1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/param.h> 30 #include <sys/time.h> 31 #include <sys/cred.h> 32 #include <sys/vfs.h> 33 #include <sys/vfs_opreg.h> 34 #include <sys/gfs.h> 35 #include <sys/vnode.h> 36 #include <sys/systm.h> 37 #include <sys/errno.h> 38 #include <sys/sysmacros.h> 39 #include <fs/fs_subr.h> 40 #include <sys/contract.h> 41 #include <sys/contract_impl.h> 42 #include <sys/ctfs.h> 43 #include <sys/ctfs_impl.h> 44 #include <sys/file.h> 45 #include <sys/policy.h> 46 47 /* 48 * CTFS routines for the /system/contract/<type>/bundle vnode. 49 * CTFS routines for the /system/contract/<type>/pbundle vnode. 50 * CTFS routines for the /system/contract/<type>/<ctid>/events vnode. 51 */ 52 53 /* 54 * ctfs_endpoint_open 55 * 56 * Called by the VOP_OPEN entry points to perform some common checks 57 * and set up the endpoint listener, if not already done. 58 */ 59 static int 60 ctfs_endpoint_open(ctfs_endpoint_t *endpt, ct_equeue_t *q, int flag) 61 { 62 if ((flag & ~FNONBLOCK) != (FREAD | FOFFMAX)) 63 return (EINVAL); 64 65 mutex_enter(&endpt->ctfs_endpt_lock); 66 if ((endpt->ctfs_endpt_flags & CTFS_ENDPT_SETUP) == 0) { 67 endpt->ctfs_endpt_flags |= CTFS_ENDPT_SETUP; 68 if (flag & FNONBLOCK) 69 endpt->ctfs_endpt_flags |= CTFS_ENDPT_NBLOCK; 70 cte_add_listener(q, &endpt->ctfs_endpt_listener); 71 } 72 mutex_exit(&endpt->ctfs_endpt_lock); 73 74 return (0); 75 } 76 77 /* 78 * ctfs_endpoint inactive 79 * 80 * Called by the VOP_INACTIVE entry points to perform common listener 81 * cleanup. 82 */ 83 static void 84 ctfs_endpoint_inactive(ctfs_endpoint_t *endpt) 85 { 86 mutex_enter(&endpt->ctfs_endpt_lock); 87 if (endpt->ctfs_endpt_flags & CTFS_ENDPT_SETUP) { 88 endpt->ctfs_endpt_flags = 0; 89 cte_remove_listener(&endpt->ctfs_endpt_listener); 90 } 91 mutex_exit(&endpt->ctfs_endpt_lock); 92 } 93 94 /* 95 * ctfs_endpoint_ioctl 96 * 97 * Implements the common VOP_IOCTL handling for the event endpoints. 98 * rprivchk, if true, indicates that event receive requests should 99 * check the provided credentials. This distinction exists because 100 * contract endpoints perform their privilege checks at open-time, and 101 * process bundle queue listeners by definition may view all events 102 * their queues contain. 103 */ 104 static int 105 ctfs_endpoint_ioctl(ctfs_endpoint_t *endpt, int cmd, intptr_t arg, cred_t *cr, 106 zone_t *zone, int rprivchk) 107 { 108 uint64_t id, zuniqid; 109 110 zuniqid = zone->zone_uniqid; 111 112 switch (cmd) { 113 case CT_ERESET: 114 cte_reset_listener(&endpt->ctfs_endpt_listener); 115 break; 116 case CT_ERECV: 117 /* 118 * We pass in NULL for the cred when reading from 119 * process bundle queues and contract queues because 120 * the privilege check was performed at open time. 121 */ 122 return (cte_get_event(&endpt->ctfs_endpt_listener, 123 endpt->ctfs_endpt_flags & CTFS_ENDPT_NBLOCK, 124 (void *)arg, rprivchk ? cr : NULL, zuniqid, 0)); 125 case CT_ECRECV: 126 return (cte_get_event(&endpt->ctfs_endpt_listener, 127 endpt->ctfs_endpt_flags & CTFS_ENDPT_NBLOCK, 128 (void *)arg, rprivchk ? cr : NULL, zuniqid, 1)); 129 case CT_ENEXT: 130 if (copyin((void *)arg, &id, sizeof (uint64_t))) 131 return (EFAULT); 132 return (cte_next_event(&endpt->ctfs_endpt_listener, id)); 133 case CT_ERELIABLE: 134 return (cte_set_reliable(&endpt->ctfs_endpt_listener, cr)); 135 default: 136 return (EINVAL); 137 } 138 139 return (0); 140 } 141 142 /* 143 * ctfs_endpoint_poll 144 * 145 * Called by the VOP_POLL entry points. 