1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_capsicum.h" 43 #include "opt_ktrace.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/bio.h> 48 #include <sys/buf.h> 49 #include <sys/capsicum.h> 50 #include <sys/disk.h> 51 #include <sys/sysent.h> 52 #include <sys/malloc.h> 53 #include <sys/mount.h> 54 #include <sys/mutex.h> 55 #include <sys/sysproto.h> 56 #include <sys/namei.h> 57 #include <sys/filedesc.h> 58 #include <sys/kernel.h> 59 #include <sys/fcntl.h> 60 #include <sys/file.h> 61 #include <sys/filio.h> 62 #include <sys/limits.h> 63 #include <sys/linker.h> 64 #include <sys/rwlock.h> 65 #include <sys/sdt.h> 66 #include <sys/stat.h> 67 #include <sys/sx.h> 68 #include <sys/unistd.h> 69 #include <sys/vnode.h> 70 #include <sys/priv.h> 71 #include <sys/proc.h> 72 #include <sys/dirent.h> 73 #include <sys/jail.h> 74 #include <sys/syscallsubr.h> 75 #include <sys/sysctl.h> 76 #ifdef KTRACE 77 #include <sys/ktrace.h> 78 #endif 79 80 #include <machine/stdarg.h> 81 82 #include <security/audit/audit.h> 83 #include <security/mac/mac_framework.h> 84 85 #include <vm/vm.h> 86 #include <vm/vm_object.h> 87 #include <vm/vm_page.h> 88 #include <vm/uma.h> 89 90 #include <ufs/ufs/quota.h> 91 92 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information"); 93 94 SDT_PROVIDER_DEFINE(vfs); 95 SDT_PROBE_DEFINE2(vfs, , stat, mode, "char *", "int"); 96 SDT_PROBE_DEFINE2(vfs, , stat, reg, "char *", "int"); 97 98 static int kern_chflagsat(struct thread *td, int fd, const char *path, 99 enum uio_seg pathseg, u_long flags, int atflag); 100 static int setfflags(struct thread *td, struct vnode *, u_long); 101 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *); 102 static int getutimens(const struct timespec *, enum uio_seg, 103 struct timespec *, int *); 104 static int setutimes(struct thread *td, struct vnode *, 105 const struct timespec *, int, int); 106 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred, 107 struct thread *td); 108 109 /* 110 * Sync each mounted filesystem. 111 */ 112 #ifndef _SYS_SYSPROTO_H_ 113 struct sync_args { 114 int dummy; 115 }; 116 #endif 117 /* ARGSUSED */ 118 int 119 sys_sync(struct thread *td, struct sync_args *uap) 120 { 121 struct mount *mp, *nmp; 122 int save; 123 124 mtx_lock(&mountlist_mtx); 125 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) { 126 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) { 127 nmp = TAILQ_NEXT(mp, mnt_list); 128 continue; 129 } 130 if ((mp->mnt_flag & MNT_RDONLY) == 0 && 131 vn_start_write(NULL, &mp, V_NOWAIT) == 0) { 132 save = curthread_pflags_set(TDP_SYNCIO); 133 vfs_msync(mp, MNT_NOWAIT); 134 VFS_SYNC(mp, MNT_NOWAIT); 135 curthread_pflags_restore(save); 136 vn_finished_write(mp); 137 } 138 mtx_lock(&mountlist_mtx); 139 nmp = TAILQ_NEXT(mp, mnt_list); 140 vfs_unbusy(mp); 141 } 142 mtx_unlock(&mountlist_mtx); 143 return (0); 144 } 145 146 /* 147 * Change filesystem quotas. 148 */ 149 #ifndef _SYS_SYSPROTO_H_ 150 struct quotactl_args { 151 char *path; 152 int cmd; 153 int uid; 154 caddr_t arg; 155 }; 156 #endif 157 int 158 sys_quotactl(struct thread *td, struct quotactl_args *uap) 159 { 160 struct mount *mp; 161 struct nameidata nd; 162 int error; 163 164 AUDIT_ARG_CMD(uap->cmd); 165 AUDIT_ARG_UID(uap->uid); 166 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS)) 167 return (EPERM); 168 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 169 uap->path, td); 170 if ((error = namei(&nd)) != 0) 171 return (error); 172 NDFREE(&nd, NDF_ONLY_PNBUF); 173 mp = nd.ni_vp->v_mount; 174 vfs_ref(mp); 175 vput(nd.ni_vp); 176 error = vfs_busy(mp, 0); 177 vfs_rel(mp); 178 if (error != 0) 179 return (error); 180 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg); 181 182 /* 183 * Since quota on operation typically needs to open quota 184 * file, the Q_QUOTAON handler needs to unbusy the mount point 185 * before calling into namei. Otherwise, unmount might be 186 * started between two vfs_busy() invocations (first is our, 187 * second is from mount point cross-walk code in lookup()), 188 * causing deadlock. 189 * 190 * Require that Q_QUOTAON handles the vfs_busy() reference on 191 * its own, always returning with ubusied mount point. 192 */ 193 if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON) 194 vfs_unbusy(mp); 195 return (error); 196 } 197 198 /* 199 * Used by statfs conversion routines to scale the block size up if 200 * necessary so that all of the block counts are <= 'max_size'. Note 201 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero 202 * value of 'n'. 203 */ 204 void 205 statfs_scale_blocks(struct statfs *sf, long max_size) 206 { 207 uint64_t count; 208 int shift; 209 210 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__)); 211 212 /* 213 * Attempt to scale the block counts to give a more accurate 214 * overview to userland of the ratio of free space to used 215 * space. To do this, find the largest block count and compute 216 * a divisor that lets it fit into a signed integer <= max_size. 217 */ 218 if (sf->f_bavail < 0) 219 count = -sf->f_bavail; 220 else 221 count = sf->f_bavail; 222 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count)); 223 if (count <= max_size) 224 return; 225 226 count >>= flsl(max_size); 227 shift = 0; 228 while (count > 0) { 229 shift++; 230 count >>=1; 231 } 232 233 sf->f_bsize <<= shift; 234 sf->f_blocks >>= shift; 235 sf->f_bfree >>= shift; 236 sf->f_bavail >>= shift; 237 } 238 239 static int 240 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf) 241 { 242 struct statfs *sp; 243 int error; 244 245 if (mp == NULL) 246 return (EBADF); 247 error = vfs_busy(mp, 0); 248 vfs_rel(mp); 249 if (error != 0) 250 return (error); 251 #ifdef MAC 252 error = mac_mount_check_stat(td->td_ucred, mp); 253 if (error != 0) 254 goto out; 255 #endif 256 /* 257 * Set these in case the underlying filesystem fails to do so. 258 */ 259 sp = &mp->mnt_stat; 260 sp->f_version = STATFS_VERSION; 261 sp->f_namemax = NAME_MAX; 262 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 263 error = VFS_STATFS(mp, sp); 264 if (error != 0) 265 goto out; 266 *buf = *sp; 267 if (priv_check(td, PRIV_VFS_GENERATION)) { 268 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0; 269 prison_enforce_statfs(td->td_ucred, mp, buf); 270 } 271 out: 272 vfs_unbusy(mp); 273 return (error); 274 } 275 276 /* 277 * Get filesystem statistics. 278 */ 279 #ifndef _SYS_SYSPROTO_H_ 280 struct statfs_args { 281 char *path; 282 struct statfs *buf; 283 }; 284 #endif 285 int 286 sys_statfs(struct thread *td, struct statfs_args *uap) 287 { 288 struct statfs *sfp; 289 int error; 290 291 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 292 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp); 293 if (error == 0) 294 error = copyout(sfp, uap->buf, sizeof(struct statfs)); 295 free(sfp, M_STATFS); 296 return (error); 297 } 298 299 int 300 kern_statfs(struct thread *td, char *path, enum uio_seg pathseg, 301 struct statfs *buf) 302 { 303 struct mount *mp; 304 struct nameidata nd; 305 int error; 306 307 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 308 pathseg, path, td); 309 error = namei(&nd); 310 if (error != 0) 311 return (error); 312 mp = nd.ni_vp->v_mount; 313 vfs_ref(mp); 314 NDFREE(&nd, NDF_ONLY_PNBUF); 315 vput(nd.ni_vp); 316 return (kern_do_statfs(td, mp, buf)); 317 } 318 319 /* 320 * Get filesystem statistics. 321 */ 322 #ifndef _SYS_SYSPROTO_H_ 323 struct fstatfs_args { 324 int fd; 325 struct statfs *buf; 326 }; 327 #endif 328 int 329 sys_fstatfs(struct thread *td, struct fstatfs_args *uap) 330 { 331 struct statfs *sfp; 332 int error; 333 334 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 335 error = kern_fstatfs(td, uap->fd, sfp); 336 if (error == 0) 337 error = copyout(sfp, uap->buf, sizeof(struct statfs)); 338 free(sfp, M_STATFS); 339 return (error); 340 } 341 342 int 343 kern_fstatfs(struct thread *td, int fd, struct statfs *buf) 344 { 345 struct file *fp; 346 struct mount *mp; 347 struct vnode *vp; 348 cap_rights_t rights; 349 int error; 350 351 AUDIT_ARG_FD(fd); 352 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSTATFS), &fp); 353 if (error != 0) 354 return (error); 355 vp = fp->f_vnode; 356 vn_lock(vp, LK_SHARED | LK_RETRY); 357 #ifdef AUDIT 358 AUDIT_ARG_VNODE1(vp); 359 #endif 360 mp = vp->v_mount; 361 if (mp != NULL) 362 vfs_ref(mp); 363 VOP_UNLOCK(vp, 0); 364 fdrop(fp, td); 365 return (kern_do_statfs(td, mp, buf)); 366 } 367 368 /* 369 * Get statistics on all filesystems. 370 */ 371 #ifndef _SYS_SYSPROTO_H_ 372 struct getfsstat_args { 373 struct statfs *buf; 374 long bufsize; 375 int mode; 376 }; 377 #endif 378 int 379 sys_getfsstat(struct thread *td, struct getfsstat_args *uap) 380 { 381 size_t count; 382 int error; 383 384 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX) 385 return (EINVAL); 386 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count, 387 UIO_USERSPACE, uap->mode); 388 if (error == 0) 389 td->td_retval[0] = count; 390 return (error); 391 } 392 393 /* 394 * If (bufsize > 0 && bufseg == UIO_SYSSPACE) 395 * The caller is responsible for freeing memory which will be allocated 396 * in '*buf'. 397 */ 398 int 399 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize, 400 size_t *countp, enum uio_seg bufseg, int mode) 401 { 402 struct mount *mp, *nmp; 403 struct statfs *sfsp, *sp, *sptmp, *tofree; 404 size_t count, maxcount; 405 int error; 406 407 switch (mode) { 408 case MNT_WAIT: 409 case MNT_NOWAIT: 410 break; 411 default: 412 if (bufseg == UIO_SYSSPACE) 413 *buf = NULL; 414 return (EINVAL); 415 } 416 restart: 417 maxcount = bufsize / sizeof(struct statfs); 418 if (bufsize == 0) { 419 sfsp = NULL; 420 tofree = NULL; 421 } else if (bufseg == UIO_USERSPACE) { 422 sfsp = *buf; 423 tofree = NULL; 424 } else /* if (bufseg == UIO_SYSSPACE) */ { 425 count = 0; 426 mtx_lock(&mountlist_mtx); 427 TAILQ_FOREACH(mp, &mountlist, mnt_list) { 428 count++; 429 } 430 mtx_unlock(&mountlist_mtx); 431 if (maxcount > count) 432 maxcount = count; 433 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs), 434 M_STATFS, M_WAITOK); 435 } 436 count = 0; 437 mtx_lock(&mountlist_mtx); 438 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) { 439 if (prison_canseemount(td->td_ucred, mp) != 0) { 440 nmp = TAILQ_NEXT(mp, mnt_list); 441 continue; 442 } 443 #ifdef MAC 444 if (mac_mount_check_stat(td->td_ucred, mp) != 0) { 445 nmp = TAILQ_NEXT(mp, mnt_list); 446 continue; 447 } 448 #endif 449 if (mode == MNT_WAIT) { 450 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) { 451 /* 452 * If vfs_busy() failed, and MBF_NOWAIT 453 * wasn't passed, then the mp is gone. 454 * Furthermore, because of MBF_MNTLSTLOCK, 455 * the mountlist_mtx was dropped. We have 456 * no other choice than to start over. 457 */ 458 mtx_unlock(&mountlist_mtx); 459 free(tofree, M_STATFS); 460 goto restart; 461 } 462 } else { 463 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) { 464 nmp = TAILQ_NEXT(mp, mnt_list); 465 continue; 466 } 467 } 468 if (sfsp != NULL && count < maxcount) { 469 sp = &mp->mnt_stat; 470 /* 471 * Set these in case the underlying filesystem 472 * fails to do so. 473 */ 474 sp->f_version = STATFS_VERSION; 475 sp->f_namemax = NAME_MAX; 476 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 477 /* 478 * If MNT_NOWAIT is specified, do not refresh 479 * the fsstat cache. 480 */ 481 if (mode != MNT_NOWAIT) { 482 error = VFS_STATFS(mp, sp); 483 if (error != 0) { 484 mtx_lock(&mountlist_mtx); 485 nmp = TAILQ_NEXT(mp, mnt_list); 486 vfs_unbusy(mp); 487 continue; 488 } 489 } 490 if (priv_check(td, PRIV_VFS_GENERATION)) { 491 sptmp = malloc(sizeof(struct statfs), M_STATFS, 492 M_WAITOK); 493 *sptmp = *sp; 494 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0; 495 prison_enforce_statfs(td->td_ucred, mp, sptmp); 496 sp = sptmp; 497 } else 498 sptmp = NULL; 499 if (bufseg == UIO_SYSSPACE) { 500 bcopy(sp, sfsp, sizeof(*sp)); 501 free(sptmp, M_STATFS); 502 } else /* if (bufseg == UIO_USERSPACE) */ { 503 error = copyout(sp, sfsp, sizeof(*sp)); 504 free(sptmp, M_STATFS); 505 if (error != 0) { 506 vfs_unbusy(mp); 507 return (error); 508 } 509 } 510 sfsp++; 511 } 512 count++; 513 mtx_lock(&mountlist_mtx); 514 nmp = TAILQ_NEXT(mp, mnt_list); 515 vfs_unbusy(mp); 516 } 517 mtx_unlock(&mountlist_mtx); 518 if (sfsp != NULL && count > maxcount) 519 *countp = maxcount; 520 else 521 *countp = count; 522 return (0); 523 } 524 525 #ifdef COMPAT_FREEBSD4 526 /* 527 * Get old format filesystem statistics. 528 */ 529 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *); 530 531 #ifndef _SYS_SYSPROTO_H_ 532 struct freebsd4_statfs_args { 533 char *path; 534 struct ostatfs *buf; 535 }; 536 #endif 537 int 538 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap) 539 { 540 struct ostatfs osb; 541 struct statfs *sfp; 542 int error; 543 544 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 545 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp); 546 if (error == 0) { 547 freebsd4_cvtstatfs(sfp, &osb); 548 error = copyout(&osb, uap->buf, sizeof(osb)); 549 } 550 free(sfp, M_STATFS); 551 return (error); 552 } 553 554 /* 555 * Get filesystem statistics. 556 */ 557 #ifndef _SYS_SYSPROTO_H_ 558 struct freebsd4_fstatfs_args { 559 int fd; 560 struct ostatfs *buf; 561 }; 562 #endif 563 int 564 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap) 565 { 566 struct ostatfs osb; 567 struct statfs *sfp; 568 int error; 569 570 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 571 error = kern_fstatfs(td, uap->fd, sfp); 572 if (error == 0) { 573 freebsd4_cvtstatfs(sfp, &osb); 574 error = copyout(&osb, uap->buf, sizeof(osb)); 575 } 576 free(sfp, M_STATFS); 577 return (error); 578 } 579 580 /* 581 * Get statistics on all filesystems. 582 */ 583 #ifndef _SYS_SYSPROTO_H_ 584 struct freebsd4_getfsstat_args { 585 struct ostatfs *buf; 586 long bufsize; 587 int mode; 588 }; 589 #endif 590 int 591 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap) 592 { 593 struct statfs *buf, *sp; 594 struct ostatfs osb; 595 size_t count, size; 596 int error; 597 598 if (uap->bufsize < 0) 599 return (EINVAL); 600 count = uap->bufsize / sizeof(struct ostatfs); 601 if (count > SIZE_MAX / sizeof(struct statfs)) 602 return (EINVAL); 603 size = count * sizeof(struct statfs); 604 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, 605 uap->mode); 606 if (error == 0) 607 td->td_retval[0] = count; 608 if (size != 0) { 609 sp = buf; 610 while (count != 0 && error == 0) { 611 freebsd4_cvtstatfs(sp, &osb); 612 error = copyout(&osb, uap->buf, sizeof(osb)); 613 sp++; 614 uap->buf++; 615 count--; 616 } 617 free(buf, M_STATFS); 618 } 619 return (error); 620 } 621 622 /* 623 * Implement fstatfs() for (NFS) file handles. 