCK(vp, 0); 2676 vn_finished_write(mp); 2677 return (error); 2678 } 2679 2680 /* 2681 * Change mode of a file given path name. 2682 */ 2683 #ifndef _SYS_SYSPROTO_H_ 2684 struct chmod_args { 2685 char *path; 2686 int mode; 2687 }; 2688 #endif 2689 int 2690 sys_chmod(struct thread *td, struct chmod_args *uap) 2691 { 2692 2693 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2694 uap->mode, 0)); 2695 } 2696 2697 #ifndef _SYS_SYSPROTO_H_ 2698 struct fchmodat_args { 2699 int dirfd; 2700 char *path; 2701 mode_t mode; 2702 int flag; 2703 } 2704 #endif 2705 int 2706 sys_fchmodat(struct thread *td, struct fchmodat_args *uap) 2707 { 2708 int flag = uap->flag; 2709 int fd = uap->fd; 2710 char *path = uap->path; 2711 mode_t mode = uap->mode; 2712 2713 if (flag & ~AT_SYMLINK_NOFOLLOW) 2714 return (EINVAL); 2715 2716 return (kern_fchmodat(td, fd, path, UIO_USERSPACE, mode, flag)); 2717 } 2718 2719 /* 2720 * Change mode of a file given path name (don't follow links.) 2721 */ 2722 #ifndef _SYS_SYSPROTO_H_ 2723 struct lchmod_args { 2724 char *path; 2725 int mode; 2726 }; 2727 #endif 2728 int 2729 sys_lchmod(struct thread *td, struct lchmod_args *uap) 2730 { 2731 2732 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2733 uap->mode, AT_SYMLINK_NOFOLLOW)); 2734 } 2735 2736 int 2737 kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 2738 mode_t mode, int flag) 2739 { 2740 struct nameidata nd; 2741 cap_rights_t rights; 2742 int error, follow; 2743 2744 AUDIT_ARG_MODE(mode); 2745 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; 2746 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, 2747 cap_rights_init(&rights, CAP_FCHMOD), td); 2748 if ((error = namei(&nd)) != 0) 2749 return (error); 2750 NDFREE(&nd, NDF_ONLY_PNBUF); 2751 error = setfmode(td, td->td_ucred, nd.ni_vp, mode); 2752 vrele(nd.ni_vp); 2753 return (error); 2754 } 2755 2756 /* 2757 * Change mode of a file given a file descriptor. 2758 */ 2759 #ifndef _SYS_SYSPROTO_H_ 2760 struct fchmod_args { 2761 int fd; 2762 int mode; 2763 }; 2764 #endif 2765 int 2766 sys_fchmod(struct thread *td, struct fchmod_args *uap) 2767 { 2768 struct file *fp; 2769 cap_rights_t rights; 2770 int error; 2771 2772 AUDIT_ARG_FD(uap->fd); 2773 AUDIT_ARG_MODE(uap->mode); 2774 2775 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHMOD), &fp); 2776 if (error != 0) 2777 return (error); 2778 error = fo_chmod(fp, uap->mode, td->td_ucred, td); 2779 fdrop(fp, td); 2780 return (error); 2781 } 2782 2783 /* 2784 * Common implementation for chown(), lchown(), and fchown() 2785 */ 2786 int 2787 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid, 2788 gid_t gid) 2789 { 2790 struct mount *mp; 2791 struct vattr vattr; 2792 int error; 2793 2794 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 2795 return (error); 2796 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 2797 VATTR_NULL(&vattr); 2798 vattr.va_uid = uid; 2799 vattr.va_gid = gid; 2800 #ifdef MAC 2801 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid, 2802 vattr.va_gid); 2803 if (error == 0) 2804 #endif 2805 error = VOP_SETATTR(vp, &vattr, cred); 2806 VOP_UNLOCK(vp, 0); 2807 vn_finished_write(mp); 2808 return (error); 2809 } 2810 2811 /* 2812 * Set ownership given a path name. 2813 */ 2814 #ifndef _SYS_SYSPROTO_H_ 2815 struct chown_args { 2816 char *path; 2817 int uid; 2818 int gid; 2819 }; 2820 #endif 2821 int 2822 sys_chown(struct thread *td, struct chown_args *uap) 2823 { 2824 2825 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid, 2826 uap->gid, 0)); 2827 } 2828 2829 #ifndef _SYS_SYSPROTO_H_ 2830 struct fchownat_args { 2831 int fd; 2832 const char * path; 2833 uid_t uid; 2834 gid_t gid; 2835 int flag; 2836 }; 2837 #endif 2838 int 2839 sys_fchownat(struct thread *td, struct fchownat_args *uap) 2840 { 2841 int flag; 2842 2843 flag = uap->flag; 2844 if (flag & ~AT_SYMLINK_NOFOLLOW) 2845 return (EINVAL); 2846 2847 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid, 2848 uap->gid, uap->flag)); 2849 } 2850 2851 int 2852 kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 2853 int uid, int gid, int flag) 2854 { 2855 struct nameidata nd; 2856 cap_rights_t rights; 2857 int error, follow; 2858 2859 AUDIT_ARG_OWNER(uid, gid); 2860 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; 2861 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, 2862 cap_rights_init(&rights, CAP_FCHOWN), td); 2863 2864 if ((error = namei(&nd)) != 0) 2865 return (error); 2866 NDFREE(&nd, NDF_ONLY_PNBUF); 2867 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid); 2868 vrele(nd.ni_vp); 2869 return (error); 2870 } 2871 2872 /* 2873 * Set ownership given a path name, do not cross symlinks. 2874 */ 2875 #ifndef _SYS_SYSPROTO_H_ 2876 struct lchown_args { 2877 char *path; 2878 int uid; 2879 int gid; 2880 }; 2881 #endif 2882 int 2883 sys_lchown(struct thread *td, struct lchown_args *uap) 2884 { 2885 2886 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2887 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW)); 2888 } 2889 2890 /* 2891 * Set ownership given a file descriptor. 2892 */ 2893 #ifndef _SYS_SYSPROTO_H_ 2894 struct fchown_args { 2895 int fd; 2896 int uid; 2897 int gid; 2898 }; 2899 #endif 2900 int 2901 sys_fchown(struct thread *td, struct fchown_args *uap) 2902 { 2903 struct file *fp; 2904 cap_rights_t rights; 2905 int error; 2906 2907 AUDIT_ARG_FD(uap->fd); 2908 AUDIT_ARG_OWNER(uap->uid, uap->gid); 2909 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHOWN), &fp); 2910 if (error != 0) 2911 return (error); 2912 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td); 2913 fdrop(fp, td); 2914 return (error); 2915 } 2916 2917 /* 2918 * Common implementation code for utimes(), lutimes(), and futimes(). 2919 */ 2920 static int 2921 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg, 2922 struct timespec *tsp) 2923 { 2924 struct timeval tv[2]; 2925 const struct timeval *tvp; 2926 int error; 2927 2928 if (usrtvp == NULL) { 2929 vfs_timestamp(&tsp[0]); 2930 tsp[1] = tsp[0]; 2931 } else { 2932 if (tvpseg == UIO_SYSSPACE) { 2933 tvp = usrtvp; 2934 } else { 2935 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0) 2936 return (error); 2937 tvp = tv; 2938 } 2939 2940 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 || 2941 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000) 2942 return (EINVAL); 2943 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]); 2944 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]); 2945 } 2946 return (0); 2947 } 2948 2949 /* 2950 * Common implementation code for futimens(), utimensat(). 