1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 26 /* All Rights Reserved */ 27 28 /* 29 * University Copyright- Copyright (c) 1982, 1986, 1988 30 * The Regents of the University of California 31 * All Rights Reserved 32 * 33 * University Acknowledgment- Portions of this document are derived from 34 * software developed by the University of California, Berkeley, and its 35 * contributors. 36 */ 37 38 #include <sys/types.h> 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/cpuvar.h> 42 #include <sys/errno.h> 43 #include <sys/cred.h> 44 #include <sys/user.h> 45 #include <sys/uio.h> 46 #include <sys/vfs.h> 47 #include <sys/vnode.h> 48 #include <sys/pathname.h> 49 #include <sys/proc.h> 50 #include <sys/vtrace.h> 51 #include <sys/sysmacros.h> 52 #include <sys/debug.h> 53 #include <sys/dirent.h> 54 #include <c2/audit.h> 55 #include <sys/zone.h> 56 #include <sys/dnlc.h> 57 #include <sys/fs/snode.h> 58 59 /* Controls whether paths are stored with vnodes. */ 60 int vfs_vnode_path = 1; 61 62 int 63 lookupname( 64 char *fnamep, 65 enum uio_seg seg, 66 enum symfollow followlink, 67 vnode_t **dirvpp, 68 vnode_t **compvpp) 69 { 70 return (lookupnameatcred(fnamep, seg, followlink, dirvpp, compvpp, NULL, 71 CRED())); 72 } 73 74 /* 75 * Lookup the user file name, 76 * Handle allocation and freeing of pathname buffer, return error. 77 */ 78 int 79 lookupnameatcred( 80 char *fnamep, /* user pathname */ 81 enum uio_seg seg, /* addr space that name is in */ 82 enum symfollow followlink, /* follow sym links */ 83 vnode_t **dirvpp, /* ret for ptr to parent dir vnode */ 84 vnode_t **compvpp, /* ret for ptr to component vnode */ 85 vnode_t *startvp, /* start path search from vp */ 86 cred_t *cr) /* credential */ 87 { 88 char namebuf[TYPICALMAXPATHLEN]; 89 struct pathname lookpn; 90 int error; 91 92 error = pn_get_buf(fnamep, seg, &lookpn, namebuf, sizeof (namebuf)); 93 if (error == 0) { 94 error = lookuppnatcred(&lookpn, NULL, followlink, 95 dirvpp, compvpp, startvp, cr); 96 } 97 if (error == ENAMETOOLONG) { 98 /* 99 * This thread used a pathname > TYPICALMAXPATHLEN bytes long. 100 */ 101 if (error = pn_get(fnamep, seg, &lookpn)) 102 return (error); 103 error = lookuppnatcred(&lookpn, NULL, followlink, 104 dirvpp, compvpp, startvp, cr); 105 pn_free(&lookpn); 106 } 107 108 return (error); 109 } 110 111 int 112 lookupnameat(char *fnamep, enum uio_seg seg, enum symfollow followlink, 113 vnode_t **dirvpp, vnode_t **compvpp, vnode_t *startvp) 114 { 115 return (lookupnameatcred(fnamep, seg, followlink, dirvpp, compvpp, 116 startvp, CRED())); 117 } 118 119 int 120 lookuppn( 121 struct pathname *pnp, 122 struct pathname *rpnp, 123 enum symfollow followlink, 124 vnode_t **dirvpp, 125 vnode_t **compvpp) 126 { 127 return (lookuppnatcred(pnp, rpnp, followlink, dirvpp, compvpp, NULL, 128 CRED())); 129 } 130 131 /* 132 * Lookup the user file name from a given vp, using a specific credential. 