1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * University Copyright- Copyright (c) 1982, 1986, 1988 32 * The Regents of the University of California 33 * All Rights Reserved 34 * 35 * University Acknowledgment- Portions of this document are derived from 36 * software developed by the University of California, Berkeley, and its 37 * contributors. 38 */ 39 40 #include <sys/types.h> 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/file.h> 44 #include <sys/errno.h> 45 #include <sys/cred.h> 46 #include <sys/user.h> 47 #include <sys/uio.h> 48 #include <sys/vfs.h> 49 #include <sys/vnode.h> 50 #include <sys/pathname.h> 51 #include <sys/proc.h> 52 #include <sys/vtrace.h> 53 #include <sys/sysmacros.h> 54 #include <sys/debug.h> 55 #include <sys/dirent.h> 56 #include <sys/zone.h> 57 #include <sys/dnlc.h> 58 #include <sys/fs/snode.h> 59 60 /* 61 * Starting at current directory, translate pathname pnp to end. 62 * Leave pathname of final component in pnp, return the vnode 63 * for the final component in *compvpp, and return the vnode 64 * for the parent of the final component in dirvpp. 65 * 66 * This is the central routine in pathname translation and handles 67 * multiple components in pathnames, separating them at /'s. It also 68 * implements mounted file systems and processes symbolic links. 69 * 70 * vp is the vnode where the directory search should start. 71 * 72 * Reference counts: vp must be held prior to calling this function. rootvp 73 * should only be held if rootvp != rootdir. 74 */ 75 int 76 lookuppnvp( 77 struct pathname *pnp, /* pathname to lookup */ 78 struct pathname *rpnp, /* if non-NULL, return resolved path */ 79 int flags, /* follow symlinks */ 80 vnode_t **dirvpp, /* ptr for parent vnode */ 81 vnode_t **compvpp, /* ptr for entry vnode */ 82 vnode_t *rootvp, /* rootvp */ 83 vnode_t *vp, /* directory to start search at */ 84 cred_t *cr) /* user's credential */ 85 { 86 vnode_t *cvp; /* current component vp */ 87 vnode_t *tvp; /* addressable temp ptr */ 88 char component[MAXNAMELEN]; /* buffer for component (incl null) */ 89 int error; 90 int nlink; 91 int lookup_flags; 92 struct pathname presrvd; /* case preserved name */ 93 struct pathname *pp = NULL; 94 vnode_t *startvp; 95 int must_be_directory = 0; 96 boolean_t retry_with_kcred; 97 98 nlink = 0; 99 cvp = NULL; 100 if (rpnp) 101 rpnp->pn_pathlen = 0; 102 103 lookup_flags = dirvpp ? LOOKUP_DIR : 0; 104 if (flags & FIGNORECASE) { 105 lookup_flags |= FIGNORECASE; 106 pn_alloc(&presrvd); 107 pp = &presrvd; 108 } 109 110 /* 111 * Eliminate any trailing slashes in the pathname. 112 * If there are any, we must follow all symlinks. 113 * Also, we must guarantee that the last component is a directory. 114 */ 115 if (pn_fixslash(pnp)) { 116 flags |= FOLLOW; 117 must_be_directory = 1; 118 } 119 120 startvp = vp; 121 next: 122 retry_with_kcred = B_FALSE; 123 124 /* 125 * Make sure we have a directory. 126 */ 127 if (vp->v_type != VDIR) { 128 error = ENOTDIR; 129 goto bad; 130 } 131 132 if (rpnp && VN_CMP(vp, rootvp)) 133 (void) pn_set(rpnp, "/"); 134 135 /* 136 * Process the next component of the pathname. 137 */ 138 if ((error = pn_getcomponent(pnp, component)) != 0) { 139 goto bad; 140 } 141 142 /* 143 * Handle "..": two special cases. 144 * 1. If we're at the root directory (e.g. after chroot or 145 * zone_enter) then change ".." to "." so we can't get 146 * out of this subtree. 147 * 2. If this vnode is the root of a mounted file system, 148 * then replace it with the vnode that was mounted on 149 * so that we take the ".." in the other file system. 