2951 */ 2952 #define UTIMENS_NULL 0x1 2953 #define UTIMENS_EXIT 0x2 2954 static int 2955 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg, 2956 struct timespec *tsp, int *retflags) 2957 { 2958 struct timespec tsnow; 2959 int error; 2960 2961 vfs_timestamp(&tsnow); 2962 *retflags = 0; 2963 if (usrtsp == NULL) { 2964 tsp[0] = tsnow; 2965 tsp[1] = tsnow; 2966 *retflags |= UTIMENS_NULL; 2967 return (0); 2968 } 2969 if (tspseg == UIO_SYSSPACE) { 2970 tsp[0] = usrtsp[0]; 2971 tsp[1] = usrtsp[1]; 2972 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0) 2973 return (error); 2974 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT) 2975 *retflags |= UTIMENS_EXIT; 2976 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW) 2977 *retflags |= UTIMENS_NULL; 2978 if (tsp[0].tv_nsec == UTIME_OMIT) 2979 tsp[0].tv_sec = VNOVAL; 2980 else if (tsp[0].tv_nsec == UTIME_NOW) 2981 tsp[0] = tsnow; 2982 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L) 2983 return (EINVAL); 2984 if (tsp[1].tv_nsec == UTIME_OMIT) 2985 tsp[1].tv_sec = VNOVAL; 2986 else if (tsp[1].tv_nsec == UTIME_NOW) 2987 tsp[1] = tsnow; 2988 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L) 2989 return (EINVAL); 2990 2991 return (0); 2992 } 2993 2994 /* 2995 * Common implementation code for utimes(), lutimes(), futimes(), futimens(), 2996 * and utimensat(). 2997 */ 2998 static int 2999 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts, 3000 int numtimes, int nullflag) 3001 { 3002 struct mount *mp; 3003 struct vattr vattr; 3004 int error, setbirthtime; 3005 3006 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 3007 return (error); 3008 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 3009 setbirthtime = 0; 3010 if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) && 3011 timespeccmp(&ts[1], &vattr.va_birthtime, < )) 3012 setbirthtime = 1; 3013 VATTR_NULL(&vattr); 3014 vattr.va_atime = ts[0]; 3015 vattr.va_mtime = ts[1]; 3016 if (setbirthtime) 3017 vattr.va_birthtime = ts[1]; 3018 if (numtimes > 2) 3019 vattr.va_birthtime = ts[2]; 3020 if (nullflag) 3021 vattr.va_vaflags |= VA_UTIMES_NULL; 3022 #ifdef MAC 3023 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime, 3024 vattr.va_mtime); 3025 #endif 3026 if (error == 0) 3027 error = VOP_SETATTR(vp, &vattr, td->td_ucred); 3028 VOP_UNLOCK(vp, 0); 3029 vn_finished_write(mp); 3030 return (error); 3031 } 3032 3033 /* 3034 * Set the access and modification times of a file. 3035 */ 3036 #ifndef _SYS_SYSPROTO_H_ 3037 struct utimes_args { 3038 char *path; 3039 struct timeval *tptr; 3040 }; 3041 #endif 3042 int 3043 sys_utimes(struct thread *td, struct utimes_args *uap) 3044 { 3045 3046 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 3047 uap->tptr, UIO_USERSPACE)); 3048 } 3049 3050 #ifndef _SYS_SYSPROTO_H_ 3051 struct futimesat_args { 3052 int fd; 3053 const char * path; 3054 const struct timeval * times; 3055 }; 3056 #endif 3057 int 3058 sys_futimesat(struct thread *td, struct futimesat_args *uap) 3059 { 3060 3061 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE, 3062 uap->times, UIO_USERSPACE)); 3063 } 3064 3065 int 3066 kern_utimesat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 3067 struct timeval *tptr, enum uio_seg tptrseg) 3068 { 3069 struct nameidata nd; 3070 struct timespec ts[2]; 3071 cap_rights_t rights; 3072 int error; 3073 3074 if ((error = getutimes(tptr, tptrseg, ts)) != 0) 3075 return (error); 3076 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd, 3077 cap_rights_init(&rights, CAP_FUTIMES), td); 3078 3079 if ((error = namei(&nd)) != 0) 3080 return (error); 3081 NDFREE(&nd, NDF_ONLY_PNBUF); 3082 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL); 3083 vrele(nd.ni_vp); 3084 return (error); 3085 } 3086 3087 /* 3088 * Set the access and modification times of a file. 3089 */ 3090 #ifndef _SYS_SYSPROTO_H_ 3091 struct lutimes_args { 3092 char *path; 3093 struct timeval *tptr; 3094 }; 3095 #endif 3096 int 3097 sys_lutimes(struct thread *td, struct lutimes_args *uap) 3098 { 3099 3100 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr, 3101 UIO_USERSPACE)); 3102 } 3103 3104 int 3105 kern_lutimes(struct thread *td, char *path, enum uio_seg pathseg, 3106 struct timeval *tptr, enum uio_seg tptrseg) 3107 { 3108 struct timespec ts[2]; 3109 struct nameidata nd; 3110 int error; 3111 3112 if ((error = getutimes(tptr, tptrseg, ts)) != 0) 3113 return (error); 3114 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td); 3115 if ((error = namei(&nd)) != 0) 3116 return (error); 3117 NDFREE(&nd, NDF_ONLY_PNBUF); 3118 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL); 3119 vrele(nd.ni_vp); 3120 return (error); 3121 } 3122 3123 /* 3124 * Set the access and modification times of a file. 3125 */ 3126 #ifndef _SYS_SYSPROTO_H_ 3127 struct futimes_args { 3128 int fd; 3129 struct timeval *tptr; 3130 }; 3131 #endif 3132 int 3133 sys_futimes(struct thread *td, struct futimes_args *uap) 3134 { 3135 3136 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE)); 3137 } 3138 3139 int 3140 kern_futimes(struct thread *td, int fd, struct timeval *tptr, 3141 enum uio_seg tptrseg) 3142 { 3143 struct timespec ts[2]; 3144 struct file *fp; 3145 cap_rights_t rights; 3146 int error; 3147 3148 AUDIT_ARG_FD(fd); 3149 error = getutimes(tptr, tptrseg, ts); 3150 if (error != 0) 3151 return (error); 3152 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp); 3153 if (error != 0) 3154 return (error); 3155 #ifdef AUDIT 3156 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY); 3157 AUDIT_ARG_VNODE1(fp->f_vnode); 3158 VOP_UNLOCK(fp->f_vnode, 0); 3159 #endif 3160 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL); 3161 fdrop(fp, td); 3162 return (error); 3163 } 3164 3165 int 3166 sys_futimens(struct thread *td, struct futimens_args *uap) 3167 { 3168 3169 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE)); 