133 */ 134 int 135 lookuppnatcred( 136 struct pathname *pnp, /* pathname to lookup */ 137 struct pathname *rpnp, /* if non-NULL, return resolved path */ 138 enum symfollow followlink, /* (don't) follow sym links */ 139 vnode_t **dirvpp, /* ptr for parent vnode */ 140 vnode_t **compvpp, /* ptr for entry vnode */ 141 vnode_t *startvp, /* start search from this vp */ 142 cred_t *cr) /* user credential */ 143 { 144 vnode_t *vp; /* current directory vp */ 145 vnode_t *rootvp; 146 proc_t *p = curproc; 147 148 if (pnp->pn_pathlen == 0) 149 return (ENOENT); 150 151 mutex_enter(&p->p_lock); /* for u_rdir and u_cdir */ 152 if ((rootvp = PTOU(p)->u_rdir) == NULL) 153 rootvp = rootdir; 154 else if (rootvp != rootdir) /* no need to VN_HOLD rootdir */ 155 VN_HOLD(rootvp); 156 157 if (pnp->pn_path[0] == '/') { 158 vp = rootvp; 159 } else { 160 vp = (startvp == NULL) ? PTOU(p)->u_cdir : startvp; 161 } 162 VN_HOLD(vp); 163 mutex_exit(&p->p_lock); 164 165 /* 166 * Skip over leading slashes 167 */ 168 if (pnp->pn_path[0] == '/') { 169 do { 170 pnp->pn_path++; 171 pnp->pn_pathlen--; 172 } while (pnp->pn_path[0] == '/'); 173 } 174 175 return (lookuppnvp(pnp, rpnp, followlink, dirvpp, 176 compvpp, rootvp, vp, cr)); 177 } 178 179 int 180 lookuppnat(struct pathname *pnp, struct pathname *rpnp, 181 enum symfollow followlink, vnode_t **dirvpp, vnode_t **compvpp, 182 vnode_t *startvp) 183 { 184 return (lookuppnatcred(pnp, rpnp, followlink, dirvpp, compvpp, startvp, 185 CRED())); 186 } 187 188 /* Private flag to do our getcwd() dirty work */ 189 #define LOOKUP_CHECKREAD 0x10 190 #define LOOKUP_MASK (~LOOKUP_CHECKREAD) 191 192 /* 193 * Starting at current directory, translate pathname pnp to end. 194 * Leave pathname of final component in pnp, return the vnode 195 * for the final component in *compvpp, and return the vnode 196 * for the parent of the final component in dirvpp. 197 * 198 * This is the central routine in pathname translation and handles 199 * multiple components in pathnames, separating them at /'s. It also 200 * implements mounted file systems and processes symbolic links. 201 * 202 * vp is the vnode where the directory search should start. 203 * 204 * Reference counts: vp must be held prior to calling this function. rootvp 205 * should only be held if rootvp != rootdir. 206 */ 207 int 208 lookuppnvp( 209 struct pathname *pnp, /* pathname to lookup */ 210 struct pathname *rpnp, /* if non-NULL, return resolved path */ 211 int flags, /* follow symlinks */ 212 vnode_t **dirvpp, /* ptr for parent vnode */ 213 vnode_t **compvpp, /* ptr for entry vnode */ 214 vnode_t *rootvp, /* rootvp */ 215 vnode_t *vp, /* directory to start search at */ 216 cred_t *cr) /* user's credential */ 217 { 218 vnode_t *cvp; /* current component vp */ 219 vnode_t *tvp; /* addressable temp ptr */ 220 char component[MAXNAMELEN]; /* buffer for component (incl null) */ 221 int error; 222 int nlink; 223 int lookup_flags; 224 struct pathname presrvd; /* case preserved name */ 225 struct pathname *pp = NULL; 226 vnode_t *startvp; 227 vnode_t *zonevp = curproc->p_zone->zone_rootvp; /* zone root */ 228 int must_be_directory = 0; 229 boolean_t retry_with_kcred; 230 uint32_t auditing = AU_AUDITING(); 231 232 CPU_STATS_ADDQ(CPU, sys, namei, 1); 233 nlink = 0; 234 cvp = NULL; 235 if (rpnp) 236 rpnp->pn_pathlen = 0; 237 238 lookup_flags = dirvpp ? LOOKUP_DIR : 0; 239 if (flags & FIGNORECASE) { 240 lookup_flags |= FIGNORECASE; 241 pn_alloc(&presrvd); 242 pp = &presrvd; 243 } 244 245 if (auditing) 246 audit_anchorpath(pnp, vp == rootvp); 247 248 /* 249 * Eliminate any trailing slashes in the pathname. 