624 */ 625 #ifndef _SYS_SYSPROTO_H_ 626 struct freebsd4_fhstatfs_args { 627 struct fhandle *u_fhp; 628 struct ostatfs *buf; 629 }; 630 #endif 631 int 632 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap) 633 { 634 struct ostatfs osb; 635 struct statfs *sfp; 636 fhandle_t fh; 637 int error; 638 639 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 640 if (error != 0) 641 return (error); 642 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 643 error = kern_fhstatfs(td, fh, sfp); 644 if (error == 0) { 645 freebsd4_cvtstatfs(sfp, &osb); 646 error = copyout(&osb, uap->buf, sizeof(osb)); 647 } 648 free(sfp, M_STATFS); 649 return (error); 650 } 651 652 /* 653 * Convert a new format statfs structure to an old format statfs structure. 654 */ 655 static void 656 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp) 657 { 658 659 statfs_scale_blocks(nsp, LONG_MAX); 660 bzero(osp, sizeof(*osp)); 661 osp->f_bsize = nsp->f_bsize; 662 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX); 663 osp->f_blocks = nsp->f_blocks; 664 osp->f_bfree = nsp->f_bfree; 665 osp->f_bavail = nsp->f_bavail; 666 osp->f_files = MIN(nsp->f_files, LONG_MAX); 667 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX); 668 osp->f_owner = nsp->f_owner; 669 osp->f_type = nsp->f_type; 670 osp->f_flags = nsp->f_flags; 671 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX); 672 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX); 673 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX); 674 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX); 675 strlcpy(osp->f_fstypename, nsp->f_fstypename, 676 MIN(MFSNAMELEN, OMFSNAMELEN)); 677 strlcpy(osp->f_mntonname, nsp->f_mntonname, 678 MIN(MNAMELEN, OMNAMELEN)); 679 strlcpy(osp->f_mntfromname, nsp->f_mntfromname, 680 MIN(MNAMELEN, OMNAMELEN)); 681 osp->f_fsid = nsp->f_fsid; 682 } 683 #endif /* COMPAT_FREEBSD4 */ 684 685 #if defined(COMPAT_FREEBSD11) 686 /* 687 * Get old format filesystem statistics. 688 */ 689 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *); 690 691 int 692 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap) 693 { 694 struct freebsd11_statfs osb; 695 struct statfs *sfp; 696 int error; 697 698 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 699 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp); 700 if (error == 0) { 701 freebsd11_cvtstatfs(sfp, &osb); 702 error = copyout(&osb, uap->buf, sizeof(osb)); 703 } 704 free(sfp, M_STATFS); 705 return (error); 706 } 707 708 /* 709 * Get filesystem statistics. 710 */ 711 int 712 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap) 713 { 714 struct freebsd11_statfs osb; 715 struct statfs *sfp; 716 int error; 717 718 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 719 error = kern_fstatfs(td, uap->fd, sfp); 720 if (error == 0) { 721 freebsd11_cvtstatfs(sfp, &osb); 722 error = copyout(&osb, uap->buf, sizeof(osb)); 723 } 724 free(sfp, M_STATFS); 725 return (error); 726 } 727 728 /* 729 * Get statistics on all filesystems. 730 */ 731 int 732 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap) 733 { 734 struct freebsd11_statfs osb; 735 struct statfs *buf, *sp; 736 size_t count, size; 737 int error; 738 739 count = uap->bufsize / sizeof(struct ostatfs); 740 size = count * sizeof(struct statfs); 741 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, 742 uap->mode); 743 if (error == 0) 744 td->td_retval[0] = count; 745 if (size > 0) { 746 sp = buf; 747 while (count > 0 && error == 0) { 748 freebsd11_cvtstatfs(sp, &osb); 749 error = copyout(&osb, uap->buf, sizeof(osb)); 750 sp++; 751 uap->buf++; 752 count--; 753 } 754 free(buf, M_STATFS); 755 } 756 return (error); 757 } 758 759 /* 760 * Implement fstatfs() for (NFS) file handles. 761 */ 762 int 763 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap) 764 { 765 struct freebsd11_statfs osb; 766 struct statfs *sfp; 767 fhandle_t fh; 768 int error; 769 770 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 771 if (error) 772 return (error); 773 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 774 error = kern_fhstatfs(td, fh, sfp); 775 if (error == 0) { 776 freebsd11_cvtstatfs(sfp, &osb); 777 error = copyout(&osb, uap->buf, sizeof(osb)); 778 } 779 free(sfp, M_STATFS); 780 return (error); 781 } 782 783 /* 784 * Convert a new format statfs structure to an old format statfs structure. 785 */ 786 static void 787 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp) 788 { 789 790 bzero(osp, sizeof(*osp)); 791 osp->f_version = FREEBSD11_STATFS_VERSION; 792 osp->f_type = nsp->f_type; 793 osp->f_flags = nsp->f_flags; 794 osp->f_bsize = nsp->f_bsize; 795 osp->f_iosize = nsp->f_iosize; 796 osp->f_blocks = nsp->f_blocks; 797 osp->f_bfree = nsp->f_bfree; 798 osp->f_bavail = nsp->f_bavail; 799 osp->f_files = nsp->f_files; 800 osp->f_ffree = nsp->f_ffree; 801 osp->f_syncwrites = nsp->f_syncwrites; 802 osp->f_asyncwrites = nsp->f_asyncwrites; 803 osp->f_syncreads = nsp->f_syncreads; 804 osp->f_asyncreads = nsp->f_asyncreads; 805 osp->f_namemax = nsp->f_namemax; 806 osp->f_owner = nsp->f_owner; 807 osp->f_fsid = nsp->f_fsid; 808 strlcpy(osp->f_fstypename, nsp->f_fstypename, 809 MIN(MFSNAMELEN, sizeof(osp->f_fstypename))); 810 strlcpy(osp->f_mntonname, nsp->f_mntonname, 811 MIN(MNAMELEN, sizeof(osp->f_mntonname))); 812 strlcpy(osp->f_mntfromname, nsp->f_mntfromname, 813 MIN(MNAMELEN, sizeof(osp->f_mntfromname))); 814 } 815 #endif /* COMPAT_FREEBSD11 */ 816 817 /* 818 * Change current working directory to a given file descriptor. 819 */ 820 #ifndef _SYS_SYSPROTO_H_ 821 struct fchdir_args { 822 int fd; 823 }; 824 #endif 825 int 826 sys_fchdir(struct thread *td, struct fchdir_args *uap) 827 { 828 struct vnode *vp, *tdp; 829 struct mount *mp; 830 struct file *fp; 831 int error; 832 833 AUDIT_ARG_FD(uap->fd); 834 error = getvnode(td, uap->fd, &cap_fchdir_rights, 835 &fp); 836 if (error != 0) 837 return (error); 838 vp = fp->f_vnode; 839 vrefact(vp); 840 fdrop(fp, td); 841 vn_lock(vp, LK_SHARED | LK_RETRY); 842 AUDIT_ARG_VNODE1(vp); 843 error = change_dir(vp, td); 844 while (!error && (mp = vp->v_mountedhere) != NULL) { 845 if (vfs_busy(mp, 0)) 846 continue; 847 error = VFS_ROOT(mp, LK_SHARED, &tdp); 848 vfs_unbusy(mp); 849 if (error != 0) 850 break; 851 vput(vp); 852 vp = tdp; 853 } 854 if (error != 0) { 855 vput(vp); 856 return (error); 857 } 858 VOP_UNLOCK(vp, 0); 859 pwd_chdir(td, vp); 860 return (0); 861 } 862 863 /* 864 * Change current working directory (``.''). 865 */ 866 #ifndef _SYS_SYSPROTO_H_ 867 struct chdir_args { 868 char *path; 869 }; 870 #endif 871 int 872 sys_chdir(struct thread *td, struct chdir_args *uap) 873 { 874 875 return (kern_chdir(td, uap->path, UIO_USERSPACE)); 876 } 877 878 int 879 kern_chdir(struct thread *td, char *path, enum uio_seg pathseg) 880 { 881 struct nameidata nd; 882 int error; 883 884 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 885 pathseg, path, td); 886 if ((error = namei(&nd)) != 0) 887 return (error); 888 if ((error = change_dir(nd.ni_vp, td)) != 0) { 889 vput(nd.ni_vp); 890 NDFREE(&nd, NDF_ONLY_PNBUF); 891 return (error); 892 } 893 VOP_UNLOCK(nd.ni_vp, 0); 894 NDFREE(&nd, NDF_ONLY_PNBUF); 895 pwd_chdir(td, nd.ni_vp); 896 return (0); 897 } 898 899 /* 900 * Change notion of root (``/'') directory. 901 */ 902 #ifndef _SYS_SYSPROTO_H_ 903 struct chroot_args { 904 char *path; 905 }; 906 #endif 907 int 908 sys_chroot(struct thread *td, struct chroot_args *uap) 909 { 910 struct nameidata nd; 911 int error; 912 913 error = priv_check(td, PRIV_VFS_CHROOT); 914 if (error != 0) 915 return (error); 916 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 917 UIO_USERSPACE, uap->path, td); 918 error = namei(&nd); 919 if (error != 0) 920 goto error; 921 error = change_dir(nd.ni_vp, td); 922 if (error != 0) 923 goto e_vunlock; 924 #ifdef MAC 925 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp); 926 if (error != 0) 927 goto e_vunlock; 928 #endif 929 VOP_UNLOCK(nd.ni_vp, 0); 930 error = pwd_chroot(td, nd.ni_vp); 931 vrele(nd.ni_vp); 932 NDFREE(&nd, NDF_ONLY_PNBUF); 933 return (error); 934 e_vunlock: 935 vput(nd.ni_vp); 936 error: 937 NDFREE(&nd, NDF_ONLY_PNBUF); 938 return (error); 939 } 940 941 /* 942 * Common routine for chroot and chdir. Callers must provide a locked vnode 943 * instance. 944 */ 945 int 946 change_dir(struct vnode *vp, struct thread *td) 947 { 948 #ifdef MAC 949 int error; 950 #endif 951 952 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked"); 953 if (vp->v_type != VDIR) 954 return (ENOTDIR); 955 #ifdef MAC 956 error = mac_vnode_check_chdir(td->td_ucred, vp); 957 if (error != 0) 958 return (error); 959 #endif 960 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td)); 961 } 962 963 static __inline void 964 flags_to_rights(int flags, cap_rights_t *rightsp) 965 { 966 967 if (flags & O_EXEC) { 968 cap_rights_set(rightsp, CAP_FEXECVE); 969 } else { 970 switch ((flags & O_ACCMODE)) { 971 case O_RDONLY: 972 cap_rights_set(rightsp, CAP_READ); 973 break; 974 case O_RDWR: 975 cap_rights_set(rightsp, CAP_READ); 976 /* FALLTHROUGH */ 977 case O_WRONLY: 978 cap_rights_set(rightsp, CAP_WRITE); 979 if (!(flags & (O_APPEND | O_TRUNC))) 980 cap_rights_set(rightsp, CAP_SEEK); 981 break; 982 } 983 } 984 985 if (flags & O_CREAT) 986 cap_rights_set(rightsp, CAP_CREATE); 987 988 if (flags & O_TRUNC) 989 cap_rights_set(rightsp, CAP_FTRUNCATE); 990 991 if (flags & (O_SYNC | O_FSYNC)) 992 cap_rights_set(rightsp, CAP_FSYNC); 993 994 if (flags & (O_EXLOCK | O_SHLOCK)) 995 cap_rights_set(rightsp, CAP_FLOCK); 996 } 997 998 /* 999 * Check permissions, allocate an open file structure, and call the device 1000 * open routine if any. 1001 */ 1002 #ifndef _SYS_SYSPROTO_H_ 1003 struct open_args { 1004 char *path; 1005 int flags; 1006 int mode; 1007 }; 1008 #endif 1009 int 1010 sys_open(struct thread *td, struct open_args *uap) 1011 { 1012 1013 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1014 uap->flags, uap->mode)); 1015 } 1016 1017 #ifndef _SYS_SYSPROTO_H_ 1018 struct openat_args { 1019 int fd; 1020 char *path; 1021 int flag; 1022 int mode; 1023 }; 1024 #endif 1025 int 1026 sys_openat(struct thread *td, struct openat_args *uap) 1027 { 1028 1029 AUDIT_ARG_FD(uap->fd); 1030 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag, 1031 uap->mode)); 1032 } 1033 1034 int 1035 kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1036 int flags, int mode) 1037 { 1038 struct proc *p = td->td_proc; 1039 struct filedesc *fdp = p->p_fd; 1040 struct file *fp; 1041 struct vnode *vp; 1042 struct nameidata nd; 1043 cap_rights_t rights; 1044 int cmode, error, indx; 1045 1046 indx = -1; 1047 1048 AUDIT_ARG_FFLAGS(flags); 1049 AUDIT_ARG_MODE(mode); 1050 cap_rights_init(&rights, CAP_LOOKUP); 1051 flags_to_rights(flags, &rights); 1052 /* 1053 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags 1054 * may be specified. 1055 */ 1056 if (flags & O_EXEC) { 1057 if (flags & O_ACCMODE) 1058 return (EINVAL); 1059 } else if ((flags & O_ACCMODE) == O_ACCMODE) { 1060 return (EINVAL); 1061 } else { 1062 flags = FFLAGS(flags); 1063 } 1064 1065 /* 1066 * Allocate a file structure. The descriptor to reference it 1067 * is allocated and set by finstall() below. 1068 */ 1069 error = falloc_noinstall(td, &fp); 1070 if (error != 0) 1071 return (error); 1072 /* 1073 * An extra reference on `fp' has been held for us by 1074 * falloc_noinstall(). 1075 */ 1076 /* Set the flags early so the finit in devfs can pick them up. */ 1077 fp->f_flag = flags & FMASK; 1078 cmode = ((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT; 1079 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd, 1080 &rights, td); 1081 td->td_dupfd = -1; /* XXX check for fdopen */ 1082 error = vn_open(&nd, &flags, cmode, fp); 1083 if (error != 0) { 1084 /* 1085 * If the vn_open replaced the method vector, something 1086 * wonderous happened deep below and we just pass it up 1087 * pretending we know what we do. 1088 */ 1089 if (error == ENXIO && fp->f_ops != &badfileops) 1090 goto success; 1091 1092 /* 1093 * Handle special fdopen() case. bleh. 1094 * 1095 * Don't do this for relative (capability) lookups; we don't 1096 * understand exactly what would happen, and we don't think 1097 * that it ever should. 1098 */ 1099 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) == 0 && 1100 (error == ENODEV || error == ENXIO) && 1101 td->td_dupfd >= 0) { 1102 error = dupfdopen(td, fdp, td->td_dupfd, flags, error, 1103 &indx); 1104 if (error == 0) 1105 goto success; 1106 } 1107 1108 goto bad; 1109 } 1110 td->td_dupfd = 0; 1111 NDFREE(&nd, NDF_ONLY_PNBUF); 1112 vp = nd.ni_vp; 1113 1114 /* 1115 * Store the vnode, for any f_type. Typically, the vnode use 1116 * count is decremented by direct call to vn_closefile() for 1117 * files that switched type in the cdevsw fdopen() method. 1118 */ 1119 fp->f_vnode = vp; 1120 /* 1121 * If the file wasn't claimed by devfs bind it to the normal 1122 * vnode operations here. 1123 */ 1124 if (fp->f_ops == &badfileops) { 1125 KASSERT(vp->v_type != VFIFO, ("Unexpected fifo.")); 1126 fp->f_seqcount = 1; 1127 finit(fp, (flags & FMASK) | (fp->f_flag & FHASLOCK), 1128 DTYPE_VNODE, vp, &vnops); 1129 } 1130 1131 VOP_UNLOCK(vp, 0); 1132 if (flags & O_TRUNC) { 1133 error = fo_truncate(fp, 0, td->td_ucred, td); 1134 if (error != 0) 1135 goto bad; 1136 } 1137 success: 1138 /* 1139 * If we haven't already installed the FD (for dupfdopen), do so now. 1140 */ 1141 if (indx == -1) { 1142 struct filecaps *fcaps; 1143 1144 #ifdef CAPABILITIES 1145 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) != 0) 1146 fcaps = &nd.ni_filecaps; 1147 else 1148 #endif 1149 fcaps = NULL; 1150 error = finstall(td, fp, &indx, flags, fcaps); 1151 /* On success finstall() consumes fcaps. */ 1152 if (error != 0) { 1153 filecaps_free(&nd.ni_filecaps); 1154 goto bad; 1155 } 1156 } else { 1157 filecaps_free(&nd.ni_filecaps); 1158 } 1159 1160 /* 1161 * Release our private reference, leaving the one associated with 1162 * the descriptor table intact. 