3170 } 3171 3172 int 3173 kern_futimens(struct thread *td, int fd, struct timespec *tptr, 3174 enum uio_seg tptrseg) 3175 { 3176 struct timespec ts[2]; 3177 struct file *fp; 3178 cap_rights_t rights; 3179 int error, flags; 3180 3181 AUDIT_ARG_FD(fd); 3182 error = getutimens(tptr, tptrseg, ts, &flags); 3183 if (error != 0) 3184 return (error); 3185 if (flags & UTIMENS_EXIT) 3186 return (0); 3187 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp); 3188 if (error != 0) 3189 return (error); 3190 #ifdef AUDIT 3191 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY); 3192 AUDIT_ARG_VNODE1(fp->f_vnode); 3193 VOP_UNLOCK(fp->f_vnode, 0); 3194 #endif 3195 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL); 3196 fdrop(fp, td); 3197 return (error); 3198 } 3199 3200 int 3201 sys_utimensat(struct thread *td, struct utimensat_args *uap) 3202 { 3203 3204 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE, 3205 uap->times, UIO_USERSPACE, uap->flag)); 3206 } 3207 3208 int 3209 kern_utimensat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 3210 struct timespec *tptr, enum uio_seg tptrseg, int flag) 3211 { 3212 struct nameidata nd; 3213 struct timespec ts[2]; 3214 cap_rights_t rights; 3215 int error, flags; 3216 3217 if (flag & ~AT_SYMLINK_NOFOLLOW) 3218 return (EINVAL); 3219 3220 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0) 3221 return (error); 3222 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : 3223 FOLLOW) | AUDITVNODE1, pathseg, path, fd, 3224 cap_rights_init(&rights, CAP_FUTIMES), td); 3225 if ((error = namei(&nd)) != 0) 3226 return (error); 3227 /* 3228 * We are allowed to call namei() regardless of 2xUTIME_OMIT. 3229 * POSIX states: 3230 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected." 3231 * "Search permission is denied by a component of the path prefix." 3232 */ 3233 NDFREE(&nd, NDF_ONLY_PNBUF); 3234 if ((flags & UTIMENS_EXIT) == 0) 3235 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL); 3236 vrele(nd.ni_vp); 3237 return (error); 3238 } 3239 3240 /* 3241 * Truncate a file given its path name. 3242 */ 3243 #ifndef _SYS_SYSPROTO_H_ 3244 struct truncate_args { 3245 char *path; 3246 int pad; 3247 off_t length; 3248 }; 3249 #endif 3250 int 3251 sys_truncate(struct thread *td, struct truncate_args *uap) 3252 { 3253 3254 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length)); 3255 } 3256 3257 int 3258 kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length) 3259 { 3260 struct mount *mp; 3261 struct vnode *vp; 3262 void *rl_cookie; 3263 struct vattr vattr; 3264 struct nameidata nd; 3265 int error; 3266 3267 if (length < 0) 3268 return(EINVAL); 3269 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td); 3270 if ((error = namei(&nd)) != 0) 3271 return (error); 3272 vp = nd.ni_vp; 3273 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX); 3274 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) { 3275 vn_rangelock_unlock(vp, rl_cookie); 3276 vrele(vp); 3277 return (error); 3278 } 3279 NDFREE(&nd, NDF_ONLY_PNBUF); 3280 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 3281 if (vp->v_type == VDIR) 3282 error = EISDIR; 3283 #ifdef MAC 3284 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) { 3285 } 3286 #endif 3287 else if ((error = vn_writechk(vp)) == 0 && 3288 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) { 3289 VATTR_NULL(&vattr); 3290 vattr.va_size = length; 3291 error = VOP_SETATTR(vp, &vattr, td->td_ucred); 3292 } 3293 VOP_UNLOCK(vp, 0); 3294 vn_finished_write(mp); 3295 vn_rangelock_unlock(vp, rl_cookie); 3296 vrele(vp); 3297 return (error); 3298 } 3299 3300 #if defined(COMPAT_43) 3301 /* 3302 * Truncate a file given its path name. 3303 */ 3304 #ifndef _SYS_SYSPROTO_H_ 3305 struct otruncate_args { 3306 char *path; 3307 long length; 3308 }; 3309 #endif 3310 int 3311 otruncate(struct thread *td, struct otruncate_args *uap) 3312 { 3313 3314 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length)); 3315 } 3316 #endif /* COMPAT_43 */ 3317 3318 #if defined(COMPAT_FREEBSD6) 3319 /* Versions with the pad argument */ 3320 int 3321 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap) 3322 { 3323 3324 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length)); 3325 } 3326 3327 int 3328 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap) 3329 { 3330 3331 return (kern_ftruncate(td, uap->fd, uap->length)); 3332 } 3333 #endif 3334 3335 int 3336 kern_fsync(struct thread *td, int fd, bool fullsync) 3337 { 3338 struct vnode *vp; 3339 struct mount *mp; 3340 struct file *fp; 3341 cap_rights_t rights; 3342 int error, lock_flags; 3343 3344 AUDIT_ARG_FD(fd); 3345 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSYNC), &fp); 3346 if (error != 0) 3347 return (error); 3348 vp = fp->f_vnode; 3349 #if 0 3350 if (!fullsync) 3351 /* XXXKIB: compete outstanding aio writes */; 3352 #endif 3353 error = vn_start_write(vp, &mp, V_WAIT | PCATCH); 3354 if (error != 0) 3355 goto drop; 3356 if (MNT_SHARED_WRITES(mp) || 3357 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) { 3358 lock_flags = LK_SHARED; 3359 } else { 3360 lock_flags = LK_EXCLUSIVE; 3361 } 3362 vn_lock(vp, lock_flags | LK_RETRY); 3363 AUDIT_ARG_VNODE1(vp); 3364 if (vp->v_object != NULL) { 3365 VM_OBJECT_WLOCK(vp->v_object); 3366 vm_object_page_clean(vp->v_object, 0, 0, 0); 3367 VM_OBJECT_WUNLOCK(vp->v_object); 3368 } 3369 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td); 3370 VOP_UNLOCK(vp, 0); 3371 vn_finished_write(mp); 3372 drop: 3373 fdrop(fp, td); 3374 return (error); 3375 } 3376 3377 /* 3378 * Sync an open file. 3379 */ 3380 #ifndef _SYS_SYSPROTO_H_ 3381 struct fsync_args { 3382 int fd; 3383 }; 3384 #endif 3385 int 3386 sys_fsync(struct thread *td, struct fsync_args *uap) 3387 { 3388 3389 return (kern_fsync(td, uap->fd, true)); 3390 } 3391 3392 int 3393 sys_fdatasync(struct thread *td, struct fdatasync_args *uap) 3394 { 3395 3396 return (kern_fsync(td, uap->fd, false)); 3397 } 3398 3399 /* 3400 * Rename files. Source and destination must either both be directories, or 3401 * both not be directories. If target is a directory, it must be empty. 