250 * If there are any, we must follow all symlinks. 251 * Also, we must guarantee that the last component is a directory. 252 */ 253 if (pn_fixslash(pnp)) { 254 flags |= FOLLOW; 255 must_be_directory = 1; 256 } 257 258 startvp = vp; 259 next: 260 retry_with_kcred = B_FALSE; 261 262 /* 263 * Make sure we have a directory. 264 */ 265 if (vp->v_type != VDIR) { 266 error = ENOTDIR; 267 goto bad; 268 } 269 270 if (rpnp && VN_CMP(vp, rootvp)) 271 (void) pn_set(rpnp, "/"); 272 273 /* 274 * Process the next component of the pathname. 275 */ 276 if (error = pn_getcomponent(pnp, component)) { 277 goto bad; 278 } 279 280 /* 281 * Handle "..": two special cases. 282 * 1. If we're at the root directory (e.g. after chroot or 283 * zone_enter) then change ".." to "." so we can't get 284 * out of this subtree. 285 * 2. If this vnode is the root of a mounted file system, 286 * then replace it with the vnode that was mounted on 287 * so that we take the ".." in the other file system. 288 */ 289 if (component[0] == '.' && component[1] == '.' && component[2] == 0) { 290 checkforroot: 291 if (VN_CMP(vp, rootvp) || VN_CMP(vp, zonevp)) { 292 component[1] = '\0'; 293 } else if (vp->v_flag & VROOT) { 294 vfs_t *vfsp; 295 cvp = vp; 296 297 /* 298 * While we deal with the vfs pointer from the vnode 299 * the filesystem could have been forcefully unmounted 300 * and the vnode's v_vfsp could have been invalidated 301 * by VFS_UNMOUNT. Hence, we cache v_vfsp and use it 302 * with vfs_rlock_wait/vfs_unlock. 303 * It is safe to use the v_vfsp even it is freed by 304 * VFS_UNMOUNT because vfs_rlock_wait/vfs_unlock 305 * do not dereference v_vfsp. It is just used as a 306 * magic cookie. 307 * One more corner case here is the memory getting 308 * reused for another vfs structure. In this case 309 * lookuppnvp's vfs_rlock_wait will succeed, domount's 310 * vfs_lock will fail and domount will bail out with an 311 * error (EBUSY). 312 */ 313 vfsp = cvp->v_vfsp; 314 315 /* 316 * This lock is used to synchronize 317 * mounts/unmounts and lookups. 318 * Threads doing mounts/unmounts hold the 319 * writers version vfs_lock_wait(). 320 */ 321 322 vfs_rlock_wait(vfsp); 323 324 /* 325 * If this vnode is on a file system that 326 * has been forcibly unmounted, 327 * we can't proceed. Cancel this operation 328 * and return EIO. 329 * 330 * vfs_vnodecovered is NULL if unmounted. 331 * Currently, nfs uses VFS_UNMOUNTED to 332 * check if it's a forced-umount. Keep the 333 * same checking here as well even though it 334 * may not be needed. 335 */ 336 if (((vp = cvp->v_vfsp->vfs_vnodecovered) == NULL) || 337 (cvp->v_vfsp->vfs_flag & VFS_UNMOUNTED)) { 338 vfs_unlock(vfsp); 339 VN_RELE(cvp); 340 if (pp) 341 pn_free(pp); 342 return (EIO); 343 } 344 VN_HOLD(vp); 345 vfs_unlock(vfsp); 346 VN_RELE(cvp); 347 cvp = NULL; 348 /* 349 * Crossing mount points. For eg: We are doing 350 * a lookup of ".." for file systems root vnode 351 * mounted here, and VOP_LOOKUP() (with covered vnode) 352 * will be on underlying file systems mount point 353 * vnode. Set retry_with_kcred flag as we might end 354 * up doing VOP_LOOKUP() with kcred if required. 