1163 */ 1164 fdrop(fp, td); 1165 td->td_retval[0] = indx; 1166 return (0); 1167 bad: 1168 KASSERT(indx == -1, ("indx=%d, should be -1", indx)); 1169 fdrop(fp, td); 1170 return (error); 1171 } 1172 1173 #ifdef COMPAT_43 1174 /* 1175 * Create a file. 1176 */ 1177 #ifndef _SYS_SYSPROTO_H_ 1178 struct ocreat_args { 1179 char *path; 1180 int mode; 1181 }; 1182 #endif 1183 int 1184 ocreat(struct thread *td, struct ocreat_args *uap) 1185 { 1186 1187 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1188 O_WRONLY | O_CREAT | O_TRUNC, uap->mode)); 1189 } 1190 #endif /* COMPAT_43 */ 1191 1192 /* 1193 * Create a special file. 1194 */ 1195 #ifndef _SYS_SYSPROTO_H_ 1196 struct mknodat_args { 1197 int fd; 1198 char *path; 1199 mode_t mode; 1200 dev_t dev; 1201 }; 1202 #endif 1203 int 1204 sys_mknodat(struct thread *td, struct mknodat_args *uap) 1205 { 1206 1207 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode, 1208 uap->dev)); 1209 } 1210 1211 #if defined(COMPAT_FREEBSD11) 1212 int 1213 freebsd11_mknod(struct thread *td, 1214 struct freebsd11_mknod_args *uap) 1215 { 1216 1217 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1218 uap->mode, uap->dev)); 1219 } 1220 1221 int 1222 freebsd11_mknodat(struct thread *td, 1223 struct freebsd11_mknodat_args *uap) 1224 { 1225 1226 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode, 1227 uap->dev)); 1228 } 1229 #endif /* COMPAT_FREEBSD11 */ 1230 1231 int 1232 kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1233 int mode, dev_t dev) 1234 { 1235 struct vnode *vp; 1236 struct mount *mp; 1237 struct vattr vattr; 1238 struct nameidata nd; 1239 cap_rights_t rights; 1240 int error, whiteout = 0; 1241 1242 AUDIT_ARG_MODE(mode); 1243 AUDIT_ARG_DEV(dev); 1244 switch (mode & S_IFMT) { 1245 case S_IFCHR: 1246 case S_IFBLK: 1247 error = priv_check(td, PRIV_VFS_MKNOD_DEV); 1248 if (error == 0 && dev == VNOVAL) 1249 error = EINVAL; 1250 break; 1251 case S_IFWHT: 1252 error = priv_check(td, PRIV_VFS_MKNOD_WHT); 1253 break; 1254 case S_IFIFO: 1255 if (dev == 0) 1256 return (kern_mkfifoat(td, fd, path, pathseg, mode)); 1257 /* FALLTHROUGH */ 1258 default: 1259 error = EINVAL; 1260 break; 1261 } 1262 if (error != 0) 1263 return (error); 1264 restart: 1265 bwillwrite(); 1266 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 1267 NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKNODAT), 1268 td); 1269 if ((error = namei(&nd)) != 0) 1270 return (error); 1271 vp = nd.ni_vp; 1272 if (vp != NULL) { 1273 NDFREE(&nd, NDF_ONLY_PNBUF); 1274 if (vp == nd.ni_dvp) 1275 vrele(nd.ni_dvp); 1276 else 1277 vput(nd.ni_dvp); 1278 vrele(vp); 1279 return (EEXIST); 1280 } else { 1281 VATTR_NULL(&vattr); 1282 vattr.va_mode = (mode & ALLPERMS) & 1283 ~td->td_proc->p_fd->fd_cmask; 1284 vattr.va_rdev = dev; 1285 whiteout = 0; 1286 1287 switch (mode & S_IFMT) { 1288 case S_IFCHR: 1289 vattr.va_type = VCHR; 1290 break; 1291 case S_IFBLK: 1292 vattr.va_type = VBLK; 1293 break; 1294 case S_IFWHT: 1295 whiteout = 1; 1296 break; 1297 default: 1298 panic("kern_mknod: invalid mode"); 1299 } 1300 } 1301 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1302 NDFREE(&nd, NDF_ONLY_PNBUF); 1303 vput(nd.ni_dvp); 1304 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1305 return (error); 1306 goto restart; 1307 } 1308 #ifdef MAC 1309 if (error == 0 && !whiteout) 1310 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, 1311 &nd.ni_cnd, &vattr); 1312 #endif 1313 if (error == 0) { 1314 if (whiteout) 1315 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE); 1316 else { 1317 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, 1318 &nd.ni_cnd, &vattr); 1319 if (error == 0) 1320 vput(nd.ni_vp); 1321 } 1322 } 1323 NDFREE(&nd, NDF_ONLY_PNBUF); 1324 vput(nd.ni_dvp); 1325 vn_finished_write(mp); 1326 return (error); 1327 } 1328 1329 /* 1330 * Create a named pipe. 1331 */ 1332 #ifndef _SYS_SYSPROTO_H_ 1333 struct mkfifo_args { 1334 char *path; 1335 int mode; 1336 }; 1337 #endif 1338 int 1339 sys_mkfifo(struct thread *td, struct mkfifo_args *uap) 1340 { 1341 1342 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1343 uap->mode)); 1344 } 1345 1346 #ifndef _SYS_SYSPROTO_H_ 1347 struct mkfifoat_args { 1348 int fd; 1349 char *path; 1350 mode_t mode; 1351 }; 1352 #endif 1353 int 1354 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap) 1355 { 1356 1357 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE, 1358 uap->mode)); 1359 } 1360 1361 int 1362 kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1363 int mode) 1364 { 1365 struct mount *mp; 1366 struct vattr vattr; 1367 struct nameidata nd; 1368 cap_rights_t rights; 1369 int error; 1370 1371 AUDIT_ARG_MODE(mode); 1372 restart: 1373 bwillwrite(); 1374 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 1375 NOCACHE, pathseg, path, fd, cap_rights_init(&rights, CAP_MKFIFOAT), 1376 td); 1377 if ((error = namei(&nd)) != 0) 1378 return (error); 1379 if (nd.ni_vp != NULL) { 1380 NDFREE(&nd, NDF_ONLY_PNBUF); 1381 if (nd.ni_vp == nd.ni_dvp) 1382 vrele(nd.ni_dvp); 1383 else 1384 vput(nd.ni_dvp); 1385 vrele(nd.ni_vp); 1386 return (EEXIST); 1387 } 1388 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1389 NDFREE(&nd, NDF_ONLY_PNBUF); 1390 vput(nd.ni_dvp); 1391 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1392 return (error); 1393 goto restart; 1394 } 1395 VATTR_NULL(&vattr); 1396 vattr.va_type = VFIFO; 1397 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask; 1398 #ifdef MAC 1399 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 1400 &vattr); 1401 if (error != 0) 1402 goto out; 1403 #endif 1404 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 1405 if (error == 0) 1406 vput(nd.ni_vp); 1407 #ifdef MAC 1408 out: 1409 #endif 1410 vput(nd.ni_dvp); 1411 vn_finished_write(mp); 1412 NDFREE(&nd, NDF_ONLY_PNBUF); 1413 return (error); 1414 } 1415 1416 /* 1417 * Make a hard file link. 1418 */ 1419 #ifndef _SYS_SYSPROTO_H_ 1420 struct link_args { 1421 char *path; 1422 char *link; 1423 }; 1424 #endif 1425 int 1426 sys_link(struct thread *td, struct link_args *uap) 1427 { 1428 1429 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link, 1430 UIO_USERSPACE, FOLLOW)); 1431 } 1432 1433 #ifndef _SYS_SYSPROTO_H_ 1434 struct linkat_args { 1435 int fd1; 1436 char *path1; 1437 int fd2; 1438 char *path2; 1439 int flag; 1440 }; 1441 #endif 1442 int 1443 sys_linkat(struct thread *td, struct linkat_args *uap) 1444 { 1445 int flag; 1446 1447 flag = uap->flag; 1448 if (flag & ~AT_SYMLINK_FOLLOW) 1449 return (EINVAL); 1450 1451 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2, 1452 UIO_USERSPACE, (flag & AT_SYMLINK_FOLLOW) ? FOLLOW : NOFOLLOW)); 1453 } 1454 1455 int hardlink_check_uid = 0; 1456 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW, 1457 &hardlink_check_uid, 0, 1458 "Unprivileged processes cannot create hard links to files owned by other " 1459 "users"); 1460 static int hardlink_check_gid = 0; 1461 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW, 1462 &hardlink_check_gid, 0, 1463 "Unprivileged processes cannot create hard links to files owned by other " 1464 "groups"); 1465 1466 static int 1467 can_hardlink(struct vnode *vp, struct ucred *cred) 1468 { 1469 struct vattr va; 1470 int error; 1471 1472 if (!hardlink_check_uid && !hardlink_check_gid) 1473 return (0); 1474 1475 error = VOP_GETATTR(vp, &va, cred); 1476 if (error != 0) 1477 return (error); 1478 1479 if (hardlink_check_uid && cred->cr_uid != va.va_uid) { 1480 error = priv_check_cred(cred, PRIV_VFS_LINK, 0); 1481 if (error != 0) 1482 return (error); 1483 } 1484 1485 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) { 1486 error = priv_check_cred(cred, PRIV_VFS_LINK, 0); 1487 if (error != 0) 1488 return (error); 1489 } 1490 1491 return (0); 1492 } 1493 1494 int 1495 kern_linkat(struct thread *td, int fd1, int fd2, char *path1, char *path2, 1496 enum uio_seg segflg, int follow) 1497 { 1498 struct vnode *vp; 1499 struct mount *mp; 1500 struct nameidata nd; 1501 cap_rights_t rights; 1502 int error; 1503 1504 again: 1505 bwillwrite(); 1506 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, segflg, path1, fd1, 1507 cap_rights_init(&rights, CAP_LINKAT_SOURCE), td); 1508 1509 if ((error = namei(&nd)) != 0) 1510 return (error); 1511 NDFREE(&nd, NDF_ONLY_PNBUF); 1512 vp = nd.ni_vp; 1513 if (vp->v_type == VDIR) { 1514 vrele(vp); 1515 return (EPERM); /* POSIX */ 1516 } 1517 NDINIT_ATRIGHTS(&nd, CREATE, 1518 LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflg, path2, fd2, 1519 cap_rights_init(&rights, CAP_LINKAT_TARGET), td); 1520 if ((error = namei(&nd)) == 0) { 1521 if (nd.ni_vp != NULL) { 1522 NDFREE(&nd, NDF_ONLY_PNBUF); 1523 if (nd.ni_dvp == nd.ni_vp) 1524 vrele(nd.ni_dvp); 1525 else 1526 vput(nd.ni_dvp); 1527 vrele(nd.ni_vp); 1528 vrele(vp); 1529 return (EEXIST); 1530 } else if (nd.ni_dvp->v_mount != vp->v_mount) { 1531 /* 1532 * Cross-device link. No need to recheck 1533 * vp->v_type, since it cannot change, except 1534 * to VBAD. 1535 */ 1536 NDFREE(&nd, NDF_ONLY_PNBUF); 1537 vput(nd.ni_dvp); 1538 vrele(vp); 1539 return (EXDEV); 1540 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) { 1541 error = can_hardlink(vp, td->td_ucred); 1542 #ifdef MAC 1543 if (error == 0) 1544 error = mac_vnode_check_link(td->td_ucred, 1545 nd.ni_dvp, vp, &nd.ni_cnd); 1546 #endif 1547 if (error != 0) { 1548 vput(vp); 1549 vput(nd.ni_dvp); 1550 NDFREE(&nd, NDF_ONLY_PNBUF); 1551 return (error); 1552 } 1553 error = vn_start_write(vp, &mp, V_NOWAIT); 1554 if (error != 0) { 1555 vput(vp); 1556 vput(nd.ni_dvp); 1557 NDFREE(&nd, NDF_ONLY_PNBUF); 1558 error = vn_start_write(NULL, &mp, 1559 V_XSLEEP | PCATCH); 1560 if (error != 0) 1561 return (error); 1562 goto again; 1563 } 1564 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd); 1565 VOP_UNLOCK(vp, 0); 1566 vput(nd.ni_dvp); 1567 vn_finished_write(mp); 1568 NDFREE(&nd, NDF_ONLY_PNBUF); 1569 } else { 1570 vput(nd.ni_dvp); 1571 NDFREE(&nd, NDF_ONLY_PNBUF); 1572 vrele(vp); 1573 goto again; 1574 } 1575 } 1576 vrele(vp); 1577 return (error); 1578 } 1579 1580 /* 1581 * Make a symbolic link. 1582 */ 1583 #ifndef _SYS_SYSPROTO_H_ 1584 struct symlink_args { 1585 char *path; 1586 char *link; 1587 }; 1588 #endif 1589 int 1590 sys_symlink(struct thread *td, struct symlink_args *uap) 1591 { 1592 1593 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link, 1594 UIO_USERSPACE)); 1595 } 1596 1597 #ifndef _SYS_SYSPROTO_H_ 1598 struct symlinkat_args { 1599 char *path; 1600 int fd; 1601 char *path2; 1602 }; 1603 #endif 1604 int 1605 sys_symlinkat(struct thread *td, struct symlinkat_args *uap) 1606 { 1607 1608 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2, 1609 UIO_USERSPACE)); 1610 } 1611 1612 int 1613 kern_symlinkat(struct thread *td, char *path1, int fd, char *path2, 1614 enum uio_seg segflg) 1615 { 1616 struct mount *mp; 1617 struct vattr vattr; 1618 char *syspath; 1619 struct nameidata nd; 1620 int error; 1621 cap_rights_t rights; 1622 1623 if (segflg == UIO_SYSSPACE) { 1624 syspath = path1; 1625 } else { 1626 syspath = uma_zalloc(namei_zone, M_WAITOK); 1627 if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0) 1628 goto out; 1629 } 1630 AUDIT_ARG_TEXT(syspath); 1631 restart: 1632 bwillwrite(); 1633 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 1634 NOCACHE, segflg, path2, fd, cap_rights_init(&rights, CAP_SYMLINKAT), 1635 td); 1636 if ((error = namei(&nd)) != 0) 1637 goto out; 1638 if (nd.ni_vp) { 1639 NDFREE(&nd, NDF_ONLY_PNBUF); 1640 if (nd.ni_vp == nd.ni_dvp) 1641 vrele(nd.ni_dvp); 1642 else 1643 vput(nd.ni_dvp); 1644 vrele(nd.ni_vp); 1645 error = EEXIST; 1646 goto out; 1647 } 1648 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1649 NDFREE(&nd, NDF_ONLY_PNBUF); 1650 vput(nd.ni_dvp); 1651 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1652 goto out; 1653 goto restart; 1654 } 1655 VATTR_NULL(&vattr); 1656 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask; 1657 #ifdef MAC 1658 vattr.va_type = VLNK; 1659 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 1660 &vattr); 1661 if (error != 0) 1662 goto out2; 1663 #endif 1664 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath); 1665 if (error == 0) 1666 vput(nd.ni_vp); 1667 #ifdef MAC 1668 out2: 1669 #endif 1670 NDFREE(&nd, NDF_ONLY_PNBUF); 1671 vput(nd.ni_dvp); 1672 vn_finished_write(mp); 1673 out: 1674 if (segflg != UIO_SYSSPACE) 1675 uma_zfree(namei_zone, syspath); 1676 return (error); 1677 } 1678 1679 /* 1680 * Delete a whiteout from the filesystem. 1681 */ 1682 #ifndef _SYS_SYSPROTO_H_ 1683 struct undelete_args { 1684 char *path; 1685 }; 1686 #endif 1687 int 1688 sys_undelete(struct thread *td, struct undelete_args *uap) 1689 { 1690 struct mount *mp; 1691 struct nameidata nd; 1692 int error; 1693 1694 restart: 1695 bwillwrite(); 1696 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1, 1697 UIO_USERSPACE, uap->path, td); 1698 error = namei(&nd); 1699 if (error != 0) 1700 return (error); 1701 1702 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) { 1703 NDFREE(&nd, NDF_ONLY_PNBUF); 1704 if (nd.ni_vp == nd.ni_dvp) 1705 vrele(nd.ni_dvp); 1706 else 1707 vput(nd.ni_dvp); 1708 if (nd.ni_vp) 1709 vrele(nd.ni_vp); 1710 return (EEXIST); 1711 } 1712 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1713 NDFREE(&nd, NDF_ONLY_PNBUF); 1714 vput(nd.ni_dvp); 1715 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 1716 return (error); 1717 goto restart; 1718 } 1719 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE); 1720 NDFREE(&nd, NDF_ONLY_PNBUF); 1721 vput(nd.ni_dvp); 1722 vn_finished_write(mp); 1723 return (error); 1724 } 1725 1726 /* 1727 * Delete a name from the filesystem. 1728 */ 1729 #ifndef _SYS_SYSPROTO_H_ 1730 struct unlink_args { 1731 char *path; 1732 }; 1733 #endif 1734 int 1735 sys_unlink(struct thread *td, struct unlink_args *uap) 1736 { 1737 1738 return (kern_unlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 0)); 1739 } 1740 1741 #ifndef _SYS_SYSPROTO_H_ 1742 struct unlinkat_args { 1743 int fd; 1744 char *path; 1745 int flag; 1746 }; 1747 #endif 1748 int 1749 sys_unlinkat(struct thread *td, struct unlinkat_args *uap) 1750 { 1751 int flag = uap->flag; 1752 int fd = uap->fd; 1753 char *path = uap->path; 1754 1755 if (flag & ~AT_REMOVEDIR) 1756 return (EINVAL); 1757 1758 if (flag & AT_REMOVEDIR) 1759 return (kern_rmdirat(td, fd, path, UIO_USERSPACE)); 1760 else 1761 return (kern_unlinkat(td, fd, path, UIO_USERSPACE, 0)); 1762 } 1763 1764 int 1765 kern_unlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1766 ino_t oldinum) 1767 { 1768 struct mount *mp; 1769 struct vnode *vp; 1770 struct nameidata nd; 1771 struct stat sb; 1772 cap_rights_t rights; 1773 int error; 1774 1775 restart: 1776 bwillwrite(); 1777 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1, 1778 pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td); 1779 if ((error = namei(&nd)) != 0) 1780 return (error == EINVAL ? EPERM : error); 1781 vp = nd.ni_vp; 1782 if (vp->v_type == VDIR && oldinum == 0) { 1783 error = EPERM; /* POSIX */ 1784 } else if (oldinum != 0 && 1785 ((error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td)) == 0) && 1786 sb.st_ino != oldinum) { 1787 error = EIDRM; /* Identifier removed */ 1788 } else { 1789 /* 1790 * The root of a mounted filesystem cannot be deleted. 