3402 */ 3403 #ifndef _SYS_SYSPROTO_H_ 3404 struct rename_args { 3405 char *from; 3406 char *to; 3407 }; 3408 #endif 3409 int 3410 sys_rename(struct thread *td, struct rename_args *uap) 3411 { 3412 3413 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD, 3414 uap->to, UIO_USERSPACE)); 3415 } 3416 3417 #ifndef _SYS_SYSPROTO_H_ 3418 struct renameat_args { 3419 int oldfd; 3420 char *old; 3421 int newfd; 3422 char *new; 3423 }; 3424 #endif 3425 int 3426 sys_renameat(struct thread *td, struct renameat_args *uap) 3427 { 3428 3429 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new, 3430 UIO_USERSPACE)); 3431 } 3432 3433 int 3434 kern_renameat(struct thread *td, int oldfd, char *old, int newfd, char *new, 3435 enum uio_seg pathseg) 3436 { 3437 struct mount *mp = NULL; 3438 struct vnode *tvp, *fvp, *tdvp; 3439 struct nameidata fromnd, tond; 3440 cap_rights_t rights; 3441 int error; 3442 3443 again: 3444 bwillwrite(); 3445 #ifdef MAC 3446 NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | 3447 AUDITVNODE1, pathseg, old, oldfd, 3448 cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td); 3449 #else 3450 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1, 3451 pathseg, old, oldfd, 3452 cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td); 3453 #endif 3454 3455 if ((error = namei(&fromnd)) != 0) 3456 return (error); 3457 #ifdef MAC 3458 error = mac_vnode_check_rename_from(td->td_ucred, fromnd.ni_dvp, 3459 fromnd.ni_vp, &fromnd.ni_cnd); 3460 VOP_UNLOCK(fromnd.ni_dvp, 0); 3461 if (fromnd.ni_dvp != fromnd.ni_vp) 3462 VOP_UNLOCK(fromnd.ni_vp, 0); 3463 #endif 3464 fvp = fromnd.ni_vp; 3465 NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | 3466 SAVESTART | AUDITVNODE2, pathseg, new, newfd, 3467 cap_rights_init(&rights, CAP_RENAMEAT_TARGET), td); 3468 if (fromnd.ni_vp->v_type == VDIR) 3469 tond.ni_cnd.cn_flags |= WILLBEDIR; 3470 if ((error = namei(&tond)) != 0) { 3471 /* Translate error code for rename("dir1", "dir2/."). */ 3472 if (error == EISDIR && fvp->v_type == VDIR) 3473 error = EINVAL; 3474 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3475 vrele(fromnd.ni_dvp); 3476 vrele(fvp); 3477 goto out1; 3478 } 3479 tdvp = tond.ni_dvp; 3480 tvp = tond.ni_vp; 3481 error = vn_start_write(fvp, &mp, V_NOWAIT); 3482 if (error != 0) { 3483 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3484 NDFREE(&tond, NDF_ONLY_PNBUF); 3485 if (tvp != NULL) 3486 vput(tvp); 3487 if (tdvp == tvp) 3488 vrele(tdvp); 3489 else 3490 vput(tdvp); 3491 vrele(fromnd.ni_dvp); 3492 vrele(fvp); 3493 vrele(tond.ni_startdir); 3494 if (fromnd.ni_startdir != NULL) 3495 vrele(fromnd.ni_startdir); 3496 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH); 3497 if (error != 0) 3498 return (error); 3499 goto again; 3500 } 3501 if (tvp != NULL) { 3502 if (fvp->v_type == VDIR && tvp->v_type != VDIR) { 3503 error = ENOTDIR; 3504 goto out; 3505 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) { 3506 error = EISDIR; 3507 goto out; 3508 } 3509 #ifdef CAPABILITIES 3510 if (newfd != AT_FDCWD) { 3511 /* 3512 * If the target already exists we require CAP_UNLINKAT 3513 * from 'newfd'. 3514 */ 3515 error = cap_check(&tond.ni_filecaps.fc_rights, 3516 cap_rights_init(&rights, CAP_UNLINKAT)); 3517 if (error != 0) 3518 goto out; 3519 } 3520 #endif 3521 } 3522 if (fvp == tdvp) { 3523 error = EINVAL; 3524 goto out; 3525 } 3526 /* 3527 * If the source is the same as the destination (that is, if they 3528 * are links to the same vnode), then there is nothing to do. 3529 */ 3530 if (fvp == tvp) 3531 error = -1; 3532 #ifdef MAC 3533 else 3534 error = mac_vnode_check_rename_to(td->td_ucred, tdvp, 3535 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd); 3536 #endif 3537 out: 3538 if (error == 0) { 3539 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd, 3540 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd); 3541 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3542 NDFREE(&tond, NDF_ONLY_PNBUF); 3543 } else { 3544 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3545 NDFREE(&tond, NDF_ONLY_PNBUF); 3546 if (tvp != NULL) 3547 vput(tvp); 3548 if (tdvp == tvp) 3549 vrele(tdvp); 3550 else 3551 vput(tdvp); 3552 vrele(fromnd.ni_dvp); 3553 vrele(fvp); 3554 } 3555 vrele(tond.ni_startdir); 3556 vn_finished_write(mp); 3557 out1: 3558 if (fromnd.ni_startdir) 3559 vrele(fromnd.ni_startdir); 3560 if (error == -1) 3561 return (0); 3562 return (error); 3563 } 3564 3565 /* 3566 * Make a directory file. 3567 */ 3568 #ifndef _SYS_SYSPROTO_H_ 3569 struct mkdir_args { 3570 char *path; 3571 int mode; 3572 }; 3573 #endif 3574 int 3575 sys_mkdir(struct thread *td, struct mkdir_args *uap) 3576 { 3577 3578 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 3579 uap->mode)); 3580 } 3581 3582 #ifndef _SYS_SYSPROTO_H_ 3583 struct mkdirat_args { 3584 int fd; 3585 char *path; 3586 mode_t mode; 3587 }; 3588 #endif 3589 int 3590 sys_mkdirat(struct thread *td, struct mkdirat_args *uap) 3591 { 3592 3593 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode)); 3594 } 3595 3596 int 3597 kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg, 3598 int mode) 3599 { 3600 struct mount *mp; 3601 struct vnode *vp; 3602 struct vattr vattr; 3603 struct nameidata nd; 3604 cap_rights_t rights; 3605 int error; 3606 3607 AUDIT_ARG_MODE(mode); 3608 restart: 3609 bwillwrite(); 3610 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 3611 NOCACHE, segflg, path, fd, cap_rights_init(&rights, CAP_MKDIRAT), 3612 td); 3613 nd.ni_cnd.cn_flags |= WILLBEDIR; 3614 if ((error = namei(&nd)) != 0) 3615 return (error); 3616 vp = nd.ni_vp; 3617 if (vp != NULL) { 3618 NDFREE(&nd, NDF_ONLY_PNBUF); 3619 /* 3620 * XXX namei called with LOCKPARENT but not LOCKLEAF has 3621 * the strange behaviour of leaving the vnode unlocked 3622 * if the target is the same vnode as the parent. 