355 */ 356 retry_with_kcred = B_TRUE; 357 goto checkforroot; 358 } 359 } 360 361 /* 362 * LOOKUP_CHECKREAD is a private flag used by vnodetopath() to indicate 363 * that we need to have read permission on every directory in the entire 364 * path. This is used to ensure that a forward-lookup of a cached value 365 * has the same effect as a reverse-lookup when the cached value cannot 366 * be found. 367 */ 368 if ((flags & LOOKUP_CHECKREAD) && 369 (error = VOP_ACCESS(vp, VREAD, 0, cr, NULL)) != 0) 370 goto bad; 371 372 /* 373 * Perform a lookup in the current directory. 374 */ 375 error = VOP_LOOKUP(vp, component, &tvp, pnp, lookup_flags, 376 rootvp, cr, NULL, NULL, pp); 377 378 /* 379 * Retry with kcred - If crossing mount points & error is EACCES. 380 * 381 * If we are crossing mount points here and doing ".." lookup, 382 * VOP_LOOKUP() might fail if the underlying file systems 383 * mount point has no execute permission. In cases like these, 384 * we retry VOP_LOOKUP() by giving as much privilage as possible 385 * by passing kcred credentials. 386 * 387 * In case of hierarchical file systems, passing kcred still may 388 * or may not work. 389 * For eg: UFS FS --> Mount NFS FS --> Again mount UFS on some 390 * directory inside NFS FS. 391 */ 392 if ((error == EACCES) && retry_with_kcred) 393 error = VOP_LOOKUP(vp, component, &tvp, pnp, lookup_flags, 394 rootvp, zone_kcred(), NULL, NULL, pp); 395 396 cvp = tvp; 397 if (error) { 398 cvp = NULL; 399 /* 400 * On error, return hard error if 401 * (a) we're not at the end of the pathname yet, or 402 * (b) the caller didn't want the parent directory, or 403 * (c) we failed for some reason other than a missing entry. 404 */ 405 if (pn_pathleft(pnp) || dirvpp == NULL || error != ENOENT) 406 goto bad; 407 if (auditing) { /* directory access */ 408 if (error = audit_savepath(pnp, vp, vp, error, cr)) 409 goto bad_noaudit; 410 } 411 412 pn_setlast(pnp); 413 /* 414 * We inform the caller that the desired entry must be 415 * a directory by adding a '/' to the component name. 416 */ 417 if (must_be_directory && (error = pn_addslash(pnp)) != 0) 418 goto bad; 419 *dirvpp = vp; 420 if (compvpp != NULL) 421 *compvpp = NULL; 422 if (rootvp != rootdir) 423 VN_RELE(rootvp); 424 if (pp) 425 pn_free(pp); 426 return (0); 427 } 428 429 /* 430 * Traverse mount points. 431 * XXX why don't we need to hold a read lock here (call vn_vfsrlock)? 432 * What prevents a concurrent update to v_vfsmountedhere? 433 * Possible answer: if mounting, we might not see the mount 434 * if it is concurrently coming into existence, but that's 435 * really not much different from the thread running a bit slower. 436 * If unmounting, we may get into traverse() when we shouldn't, 437 * but traverse() will catch this case for us. 438 * (For this to work, fetching v_vfsmountedhere had better 439 * be atomic!) 440 */ 441 if (vn_mountedvfs(cvp) != NULL) { 442 tvp = cvp; 443 if ((error = traverse(&tvp)) != 0) { 444 /* 445 * It is required to assign cvp here, because 446 * traverse() will return a held vnode which 447 * may different than the vnode that was passed 448 * in (even in the error case). If traverse() 449 * changes the vnode it releases the original, 450 * and holds the new one. 451 */ 452 cvp = tvp; 453 goto bad; 454 } 455 cvp = tvp; 456 } 457 458 /* 459 * If we hit a symbolic link and there is more path to be 460 * translated or this operation does not wish to apply 461 * to a link, then place the contents of the link at the 462 * front of the remaining pathname. 