150 */ 151 if (component[0] == '.' && component[1] == '.' && component[2] == 0) { 152 checkforroot: 153 if (VN_CMP(vp, rootvp)) { 154 component[1] = '\0'; 155 } else if (vp->v_flag & VROOT) { 156 vfs_t *vfsp; 157 cvp = vp; 158 159 /* 160 * While we deal with the vfs pointer from the vnode 161 * the filesystem could have been forcefully unmounted 162 * and the vnode's v_vfsp could have been invalidated 163 * by VFS_UNMOUNT. Hence, we cache v_vfsp and use it 164 * with vfs_rlock_wait/vfs_unlock. 165 * It is safe to use the v_vfsp even it is freed by 166 * VFS_UNMOUNT because vfs_rlock_wait/vfs_unlock 167 * do not dereference v_vfsp. It is just used as a 168 * magic cookie. 169 * One more corner case here is the memory getting 170 * reused for another vfs structure. In this case 171 * lookuppnvp's vfs_rlock_wait will succeed, domount's 172 * vfs_lock will fail and domount will bail out with an 173 * error (EBUSY). 174 */ 175 vfsp = cvp->v_vfsp; 176 177 /* 178 * This lock is used to synchronize 179 * mounts/unmounts and lookups. 180 * Threads doing mounts/unmounts hold the 181 * writers version vfs_lock_wait(). 182 */ 183 184 vfs_rlock_wait(vfsp); 185 186 /* 187 * If this vnode is on a file system that 188 * has been forcibly unmounted, 189 * we can't proceed. Cancel this operation 190 * and return EIO. 191 * 192 * vfs_vnodecovered is NULL if unmounted. 193 * Currently, nfs uses VFS_UNMOUNTED to 194 * check if it's a forced-umount. Keep the 195 * same checking here as well even though it 196 * may not be needed. 197 */ 198 if (((vp = cvp->v_vfsp->vfs_vnodecovered) == NULL) || 199 (cvp->v_vfsp->vfs_flag & VFS_UNMOUNTED)) { 200 vfs_unlock(vfsp); 201 VN_RELE(cvp); 202 if (pp) 203 pn_free(pp); 204 return (EIO); 205 } 206 VN_HOLD(vp); 207 vfs_unlock(vfsp); 208 VN_RELE(cvp); 209 cvp = NULL; 210 /* 211 * Crossing mount points. For eg: We are doing 212 * a lookup of ".." for file systems root vnode 213 * mounted here, and VOP_LOOKUP() (with covered vnode) 214 * will be on underlying file systems mount point 215 * vnode. Set retry_with_kcred flag as we might end 216 * up doing VOP_LOOKUP() with kcred if required. 217 */ 218 retry_with_kcred = B_TRUE; 219 goto checkforroot; 220 } 221 } 222 223 /* 224 * Perform a lookup in the current directory. 225 */ 226 error = VOP_LOOKUP(vp, component, &tvp, pnp, lookup_flags, 227 rootvp, cr, NULL, NULL, pp); 228 229 /* 230 * Retry with kcred - If crossing mount points & error is EACCES. 231 * 232 * If we are crossing mount points here and doing ".." lookup, 233 * VOP_LOOKUP() might fail if the underlying file systems 234 * mount point has no execute permission. In cases like these, 235 * we retry VOP_LOOKUP() by giving as much privilage as possible 236 * by passing kcred credentials. 237 * 238 * In case of hierarchical file systems, passing kcred still may 239 * or may not work. 240 * For eg: UFS FS --> Mount NFS FS --> Again mount UFS on some 241 * directory inside NFS FS. 242 */ 243 if ((error == EACCES) && retry_with_kcred) 244 error = VOP_LOOKUP(vp, component, &tvp, pnp, lookup_flags, 245 rootvp, zone_kcred(), NULL, NULL, pp); 246 247 cvp = tvp; 248 if (error) { 249 cvp = NULL; 250 /* 251 * On error, return hard error if 252 * (a) we're not at the end of the pathname yet, or 253 * (b) the caller didn't want the parent directory, or 254 * (c) we failed for some reason other than a missing entry. 255 */ 256 if (pn_pathleft(pnp) || dirvpp == NULL || error != ENOENT) 257 goto bad; 258 259 pn_setlast(pnp); 260 /* 261 * We inform the caller that the desired entry must be 262 * a directory by adding a '/' to the component name. 263 */ 264 if (must_be_directory && (error = pn_addslash(pnp)) != 0) 265 goto bad; 266 *dirvpp = vp; 267 if (compvpp != NULL) 268 *compvpp = NULL; 269 if (rootvp != rootdir) 270 VN_RELE(rootvp); 271 if (pp) 272 pn_free(pp); 273 return (0); 274 } 275 276 /* 277 * Traverse mount points. 