1791 * 1792 * XXX: can this only be a VDIR case? 1793 */ 1794 if (vp->v_vflag & VV_ROOT) 1795 error = EBUSY; 1796 } 1797 if (error == 0) { 1798 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 1799 NDFREE(&nd, NDF_ONLY_PNBUF); 1800 vput(nd.ni_dvp); 1801 if (vp == nd.ni_dvp) 1802 vrele(vp); 1803 else 1804 vput(vp); 1805 if ((error = vn_start_write(NULL, &mp, 1806 V_XSLEEP | PCATCH)) != 0) 1807 return (error); 1808 goto restart; 1809 } 1810 #ifdef MAC 1811 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp, 1812 &nd.ni_cnd); 1813 if (error != 0) 1814 goto out; 1815 #endif 1816 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK); 1817 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); 1818 #ifdef MAC 1819 out: 1820 #endif 1821 vn_finished_write(mp); 1822 } 1823 NDFREE(&nd, NDF_ONLY_PNBUF); 1824 vput(nd.ni_dvp); 1825 if (vp == nd.ni_dvp) 1826 vrele(vp); 1827 else 1828 vput(vp); 1829 return (error); 1830 } 1831 1832 /* 1833 * Reposition read/write file offset. 1834 */ 1835 #ifndef _SYS_SYSPROTO_H_ 1836 struct lseek_args { 1837 int fd; 1838 int pad; 1839 off_t offset; 1840 int whence; 1841 }; 1842 #endif 1843 int 1844 sys_lseek(struct thread *td, struct lseek_args *uap) 1845 { 1846 1847 return (kern_lseek(td, uap->fd, uap->offset, uap->whence)); 1848 } 1849 1850 int 1851 kern_lseek(struct thread *td, int fd, off_t offset, int whence) 1852 { 1853 struct file *fp; 1854 cap_rights_t rights; 1855 int error; 1856 1857 AUDIT_ARG_FD(fd); 1858 error = fget(td, fd, cap_rights_init(&rights, CAP_SEEK), &fp); 1859 if (error != 0) 1860 return (error); 1861 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ? 1862 fo_seek(fp, offset, whence, td) : ESPIPE; 1863 fdrop(fp, td); 1864 return (error); 1865 } 1866 1867 #if defined(COMPAT_43) 1868 /* 1869 * Reposition read/write file offset. 1870 */ 1871 #ifndef _SYS_SYSPROTO_H_ 1872 struct olseek_args { 1873 int fd; 1874 long offset; 1875 int whence; 1876 }; 1877 #endif 1878 int 1879 olseek(struct thread *td, struct olseek_args *uap) 1880 { 1881 1882 return (kern_lseek(td, uap->fd, uap->offset, uap->whence)); 1883 } 1884 #endif /* COMPAT_43 */ 1885 1886 #if defined(COMPAT_FREEBSD6) 1887 /* Version with the 'pad' argument */ 1888 int 1889 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap) 1890 { 1891 1892 return (kern_lseek(td, uap->fd, uap->offset, uap->whence)); 1893 } 1894 #endif 1895 1896 /* 1897 * Check access permissions using passed credentials. 1898 */ 1899 static int 1900 vn_access(struct vnode *vp, int user_flags, struct ucred *cred, 1901 struct thread *td) 1902 { 1903 accmode_t accmode; 1904 int error; 1905 1906 /* Flags == 0 means only check for existence. */ 1907 if (user_flags == 0) 1908 return (0); 1909 1910 accmode = 0; 1911 if (user_flags & R_OK) 1912 accmode |= VREAD; 1913 if (user_flags & W_OK) 1914 accmode |= VWRITE; 1915 if (user_flags & X_OK) 1916 accmode |= VEXEC; 1917 #ifdef MAC 1918 error = mac_vnode_check_access(cred, vp, accmode); 1919 if (error != 0) 1920 return (error); 1921 #endif 1922 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0) 1923 error = VOP_ACCESS(vp, accmode, cred, td); 1924 return (error); 1925 } 1926 1927 /* 1928 * Check access permissions using "real" credentials. 1929 */ 1930 #ifndef _SYS_SYSPROTO_H_ 1931 struct access_args { 1932 char *path; 1933 int amode; 1934 }; 1935 #endif 1936 int 1937 sys_access(struct thread *td, struct access_args *uap) 1938 { 1939 1940 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 1941 0, uap->amode)); 1942 } 1943 1944 #ifndef _SYS_SYSPROTO_H_ 1945 struct faccessat_args { 1946 int dirfd; 1947 char *path; 1948 int amode; 1949 int flag; 1950 } 1951 #endif 1952 int 1953 sys_faccessat(struct thread *td, struct faccessat_args *uap) 1954 { 1955 1956 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag, 1957 uap->amode)); 1958 } 1959 1960 int 1961 kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 1962 int flag, int amode) 1963 { 1964 struct ucred *cred, *usecred; 1965 struct vnode *vp; 1966 struct nameidata nd; 1967 cap_rights_t rights; 1968 int error; 1969 1970 if (flag & ~AT_EACCESS) 1971 return (EINVAL); 1972 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0) 1973 return (EINVAL); 1974 1975 /* 1976 * Create and modify a temporary credential instead of one that 1977 * is potentially shared (if we need one). 1978 */ 1979 cred = td->td_ucred; 1980 if ((flag & AT_EACCESS) == 0 && 1981 ((cred->cr_uid != cred->cr_ruid || 1982 cred->cr_rgid != cred->cr_groups[0]))) { 1983 usecred = crdup(cred); 1984 usecred->cr_uid = cred->cr_ruid; 1985 usecred->cr_groups[0] = cred->cr_rgid; 1986 td->td_ucred = usecred; 1987 } else 1988 usecred = cred; 1989 AUDIT_ARG_VALUE(amode); 1990 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | 1991 AUDITVNODE1, pathseg, path, fd, cap_rights_init(&rights, CAP_FSTAT), 1992 td); 1993 if ((error = namei(&nd)) != 0) 1994 goto out; 1995 vp = nd.ni_vp; 1996 1997 error = vn_access(vp, amode, usecred, td); 1998 NDFREE(&nd, NDF_ONLY_PNBUF); 1999 vput(vp); 2000 out: 2001 if (usecred != cred) { 2002 td->td_ucred = cred; 2003 crfree(usecred); 2004 } 2005 return (error); 2006 } 2007 2008 /* 2009 * Check access permissions using "effective" credentials. 2010 */ 2011 #ifndef _SYS_SYSPROTO_H_ 2012 struct eaccess_args { 2013 char *path; 2014 int amode; 2015 }; 2016 #endif 2017 int 2018 sys_eaccess(struct thread *td, struct eaccess_args *uap) 2019 { 2020 2021 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2022 AT_EACCESS, uap->amode)); 2023 } 2024 2025 #if defined(COMPAT_43) 2026 /* 2027 * Get file status; this version follows links. 2028 */ 2029 #ifndef _SYS_SYSPROTO_H_ 2030 struct ostat_args { 2031 char *path; 2032 struct ostat *ub; 2033 }; 2034 #endif 2035 int 2036 ostat(struct thread *td, struct ostat_args *uap) 2037 { 2038 struct stat sb; 2039 struct ostat osb; 2040 int error; 2041 2042 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, 2043 &sb, NULL); 2044 if (error != 0) 2045 return (error); 2046 cvtstat(&sb, &osb); 2047 return (copyout(&osb, uap->ub, sizeof (osb))); 2048 } 2049 2050 /* 2051 * Get file status; this version does not follow links. 2052 */ 2053 #ifndef _SYS_SYSPROTO_H_ 2054 struct olstat_args { 2055 char *path; 2056 struct ostat *ub; 2057 }; 2058 #endif 2059 int 2060 olstat(struct thread *td, struct olstat_args *uap) 2061 { 2062 struct stat sb; 2063 struct ostat osb; 2064 int error; 2065 2066 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path, 2067 UIO_USERSPACE, &sb, NULL); 2068 if (error != 0) 2069 return (error); 2070 cvtstat(&sb, &osb); 2071 return (copyout(&osb, uap->ub, sizeof (osb))); 2072 } 2073 2074 /* 2075 * Convert from an old to a new stat structure. 2076 */ 2077 void 2078 cvtstat(struct stat *st, struct ostat *ost) 2079 { 2080 2081 bzero(ost, sizeof(*ost)); 2082 ost->st_dev = st->st_dev; 2083 ost->st_ino = st->st_ino; 2084 ost->st_mode = st->st_mode; 2085 ost->st_nlink = st->st_nlink; 2086 ost->st_uid = st->st_uid; 2087 ost->st_gid = st->st_gid; 2088 ost->st_rdev = st->st_rdev; 2089 if (st->st_size < (quad_t)1 << 32) 2090 ost->st_size = st->st_size; 2091 else 2092 ost->st_size = -2; 2093 ost->st_atim = st->st_atim; 2094 ost->st_mtim = st->st_mtim; 2095 ost->st_ctim = st->st_ctim; 2096 ost->st_blksize = st->st_blksize; 2097 ost->st_blocks = st->st_blocks; 2098 ost->st_flags = st->st_flags; 2099 ost->st_gen = st->st_gen; 2100 } 2101 #endif /* COMPAT_43 */ 2102 2103 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11) 2104 int ino64_trunc_error; 2105 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW, 2106 &ino64_trunc_error, 0, 2107 "Error on truncation of inode number, device id or link count"); 2108 int 2109 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost) 2110 { 2111 2112 ost->st_dev = st->st_dev; 2113 ost->st_ino = st->st_ino; 2114 if (ost->st_ino != st->st_ino) { 2115 switch (ino64_trunc_error) { 2116 default: 2117 case 0: 2118 break; 2119 case 1: 2120 return (EOVERFLOW); 2121 case 2: 2122 ost->st_ino = UINT32_MAX; 2123 break; 2124 } 2125 } 2126 ost->st_mode = st->st_mode; 2127 ost->st_nlink = st->st_nlink; 2128 if (ost->st_nlink != st->st_nlink) { 2129 switch (ino64_trunc_error) { 2130 default: 2131 case 0: 2132 break; 2133 case 1: 2134 return (EOVERFLOW); 2135 case 2: 2136 ost->st_nlink = UINT16_MAX; 2137 break; 2138 } 2139 } 2140 ost->st_uid = st->st_uid; 2141 ost->st_gid = st->st_gid; 2142 ost->st_rdev = st->st_rdev; 2143 ost->st_atim = st->st_atim; 2144 ost->st_mtim = st->st_mtim; 2145 ost->st_ctim = st->st_ctim; 2146 ost->st_size = st->st_size; 2147 ost->st_blocks = st->st_blocks; 2148 ost->st_blksize = st->st_blksize; 2149 ost->st_flags = st->st_flags; 2150 ost->st_gen = st->st_gen; 2151 ost->st_lspare = 0; 2152 ost->st_birthtim = st->st_birthtim; 2153 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim), 2154 sizeof(*ost) - offsetof(struct freebsd11_stat, 2155 st_birthtim) - sizeof(ost->st_birthtim)); 2156 return (0); 2157 } 2158 2159 int 2160 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap) 2161 { 2162 struct stat sb; 2163 struct freebsd11_stat osb; 2164 int error; 2165 2166 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, 2167 &sb, NULL); 2168 if (error != 0) 2169 return (error); 2170 error = freebsd11_cvtstat(&sb, &osb); 2171 if (error == 0) 2172 error = copyout(&osb, uap->ub, sizeof(osb)); 2173 return (error); 2174 } 2175 2176 int 2177 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap) 2178 { 2179 struct stat sb; 2180 struct freebsd11_stat osb; 2181 int error; 2182 2183 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path, 2184 UIO_USERSPACE, &sb, NULL); 2185 if (error != 0) 2186 return (error); 2187 error = freebsd11_cvtstat(&sb, &osb); 2188 if (error == 0) 2189 error = copyout(&osb, uap->ub, sizeof(osb)); 2190 return (error); 2191 } 2192 2193 int 2194 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap) 2195 { 2196 struct fhandle fh; 2197 struct stat sb; 2198 struct freebsd11_stat osb; 2199 int error; 2200 2201 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 2202 if (error != 0) 2203 return (error); 2204 error = kern_fhstat(td, fh, &sb); 2205 if (error != 0) 2206 return (error); 2207 error = freebsd11_cvtstat(&sb, &osb); 2208 if (error == 0) 2209 error = copyout(&osb, uap->sb, sizeof(osb)); 2210 return (error); 2211 } 2212 2213 int 2214 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap) 2215 { 2216 struct stat sb; 2217 struct freebsd11_stat osb; 2218 int error; 2219 2220 error = kern_statat(td, uap->flag, uap->fd, uap->path, 2221 UIO_USERSPACE, &sb, NULL); 2222 if (error != 0) 2223 return (error); 2224 error = freebsd11_cvtstat(&sb, &osb); 2225 if (error == 0) 2226 error = copyout(&osb, uap->buf, sizeof(osb)); 2227 return (error); 2228 } 2229 #endif /* COMPAT_FREEBSD11 */ 2230 2231 /* 2232 * Get file status 2233 */ 2234 #ifndef _SYS_SYSPROTO_H_ 2235 struct fstatat_args { 2236 int fd; 2237 char *path; 2238 struct stat *buf; 2239 int flag; 2240 } 2241 #endif 2242 int 2243 sys_fstatat(struct thread *td, struct fstatat_args *uap) 2244 { 2245 struct stat sb; 2246 int error; 2247 2248 error = kern_statat(td, uap->flag, uap->fd, uap->path, 2249 UIO_USERSPACE, &sb, NULL); 2250 if (error == 0) 2251 error = copyout(&sb, uap->buf, sizeof (sb)); 2252 return (error); 2253 } 2254 2255 int 2256 kern_statat(struct thread *td, int flag, int fd, char *path, 2257 enum uio_seg pathseg, struct stat *sbp, 2258 void (*hook)(struct vnode *vp, struct stat *sbp)) 2259 { 2260 struct nameidata nd; 2261 struct stat sb; 2262 int error; 2263 2264 if (flag & ~AT_SYMLINK_NOFOLLOW) 2265 return (EINVAL); 2266 2267 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : 2268 FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd, 2269 &cap_fstat_rights, td); 2270 2271 if ((error = namei(&nd)) != 0) 2272 return (error); 2273 error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td); 2274 if (error == 0) { 2275 SDT_PROBE2(vfs, , stat, mode, path, sb.st_mode); 2276 if (S_ISREG(sb.st_mode)) 2277 SDT_PROBE2(vfs, , stat, reg, path, pathseg); 2278 if (__predict_false(hook != NULL)) 2279 hook(nd.ni_vp, &sb); 2280 } 2281 NDFREE(&nd, NDF_ONLY_PNBUF); 2282 vput(nd.ni_vp); 2283 if (error != 0) 2284 return (error); 2285 #ifdef __STAT_TIME_T_EXT 2286 sb.st_atim_ext = 0; 2287 sb.st_mtim_ext = 0; 2288 sb.st_ctim_ext = 0; 2289 sb.st_btim_ext = 0; 2290 #endif 2291 *sbp = sb; 2292 #ifdef KTRACE 2293 if (KTRPOINT(td, KTR_STRUCT)) 2294 ktrstat(&sb); 2295 #endif 2296 return (0); 2297 } 2298 2299 #if defined(COMPAT_FREEBSD11) 2300 /* 2301 * Implementation of the NetBSD [l]stat() functions. 2302 */ 2303 void 2304 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb) 2305 { 2306 2307 bzero(nsb, sizeof(*nsb)); 2308 nsb->st_dev = sb->st_dev; 2309 nsb->st_ino = sb->st_ino; 2310 nsb->st_mode = sb->st_mode; 2311 nsb->st_nlink = sb->st_nlink; 2312 nsb->st_uid = sb->st_uid; 2313 nsb->st_gid = sb->st_gid; 2314 nsb->st_rdev = sb->st_rdev; 2315 nsb->st_atim = sb->st_atim; 2316 nsb->st_mtim = sb->st_mtim; 2317 nsb->st_ctim = sb->st_ctim; 2318 nsb->st_size = sb->st_size; 2319 nsb->st_blocks = sb->st_blocks; 2320 nsb->st_blksize = sb->st_blksize; 2321 nsb->st_flags = sb->st_flags; 2322 nsb->st_gen = sb->st_gen; 2323 nsb->st_birthtim = sb->st_birthtim; 2324 } 2325 2326 #ifndef _SYS_SYSPROTO_H_ 2327 struct freebsd11_nstat_args { 2328 char *path; 2329 struct nstat *ub; 2330 }; 2331 #endif 2332 int 2333 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap) 2334 { 2335 struct stat sb; 2336 struct nstat nsb; 2337 int error; 2338 2339 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, 2340 &sb, NULL); 2341 if (error != 0) 2342 return (error); 2343 freebsd11_cvtnstat(&sb, &nsb); 2344 return (copyout(&nsb, uap->ub, sizeof (nsb))); 2345 } 2346 2347 /* 2348 * NetBSD lstat. Get file status; this version does not follow links. 