146 */ 147 static int 148 ctfs_endpoint_poll(ctfs_endpoint_t *endpt, short events, int anyyet, 149 short *reventsp, pollhead_t **php) 150 { 151 if ((events & POLLIN) && endpt->ctfs_endpt_listener.ctl_position) { 152 *reventsp = POLLIN; 153 } else { 154 *reventsp = 0; 155 if (!anyyet) 156 *php = &endpt->ctfs_endpt_listener.ctl_pollhead; 157 } 158 159 return (0); 160 } 161 162 /* 163 * ctfs_create_evnode 164 * 165 * Creates and returns a new evnode. 166 */ 167 vnode_t * 168 ctfs_create_evnode(vnode_t *pvp) 169 { 170 vnode_t *vp; 171 ctfs_evnode_t *evnode; 172 ctfs_cdirnode_t *cdirnode = pvp->v_data; 173 174 vp = gfs_file_create(sizeof (ctfs_evnode_t), pvp, ctfs_ops_event); 175 evnode = vp->v_data; 176 177 /* 178 * We transitively have a hold on the contract through our 179 * parent directory. 180 */ 181 evnode->ctfs_ev_contract = cdirnode->ctfs_cn_contract; 182 183 return (vp); 184 } 185 186 /* 187 * ctfs_ev_access - VOP_ACCESS entry point 188 * 189 * You only get to access event files for contracts you or your 190 * effective user id owns, unless you have a privilege. 191 */ 192 /*ARGSUSED*/ 193 static int 194 ctfs_ev_access( 195 vnode_t *vp, 196 int mode, 197 int flags, 198 cred_t *cr, 199 caller_context_t *cct) 200 { 201 ctfs_evnode_t *evnode = vp->v_data; 202 contract_t *ct = evnode->ctfs_ev_contract; 203 int error; 204 205 if (mode & (VWRITE | VEXEC)) 206 return (EACCES); 207 208 if (error = secpolicy_contract_observer(cr, ct)) 209 return (error); 210 211 return (0); 212 } 213 214 /* 215 * ctfs_ev_open - VOP_OPEN entry point 216 * 217 * Performs the same privilege checks as ctfs_ev_access, and then calls 218 * ctfs_endpoint_open to perform the common endpoint initialization. 219 */ 220 /* ARGSUSED */ 221 static int 222 ctfs_ev_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *cct) 223 { 224 ctfs_evnode_t *evnode = (*vpp)->v_data; 225 contract_t *ct = evnode->ctfs_ev_contract; 226 int error; 227 228 if (error = secpolicy_contract_observer(cr, ct)) 229 return (error); 230 231 /* 232 * See comment in ctfs_bu_open. 233 */ 234 return (ctfs_endpoint_open(&evnode->ctfs_ev_listener, 235 &evnode->ctfs_ev_contract->ct_events, flag)); 236 } 237 238 /* 239 * ctfs_ev_inactive - VOP_INACTIVE entry point 240 */ 241 /* ARGSUSED */ 242 static void 243 ctfs_ev_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct) 244 { 245 ctfs_evnode_t *evnode; 246 vnode_t *pvp = gfs_file_parent(vp); 247 248 /* 249 * We must destroy the endpoint before releasing the parent; otherwise 250 * we will try to destroy a contract with active listeners. To prevent 251 * this, we grab an extra hold on the parent. 