278 */ 279 if (vn_mountedvfs(cvp) != NULL) { 280 tvp = cvp; 281 if ((error = traverse(&tvp)) != 0) { 282 /* 283 * It is required to assign cvp here, because 284 * traverse() will return a held vnode which 285 * may different than the vnode that was passed 286 * in (even in the error case). If traverse() 287 * changes the vnode it releases the original, 288 * and holds the new one. 289 */ 290 cvp = tvp; 291 goto bad; 292 } 293 cvp = tvp; 294 } 295 296 /* 297 * If we hit a symbolic link and there is more path to be 298 * translated or this operation does not wish to apply 299 * to a link, then place the contents of the link at the 300 * front of the remaining pathname. 301 */ 302 if (cvp->v_type == VLNK && ((flags & FOLLOW) || pn_pathleft(pnp))) { 303 struct pathname linkpath; 304 305 if (++nlink > MAXSYMLINKS) { 306 error = ELOOP; 307 goto bad; 308 } 309 pn_alloc(&linkpath); 310 if ((error = pn_getsymlink(cvp, &linkpath, cr)) != 0) { 311 pn_free(&linkpath); 312 goto bad; 313 } 314 315 if (pn_pathleft(&linkpath) == 0) 316 (void) pn_set(&linkpath, "."); 317 error = pn_insert(pnp, &linkpath, strlen(component)); 318 pn_free(&linkpath); 319 if (error) 320 goto bad; 321 VN_RELE(cvp); 322 cvp = NULL; 323 if (pnp->pn_pathlen == 0) { 324 error = ENOENT; 325 goto bad; 326 } 327 if (pnp->pn_path[0] == '/') { 328 do { 329 pnp->pn_path++; 330 pnp->pn_pathlen--; 331 } while (pnp->pn_path[0] == '/'); 332 VN_RELE(vp); 333 vp = rootvp; 334 VN_HOLD(vp); 335 } 336 if (pn_fixslash(pnp)) { 337 flags |= FOLLOW; 338 must_be_directory = 1; 339 } 340 goto next; 341 } 342 343 /* 344 * If rpnp is non-NULL, remember the resolved path name therein. 345 * Do not include "." components. Collapse occurrences of 346 * "previous/..", so long as "previous" is not itself "..". 347 * Exhausting rpnp results in error ENAMETOOLONG. 348 */ 349 if (rpnp && strcmp(component, ".") != 0) { 350 size_t len; 351 352 if (strcmp(component, "..") == 0 && 353 rpnp->pn_pathlen != 0 && 354 !((rpnp->pn_pathlen > 2 && 355 strncmp(rpnp->pn_path+rpnp->pn_pathlen-3, "/..", 3) == 0) || 356 (rpnp->pn_pathlen == 2 && 357 strncmp(rpnp->pn_path, "..", 2) == 0))) { 358 while (rpnp->pn_pathlen && 359 rpnp->pn_path[rpnp->pn_pathlen-1] != '/') 360 rpnp->pn_pathlen--; 361 if (rpnp->pn_pathlen > 1) 362 rpnp->pn_pathlen--; 363 rpnp->pn_path[rpnp->pn_pathlen] = '\0'; 364 } else { 365 if (rpnp->pn_pathlen != 0 && 366 rpnp->pn_path[rpnp->pn_pathlen-1] != '/') 367 rpnp->pn_path[rpnp->pn_pathlen++] = '/'; 368 if (flags & FIGNORECASE) { 369 /* 370 * Return the case-preserved name 371 * within the resolved path. 372 */ 373 error = copystr(pp->pn_buf, 374 rpnp->pn_path + rpnp->pn_pathlen, 375 rpnp->pn_bufsize - rpnp->pn_pathlen, &len); 376 } else { 377 error = copystr(component, 378 rpnp->pn_path + rpnp->pn_pathlen, 379 rpnp->pn_bufsize - rpnp->pn_pathlen, &len); 380 } 381 if (error) /* copystr() returns ENAMETOOLONG */ 382 goto bad; 383 rpnp->pn_pathlen += (len - 1); 384 ASSERT(rpnp->pn_bufsize > rpnp->pn_pathlen); 385 } 386 } 387 388 /* 389 * If no more components, return last directory (if wanted) and 390 * last component (if wanted). 391 */ 392 if (pn_pathleft(pnp) == 0) { 393 /* 394 * If there was a trailing slash in the pathname, 395 * make sure the last component is a directory. 396 */ 397 if (must_be_directory && cvp->v_type != VDIR) { 398 error = ENOTDIR; 399 goto bad; 400 } 401 if (dirvpp != NULL) { 402 /* 403 * Check that we have the real parent and not 404 * an alias of the last component. 