2349 */ 2350 #ifndef _SYS_SYSPROTO_H_ 2351 struct freebsd11_nlstat_args { 2352 char *path; 2353 struct nstat *ub; 2354 }; 2355 #endif 2356 int 2357 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap) 2358 { 2359 struct stat sb; 2360 struct nstat nsb; 2361 int error; 2362 2363 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path, 2364 UIO_USERSPACE, &sb, NULL); 2365 if (error != 0) 2366 return (error); 2367 freebsd11_cvtnstat(&sb, &nsb); 2368 return (copyout(&nsb, uap->ub, sizeof (nsb))); 2369 } 2370 #endif /* COMPAT_FREEBSD11 */ 2371 2372 /* 2373 * Get configurable pathname variables. 2374 */ 2375 #ifndef _SYS_SYSPROTO_H_ 2376 struct pathconf_args { 2377 char *path; 2378 int name; 2379 }; 2380 #endif 2381 int 2382 sys_pathconf(struct thread *td, struct pathconf_args *uap) 2383 { 2384 long value; 2385 int error; 2386 2387 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW, 2388 &value); 2389 if (error == 0) 2390 td->td_retval[0] = value; 2391 return (error); 2392 } 2393 2394 #ifndef _SYS_SYSPROTO_H_ 2395 struct lpathconf_args { 2396 char *path; 2397 int name; 2398 }; 2399 #endif 2400 int 2401 sys_lpathconf(struct thread *td, struct lpathconf_args *uap) 2402 { 2403 long value; 2404 int error; 2405 2406 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, 2407 NOFOLLOW, &value); 2408 if (error == 0) 2409 td->td_retval[0] = value; 2410 return (error); 2411 } 2412 2413 int 2414 kern_pathconf(struct thread *td, char *path, enum uio_seg pathseg, int name, 2415 u_long flags, long *valuep) 2416 { 2417 struct nameidata nd; 2418 int error; 2419 2420 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags, 2421 pathseg, path, td); 2422 if ((error = namei(&nd)) != 0) 2423 return (error); 2424 NDFREE(&nd, NDF_ONLY_PNBUF); 2425 2426 error = VOP_PATHCONF(nd.ni_vp, name, valuep); 2427 vput(nd.ni_vp); 2428 return (error); 2429 } 2430 2431 /* 2432 * Return target name of a symbolic link. 2433 */ 2434 #ifndef _SYS_SYSPROTO_H_ 2435 struct readlink_args { 2436 char *path; 2437 char *buf; 2438 size_t count; 2439 }; 2440 #endif 2441 int 2442 sys_readlink(struct thread *td, struct readlink_args *uap) 2443 { 2444 2445 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2446 uap->buf, UIO_USERSPACE, uap->count)); 2447 } 2448 #ifndef _SYS_SYSPROTO_H_ 2449 struct readlinkat_args { 2450 int fd; 2451 char *path; 2452 char *buf; 2453 size_t bufsize; 2454 }; 2455 #endif 2456 int 2457 sys_readlinkat(struct thread *td, struct readlinkat_args *uap) 2458 { 2459 2460 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE, 2461 uap->buf, UIO_USERSPACE, uap->bufsize)); 2462 } 2463 2464 int 2465 kern_readlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 2466 char *buf, enum uio_seg bufseg, size_t count) 2467 { 2468 struct vnode *vp; 2469 struct iovec aiov; 2470 struct uio auio; 2471 struct nameidata nd; 2472 int error; 2473 2474 if (count > IOSIZE_MAX) 2475 return (EINVAL); 2476 2477 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, 2478 pathseg, path, fd, td); 2479 2480 if ((error = namei(&nd)) != 0) 2481 return (error); 2482 NDFREE(&nd, NDF_ONLY_PNBUF); 2483 vp = nd.ni_vp; 2484 #ifdef MAC 2485 error = mac_vnode_check_readlink(td->td_ucred, vp); 2486 if (error != 0) { 2487 vput(vp); 2488 return (error); 2489 } 2490 #endif 2491 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0) 2492 error = EINVAL; 2493 else { 2494 aiov.iov_base = buf; 2495 aiov.iov_len = count; 2496 auio.uio_iov = &aiov; 2497 auio.uio_iovcnt = 1; 2498 auio.uio_offset = 0; 2499 auio.uio_rw = UIO_READ; 2500 auio.uio_segflg = bufseg; 2501 auio.uio_td = td; 2502 auio.uio_resid = count; 2503 error = VOP_READLINK(vp, &auio, td->td_ucred); 2504 td->td_retval[0] = count - auio.uio_resid; 2505 } 2506 vput(vp); 2507 return (error); 2508 } 2509 2510 /* 2511 * Common implementation code for chflags() and fchflags(). 2512 */ 2513 static int 2514 setfflags(struct thread *td, struct vnode *vp, u_long flags) 2515 { 2516 struct mount *mp; 2517 struct vattr vattr; 2518 int error; 2519 2520 /* We can't support the value matching VNOVAL. */ 2521 if (flags == VNOVAL) 2522 return (EOPNOTSUPP); 2523 2524 /* 2525 * Prevent non-root users from setting flags on devices. When 2526 * a device is reused, users can retain ownership of the device 2527 * if they are allowed to set flags and programs assume that 2528 * chown can't fail when done as root. 2529 */ 2530 if (vp->v_type == VCHR || vp->v_type == VBLK) { 2531 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV); 2532 if (error != 0) 2533 return (error); 2534 } 2535 2536 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 2537 return (error); 2538 VATTR_NULL(&vattr); 2539 vattr.va_flags = flags; 2540 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 2541 #ifdef MAC 2542 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags); 2543 if (error == 0) 2544 #endif 2545 error = VOP_SETATTR(vp, &vattr, td->td_ucred); 2546 VOP_UNLOCK(vp, 0); 2547 vn_finished_write(mp); 2548 return (error); 2549 } 2550 2551 /* 2552 * Change flags of a file given a path name. 2553 */ 2554 #ifndef _SYS_SYSPROTO_H_ 2555 struct chflags_args { 2556 const char *path; 2557 u_long flags; 2558 }; 2559 #endif 2560 int 2561 sys_chflags(struct thread *td, struct chflags_args *uap) 2562 { 2563 2564 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2565 uap->flags, 0)); 2566 } 2567 2568 #ifndef _SYS_SYSPROTO_H_ 2569 struct chflagsat_args { 2570 int fd; 2571 const char *path; 2572 u_long flags; 2573 int atflag; 2574 } 2575 #endif 2576 int 2577 sys_chflagsat(struct thread *td, struct chflagsat_args *uap) 2578 { 2579 int fd = uap->fd; 2580 const char *path = uap->path; 2581 u_long flags = uap->flags; 2582 int atflag = uap->atflag; 2583 2584 if (atflag & ~AT_SYMLINK_NOFOLLOW) 2585 return (EINVAL); 2586 2587 return (kern_chflagsat(td, fd, path, UIO_USERSPACE, flags, atflag)); 2588 } 2589 2590 /* 2591 * Same as chflags() but doesn't follow symlinks. 2592 */ 2593 #ifndef _SYS_SYSPROTO_H_ 2594 struct lchflags_args { 2595 const char *path; 2596 u_long flags; 2597 }; 2598 #endif 2599 int 2600 sys_lchflags(struct thread *td, struct lchflags_args *uap) 2601 { 2602 2603 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2604 uap->flags, AT_SYMLINK_NOFOLLOW)); 2605 } 2606 2607 static int 2608 kern_chflagsat(struct thread *td, int fd, const char *path, 2609 enum uio_seg pathseg, u_long flags, int atflag) 2610 { 2611 struct nameidata nd; 2612 cap_rights_t rights; 2613 int error, follow; 2614 2615 AUDIT_ARG_FFLAGS(flags); 2616 follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; 2617 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, 2618 cap_rights_init(&rights, CAP_FCHFLAGS), td); 2619 if ((error = namei(&nd)) != 0) 2620 return (error); 2621 NDFREE(&nd, NDF_ONLY_PNBUF); 2622 error = setfflags(td, nd.ni_vp, flags); 2623 vrele(nd.ni_vp); 2624 return (error); 2625 } 2626 2627 /* 2628 * Change flags of a file given a file descriptor. 2629 */ 2630 #ifndef _SYS_SYSPROTO_H_ 2631 struct fchflags_args { 2632 int fd; 2633 u_long flags; 2634 }; 2635 #endif 2636 int 2637 sys_fchflags(struct thread *td, struct fchflags_args *uap) 2638 { 2639 struct file *fp; 2640 cap_rights_t rights; 2641 int error; 2642 2643 AUDIT_ARG_FD(uap->fd); 2644 AUDIT_ARG_FFLAGS(uap->flags); 2645 error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_FCHFLAGS), 2646 &fp); 2647 if (error != 0) 2648 return (error); 2649 #ifdef AUDIT 2650 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY); 2651 AUDIT_ARG_VNODE1(fp->f_vnode); 2652 VOP_UNLOCK(fp->f_vnode, 0); 2653 #endif 2654 error = setfflags(td, fp->f_vnode, uap->flags); 2655 fdrop(fp, td); 2656 return (error); 2657 } 2658 2659 /* 2660 * Common implementation code for chmod(), lchmod() and fchmod(). 2661 */ 2662 int 2663 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode) 2664 { 2665 struct mount *mp; 2666 struct vattr vattr; 2667 int error; 2668 2669 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 2670 return (error); 2671 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 2672 VATTR_NULL(&vattr); 2673 vattr.va_mode = mode & ALLPERMS; 2674 #ifdef MAC 2675 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode); 2676 if (error == 0) 2677 #endif 2678 error = VOP_SETATTR(vp, &vattr, cred); 2679 VOP_UNLOCK(vp, 0); 2680 vn_finished_write(mp); 2681 return (error); 2682 } 2683 2684 /* 2685 * Change mode of a file given path name. 2686 */ 2687 #ifndef _SYS_SYSPROTO_H_ 2688 struct chmod_args { 2689 char *path; 2690 int mode; 2691 }; 2692 #endif 2693 int 2694 sys_chmod(struct thread *td, struct chmod_args *uap) 2695 { 2696 2697 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2698 uap->mode, 0)); 2699 } 2700 2701 #ifndef _SYS_SYSPROTO_H_ 2702 struct fchmodat_args { 2703 int dirfd; 2704 char *path; 2705 mode_t mode; 2706 int flag; 2707 } 2708 #endif 2709 int 2710 sys_fchmodat(struct thread *td, struct fchmodat_args *uap) 2711 { 2712 int flag = uap->flag; 2713 int fd = uap->fd; 2714 char *path = uap->path; 2715 mode_t mode = uap->mode; 2716 2717 if (flag & ~AT_SYMLINK_NOFOLLOW) 2718 return (EINVAL); 2719 2720 return (kern_fchmodat(td, fd, path, UIO_USERSPACE, mode, flag)); 2721 } 2722 2723 /* 2724 * Change mode of a file given path name (don't follow links.) 2725 */ 2726 #ifndef _SYS_SYSPROTO_H_ 2727 struct lchmod_args { 2728 char *path; 2729 int mode; 2730 }; 2731 #endif 2732 int 2733 sys_lchmod(struct thread *td, struct lchmod_args *uap) 2734 { 2735 2736 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2737 uap->mode, AT_SYMLINK_NOFOLLOW)); 2738 } 2739 2740 int 2741 kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 2742 mode_t mode, int flag) 2743 { 2744 struct nameidata nd; 2745 cap_rights_t rights; 2746 int error, follow; 2747 2748 AUDIT_ARG_MODE(mode); 2749 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; 2750 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, 2751 cap_rights_init(&rights, CAP_FCHMOD), td); 2752 if ((error = namei(&nd)) != 0) 2753 return (error); 2754 NDFREE(&nd, NDF_ONLY_PNBUF); 2755 error = setfmode(td, td->td_ucred, nd.ni_vp, mode); 2756 vrele(nd.ni_vp); 2757 return (error); 2758 } 2759 2760 /* 2761 * Change mode of a file given a file descriptor. 2762 */ 2763 #ifndef _SYS_SYSPROTO_H_ 2764 struct fchmod_args { 2765 int fd; 2766 int mode; 2767 }; 2768 #endif 2769 int 2770 sys_fchmod(struct thread *td, struct fchmod_args *uap) 2771 { 2772 struct file *fp; 2773 cap_rights_t rights; 2774 int error; 2775 2776 AUDIT_ARG_FD(uap->fd); 2777 AUDIT_ARG_MODE(uap->mode); 2778 2779 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHMOD), &fp); 2780 if (error != 0) 2781 return (error); 2782 error = fo_chmod(fp, uap->mode, td->td_ucred, td); 2783 fdrop(fp, td); 2784 return (error); 2785 } 2786 2787 /* 2788 * Common implementation for chown(), lchown(), and fchown() 2789 */ 2790 int 2791 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid, 2792 gid_t gid) 2793 { 2794 struct mount *mp; 2795 struct vattr vattr; 2796 int error; 2797 2798 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 2799 return (error); 2800 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 2801 VATTR_NULL(&vattr); 2802 vattr.va_uid = uid; 2803 vattr.va_gid = gid; 2804 #ifdef MAC 2805 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid, 2806 vattr.va_gid); 2807 if (error == 0) 2808 #endif 2809 error = VOP_SETATTR(vp, &vattr, cred); 2810 VOP_UNLOCK(vp, 0); 2811 vn_finished_write(mp); 2812 return (error); 2813 } 2814 2815 /* 2816 * Set ownership given a path name. 2817 */ 2818 #ifndef _SYS_SYSPROTO_H_ 2819 struct chown_args { 2820 char *path; 2821 int uid; 2822 int gid; 2823 }; 2824 #endif 2825 int 2826 sys_chown(struct thread *td, struct chown_args *uap) 2827 { 2828 2829 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid, 2830 uap->gid, 0)); 2831 } 2832 2833 #ifndef _SYS_SYSPROTO_H_ 2834 struct fchownat_args { 2835 int fd; 2836 const char * path; 2837 uid_t uid; 2838 gid_t gid; 2839 int flag; 2840 }; 2841 #endif 2842 int 2843 sys_fchownat(struct thread *td, struct fchownat_args *uap) 2844 { 2845 int flag; 2846 2847 flag = uap->flag; 2848 if (flag & ~AT_SYMLINK_NOFOLLOW) 2849 return (EINVAL); 2850 2851 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid, 2852 uap->gid, uap->flag)); 2853 } 2854 2855 int 2856 kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 2857 int uid, int gid, int flag) 2858 { 2859 struct nameidata nd; 2860 cap_rights_t rights; 2861 int error, follow; 2862 2863 AUDIT_ARG_OWNER(uid, gid); 2864 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; 2865 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd, 2866 cap_rights_init(&rights, CAP_FCHOWN), td); 2867 2868 if ((error = namei(&nd)) != 0) 2869 return (error); 2870 NDFREE(&nd, NDF_ONLY_PNBUF); 2871 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid); 2872 vrele(nd.ni_vp); 2873 return (error); 2874 } 2875 2876 /* 2877 * Set ownership given a path name, do not cross symlinks. 2878 */ 2879 #ifndef _SYS_SYSPROTO_H_ 2880 struct lchown_args { 2881 char *path; 2882 int uid; 2883 int gid; 2884 }; 2885 #endif 2886 int 2887 sys_lchown(struct thread *td, struct lchown_args *uap) 2888 { 2889 2890 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 2891 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW)); 2892 } 2893 2894 /* 2895 * Set ownership given a file descriptor. 2896 */ 2897 #ifndef _SYS_SYSPROTO_H_ 2898 struct fchown_args { 2899 int fd; 2900 int uid; 2901 int gid; 2902 }; 2903 #endif 2904 int 2905 sys_fchown(struct thread *td, struct fchown_args *uap) 2906 { 2907 struct file *fp; 2908 cap_rights_t rights; 2909 int error; 2910 2911 AUDIT_ARG_FD(uap->fd); 2912 AUDIT_ARG_OWNER(uap->uid, uap->gid); 2913 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FCHOWN), &fp); 2914 if (error != 0) 2915 return (error); 2916 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td); 2917 fdrop(fp, td); 2918 return (error); 2919 } 2920 2921 /* 2922 * Common implementation code for utimes(), lutimes(), and futimes(). 2923 */ 2924 static int 2925 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg, 2926 struct timespec *tsp) 2927 { 2928 struct timeval tv[2]; 2929 const struct timeval *tvp; 2930 int error; 2931 2932 if (usrtvp == NULL) { 2933 vfs_timestamp(&tsp[0]); 2934 tsp[1] = tsp[0]; 2935 } else { 2936 if (tvpseg == UIO_SYSSPACE) { 2937 tvp = usrtvp; 2938 } else { 2939 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0) 2940 return (error); 2941 tvp = tv; 2942 } 2943 2944 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 || 2945 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000) 2946 return (EINVAL); 2947 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]); 2948 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]); 2949 } 2950 return (0); 2951 } 2952 2953 /* 2954 * Common implementation code for futimens(), utimensat(). 