3623 */ 3624 if (vp == nd.ni_dvp) 3625 vrele(nd.ni_dvp); 3626 else 3627 vput(nd.ni_dvp); 3628 vrele(vp); 3629 return (EEXIST); 3630 } 3631 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 3632 NDFREE(&nd, NDF_ONLY_PNBUF); 3633 vput(nd.ni_dvp); 3634 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 3635 return (error); 3636 goto restart; 3637 } 3638 VATTR_NULL(&vattr); 3639 vattr.va_type = VDIR; 3640 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; 3641 #ifdef MAC 3642 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 3643 &vattr); 3644 if (error != 0) 3645 goto out; 3646 #endif 3647 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 3648 #ifdef MAC 3649 out: 3650 #endif 3651 NDFREE(&nd, NDF_ONLY_PNBUF); 3652 vput(nd.ni_dvp); 3653 if (error == 0) 3654 vput(nd.ni_vp); 3655 vn_finished_write(mp); 3656 return (error); 3657 } 3658 3659 /* 3660 * Remove a directory file. 3661 */ 3662 #ifndef _SYS_SYSPROTO_H_ 3663 struct rmdir_args { 3664 char *path; 3665 }; 3666 #endif 3667 int 3668 sys_rmdir(struct thread *td, struct rmdir_args *uap) 3669 { 3670 3671 return (kern_rmdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE)); 3672 } 3673 3674 int 3675 kern_rmdirat(struct thread *td, int fd, char *path, enum uio_seg pathseg) 3676 { 3677 struct mount *mp; 3678 struct vnode *vp; 3679 struct nameidata nd; 3680 cap_rights_t rights; 3681 int error; 3682 3683 restart: 3684 bwillwrite(); 3685 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1, 3686 pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td); 3687 if ((error = namei(&nd)) != 0) 3688 return (error); 3689 vp = nd.ni_vp; 3690 if (vp->v_type != VDIR) { 3691 error = ENOTDIR; 3692 goto out; 3693 } 3694 /* 3695 * No rmdir "." please. 3696 */ 3697 if (nd.ni_dvp == vp) { 3698 error = EINVAL; 3699 goto out; 3700 } 3701 /* 3702 * The root of a mounted filesystem cannot be deleted. 3703 */ 3704 if (vp->v_vflag & VV_ROOT) { 3705 error = EBUSY; 3706 goto out; 3707 } 3708 #ifdef MAC 3709 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp, 3710 &nd.ni_cnd); 3711 if (error != 0) 3712 goto out; 3713 #endif 3714 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 3715 NDFREE(&nd, NDF_ONLY_PNBUF); 3716 vput(vp); 3717 if (nd.ni_dvp == vp) 3718 vrele(nd.ni_dvp); 3719 else 3720 vput(nd.ni_dvp); 3721 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 3722 return (error); 3723 goto restart; 3724 } 3725 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK); 3726 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd); 3727 vn_finished_write(mp); 3728 out: 3729 NDFREE(&nd, NDF_ONLY_PNBUF); 3730 vput(vp); 3731 if (nd.ni_dvp == vp) 3732 vrele(nd.ni_dvp); 3733 else 3734 vput(nd.ni_dvp); 3735 return (error); 3736 } 3737 3738 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11) 3739 int 3740 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count, 3741 long *basep, void (*func)(struct freebsd11_dirent *)) 3742 { 3743 struct freebsd11_dirent dstdp; 3744 struct dirent *dp, *edp; 3745 char *dirbuf; 3746 off_t base; 3747 ssize_t resid, ucount; 3748 int error; 3749 3750 /* XXX arbitrary sanity limit on `count'. */ 3751 count = min(count, 64 * 1024); 3752 3753 dirbuf = malloc(count, M_TEMP, M_WAITOK); 3754 3755 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid, 3756 UIO_SYSSPACE); 3757 if (error != 0) 3758 goto done; 3759 if (basep != NULL) 3760 *basep = base; 3761 3762 ucount = 0; 3763 for (dp = (struct dirent *)dirbuf, 3764 edp = (struct dirent *)&dirbuf[count - resid]; 3765 ucount < count && dp < edp; ) { 3766 if (dp->d_reclen == 0) 3767 break; 3768 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0)); 3769 if (dp->d_namlen >= sizeof(dstdp.d_name)) 3770 continue; 3771 dstdp.d_type = dp->d_type; 3772 dstdp.d_namlen = dp->d_namlen; 3773 dstdp.d_fileno = dp->d_fileno; /* truncate */ 3774 if (dstdp.d_fileno != dp->d_fileno) { 3775 switch (ino64_trunc_error) { 3776 default: 3777 case 0: 3778 break; 3779 case 1: 3780 error = EOVERFLOW; 3781 goto done; 3782 case 2: 3783 dstdp.d_fileno = UINT32_MAX; 3784 break; 3785 } 3786 } 3787 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) + 3788 ((dp->d_namlen + 1 + 3) &~ 3); 3789 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 3790 bzero(dstdp.d_name + dstdp.d_namlen, 3791 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) - 3792 dstdp.d_namlen); 3793 MPASS(dstdp.d_reclen <= dp->d_reclen); 3794 MPASS(ucount + dstdp.d_reclen <= count); 3795 if (func != NULL) 3796 func(&dstdp); 3797 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen); 3798 if (error != 0) 3799 break; 3800 dp = (struct dirent *)((char *)dp + dp->d_reclen); 3801 ucount += dstdp.d_reclen; 3802 } 3803 3804 done: 3805 free(dirbuf, M_TEMP); 3806 if (error == 0) 3807 td->td_retval[0] = ucount; 3808 return (error); 3809 } 3810 #endif /* COMPAT */ 3811 3812 #ifdef COMPAT_43 3813 static void 3814 ogetdirentries_cvt(struct freebsd11_dirent *dp) 3815 { 3816 #if (BYTE_ORDER == LITTLE_ENDIAN) 3817 /* 3818 * The expected low byte of dp->d_namlen is our dp->d_type. 3819 * The high MBZ byte of dp->d_namlen is our dp->d_namlen. 3820 */ 3821 dp->d_type = dp->d_namlen; 3822 dp->d_namlen = 0; 3823 #else 3824 /* 3825 * The dp->d_type is the high byte of the expected dp->d_namlen, 3826 * so must be zero'ed. 3827 */ 3828 dp->d_type = 0; 3829 #endif 3830 } 3831 3832 /* 3833 * Read a block of directory entries in a filesystem independent format. 3834 */ 3835 #ifndef _SYS_SYSPROTO_H_ 3836 struct ogetdirentries_args { 3837 int fd; 3838 char *buf; 3839 u_int count; 3840 long *basep; 3841 }; 3842 #endif 3843 int 3844 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap) 3845 { 3846 long loff; 3847 int error; 3848 3849 error = kern_ogetdirentries(td, uap, &loff); 3850 if (error == 0) 3851 error = copyout(&loff, uap->basep, sizeof(long)); 3852 return (error); 3853 } 3854 3855 int 3856 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap, 3857 long *ploff) 3858 { 3859 long base; 3860 int error; 3861 3862 /* XXX arbitrary sanity limit on `count'. */ 3863 if (uap->count > 64 * 1024) 3864 return (EINVAL); 3865 3866 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count, 3867 &base, ogetdirentries_cvt); 3868 3869 if (error == 0 && uap->basep != NULL) 3870 error = copyout(&base, uap->basep, sizeof(long)); 3871 3872 return (error); 3873 } 3874 #endif /* COMPAT_43 */ 3875 3876 #if defined(COMPAT_FREEBSD11) 3877 #ifndef _SYS_SYSPROTO_H_ 3878 struct freebsd11_getdirentries_args { 3879 int fd; 3880 char *buf; 3881 u_int count; 3882 long *basep; 3883 }; 3884 #endif 3885 int 3886 freebsd11_getdirentries(struct thread *td, 3887 struct freebsd11_getdirentries_args *uap) 3888 { 3889 long base; 3890 int error; 3891 3892 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count, 3893 &base, NULL); 3894 3895 if (error == 0 && uap->basep != NULL) 3896 error = copyout(&base, uap->basep, sizeof(long)); 3897 return (error); 3898 } 3899 3900 int 3901 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap) 3902 { 3903 struct freebsd11_getdirentries_args ap; 3904 3905 ap.fd = uap->fd; 3906 ap.buf = uap->buf; 3907 ap.count = uap->count; 3908 ap.basep = NULL; 3909 return (freebsd11_getdirentries(td, &ap)); 3910 } 3911 #endif /* COMPAT_FREEBSD11 */ 3912 3913 /* 3914 * Read a block of directory entries in a filesystem independent format. 