252 */ 253 VN_HOLD(pvp); 254 if ((evnode = gfs_file_inactive(vp)) != NULL) { 255 ctfs_endpoint_inactive(&evnode->ctfs_ev_listener); 256 kmem_free(evnode, sizeof (ctfs_evnode_t)); 257 } 258 VN_RELE(pvp); 259 } 260 261 /* 262 * ctfs_ev_getattr - VOP_GETATTR entry point 263 */ 264 /* ARGSUSED */ 265 static int 266 ctfs_ev_getattr( 267 vnode_t *vp, 268 vattr_t *vap, 269 int flags, 270 cred_t *cr, 271 caller_context_t *ct) 272 { 273 ctfs_evnode_t *evnode = vp->v_data; 274 275 vap->va_type = VREG; 276 vap->va_mode = 0444; 277 vap->va_nlink = 1; 278 vap->va_size = 0; 279 vap->va_ctime = evnode->ctfs_ev_contract->ct_ctime; 280 mutex_enter(&evnode->ctfs_ev_contract->ct_events.ctq_lock); 281 vap->va_atime = vap->va_mtime = 282 evnode->ctfs_ev_contract->ct_events.ctq_atime; 283 mutex_exit(&evnode->ctfs_ev_contract->ct_events.ctq_lock); 284 ctfs_common_getattr(vp, vap); 285 286 return (0); 287 } 288 289 /* 290 * ctfs_ev_ioctl - VOP_IOCTL entry point 291 */ 292 /* ARGSUSED */ 293 static int 294 ctfs_ev_ioctl( 295 vnode_t *vp, 296 int cmd, 297 intptr_t arg, 298 int flag, 299 cred_t *cr, 300 int *rvalp, 301 caller_context_t *ct) 302 { 303 ctfs_evnode_t *evnode = vp->v_data; 304 305 return (ctfs_endpoint_ioctl(&evnode->ctfs_ev_listener, cmd, arg, cr, 306 VTOZONE(vp), 0)); 307 } 308 309 /* 310 * ctfs_ev_poll - VOP_POLL entry point 311 */ 312 /*ARGSUSED*/ 313 static int 314 ctfs_ev_poll( 315 vnode_t *vp, 316 short events, 317 int anyyet, 318 short *reventsp, 319 pollhead_t **php, 320 caller_context_t *ct) 321 { 322 ctfs_evnode_t *evnode = vp->v_data; 323 324 return (ctfs_endpoint_poll(&evnode->ctfs_ev_listener, events, anyyet, 325 reventsp, php)); 326 } 327 328 const fs_operation_def_t ctfs_tops_event[] = { 329 { VOPNAME_OPEN, { .vop_open = ctfs_ev_open } }, 330 { VOPNAME_CLOSE, { .vop_close = ctfs_close } }, 331 { VOPNAME_IOCTL, { .vop_ioctl = ctfs_ev_ioctl } }, 332 { VOPNAME_GETATTR, { .vop_getattr = ctfs_ev_getattr } }, 333 { VOPNAME_ACCESS, { .vop_access = ctfs_ev_access } }, 334 { VOPNAME_READDIR, { .error = fs_notdir } }, 335 { VOPNAME_LOOKUP, { .error = fs_notdir } }, 336 { VOPNAME_INACTIVE, { .vop_inactive = ctfs_ev_inactive } }, 337 { VOPNAME_POLL, { .vop_poll = ctfs_ev_poll } }, 338 { NULL, NULL } 339 }; 340 341 /* 342 * ctfs_create_pbundle 343 * 344 * Creates and returns a bunode for a /system/contract/<type>/pbundle 345 * file. 346 */ 347 vnode_t * 348 ctfs_create_pbundle(vnode_t *pvp) 349 { 350 vnode_t *vp; 351 ctfs_bunode_t *bundle; 352 353 vp = gfs_file_create(sizeof (ctfs_bunode_t), pvp, ctfs_ops_bundle); 354 bundle = vp->v_data; 355 bundle->ctfs_bu_queue = 356 contract_type_pbundle(ct_types[gfs_file_index(pvp)], curproc); 357 358 return (vp); 359 } 360 361 /* 362 * ctfs_create_bundle 363 * 364 * Creates and returns a bunode for a /system/contract/<type>/bundle 365 * file. 366 */ 367 vnode_t * 368 ctfs_create_bundle(vnode_t *pvp) 369 { 370 vnode_t *vp; 371 ctfs_bunode_t *bundle; 372 373 vp = gfs_file_create(sizeof (ctfs_bunode_t), pvp, ctfs_ops_bundle); 374 bundle = vp->v_data; 375 bundle->ctfs_bu_queue = 376 contract_type_bundle(ct_types[gfs_file_index(pvp)]); 377 378 return (vp); 379 } 380 381 /* 382 * ctfs_bu_open - VOP_OPEN entry point 383 */ 384 /* ARGSUSED */ 385 static int 386 ctfs_bu_open(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct) 387 { 388 ctfs_bunode_t *bunode = (*vpp)->v_data; 389 390 /* 391 * This assumes we are only ever called immediately after a 392 * VOP_LOOKUP. We could clone ourselves here, but doing so 393 * would make /proc/pid/fd accesses less useful. 