2955 */ 2956 #define UTIMENS_NULL 0x1 2957 #define UTIMENS_EXIT 0x2 2958 static int 2959 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg, 2960 struct timespec *tsp, int *retflags) 2961 { 2962 struct timespec tsnow; 2963 int error; 2964 2965 vfs_timestamp(&tsnow); 2966 *retflags = 0; 2967 if (usrtsp == NULL) { 2968 tsp[0] = tsnow; 2969 tsp[1] = tsnow; 2970 *retflags |= UTIMENS_NULL; 2971 return (0); 2972 } 2973 if (tspseg == UIO_SYSSPACE) { 2974 tsp[0] = usrtsp[0]; 2975 tsp[1] = usrtsp[1]; 2976 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0) 2977 return (error); 2978 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT) 2979 *retflags |= UTIMENS_EXIT; 2980 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW) 2981 *retflags |= UTIMENS_NULL; 2982 if (tsp[0].tv_nsec == UTIME_OMIT) 2983 tsp[0].tv_sec = VNOVAL; 2984 else if (tsp[0].tv_nsec == UTIME_NOW) 2985 tsp[0] = tsnow; 2986 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L) 2987 return (EINVAL); 2988 if (tsp[1].tv_nsec == UTIME_OMIT) 2989 tsp[1].tv_sec = VNOVAL; 2990 else if (tsp[1].tv_nsec == UTIME_NOW) 2991 tsp[1] = tsnow; 2992 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L) 2993 return (EINVAL); 2994 2995 return (0); 2996 } 2997 2998 /* 2999 * Common implementation code for utimes(), lutimes(), futimes(), futimens(), 3000 * and utimensat(). 3001 */ 3002 static int 3003 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts, 3004 int numtimes, int nullflag) 3005 { 3006 struct mount *mp; 3007 struct vattr vattr; 3008 int error, setbirthtime; 3009 3010 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) 3011 return (error); 3012 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 3013 setbirthtime = 0; 3014 if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) && 3015 timespeccmp(&ts[1], &vattr.va_birthtime, < )) 3016 setbirthtime = 1; 3017 VATTR_NULL(&vattr); 3018 vattr.va_atime = ts[0]; 3019 vattr.va_mtime = ts[1]; 3020 if (setbirthtime) 3021 vattr.va_birthtime = ts[1]; 3022 if (numtimes > 2) 3023 vattr.va_birthtime = ts[2]; 3024 if (nullflag) 3025 vattr.va_vaflags |= VA_UTIMES_NULL; 3026 #ifdef MAC 3027 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime, 3028 vattr.va_mtime); 3029 #endif 3030 if (error == 0) 3031 error = VOP_SETATTR(vp, &vattr, td->td_ucred); 3032 VOP_UNLOCK(vp, 0); 3033 vn_finished_write(mp); 3034 return (error); 3035 } 3036 3037 /* 3038 * Set the access and modification times of a file. 3039 */ 3040 #ifndef _SYS_SYSPROTO_H_ 3041 struct utimes_args { 3042 char *path; 3043 struct timeval *tptr; 3044 }; 3045 #endif 3046 int 3047 sys_utimes(struct thread *td, struct utimes_args *uap) 3048 { 3049 3050 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 3051 uap->tptr, UIO_USERSPACE)); 3052 } 3053 3054 #ifndef _SYS_SYSPROTO_H_ 3055 struct futimesat_args { 3056 int fd; 3057 const char * path; 3058 const struct timeval * times; 3059 }; 3060 #endif 3061 int 3062 sys_futimesat(struct thread *td, struct futimesat_args *uap) 3063 { 3064 3065 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE, 3066 uap->times, UIO_USERSPACE)); 3067 } 3068 3069 int 3070 kern_utimesat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 3071 struct timeval *tptr, enum uio_seg tptrseg) 3072 { 3073 struct nameidata nd; 3074 struct timespec ts[2]; 3075 cap_rights_t rights; 3076 int error; 3077 3078 if ((error = getutimes(tptr, tptrseg, ts)) != 0) 3079 return (error); 3080 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd, 3081 cap_rights_init(&rights, CAP_FUTIMES), td); 3082 3083 if ((error = namei(&nd)) != 0) 3084 return (error); 3085 NDFREE(&nd, NDF_ONLY_PNBUF); 3086 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL); 3087 vrele(nd.ni_vp); 3088 return (error); 3089 } 3090 3091 /* 3092 * Set the access and modification times of a file. 3093 */ 3094 #ifndef _SYS_SYSPROTO_H_ 3095 struct lutimes_args { 3096 char *path; 3097 struct timeval *tptr; 3098 }; 3099 #endif 3100 int 3101 sys_lutimes(struct thread *td, struct lutimes_args *uap) 3102 { 3103 3104 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr, 3105 UIO_USERSPACE)); 3106 } 3107 3108 int 3109 kern_lutimes(struct thread *td, char *path, enum uio_seg pathseg, 3110 struct timeval *tptr, enum uio_seg tptrseg) 3111 { 3112 struct timespec ts[2]; 3113 struct nameidata nd; 3114 int error; 3115 3116 if ((error = getutimes(tptr, tptrseg, ts)) != 0) 3117 return (error); 3118 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td); 3119 if ((error = namei(&nd)) != 0) 3120 return (error); 3121 NDFREE(&nd, NDF_ONLY_PNBUF); 3122 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL); 3123 vrele(nd.ni_vp); 3124 return (error); 3125 } 3126 3127 /* 3128 * Set the access and modification times of a file. 3129 */ 3130 #ifndef _SYS_SYSPROTO_H_ 3131 struct futimes_args { 3132 int fd; 3133 struct timeval *tptr; 3134 }; 3135 #endif 3136 int 3137 sys_futimes(struct thread *td, struct futimes_args *uap) 3138 { 3139 3140 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE)); 3141 } 3142 3143 int 3144 kern_futimes(struct thread *td, int fd, struct timeval *tptr, 3145 enum uio_seg tptrseg) 3146 { 3147 struct timespec ts[2]; 3148 struct file *fp; 3149 cap_rights_t rights; 3150 int error; 3151 3152 AUDIT_ARG_FD(fd); 3153 error = getutimes(tptr, tptrseg, ts); 3154 if (error != 0) 3155 return (error); 3156 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp); 3157 if (error != 0) 3158 return (error); 3159 #ifdef AUDIT 3160 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY); 3161 AUDIT_ARG_VNODE1(fp->f_vnode); 3162 VOP_UNLOCK(fp->f_vnode, 0); 3163 #endif 3164 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL); 3165 fdrop(fp, td); 3166 return (error); 3167 } 3168 3169 int 3170 sys_futimens(struct thread *td, struct futimens_args *uap) 3171 { 3172 3173 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE)); 3174 } 3175 3176 int 3177 kern_futimens(struct thread *td, int fd, struct timespec *tptr, 3178 enum uio_seg tptrseg) 3179 { 3180 struct timespec ts[2]; 3181 struct file *fp; 3182 cap_rights_t rights; 3183 int error, flags; 3184 3185 AUDIT_ARG_FD(fd); 3186 error = getutimens(tptr, tptrseg, ts, &flags); 3187 if (error != 0) 3188 return (error); 3189 if (flags & UTIMENS_EXIT) 3190 return (0); 3191 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FUTIMES), &fp); 3192 if (error != 0) 3193 return (error); 3194 #ifdef AUDIT 3195 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY); 3196 AUDIT_ARG_VNODE1(fp->f_vnode); 3197 VOP_UNLOCK(fp->f_vnode, 0); 3198 #endif 3199 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL); 3200 fdrop(fp, td); 3201 return (error); 3202 } 3203 3204 int 3205 sys_utimensat(struct thread *td, struct utimensat_args *uap) 3206 { 3207 3208 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE, 3209 uap->times, UIO_USERSPACE, uap->flag)); 3210 } 3211 3212 int 3213 kern_utimensat(struct thread *td, int fd, char *path, enum uio_seg pathseg, 3214 struct timespec *tptr, enum uio_seg tptrseg, int flag) 3215 { 3216 struct nameidata nd; 3217 struct timespec ts[2]; 3218 cap_rights_t rights; 3219 int error, flags; 3220 3221 if (flag & ~AT_SYMLINK_NOFOLLOW) 3222 return (EINVAL); 3223 3224 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0) 3225 return (error); 3226 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : 3227 FOLLOW) | AUDITVNODE1, pathseg, path, fd, 3228 cap_rights_init(&rights, CAP_FUTIMES), td); 3229 if ((error = namei(&nd)) != 0) 3230 return (error); 3231 /* 3232 * We are allowed to call namei() regardless of 2xUTIME_OMIT. 3233 * POSIX states: 3234 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected." 3235 * "Search permission is denied by a component of the path prefix." 3236 */ 3237 NDFREE(&nd, NDF_ONLY_PNBUF); 3238 if ((flags & UTIMENS_EXIT) == 0) 3239 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL); 3240 vrele(nd.ni_vp); 3241 return (error); 3242 } 3243 3244 /* 3245 * Truncate a file given its path name. 3246 */ 3247 #ifndef _SYS_SYSPROTO_H_ 3248 struct truncate_args { 3249 char *path; 3250 int pad; 3251 off_t length; 3252 }; 3253 #endif 3254 int 3255 sys_truncate(struct thread *td, struct truncate_args *uap) 3256 { 3257 3258 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length)); 3259 } 3260 3261 int 3262 kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length) 3263 { 3264 struct mount *mp; 3265 struct vnode *vp; 3266 void *rl_cookie; 3267 struct vattr vattr; 3268 struct nameidata nd; 3269 int error; 3270 3271 if (length < 0) 3272 return(EINVAL); 3273 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td); 3274 if ((error = namei(&nd)) != 0) 3275 return (error); 3276 vp = nd.ni_vp; 3277 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX); 3278 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) { 3279 vn_rangelock_unlock(vp, rl_cookie); 3280 vrele(vp); 3281 return (error); 3282 } 3283 NDFREE(&nd, NDF_ONLY_PNBUF); 3284 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 3285 if (vp->v_type == VDIR) 3286 error = EISDIR; 3287 #ifdef MAC 3288 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) { 3289 } 3290 #endif 3291 else if ((error = vn_writechk(vp)) == 0 && 3292 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) { 3293 VATTR_NULL(&vattr); 3294 vattr.va_size = length; 3295 error = VOP_SETATTR(vp, &vattr, td->td_ucred); 3296 } 3297 VOP_UNLOCK(vp, 0); 3298 vn_finished_write(mp); 3299 vn_rangelock_unlock(vp, rl_cookie); 3300 vrele(vp); 3301 return (error); 3302 } 3303 3304 #if defined(COMPAT_43) 3305 /* 3306 * Truncate a file given its path name. 3307 */ 3308 #ifndef _SYS_SYSPROTO_H_ 3309 struct otruncate_args { 3310 char *path; 3311 long length; 3312 }; 3313 #endif 3314 int 3315 otruncate(struct thread *td, struct otruncate_args *uap) 3316 { 3317 3318 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length)); 3319 } 3320 #endif /* COMPAT_43 */ 3321 3322 #if defined(COMPAT_FREEBSD6) 3323 /* Versions with the pad argument */ 3324 int 3325 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap) 3326 { 3327 3328 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length)); 3329 } 3330 3331 int 3332 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap) 3333 { 3334 3335 return (kern_ftruncate(td, uap->fd, uap->length)); 3336 } 3337 #endif 3338 3339 int 3340 kern_fsync(struct thread *td, int fd, bool fullsync) 3341 { 3342 struct vnode *vp; 3343 struct mount *mp; 3344 struct file *fp; 3345 cap_rights_t rights; 3346 int error, lock_flags; 3347 3348 AUDIT_ARG_FD(fd); 3349 error = getvnode(td, fd, cap_rights_init(&rights, CAP_FSYNC), &fp); 3350 if (error != 0) 3351 return (error); 3352 vp = fp->f_vnode; 3353 #if 0 3354 if (!fullsync) 3355 /* XXXKIB: compete outstanding aio writes */; 3356 #endif 3357 error = vn_start_write(vp, &mp, V_WAIT | PCATCH); 3358 if (error != 0) 3359 goto drop; 3360 if (MNT_SHARED_WRITES(mp) || 3361 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) { 3362 lock_flags = LK_SHARED; 3363 } else { 3364 lock_flags = LK_EXCLUSIVE; 3365 } 3366 vn_lock(vp, lock_flags | LK_RETRY); 3367 AUDIT_ARG_VNODE1(vp); 3368 if (vp->v_object != NULL) { 3369 VM_OBJECT_WLOCK(vp->v_object); 3370 vm_object_page_clean(vp->v_object, 0, 0, 0); 3371 VM_OBJECT_WUNLOCK(vp->v_object); 3372 } 3373 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td); 3374 VOP_UNLOCK(vp, 0); 3375 vn_finished_write(mp); 3376 drop: 3377 fdrop(fp, td); 3378 return (error); 3379 } 3380 3381 /* 3382 * Sync an open file. 3383 */ 3384 #ifndef _SYS_SYSPROTO_H_ 3385 struct fsync_args { 3386 int fd; 3387 }; 3388 #endif 3389 int 3390 sys_fsync(struct thread *td, struct fsync_args *uap) 3391 { 3392 3393 return (kern_fsync(td, uap->fd, true)); 3394 } 3395 3396 int 3397 sys_fdatasync(struct thread *td, struct fdatasync_args *uap) 3398 { 3399 3400 return (kern_fsync(td, uap->fd, false)); 3401 } 3402 3403 /* 3404 * Rename files. Source and destination must either both be directories, or 3405 * both not be directories. If target is a directory, it must be empty. 3406 */ 3407 #ifndef _SYS_SYSPROTO_H_ 3408 struct rename_args { 3409 char *from; 3410 char *to; 3411 }; 3412 #endif 3413 int 3414 sys_rename(struct thread *td, struct rename_args *uap) 3415 { 3416 3417 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD, 3418 uap->to, UIO_USERSPACE)); 3419 } 3420 3421 #ifndef _SYS_SYSPROTO_H_ 3422 struct renameat_args { 3423 int oldfd; 3424 char *old; 3425 int newfd; 3426 char *new; 3427 }; 3428 #endif 3429 int 3430 sys_renameat(struct thread *td, struct renameat_args *uap) 3431 { 3432 3433 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new, 3434 UIO_USERSPACE)); 3435 } 3436 3437 int 3438 kern_renameat(struct thread *td, int oldfd, char *old, int newfd, char *new, 3439 enum uio_seg pathseg) 3440 { 3441 struct mount *mp = NULL; 3442 struct vnode *tvp, *fvp, *tdvp; 3443 struct nameidata fromnd, tond; 3444 cap_rights_t rights; 3445 int error; 3446 3447 again: 3448 bwillwrite(); 3449 #ifdef MAC 3450 NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | 3451 AUDITVNODE1, pathseg, old, oldfd, 3452 cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td); 3453 #else 3454 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1, 3455 pathseg, old, oldfd, 3456 cap_rights_init(&rights, CAP_RENAMEAT_SOURCE), td); 3457 #endif 3458 3459 if ((error = namei(&fromnd)) != 0) 3460 return (error); 3461 #ifdef MAC 3462 error = mac_vnode_check_rename_from(td->td_ucred, fromnd.ni_dvp, 3463 fromnd.ni_vp, &fromnd.ni_cnd); 3464 VOP_UNLOCK(fromnd.ni_dvp, 0); 3465 if (fromnd.ni_dvp != fromnd.ni_vp) 3466 VOP_UNLOCK(fromnd.ni_vp, 0); 3467 #endif 3468 fvp = fromnd.ni_vp; 3469 NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | 3470 SAVESTART | AUDITVNODE2, pathseg, new, newfd, 3471 cap_rights_init(&rights, CAP_RENAMEAT_TARGET), td); 3472 if (fromnd.ni_vp->v_type == VDIR) 3473 tond.ni_cnd.cn_flags |= WILLBEDIR; 3474 if ((error = namei(&tond)) != 0) { 3475 /* Translate error code for rename("dir1", "dir2/."). */ 3476 if (error == EISDIR && fvp->v_type == VDIR) 3477 error = EINVAL; 3478 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3479 vrele(fromnd.ni_dvp); 3480 vrele(fvp); 3481 goto out1; 3482 } 3483 tdvp = tond.ni_dvp; 3484 tvp = tond.ni_vp; 3485 error = vn_start_write(fvp, &mp, V_NOWAIT); 3486 if (error != 0) { 3487 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3488 NDFREE(&tond, NDF_ONLY_PNBUF); 3489 if (tvp != NULL) 3490 vput(tvp); 3491 if (tdvp == tvp) 3492 vrele(tdvp); 3493 else 3494 vput(tdvp); 3495 vrele(fromnd.ni_dvp); 3496 vrele(fvp); 3497 vrele(tond.ni_startdir); 3498 if (fromnd.ni_startdir != NULL) 3499 vrele(fromnd.ni_startdir); 3500 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH); 3501 if (error != 0) 3502 return (error); 3503 goto again; 3504 } 3505 if (tvp != NULL) { 3506 if (fvp->v_type == VDIR && tvp->v_type != VDIR) { 3507 error = ENOTDIR; 3508 goto out; 3509 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) { 3510 error = EISDIR; 3511 goto out; 3512 } 3513 #ifdef CAPABILITIES 3514 if (newfd != AT_FDCWD) { 3515 /* 3516 * If the target already exists we require CAP_UNLINKAT 3517 * from 'newfd'. 