3915 */ 3916 int 3917 sys_getdirentries(struct thread *td, struct getdirentries_args *uap) 3918 { 3919 off_t base; 3920 int error; 3921 3922 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base, 3923 NULL, UIO_USERSPACE); 3924 if (error != 0) 3925 return (error); 3926 if (uap->basep != NULL) 3927 error = copyout(&base, uap->basep, sizeof(off_t)); 3928 return (error); 3929 } 3930 3931 int 3932 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count, 3933 off_t *basep, ssize_t *residp, enum uio_seg bufseg) 3934 { 3935 struct vnode *vp; 3936 struct file *fp; 3937 struct uio auio; 3938 struct iovec aiov; 3939 cap_rights_t rights; 3940 off_t loff; 3941 int error, eofflag; 3942 off_t foffset; 3943 3944 AUDIT_ARG_FD(fd); 3945 if (count > IOSIZE_MAX) 3946 return (EINVAL); 3947 auio.uio_resid = count; 3948 error = getvnode(td, fd, cap_rights_init(&rights, CAP_READ), &fp); 3949 if (error != 0) 3950 return (error); 3951 if ((fp->f_flag & FREAD) == 0) { 3952 fdrop(fp, td); 3953 return (EBADF); 3954 } 3955 vp = fp->f_vnode; 3956 foffset = foffset_lock(fp, 0); 3957 unionread: 3958 if (vp->v_type != VDIR) { 3959 error = EINVAL; 3960 goto fail; 3961 } 3962 aiov.iov_base = buf; 3963 aiov.iov_len = count; 3964 auio.uio_iov = &aiov; 3965 auio.uio_iovcnt = 1; 3966 auio.uio_rw = UIO_READ; 3967 auio.uio_segflg = bufseg; 3968 auio.uio_td = td; 3969 vn_lock(vp, LK_SHARED | LK_RETRY); 3970 AUDIT_ARG_VNODE1(vp); 3971 loff = auio.uio_offset = foffset; 3972 #ifdef MAC 3973 error = mac_vnode_check_readdir(td->td_ucred, vp); 3974 if (error == 0) 3975 #endif 3976 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, 3977 NULL); 3978 foffset = auio.uio_offset; 3979 if (error != 0) { 3980 VOP_UNLOCK(vp, 0); 3981 goto fail; 3982 } 3983 if (count == auio.uio_resid && 3984 (vp->v_vflag & VV_ROOT) && 3985 (vp->v_mount->mnt_flag & MNT_UNION)) { 3986 struct vnode *tvp = vp; 3987 3988 vp = vp->v_mount->mnt_vnodecovered; 3989 VREF(vp); 3990 fp->f_vnode = vp; 3991 fp->f_data = vp; 3992 foffset = 0; 3993 vput(tvp); 3994 goto unionread; 3995 } 3996 VOP_UNLOCK(vp, 0); 3997 *basep = loff; 3998 if (residp != NULL) 3999 *residp = auio.uio_resid; 4000 td->td_retval[0] = count - auio.uio_resid; 4001 fail: 4002 foffset_unlock(fp, foffset, 0); 4003 fdrop(fp, td); 4004 return (error); 4005 } 4006 4007 /* 4008 * Set the mode mask for creation of filesystem nodes. 4009 */ 4010 #ifndef _SYS_SYSPROTO_H_ 4011 struct umask_args { 4012 int newmask; 4013 }; 4014 #endif 4015 int 4016 sys_umask(struct thread *td, struct umask_args *uap) 4017 { 4018 struct filedesc *fdp; 4019 4020 fdp = td->td_proc->p_fd; 4021 FILEDESC_XLOCK(fdp); 4022 td->td_retval[0] = fdp->fd_cmask; 4023 fdp->fd_cmask = uap->newmask & ALLPERMS; 4024 FILEDESC_XUNLOCK(fdp); 4025 return (0); 4026 } 4027 4028 /* 4029 * Void all references to file by ripping underlying filesystem away from 4030 * vnode. 4031 */ 4032 #ifndef _SYS_SYSPROTO_H_ 4033 struct revoke_args { 4034 char *path; 4035 }; 4036 #endif 4037 int 4038 sys_revoke(struct thread *td, struct revoke_args *uap) 4039 { 4040 struct vnode *vp; 4041 struct vattr vattr; 4042 struct nameidata nd; 4043 int error; 4044 4045 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 4046 uap->path, td); 4047 if ((error = namei(&nd)) != 0) 4048 return (error); 4049 vp = nd.ni_vp; 4050 NDFREE(&nd, NDF_ONLY_PNBUF); 4051 if (vp->v_type != VCHR || vp->v_rdev == NULL) { 4052 error = EINVAL; 4053 goto out; 4054 } 4055 #ifdef MAC 4056 error = mac_vnode_check_revoke(td->td_ucred, vp); 4057 if (error != 0) 4058 goto out; 4059 #endif 4060 error = VOP_GETATTR(vp, &vattr, td->td_ucred); 4061 if (error != 0) 4062 goto out; 4063 if (td->td_ucred->cr_uid != vattr.va_uid) { 4064 error = priv_check(td, PRIV_VFS_ADMIN); 4065 if (error != 0) 4066 goto out; 4067 } 4068 if (vcount(vp) > 1) 4069 VOP_REVOKE(vp, REVOKEALL); 4070 out: 4071 vput(vp); 4072 return (error); 4073 } 4074 4075 /* 4076 * Convert a user file descriptor to a kernel file entry and check that, if it 4077 * is a capability, the correct rights are present. A reference on the file 4078 * entry is held upon returning. 4079 */ 4080 int 4081 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp) 4082 { 4083 struct file *fp; 4084 int error; 4085 4086 error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp, NULL); 4087 if (error != 0) 4088 return (error); 4089 4090 /* 4091 * The file could be not of the vnode type, or it may be not 4092 * yet fully initialized, in which case the f_vnode pointer 4093 * may be set, but f_ops is still badfileops. E.g., 4094 * devfs_open() transiently create such situation to 4095 * facilitate csw d_fdopen(). 4096 * 4097 * Dupfdopen() handling in kern_openat() installs the 4098 * half-baked file into the process descriptor table, allowing 4099 * other thread to dereference it. Guard against the race by 4100 * checking f_ops. 4101 */ 4102 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) { 4103 fdrop(fp, td); 4104 return (EINVAL); 4105 } 4106 *fpp = fp; 4107 return (0); 4108 } 4109 4110 4111 /* 4112 * Get an (NFS) file handle. 