394 */ 395 return (ctfs_endpoint_open(&bunode->ctfs_bu_listener, 396 bunode->ctfs_bu_queue, flag)); 397 } 398 399 /* 400 * ctfs_bu_inactive - VOP_INACTIVE entry point 401 */ 402 /* ARGSUSED */ 403 static void 404 ctfs_bu_inactive(vnode_t *vp, cred_t *cr, caller_context_t *ct) 405 { 406 ctfs_bunode_t *bunode; 407 vnode_t *pvp = gfs_file_parent(vp); 408 409 /* 410 * See comments in ctfs_ev_inactive() above. 411 */ 412 VN_HOLD(pvp); 413 if ((bunode = gfs_file_inactive(vp)) != NULL) { 414 ctfs_endpoint_inactive(&bunode->ctfs_bu_listener); 415 kmem_free(bunode, sizeof (ctfs_bunode_t)); 416 } 417 VN_RELE(pvp); 418 } 419 420 /* 421 * ctfs_bu_getattr - VOP_GETATTR entry point 422 */ 423 /* ARGSUSED */ 424 static int 425 ctfs_bu_getattr( 426 vnode_t *vp, 427 vattr_t *vap, 428 int flags, 429 cred_t *cr, 430 caller_context_t *ct) 431 { 432 ctfs_bunode_t *bunode = vp->v_data; 433 434 vap->va_type = VREG; 435 vap->va_mode = 0444; 436 vap->va_nodeid = gfs_file_index(vp); 437 vap->va_nlink = 1; 438 vap->va_size = 0; 439 vap->va_ctime.tv_sec = vp->v_vfsp->vfs_mtime; 440 vap->va_ctime.tv_nsec = 0; 441 mutex_enter(&bunode->ctfs_bu_queue->ctq_lock); 442 vap->va_mtime = vap->va_atime = bunode->ctfs_bu_queue->ctq_atime; 443 mutex_exit(&bunode->ctfs_bu_queue->ctq_lock); 444 ctfs_common_getattr(vp, vap); 445 446 return (0); 447 } 448 449 /* 450 * ctfs_bu_ioctl - VOP_IOCTL entry point 451 */ 452 /* ARGSUSED */ 453 static int 454 ctfs_bu_ioctl( 455 vnode_t *vp, 456 int cmd, 457 intptr_t arg, 458 int flag, 459 cred_t *cr, 460 int *rvalp, 461 caller_context_t *ct) 462 { 463 ctfs_bunode_t *bunode = vp->v_data; 464 465 return (ctfs_endpoint_ioctl(&bunode->ctfs_bu_listener, cmd, arg, cr, 466 VTOZONE(vp), bunode->ctfs_bu_queue->ctq_listno == CTEL_BUNDLE)); 467 } 468 469 /* 470 * ctfs_bu_poll - VOP_POLL entry point 471 */ 472 /*ARGSUSED*/ 473 static int 474 ctfs_bu_poll( 475 vnode_t *vp, 476 short events, 477 int anyyet, 478 short *reventsp, 479 pollhead_t **php, 480 caller_context_t *ct) 481 { 482 ctfs_bunode_t *bunode = vp->v_data; 483 484 return (ctfs_endpoint_poll(&bunode->ctfs_bu_listener, events, anyyet, 485 reventsp, php)); 486 } 487 488 const fs_operation_def_t ctfs_tops_bundle[] = { 489 { VOPNAME_OPEN, { .vop_open = ctfs_bu_open } }, 490 { VOPNAME_CLOSE, { .vop_close = ctfs_close } }, 491 { VOPNAME_IOCTL, { .vop_ioctl = ctfs_bu_ioctl } }, 492 { VOPNAME_GETATTR, { .vop_getattr = ctfs_bu_getattr } }, 493 { VOPNAME_ACCESS, { .vop_access = ctfs_access_readonly } }, 494 { VOPNAME_READDIR, { .error = fs_notdir } }, 495 { VOPNAME_LOOKUP, { .error = fs_notdir } }, 496 { VOPNAME_INACTIVE, { .vop_inactive = ctfs_bu_inactive } }, 497 { VOPNAME_POLL, { .vop_poll = ctfs_bu_poll } }, 498 { NULL, NULL } 499 }; 500