3518 */ 3519 error = cap_check(&tond.ni_filecaps.fc_rights, 3520 cap_rights_init(&rights, CAP_UNLINKAT)); 3521 if (error != 0) 3522 goto out; 3523 } 3524 #endif 3525 } 3526 if (fvp == tdvp) { 3527 error = EINVAL; 3528 goto out; 3529 } 3530 /* 3531 * If the source is the same as the destination (that is, if they 3532 * are links to the same vnode), then there is nothing to do. 3533 */ 3534 if (fvp == tvp) 3535 error = -1; 3536 #ifdef MAC 3537 else 3538 error = mac_vnode_check_rename_to(td->td_ucred, tdvp, 3539 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd); 3540 #endif 3541 out: 3542 if (error == 0) { 3543 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd, 3544 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd); 3545 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3546 NDFREE(&tond, NDF_ONLY_PNBUF); 3547 } else { 3548 NDFREE(&fromnd, NDF_ONLY_PNBUF); 3549 NDFREE(&tond, NDF_ONLY_PNBUF); 3550 if (tvp != NULL) 3551 vput(tvp); 3552 if (tdvp == tvp) 3553 vrele(tdvp); 3554 else 3555 vput(tdvp); 3556 vrele(fromnd.ni_dvp); 3557 vrele(fvp); 3558 } 3559 vrele(tond.ni_startdir); 3560 vn_finished_write(mp); 3561 out1: 3562 if (fromnd.ni_startdir) 3563 vrele(fromnd.ni_startdir); 3564 if (error == -1) 3565 return (0); 3566 return (error); 3567 } 3568 3569 /* 3570 * Make a directory file. 3571 */ 3572 #ifndef _SYS_SYSPROTO_H_ 3573 struct mkdir_args { 3574 char *path; 3575 int mode; 3576 }; 3577 #endif 3578 int 3579 sys_mkdir(struct thread *td, struct mkdir_args *uap) 3580 { 3581 3582 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 3583 uap->mode)); 3584 } 3585 3586 #ifndef _SYS_SYSPROTO_H_ 3587 struct mkdirat_args { 3588 int fd; 3589 char *path; 3590 mode_t mode; 3591 }; 3592 #endif 3593 int 3594 sys_mkdirat(struct thread *td, struct mkdirat_args *uap) 3595 { 3596 3597 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode)); 3598 } 3599 3600 int 3601 kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg, 3602 int mode) 3603 { 3604 struct mount *mp; 3605 struct vnode *vp; 3606 struct vattr vattr; 3607 struct nameidata nd; 3608 cap_rights_t rights; 3609 int error; 3610 3611 AUDIT_ARG_MODE(mode); 3612 restart: 3613 bwillwrite(); 3614 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 | 3615 NOCACHE, segflg, path, fd, cap_rights_init(&rights, CAP_MKDIRAT), 3616 td); 3617 nd.ni_cnd.cn_flags |= WILLBEDIR; 3618 if ((error = namei(&nd)) != 0) 3619 return (error); 3620 vp = nd.ni_vp; 3621 if (vp != NULL) { 3622 NDFREE(&nd, NDF_ONLY_PNBUF); 3623 /* 3624 * XXX namei called with LOCKPARENT but not LOCKLEAF has 3625 * the strange behaviour of leaving the vnode unlocked 3626 * if the target is the same vnode as the parent. 3627 */ 3628 if (vp == nd.ni_dvp) 3629 vrele(nd.ni_dvp); 3630 else 3631 vput(nd.ni_dvp); 3632 vrele(vp); 3633 return (EEXIST); 3634 } 3635 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 3636 NDFREE(&nd, NDF_ONLY_PNBUF); 3637 vput(nd.ni_dvp); 3638 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 3639 return (error); 3640 goto restart; 3641 } 3642 VATTR_NULL(&vattr); 3643 vattr.va_type = VDIR; 3644 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; 3645 #ifdef MAC 3646 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, 3647 &vattr); 3648 if (error != 0) 3649 goto out; 3650 #endif 3651 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); 3652 #ifdef MAC 3653 out: 3654 #endif 3655 NDFREE(&nd, NDF_ONLY_PNBUF); 3656 vput(nd.ni_dvp); 3657 if (error == 0) 3658 vput(nd.ni_vp); 3659 vn_finished_write(mp); 3660 return (error); 3661 } 3662 3663 /* 3664 * Remove a directory file. 3665 */ 3666 #ifndef _SYS_SYSPROTO_H_ 3667 struct rmdir_args { 3668 char *path; 3669 }; 3670 #endif 3671 int 3672 sys_rmdir(struct thread *td, struct rmdir_args *uap) 3673 { 3674 3675 return (kern_rmdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE)); 3676 } 3677 3678 int 3679 kern_rmdirat(struct thread *td, int fd, char *path, enum uio_seg pathseg) 3680 { 3681 struct mount *mp; 3682 struct vnode *vp; 3683 struct nameidata nd; 3684 cap_rights_t rights; 3685 int error; 3686 3687 restart: 3688 bwillwrite(); 3689 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1, 3690 pathseg, path, fd, cap_rights_init(&rights, CAP_UNLINKAT), td); 3691 if ((error = namei(&nd)) != 0) 3692 return (error); 3693 vp = nd.ni_vp; 3694 if (vp->v_type != VDIR) { 3695 error = ENOTDIR; 3696 goto out; 3697 } 3698 /* 3699 * No rmdir "." please. 3700 */ 3701 if (nd.ni_dvp == vp) { 3702 error = EINVAL; 3703 goto out; 3704 } 3705 /* 3706 * The root of a mounted filesystem cannot be deleted. 3707 */ 3708 if (vp->v_vflag & VV_ROOT) { 3709 error = EBUSY; 3710 goto out; 3711 } 3712 #ifdef MAC 3713 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp, 3714 &nd.ni_cnd); 3715 if (error != 0) 3716 goto out; 3717 #endif 3718 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { 3719 NDFREE(&nd, NDF_ONLY_PNBUF); 3720 vput(vp); 3721 if (nd.ni_dvp == vp) 3722 vrele(nd.ni_dvp); 3723 else 3724 vput(nd.ni_dvp); 3725 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0) 3726 return (error); 3727 goto restart; 3728 } 3729 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK); 3730 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd); 3731 vn_finished_write(mp); 3732 out: 3733 NDFREE(&nd, NDF_ONLY_PNBUF); 3734 vput(vp); 3735 if (nd.ni_dvp == vp) 3736 vrele(nd.ni_dvp); 3737 else 3738 vput(nd.ni_dvp); 3739 return (error); 3740 } 3741 3742 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11) 3743 int 3744 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count, 3745 long *basep, void (*func)(struct freebsd11_dirent *)) 3746 { 3747 struct freebsd11_dirent dstdp; 3748 struct dirent *dp, *edp; 3749 char *dirbuf; 3750 off_t base; 3751 ssize_t resid, ucount; 3752 int error; 3753 3754 /* XXX arbitrary sanity limit on `count'. */ 3755 count = min(count, 64 * 1024); 3756 3757 dirbuf = malloc(count, M_TEMP, M_WAITOK); 3758 3759 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid, 3760 UIO_SYSSPACE); 3761 if (error != 0) 3762 goto done; 3763 if (basep != NULL) 3764 *basep = base; 3765 3766 ucount = 0; 3767 for (dp = (struct dirent *)dirbuf, 3768 edp = (struct dirent *)&dirbuf[count - resid]; 3769 ucount < count && dp < edp; ) { 3770 if (dp->d_reclen == 0) 3771 break; 3772 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0)); 3773 if (dp->d_namlen >= sizeof(dstdp.d_name)) 3774 continue; 3775 dstdp.d_type = dp->d_type; 3776 dstdp.d_namlen = dp->d_namlen; 3777 dstdp.d_fileno = dp->d_fileno; /* truncate */ 3778 if (dstdp.d_fileno != dp->d_fileno) { 3779 switch (ino64_trunc_error) { 3780 default: 3781 case 0: 3782 break; 3783 case 1: 3784 error = EOVERFLOW; 3785 goto done; 3786 case 2: 3787 dstdp.d_fileno = UINT32_MAX; 3788 break; 3789 } 3790 } 3791 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) + 3792 ((dp->d_namlen + 1 + 3) &~ 3); 3793 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 3794 bzero(dstdp.d_name + dstdp.d_namlen, 3795 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) - 3796 dstdp.d_namlen); 3797 MPASS(dstdp.d_reclen <= dp->d_reclen); 3798 MPASS(ucount + dstdp.d_reclen <= count); 3799 if (func != NULL) 3800 func(&dstdp); 3801 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen); 3802 if (error != 0) 3803 break; 3804 dp = (struct dirent *)((char *)dp + dp->d_reclen); 3805 ucount += dstdp.d_reclen; 3806 } 3807 3808 done: 3809 free(dirbuf, M_TEMP); 3810 if (error == 0) 3811 td->td_retval[0] = ucount; 3812 return (error); 3813 } 3814 #endif /* COMPAT */ 3815 3816 #ifdef COMPAT_43 3817 static void 3818 ogetdirentries_cvt(struct freebsd11_dirent *dp) 3819 { 3820 #if (BYTE_ORDER == LITTLE_ENDIAN) 3821 /* 3822 * The expected low byte of dp->d_namlen is our dp->d_type. 3823 * The high MBZ byte of dp->d_namlen is our dp->d_namlen. 3824 */ 3825 dp->d_type = dp->d_namlen; 3826 dp->d_namlen = 0; 3827 #else 3828 /* 3829 * The dp->d_type is the high byte of the expected dp->d_namlen, 3830 * so must be zero'ed. 3831 */ 3832 dp->d_type = 0; 3833 #endif 3834 } 3835 3836 /* 3837 * Read a block of directory entries in a filesystem independent format. 3838 */ 3839 #ifndef _SYS_SYSPROTO_H_ 3840 struct ogetdirentries_args { 3841 int fd; 3842 char *buf; 3843 u_int count; 3844 long *basep; 3845 }; 3846 #endif 3847 int 3848 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap) 3849 { 3850 long loff; 3851 int error; 3852 3853 error = kern_ogetdirentries(td, uap, &loff); 3854 if (error == 0) 3855 error = copyout(&loff, uap->basep, sizeof(long)); 3856 return (error); 3857 } 3858 3859 int 3860 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap, 3861 long *ploff) 3862 { 3863 long base; 3864 int error; 3865 3866 /* XXX arbitrary sanity limit on `count'. */ 3867 if (uap->count > 64 * 1024) 3868 return (EINVAL); 3869 3870 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count, 3871 &base, ogetdirentries_cvt); 3872 3873 if (error == 0 && uap->basep != NULL) 3874 error = copyout(&base, uap->basep, sizeof(long)); 3875 3876 return (error); 3877 } 3878 #endif /* COMPAT_43 */ 3879 3880 #if defined(COMPAT_FREEBSD11) 3881 #ifndef _SYS_SYSPROTO_H_ 3882 struct freebsd11_getdirentries_args { 3883 int fd; 3884 char *buf; 3885 u_int count; 3886 long *basep; 3887 }; 3888 #endif 3889 int 3890 freebsd11_getdirentries(struct thread *td, 3891 struct freebsd11_getdirentries_args *uap) 3892 { 3893 long base; 3894 int error; 3895 3896 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count, 3897 &base, NULL); 3898 3899 if (error == 0 && uap->basep != NULL) 3900 error = copyout(&base, uap->basep, sizeof(long)); 3901 return (error); 3902 } 3903 3904 int 3905 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap) 3906 { 3907 struct freebsd11_getdirentries_args ap; 3908 3909 ap.fd = uap->fd; 3910 ap.buf = uap->buf; 3911 ap.count = uap->count; 3912 ap.basep = NULL; 3913 return (freebsd11_getdirentries(td, &ap)); 3914 } 3915 #endif /* COMPAT_FREEBSD11 */ 3916 3917 /* 3918 * Read a block of directory entries in a filesystem independent format. 3919 */ 3920 int 3921 sys_getdirentries(struct thread *td, struct getdirentries_args *uap) 3922 { 3923 off_t base; 3924 int error; 3925 3926 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base, 3927 NULL, UIO_USERSPACE); 3928 if (error != 0) 3929 return (error); 3930 if (uap->basep != NULL) 3931 error = copyout(&base, uap->basep, sizeof(off_t)); 3932 return (error); 3933 } 3934 3935 int 3936 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count, 3937 off_t *basep, ssize_t *residp, enum uio_seg bufseg) 3938 { 3939 struct vnode *vp; 3940 struct file *fp; 3941 struct uio auio; 3942 struct iovec aiov; 3943 off_t loff; 3944 int error, eofflag; 3945 off_t foffset; 3946 3947 AUDIT_ARG_FD(fd); 3948 if (count > IOSIZE_MAX) 3949 return (EINVAL); 3950 auio.uio_resid = count; 3951 error = getvnode(td, fd, &cap_read_rights, &fp); 3952 if (error != 0) 3953 return (error); 3954 if ((fp->f_flag & FREAD) == 0) { 3955 fdrop(fp, td); 3956 return (EBADF); 3957 } 3958 vp = fp->f_vnode; 3959 foffset = foffset_lock(fp, 0); 3960 unionread: 3961 if (vp->v_type != VDIR) { 3962 error = EINVAL; 3963 goto fail; 3964 } 3965 aiov.iov_base = buf; 3966 aiov.iov_len = count; 3967 auio.uio_iov = &aiov; 3968 auio.uio_iovcnt = 1; 3969 auio.uio_rw = UIO_READ; 3970 auio.uio_segflg = bufseg; 3971 auio.uio_td = td; 3972 vn_lock(vp, LK_SHARED | LK_RETRY); 3973 AUDIT_ARG_VNODE1(vp); 3974 loff = auio.uio_offset = foffset; 3975 #ifdef MAC 3976 error = mac_vnode_check_readdir(td->td_ucred, vp); 3977 if (error == 0) 3978 #endif 3979 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, 3980 NULL); 3981 foffset = auio.uio_offset; 3982 if (error != 0) { 3983 VOP_UNLOCK(vp, 0); 3984 goto fail; 3985 } 3986 if (count == auio.uio_resid && 3987 (vp->v_vflag & VV_ROOT) && 3988 (vp->v_mount->mnt_flag & MNT_UNION)) { 3989 struct vnode *tvp = vp; 3990 3991 vp = vp->v_mount->mnt_vnodecovered; 3992 VREF(vp); 3993 fp->f_vnode = vp; 3994 fp->f_data = vp; 3995 foffset = 0; 3996 vput(tvp); 3997 goto unionread; 3998 } 3999 VOP_UNLOCK(vp, 0); 4000 *basep = loff; 4001 if (residp != NULL) 4002 *residp = auio.uio_resid; 4003 td->td_retval[0] = count - auio.uio_resid; 4004 fail: 4005 foffset_unlock(fp, foffset, 0); 4006 fdrop(fp, td); 4007 return (error); 4008 } 4009 4010 /* 4011 * Set the mode mask for creation of filesystem nodes. 4012 */ 4013 #ifndef _SYS_SYSPROTO_H_ 4014 struct umask_args { 4015 int newmask; 4016 }; 4017 #endif 4018 int 4019 sys_umask(struct thread *td, struct umask_args *uap) 4020 { 4021 struct filedesc *fdp; 4022 4023 fdp = td->td_proc->p_fd; 4024 FILEDESC_XLOCK(fdp); 4025 td->td_retval[0] = fdp->fd_cmask; 4026 fdp->fd_cmask = uap->newmask & ALLPERMS; 4027 FILEDESC_XUNLOCK(fdp); 4028 return (0); 4029 } 4030 4031 /* 4032 * Void all references to file by ripping underlying filesystem away from 4033 * vnode. 