4113 */ 4114 #ifndef _SYS_SYSPROTO_H_ 4115 struct lgetfh_args { 4116 char *fname; 4117 fhandle_t *fhp; 4118 }; 4119 #endif 4120 int 4121 sys_lgetfh(struct thread *td, struct lgetfh_args *uap) 4122 { 4123 struct nameidata nd; 4124 fhandle_t fh; 4125 struct vnode *vp; 4126 int error; 4127 4128 error = priv_check(td, PRIV_VFS_GETFH); 4129 if (error != 0) 4130 return (error); 4131 NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 4132 uap->fname, td); 4133 error = namei(&nd); 4134 if (error != 0) 4135 return (error); 4136 NDFREE(&nd, NDF_ONLY_PNBUF); 4137 vp = nd.ni_vp; 4138 bzero(&fh, sizeof(fh)); 4139 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid; 4140 error = VOP_VPTOFH(vp, &fh.fh_fid); 4141 vput(vp); 4142 if (error == 0) 4143 error = copyout(&fh, uap->fhp, sizeof (fh)); 4144 return (error); 4145 } 4146 4147 #ifndef _SYS_SYSPROTO_H_ 4148 struct getfh_args { 4149 char *fname; 4150 fhandle_t *fhp; 4151 }; 4152 #endif 4153 int 4154 sys_getfh(struct thread *td, struct getfh_args *uap) 4155 { 4156 struct nameidata nd; 4157 fhandle_t fh; 4158 struct vnode *vp; 4159 int error; 4160 4161 error = priv_check(td, PRIV_VFS_GETFH); 4162 if (error != 0) 4163 return (error); 4164 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 4165 uap->fname, td); 4166 error = namei(&nd); 4167 if (error != 0) 4168 return (error); 4169 NDFREE(&nd, NDF_ONLY_PNBUF); 4170 vp = nd.ni_vp; 4171 bzero(&fh, sizeof(fh)); 4172 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid; 4173 error = VOP_VPTOFH(vp, &fh.fh_fid); 4174 vput(vp); 4175 if (error == 0) 4176 error = copyout(&fh, uap->fhp, sizeof (fh)); 4177 return (error); 4178 } 4179 4180 /* 4181 * syscall for the rpc.lockd to use to translate a NFS file handle into an 4182 * open descriptor. 4183 * 4184 * warning: do not remove the priv_check() call or this becomes one giant 4185 * security hole. 4186 */ 4187 #ifndef _SYS_SYSPROTO_H_ 4188 struct fhopen_args { 4189 const struct fhandle *u_fhp; 4190 int flags; 4191 }; 4192 #endif 4193 int 4194 sys_fhopen(struct thread *td, struct fhopen_args *uap) 4195 { 4196 struct mount *mp; 4197 struct vnode *vp; 4198 struct fhandle fhp; 4199 struct file *fp; 4200 int fmode, error; 4201 int indx; 4202 4203 error = priv_check(td, PRIV_VFS_FHOPEN); 4204 if (error != 0) 4205 return (error); 4206 indx = -1; 4207 fmode = FFLAGS(uap->flags); 4208 /* why not allow a non-read/write open for our lockd? */ 4209 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT)) 4210 return (EINVAL); 4211 error = copyin(uap->u_fhp, &fhp, sizeof(fhp)); 4212 if (error != 0) 4213 return(error); 4214 /* find the mount point */ 4215 mp = vfs_busyfs(&fhp.fh_fsid); 4216 if (mp == NULL) 4217 return (ESTALE); 4218 /* now give me my vnode, it gets returned to me locked */ 4219 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp); 4220 vfs_unbusy(mp); 4221 if (error != 0) 4222 return (error); 4223 4224 error = falloc_noinstall(td, &fp); 4225 if (error != 0) { 4226 vput(vp); 4227 return (error); 4228 } 4229 /* 4230 * An extra reference on `fp' has been held for us by 4231 * falloc_noinstall(). 4232 */ 4233 4234 #ifdef INVARIANTS 4235 td->td_dupfd = -1; 4236 #endif 4237 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp); 4238 if (error != 0) { 4239 KASSERT(fp->f_ops == &badfileops, 4240 ("VOP_OPEN in fhopen() set f_ops")); 4241 KASSERT(td->td_dupfd < 0, 4242 ("fhopen() encountered fdopen()")); 4243 4244 vput(vp); 4245 goto bad; 4246 } 4247 #ifdef INVARIANTS 4248 td->td_dupfd = 0; 4249 #endif 4250 fp->f_vnode = vp; 4251 fp->f_seqcount = 1; 4252 finit(fp, (fmode & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE, vp, 4253 &vnops); 4254 VOP_UNLOCK(vp, 0); 4255 if ((fmode & O_TRUNC) != 0) { 4256 error = fo_truncate(fp, 0, td->td_ucred, td); 4257 if (error != 0) 4258 goto bad; 4259 } 4260 4261 error = finstall(td, fp, &indx, fmode, NULL); 4262 bad: 4263 fdrop(fp, td); 4264 td->td_retval[0] = indx; 4265 return (error); 4266 } 4267 4268 /* 4269 * Stat an (NFS) file handle. 4270 */ 4271 #ifndef _SYS_SYSPROTO_H_ 4272 struct fhstat_args { 4273 struct fhandle *u_fhp; 4274 struct stat *sb; 4275 }; 4276 #endif 4277 int 4278 sys_fhstat(struct thread *td, struct fhstat_args *uap) 4279 { 4280 struct stat sb; 4281 struct fhandle fh; 4282 int error; 4283 4284 error = copyin(uap->u_fhp, &fh, sizeof(fh)); 4285 if (error != 0) 4286 return (error); 4287 error = kern_fhstat(td, fh, &sb); 4288 if (error == 0) 4289 error = copyout(&sb, uap->sb, sizeof(sb)); 4290 return (error); 4291 } 4292 4293 int 4294 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb) 4295 { 4296 struct mount *mp; 4297 struct vnode *vp; 4298 int error; 4299 4300 error = priv_check(td, PRIV_VFS_FHSTAT); 4301 if (error != 0) 4302 return (error); 4303 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL) 4304 return (ESTALE); 4305 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp); 4306 vfs_unbusy(mp); 4307 if (error != 0) 4308 return (error); 4309 error = vn_stat(vp, sb, td->td_ucred, NOCRED, td); 4310 vput(vp); 4311 return (error); 4312 } 4313 4314 /* 4315 * Implement fstatfs() for (NFS) file handles. 4316 */ 4317 #ifndef _SYS_SYSPROTO_H_ 4318 struct fhstatfs_args { 4319 struct fhandle *u_fhp; 4320 struct statfs *buf; 4321 }; 4322 #endif 4323 int 4324 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap) 4325 { 4326 struct statfs *sfp; 4327 fhandle_t fh; 4328 int error; 4329 4330 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 4331 if (error != 0) 4332 return (error); 4333 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 4334 error = kern_fhstatfs(td, fh, sfp); 4335 if (error == 0) 4336 error = copyout(sfp, uap->buf, sizeof(*sfp)); 4337 free(sfp, M_STATFS); 4338 return (error); 4339 } 4340 4341 int 4342 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf) 4343 { 4344 struct statfs *sp; 4345 struct mount *mp; 4346 struct vnode *vp; 4347 int error; 4348 4349 error = priv_check(td, PRIV_VFS_FHSTATFS); 4350 if (error != 0) 4351 return (error); 4352 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL) 4353 return (ESTALE); 4354 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp); 4355 if (error != 0) { 4356 vfs_unbusy(mp); 4357 return (error); 4358 } 4359 vput(vp); 4360 error = prison_canseemount(td->td_ucred, mp); 4361 if (error != 0) 4362 goto out; 4363 #ifdef MAC 4364 error = mac_mount_check_stat(td->td_ucred, mp); 4365 if (error != 0) 4366 goto out; 4367 #endif 4368 /* 4369 * Set these in case the underlying filesystem fails to do so. 4370 */ 4371 sp = &mp->mnt_stat; 4372 sp->f_version = STATFS_VERSION; 4373 sp->f_namemax = NAME_MAX; 4374 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 4375 error = VFS_STATFS(mp, sp); 4376 if (error == 0) 4377 *buf = *sp; 4378 out: 4379 vfs_unbusy(mp); 4380 return (error); 4381 } 4382 4383 int 4384 kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len) 4385 { 4386 struct file *fp; 4387 struct mount *mp; 4388 struct vnode *vp; 4389 cap_rights_t rights; 4390 off_t olen, ooffset; 4391 int error; 4392 #ifdef AUDIT 4393 int audited_vnode1 = 0; 4394 #endif 4395 4396 AUDIT_ARG_FD(fd); 4397 if (offset < 0 || len <= 0) 4398 return (EINVAL); 4399 /* Check for wrap. */ 4400 if (offset > OFF_MAX - len) 4401 return (EFBIG); 4402 AUDIT_ARG_FD(fd); 4403 error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp); 4404 if (error != 0) 4405 return (error); 4406 AUDIT_ARG_FILE(td->td_proc, fp); 4407 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) { 4408 error = ESPIPE; 4409 goto out; 4410 } 4411 if ((fp->f_flag & FWRITE) == 0) { 4412 error = EBADF; 4413 goto out; 4414 } 4415 if (fp->f_type != DTYPE_VNODE) { 4416 error = ENODEV; 4417 goto out; 4418 } 4419 vp = fp->f_vnode; 4420 if (vp->v_type != VREG) { 4421 error = ENODEV; 4422 goto out; 4423 } 4424 4425 /* Allocating blocks may take a long time, so iterate. */ 4426 for (;;) { 4427 olen = len; 4428 ooffset = offset; 4429 4430 bwillwrite(); 4431 mp = NULL; 4432 error = vn_start_write(vp, &mp, V_WAIT | PCATCH); 4433 if (error != 0) 4434 break; 4435 error = vn_lock(vp, LK_EXCLUSIVE); 4436 if (error != 0) { 4437 vn_finished_write(mp); 4438 break; 4439 } 4440 #ifdef AUDIT 4441 if (!audited_vnode1) { 4442 AUDIT_ARG_VNODE1(vp); 4443 audited_vnode1 = 1; 4444 } 4445 #endif 4446 #ifdef MAC 4447 error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp); 4448 if (error == 0) 4449 #endif 4450 error = VOP_ALLOCATE(vp, &offset, &len); 4451 VOP_UNLOCK(vp, 0); 4452 vn_finished_write(mp); 4453 4454 if (olen + ooffset != offset + len) { 4455 panic("offset + len changed from %jx/%jx to %jx/%jx", 4456 ooffset, olen, offset, len); 4457 } 4458 if (error != 0 || len == 0) 4459 break; 4460 KASSERT(olen > len, ("Iteration did not make progress?")); 4461 maybe_yield(); 4462 } 4463 out: 4464 fdrop(fp, td); 4465 return (error); 4466 } 4467 4468 int 4469 sys_posix_fallocate(struct thread *td, struct posix_fallocate_args *uap) 4470 { 4471 int error; 4472 4473 error = kern_posix_fallocate(td, uap->fd, uap->offset, uap->len); 4474 return (kern_posix_error(td, error)); 4475 } 4476 4477 /* 4478 * Unlike madvise(2), we do not make a best effort to remember every 4479 * possible caching hint. Instead, we remember the last setting with 4480 * the exception that we will allow POSIX_FADV_NORMAL to adjust the 4481 * region of any current setting. 4482 */ 4483 int 4484 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len, 4485 int advice) 4486 { 4487 struct fadvise_info *fa, *new; 4488 struct file *fp; 4489 struct vnode *vp; 4490 cap_rights_t rights; 4491 off_t end; 4492 int error; 4493 4494 if (offset < 0 || len < 0 || offset > OFF_MAX - len) 4495 return (EINVAL); 4496 AUDIT_ARG_VALUE(advice); 4497 switch (advice) { 4498 case POSIX_FADV_SEQUENTIAL: 4499 case POSIX_FADV_RANDOM: 4500 case POSIX_FADV_NOREUSE: 4501 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK); 4502 break; 4503 case POSIX_FADV_NORMAL: 4504 case POSIX_FADV_WILLNEED: 4505 case POSIX_FADV_DONTNEED: 4506 new = NULL; 4507 break; 4508 default: 4509 return (EINVAL); 4510 } 4511 /* XXX: CAP_POSIX_FADVISE? */ 4512 AUDIT_ARG_FD(fd); 4513 error = fget(td, fd, cap_rights_init(&rights), &fp); 4514 if (error != 0) 4515 goto out; 4516 AUDIT_ARG_FILE(td->td_proc, fp); 4517 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) { 4518 error = ESPIPE; 4519 goto out; 4520 } 4521 if (fp->f_type != DTYPE_VNODE) { 4522 error = ENODEV; 4523 goto out; 4524 } 4525 vp = fp->f_vnode; 4526 if (vp->v_type != VREG) { 4527 error = ENODEV; 4528 goto out; 4529 } 4530 if (len == 0) 4531 end = OFF_MAX; 4532 else 4533 end = offset + len - 1; 4534 switch (advice) { 4535 case POSIX_FADV_SEQUENTIAL: 4536 case POSIX_FADV_RANDOM: 4537 case POSIX_FADV_NOREUSE: 4538 /* 4539 * Try to merge any existing non-standard region with 4540 * this new region if possible, otherwise create a new 4541 * non-standard region for this request. 4542 */ 4543 mtx_pool_lock(mtxpool_sleep, fp); 4544 fa = fp->f_advice; 4545 if (fa != NULL && fa->fa_advice == advice && 4546 ((fa->fa_start <= end && fa->fa_end >= offset) || 4547 (end != OFF_MAX && fa->fa_start == end + 1) || 4548 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) { 4549 if (offset < fa->fa_start) 4550 fa->fa_start = offset; 4551 if (end > fa->fa_end) 4552 fa->fa_end = end; 4553 } else { 4554 new->fa_advice = advice; 4555 new->fa_start = offset; 4556 new->fa_end = end; 4557 fp->f_advice = new; 4558 new = fa; 4559 } 4560 mtx_pool_unlock(mtxpool_sleep, fp); 4561 break; 4562 case POSIX_FADV_NORMAL: 4563 /* 4564 * If a the "normal" region overlaps with an existing 4565 * non-standard region, trim or remove the 4566 * non-standard region. 4567 */ 4568 mtx_pool_lock(mtxpool_sleep, fp); 4569 fa = fp->f_advice; 4570 if (fa != NULL) { 4571 if (offset <= fa->fa_start && end >= fa->fa_end) { 4572 new = fa; 4573 fp->f_advice = NULL; 4574 } else if (offset <= fa->fa_start && 4575 end >= fa->fa_start) 4576 fa->fa_start = end + 1; 4577 else if (offset <= fa->fa_end && end >= fa->fa_end) 4578 fa->fa_end = offset - 1; 4579 else if (offset >= fa->fa_start && end <= fa->fa_end) { 4580 /* 4581 * If the "normal" region is a middle 4582 * portion of the existing 4583 * non-standard region, just remove 4584 * the whole thing rather than picking 4585 * one side or the other to 4586 * preserve. 4587 */ 4588 new = fa; 4589 fp->f_advice = NULL; 4590 } 4591 } 4592 mtx_pool_unlock(mtxpool_sleep, fp); 4593 break; 4594 case POSIX_FADV_WILLNEED: 4595 case POSIX_FADV_DONTNEED: 4596 error = VOP_ADVISE(vp, offset, end, advice); 4597 break; 4598 } 4599 out: 4600 if (fp != NULL) 4601 fdrop(fp, td); 4602 free(new, M_FADVISE); 4603 return (error); 4604 } 4605 4606 int 4607 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap) 4608 { 4609 int error; 4610 4611 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len, 4612 uap->advice); 4613 return (kern_posix_error(td, error)); 4614 } 4615