405 */ 406 if (vn_compare(vp, cvp)) { 407 pn_setlast(pnp); 408 VN_RELE(vp); 409 VN_RELE(cvp); 410 if (rootvp != rootdir) 411 VN_RELE(rootvp); 412 if (pp) 413 pn_free(pp); 414 return (EINVAL); 415 } 416 *dirvpp = vp; 417 } else 418 VN_RELE(vp); 419 if (pnp->pn_path == pnp->pn_buf) 420 (void) pn_set(pnp, "."); 421 else 422 pn_setlast(pnp); 423 if (rpnp) { 424 if (VN_CMP(cvp, rootvp)) 425 (void) pn_set(rpnp, "/"); 426 else if (rpnp->pn_pathlen == 0) 427 (void) pn_set(rpnp, "."); 428 } 429 430 if (compvpp != NULL) 431 *compvpp = cvp; 432 else 433 VN_RELE(cvp); 434 if (rootvp != rootdir) 435 VN_RELE(rootvp); 436 if (pp) 437 pn_free(pp); 438 return (0); 439 } 440 441 /* 442 * Skip over slashes from end of last component. 443 */ 444 while (pnp->pn_path[0] == '/') { 445 pnp->pn_path++; 446 pnp->pn_pathlen--; 447 } 448 449 /* 450 * Searched through another level of directory: 451 * release previous directory handle and save new (result 452 * of lookup) as current directory. 453 */ 454 VN_RELE(vp); 455 vp = cvp; 456 cvp = NULL; 457 goto next; 458 459 bad: 460 /* 461 * Error. Release vnodes and return. 462 */ 463 if (cvp) 464 VN_RELE(cvp); 465 /* 466 * If the error was ESTALE and the current directory to look in 467 * was the root for this lookup, the root for a mounted file 468 * system, or the starting directory for lookups, then 469 * return ENOENT instead of ESTALE. In this case, no recovery 470 * is possible by the higher level. If ESTALE was returned for 471 * some intermediate directory along the path, then recovery 472 * is potentially possible and retrying from the higher level 473 * will either correct the situation by purging stale cache 474 * entries or eventually get back to the point where no recovery 475 * is possible. 476 */ 477 if (error == ESTALE && 478 (VN_CMP(vp, rootvp) || (vp->v_flag & VROOT) || vp == startvp)) 479 error = ENOENT; 480 VN_RELE(vp); 481 if (rootvp != rootdir) 482 VN_RELE(rootvp); 483 if (pp) 484 pn_free(pp); 485 return (error); 486 } 487 488 /* 489 * Traverse a mount point. Routine accepts a vnode pointer as a reference 490 * parameter and performs the indirection, releasing the original vnode. 491 */ 492 int 493 traverse(vnode_t **cvpp) 494 { 495 int error = 0; 496 vnode_t *cvp; 497 vnode_t *tvp; 498 vfs_t *vfsp; 499 500 cvp = *cvpp; 501 502 /* 503 * If this vnode is mounted on, then we transparently indirect 504 * to the vnode which is the root of the mounted file system. 505 * Before we do this we must check that an unmount is not in 506 * progress on this vnode. 507 */ 508 509 for (;;) { 510 /* 511 * Used to try to read lock the vnode here. 512 */ 513 514 /* 515 * Reached the end of the mount chain? 516 */ 517 vfsp = vn_mountedvfs(cvp); 518 if (vfsp == NULL) { 519 break; 520 } 521 522 /* 523 * The read lock must be held across the call to VFS_ROOT() to 524 * prevent a concurrent unmount from destroying the vfs. 525 */ 526 error = VFS_ROOT(vfsp, &tvp); 527 if (error) 528 break; 529 530 VN_RELE(cvp); 531 532 cvp = tvp; 533 } 534 535 *cvpp = cvp; 536 return (error); 537 } 538 539 /* 540 * Get the vnode path, relative to the passed rootvp. 541 * Our vncache always fills in v_path, so this is easy. 542 */ 543 /* ARGSUSED */ 544 int 545 vnodetopath(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen, cred_t *cr) 546 { 547 int len, rvp_len = 0; 548 const char *p = vp->v_path; 549 550 if (vrootp) 551 rvp_len = strlen(vrootp->v_path); 552 len = strlen(p); 553 if (rvp_len < len) 554 p += rvp_len; 555 else 556 p = "/"; 557 558 (void) strlcpy(buf, p, buflen); 559 return (0); 560 } 561