4034 */ 4035 #ifndef _SYS_SYSPROTO_H_ 4036 struct revoke_args { 4037 char *path; 4038 }; 4039 #endif 4040 int 4041 sys_revoke(struct thread *td, struct revoke_args *uap) 4042 { 4043 struct vnode *vp; 4044 struct vattr vattr; 4045 struct nameidata nd; 4046 int error; 4047 4048 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 4049 uap->path, td); 4050 if ((error = namei(&nd)) != 0) 4051 return (error); 4052 vp = nd.ni_vp; 4053 NDFREE(&nd, NDF_ONLY_PNBUF); 4054 if (vp->v_type != VCHR || vp->v_rdev == NULL) { 4055 error = EINVAL; 4056 goto out; 4057 } 4058 #ifdef MAC 4059 error = mac_vnode_check_revoke(td->td_ucred, vp); 4060 if (error != 0) 4061 goto out; 4062 #endif 4063 error = VOP_GETATTR(vp, &vattr, td->td_ucred); 4064 if (error != 0) 4065 goto out; 4066 if (td->td_ucred->cr_uid != vattr.va_uid) { 4067 error = priv_check(td, PRIV_VFS_ADMIN); 4068 if (error != 0) 4069 goto out; 4070 } 4071 if (vcount(vp) > 1) 4072 VOP_REVOKE(vp, REVOKEALL); 4073 out: 4074 vput(vp); 4075 return (error); 4076 } 4077 4078 /* 4079 * Convert a user file descriptor to a kernel file entry and check that, if it 4080 * is a capability, the correct rights are present. A reference on the file 4081 * entry is held upon returning. 4082 */ 4083 int 4084 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp) 4085 { 4086 struct file *fp; 4087 int error; 4088 4089 error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp, NULL); 4090 if (error != 0) 4091 return (error); 4092 4093 /* 4094 * The file could be not of the vnode type, or it may be not 4095 * yet fully initialized, in which case the f_vnode pointer 4096 * may be set, but f_ops is still badfileops. E.g., 4097 * devfs_open() transiently create such situation to 4098 * facilitate csw d_fdopen(). 4099 * 4100 * Dupfdopen() handling in kern_openat() installs the 4101 * half-baked file into the process descriptor table, allowing 4102 * other thread to dereference it. Guard against the race by 4103 * checking f_ops. 4104 */ 4105 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) { 4106 fdrop(fp, td); 4107 return (EINVAL); 4108 } 4109 *fpp = fp; 4110 return (0); 4111 } 4112 4113 4114 /* 4115 * Get an (NFS) file handle. 4116 */ 4117 #ifndef _SYS_SYSPROTO_H_ 4118 struct lgetfh_args { 4119 char *fname; 4120 fhandle_t *fhp; 4121 }; 4122 #endif 4123 int 4124 sys_lgetfh(struct thread *td, struct lgetfh_args *uap) 4125 { 4126 struct nameidata nd; 4127 fhandle_t fh; 4128 struct vnode *vp; 4129 int error; 4130 4131 error = priv_check(td, PRIV_VFS_GETFH); 4132 if (error != 0) 4133 return (error); 4134 NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 4135 uap->fname, td); 4136 error = namei(&nd); 4137 if (error != 0) 4138 return (error); 4139 NDFREE(&nd, NDF_ONLY_PNBUF); 4140 vp = nd.ni_vp; 4141 bzero(&fh, sizeof(fh)); 4142 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid; 4143 error = VOP_VPTOFH(vp, &fh.fh_fid); 4144 vput(vp); 4145 if (error == 0) 4146 error = copyout(&fh, uap->fhp, sizeof (fh)); 4147 return (error); 4148 } 4149 4150 #ifndef _SYS_SYSPROTO_H_ 4151 struct getfh_args { 4152 char *fname; 4153 fhandle_t *fhp; 4154 }; 4155 #endif 4156 int 4157 sys_getfh(struct thread *td, struct getfh_args *uap) 4158 { 4159 struct nameidata nd; 4160 fhandle_t fh; 4161 struct vnode *vp; 4162 int error; 4163 4164 error = priv_check(td, PRIV_VFS_GETFH); 4165 if (error != 0) 4166 return (error); 4167 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE, 4168 uap->fname, td); 4169 error = namei(&nd); 4170 if (error != 0) 4171 return (error); 4172 NDFREE(&nd, NDF_ONLY_PNBUF); 4173 vp = nd.ni_vp; 4174 bzero(&fh, sizeof(fh)); 4175 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid; 4176 error = VOP_VPTOFH(vp, &fh.fh_fid); 4177 vput(vp); 4178 if (error == 0) 4179 error = copyout(&fh, uap->fhp, sizeof (fh)); 4180 return (error); 4181 } 4182 4183 /* 4184 * syscall for the rpc.lockd to use to translate a NFS file handle into an 4185 * open descriptor. 4186 * 4187 * warning: do not remove the priv_check() call or this becomes one giant 4188 * security hole. 4189 */ 4190 #ifndef _SYS_SYSPROTO_H_ 4191 struct fhopen_args { 4192 const struct fhandle *u_fhp; 4193 int flags; 4194 }; 4195 #endif 4196 int 4197 sys_fhopen(struct thread *td, struct fhopen_args *uap) 4198 { 4199 struct mount *mp; 4200 struct vnode *vp; 4201 struct fhandle fhp; 4202 struct file *fp; 4203 int fmode, error; 4204 int indx; 4205 4206 error = priv_check(td, PRIV_VFS_FHOPEN); 4207 if (error != 0) 4208 return (error); 4209 indx = -1; 4210 fmode = FFLAGS(uap->flags); 4211 /* why not allow a non-read/write open for our lockd? */ 4212 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT)) 4213 return (EINVAL); 4214 error = copyin(uap->u_fhp, &fhp, sizeof(fhp)); 4215 if (error != 0) 4216 return(error); 4217 /* find the mount point */ 4218 mp = vfs_busyfs(&fhp.fh_fsid); 4219 if (mp == NULL) 4220 return (ESTALE); 4221 /* now give me my vnode, it gets returned to me locked */ 4222 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp); 4223 vfs_unbusy(mp); 4224 if (error != 0) 4225 return (error); 4226 4227 error = falloc_noinstall(td, &fp); 4228 if (error != 0) { 4229 vput(vp); 4230 return (error); 4231 } 4232 /* 4233 * An extra reference on `fp' has been held for us by 4234 * falloc_noinstall(). 4235 */ 4236 4237 #ifdef INVARIANTS 4238 td->td_dupfd = -1; 4239 #endif 4240 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp); 4241 if (error != 0) { 4242 KASSERT(fp->f_ops == &badfileops, 4243 ("VOP_OPEN in fhopen() set f_ops")); 4244 KASSERT(td->td_dupfd < 0, 4245 ("fhopen() encountered fdopen()")); 4246 4247 vput(vp); 4248 goto bad; 4249 } 4250 #ifdef INVARIANTS 4251 td->td_dupfd = 0; 4252 #endif 4253 fp->f_vnode = vp; 4254 fp->f_seqcount = 1; 4255 finit(fp, (fmode & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE, vp, 4256 &vnops); 4257 VOP_UNLOCK(vp, 0); 4258 if ((fmode & O_TRUNC) != 0) { 4259 error = fo_truncate(fp, 0, td->td_ucred, td); 4260 if (error != 0) 4261 goto bad; 4262 } 4263 4264 error = finstall(td, fp, &indx, fmode, NULL); 4265 bad: 4266 fdrop(fp, td); 4267 td->td_retval[0] = indx; 4268 return (error); 4269 } 4270 4271 /* 4272 * Stat an (NFS) file handle. 4273 */ 4274 #ifndef _SYS_SYSPROTO_H_ 4275 struct fhstat_args { 4276 struct fhandle *u_fhp; 4277 struct stat *sb; 4278 }; 4279 #endif 4280 int 4281 sys_fhstat(struct thread *td, struct fhstat_args *uap) 4282 { 4283 struct stat sb; 4284 struct fhandle fh; 4285 int error; 4286 4287 error = copyin(uap->u_fhp, &fh, sizeof(fh)); 4288 if (error != 0) 4289 return (error); 4290 error = kern_fhstat(td, fh, &sb); 4291 if (error == 0) 4292 error = copyout(&sb, uap->sb, sizeof(sb)); 4293 return (error); 4294 } 4295 4296 int 4297 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb) 4298 { 4299 struct mount *mp; 4300 struct vnode *vp; 4301 int error; 4302 4303 error = priv_check(td, PRIV_VFS_FHSTAT); 4304 if (error != 0) 4305 return (error); 4306 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL) 4307 return (ESTALE); 4308 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp); 4309 vfs_unbusy(mp); 4310 if (error != 0) 4311 return (error); 4312 error = vn_stat(vp, sb, td->td_ucred, NOCRED, td); 4313 vput(vp); 4314 return (error); 4315 } 4316 4317 /* 4318 * Implement fstatfs() for (NFS) file handles. 4319 */ 4320 #ifndef _SYS_SYSPROTO_H_ 4321 struct fhstatfs_args { 4322 struct fhandle *u_fhp; 4323 struct statfs *buf; 4324 }; 4325 #endif 4326 int 4327 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap) 4328 { 4329 struct statfs *sfp; 4330 fhandle_t fh; 4331 int error; 4332 4333 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t)); 4334 if (error != 0) 4335 return (error); 4336 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK); 4337 error = kern_fhstatfs(td, fh, sfp); 4338 if (error == 0) 4339 error = copyout(sfp, uap->buf, sizeof(*sfp)); 4340 free(sfp, M_STATFS); 4341 return (error); 4342 } 4343 4344 int 4345 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf) 4346 { 4347 struct statfs *sp; 4348 struct mount *mp; 4349 struct vnode *vp; 4350 int error; 4351 4352 error = priv_check(td, PRIV_VFS_FHSTATFS); 4353 if (error != 0) 4354 return (error); 4355 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL) 4356 return (ESTALE); 4357 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp); 4358 if (error != 0) { 4359 vfs_unbusy(mp); 4360 return (error); 4361 } 4362 vput(vp); 4363 error = prison_canseemount(td->td_ucred, mp); 4364 if (error != 0) 4365 goto out; 4366 #ifdef MAC 4367 error = mac_mount_check_stat(td->td_ucred, mp); 4368 if (error != 0) 4369 goto out; 4370 #endif 4371 /* 4372 * Set these in case the underlying filesystem fails to do so. 4373 */ 4374 sp = &mp->mnt_stat; 4375 sp->f_version = STATFS_VERSION; 4376 sp->f_namemax = NAME_MAX; 4377 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; 4378 error = VFS_STATFS(mp, sp); 4379 if (error == 0) 4380 *buf = *sp; 4381 out: 4382 vfs_unbusy(mp); 4383 return (error); 4384 } 4385 4386 int 4387 kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len) 4388 { 4389 struct file *fp; 4390 struct mount *mp; 4391 struct vnode *vp; 4392 off_t olen, ooffset; 4393 int error; 4394 #ifdef AUDIT 4395 int audited_vnode1 = 0; 4396 #endif 4397 4398 AUDIT_ARG_FD(fd); 4399 if (offset < 0 || len <= 0) 4400 return (EINVAL); 4401 /* Check for wrap. */ 4402 if (offset > OFF_MAX - len) 4403 return (EFBIG); 4404 AUDIT_ARG_FD(fd); 4405 error = fget(td, fd, &cap_pwrite_rights, &fp); 4406 if (error != 0) 4407 return (error); 4408 AUDIT_ARG_FILE(td->td_proc, fp); 4409 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) { 4410 error = ESPIPE; 4411 goto out; 4412 } 4413 if ((fp->f_flag & FWRITE) == 0) { 4414 error = EBADF; 4415 goto out; 4416 } 4417 if (fp->f_type != DTYPE_VNODE) { 4418 error = ENODEV; 4419 goto out; 4420 } 4421 vp = fp->f_vnode; 4422 if (vp->v_type != VREG) { 4423 error = ENODEV; 4424 goto out; 4425 } 4426 4427 /* Allocating blocks may take a long time, so iterate. */ 4428 for (;;) { 4429 olen = len; 4430 ooffset = offset; 4431 4432 bwillwrite(); 4433 mp = NULL; 4434 error = vn_start_write(vp, &mp, V_WAIT | PCATCH); 4435 if (error != 0) 4436 break; 4437 error = vn_lock(vp, LK_EXCLUSIVE); 4438 if (error != 0) { 4439 vn_finished_write(mp); 4440 break; 4441 } 4442 #ifdef AUDIT 4443 if (!audited_vnode1) { 4444 AUDIT_ARG_VNODE1(vp); 4445 audited_vnode1 = 1; 4446 } 4447 #endif 4448 #ifdef MAC 4449 error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp); 4450 if (error == 0) 4451 #endif 4452 error = VOP_ALLOCATE(vp, &offset, &len); 4453 VOP_UNLOCK(vp, 0); 4454 vn_finished_write(mp); 4455 4456 if (olen + ooffset != offset + len) { 4457 panic("offset + len changed from %jx/%jx to %jx/%jx", 4458 ooffset, olen, offset, len); 4459 } 4460 if (error != 0 || len == 0) 4461 break; 4462 KASSERT(olen > len, ("Iteration did not make progress?")); 4463 maybe_yield(); 4464 } 4465 out: 4466 fdrop(fp, td); 4467 return (error); 4468 } 4469 4470 int 4471 sys_posix_fallocate(struct thread *td, struct posix_fallocate_args *uap) 4472 { 4473 int error; 4474 4475 error = kern_posix_fallocate(td, uap->fd, uap->offset, uap->len); 4476 return (kern_posix_error(td, error)); 4477 } 4478 4479 /* 4480 * Unlike madvise(2), we do not make a best effort to remember every 4481 * possible caching hint. Instead, we remember the last setting with 4482 * the exception that we will allow POSIX_FADV_NORMAL to adjust the 4483 * region of any current setting. 4484 */ 4485 int 4486 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len, 4487 int advice) 4488 { 4489 struct fadvise_info *fa, *new; 4490 struct file *fp; 4491 struct vnode *vp; 4492 off_t end; 4493 int error; 4494 4495 if (offset < 0 || len < 0 || offset > OFF_MAX - len) 4496 return (EINVAL); 4497 AUDIT_ARG_VALUE(advice); 4498 switch (advice) { 4499 case POSIX_FADV_SEQUENTIAL: 4500 case POSIX_FADV_RANDOM: 4501 case POSIX_FADV_NOREUSE: 4502 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK); 4503 break; 4504 case POSIX_FADV_NORMAL: 4505 case POSIX_FADV_WILLNEED: 4506 case POSIX_FADV_DONTNEED: 4507 new = NULL; 4508 break; 4509 default: 4510 return (EINVAL); 4511 } 4512 /* XXX: CAP_POSIX_FADVISE? */ 4513 AUDIT_ARG_FD(fd); 4514 error = fget(td, fd, &cap_no_rights, &fp); 4515 if (error != 0) 4516 goto out; 4517 AUDIT_ARG_FILE(td->td_proc, fp); 4518 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) { 4519 error = ESPIPE; 4520 goto out; 4521 } 4522 if (fp->f_type != DTYPE_VNODE) { 4523 error = ENODEV; 4524 goto out; 4525 } 4526 vp = fp->f_vnode; 4527 if (vp->v_type != VREG) { 4528 error = ENODEV; 4529 goto out; 4530 } 4531 if (len == 0) 4532 end = OFF_MAX; 4533 else 4534 end = offset + len - 1; 4535 switch (advice) { 4536 case POSIX_FADV_SEQUENTIAL: 4537 case POSIX_FADV_RANDOM: 4538 case POSIX_FADV_NOREUSE: 4539 /* 4540 * Try to merge any existing non-standard region with 4541 * this new region if possible, otherwise create a new 4542 * non-standard region for this request. 4543 */ 4544 mtx_pool_lock(mtxpool_sleep, fp); 4545 fa = fp->f_advice; 4546 if (fa != NULL && fa->fa_advice == advice && 4547 ((fa->fa_start <= end && fa->fa_end >= offset) || 4548 (end != OFF_MAX && fa->fa_start == end + 1) || 4549 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) { 4550 if (offset < fa->fa_start) 4551 fa->fa_start = offset; 4552 if (end > fa->fa_end) 4553 fa->fa_end = end; 4554 } else { 4555 new->fa_advice = advice; 4556 new->fa_start = offset; 4557 new->fa_end = end; 4558 fp->f_advice = new; 4559 new = fa; 4560 } 4561 mtx_pool_unlock(mtxpool_sleep, fp); 4562 break; 4563 case POSIX_FADV_NORMAL: 4564 /* 4565 * If a the "normal" region overlaps with an existing 4566 * non-standard region, trim or remove the 4567 * non-standard region. 4568 */ 4569 mtx_pool_lock(mtxpool_sleep, fp); 4570 fa = fp->f_advice; 4571 if (fa != NULL) { 4572 if (offset <= fa->fa_start && end >= fa->fa_end) { 4573 new = fa; 4574 fp->f_advice = NULL; 4575 } else if (offset <= fa->fa_start && 4576 end >= fa->fa_start) 4577 fa->fa_start = end + 1; 4578 else if (offset <= fa->fa_end && end >= fa->fa_end) 4579 fa->fa_end = offset - 1; 4580 else if (offset >= fa->fa_start && end <= fa->fa_end) { 4581 /* 4582 * If the "normal" region is a middle 4583 * portion of the existing 4584 * non-standard region, just remove 4585 * the whole thing rather than picking 4586 * one side or the other to 4587 * preserve. 4588 */ 4589 new = fa; 4590 fp->f_advice = NULL; 4591 } 4592 } 4593 mtx_pool_unlock(mtxpool_sleep, fp); 4594 break; 4595 case POSIX_FADV_WILLNEED: 4596 case POSIX_FADV_DONTNEED: 4597 error = VOP_ADVISE(vp, offset, end, advice); 4598 break; 4599 } 4600 out: 4601 if (fp != NULL) 4602 fdrop(fp, td); 4603 free(new, M_FADVISE); 4604 return (error); 4605 } 4606 4607 int 4608 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap) 4609 { 4610 int error; 4611 4612 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len, 4613 uap->advice); 4614 return (kern_posix_error(td, error)); 4615 } 4616