463 */ 464 if (cvp->v_type == VLNK && ((flags & FOLLOW) || pn_pathleft(pnp))) { 465 struct pathname linkpath; 466 467 if (++nlink > MAXSYMLINKS) { 468 error = ELOOP; 469 goto bad; 470 } 471 pn_alloc(&linkpath); 472 if (error = pn_getsymlink(cvp, &linkpath, cr)) { 473 pn_free(&linkpath); 474 goto bad; 475 } 476 477 if (auditing) 478 audit_symlink(pnp, &linkpath); 479 480 if (pn_pathleft(&linkpath) == 0) 481 (void) pn_set(&linkpath, "."); 482 error = pn_insert(pnp, &linkpath, strlen(component)); 483 pn_free(&linkpath); 484 if (error) 485 goto bad; 486 VN_RELE(cvp); 487 cvp = NULL; 488 if (pnp->pn_pathlen == 0) { 489 error = ENOENT; 490 goto bad; 491 } 492 if (pnp->pn_path[0] == '/') { 493 do { 494 pnp->pn_path++; 495 pnp->pn_pathlen--; 496 } while (pnp->pn_path[0] == '/'); 497 VN_RELE(vp); 498 vp = rootvp; 499 VN_HOLD(vp); 500 } 501 if (auditing) 502 audit_anchorpath(pnp, vp == rootvp); 503 if (pn_fixslash(pnp)) { 504 flags |= FOLLOW; 505 must_be_directory = 1; 506 } 507 goto next; 508 } 509 510 /* 511 * If rpnp is non-NULL, remember the resolved path name therein. 512 * Do not include "." components. Collapse occurrences of 513 * "previous/..", so long as "previous" is not itself "..". 514 * Exhausting rpnp results in error ENAMETOOLONG. 515 */ 516 if (rpnp && strcmp(component, ".") != 0) { 517 size_t len; 518 519 if (strcmp(component, "..") == 0 && 520 rpnp->pn_pathlen != 0 && 521 !((rpnp->pn_pathlen > 2 && 522 strncmp(rpnp->pn_path+rpnp->pn_pathlen-3, "/..", 3) == 0) || 523 (rpnp->pn_pathlen == 2 && 524 strncmp(rpnp->pn_path, "..", 2) == 0))) { 525 while (rpnp->pn_pathlen && 526 rpnp->pn_path[rpnp->pn_pathlen-1] != '/') 527 rpnp->pn_pathlen--; 528 if (rpnp->pn_pathlen > 1) 529 rpnp->pn_pathlen--; 530 rpnp->pn_path[rpnp->pn_pathlen] = '\0'; 531 } else { 532 if (rpnp->pn_pathlen != 0 && 533 rpnp->pn_path[rpnp->pn_pathlen-1] != '/') 534 rpnp->pn_path[rpnp->pn_pathlen++] = '/'; 535 if (flags & FIGNORECASE) { 536 /* 537 * Return the case-preserved name 538 * within the resolved path. 539 */ 540 error = copystr(pp->pn_buf, 541 rpnp->pn_path + rpnp->pn_pathlen, 542 rpnp->pn_bufsize - rpnp->pn_pathlen, &len); 543 } else { 544 error = copystr(component, 545 rpnp->pn_path + rpnp->pn_pathlen, 546 rpnp->pn_bufsize - rpnp->pn_pathlen, &len); 547 } 548 if (error) /* copystr() returns ENAMETOOLONG */ 549 goto bad; 550 rpnp->pn_pathlen += (len - 1); 551 ASSERT(rpnp->pn_bufsize > rpnp->pn_pathlen); 552 } 553 } 554 555 /* 556 * If no more components, return last directory (if wanted) and 557 * last component (if wanted). 558 */ 559 if (pn_pathleft(pnp) == 0) { 560 /* 561 * If there was a trailing slash in the pathname, 562 * make sure the last component is a directory. 563 */ 564 if (must_be_directory && cvp->v_type != VDIR) { 565 error = ENOTDIR; 566 goto bad; 567 } 568 if (dirvpp != NULL) { 569 /* 570 * Check that we have the real parent and not 571 * an alias of the last component. 572 */ 573 if (vn_compare(vp, cvp)) { 574 if (auditing) 575 (void) audit_savepath(pnp, cvp, vp, 576 EINVAL, cr); 577 pn_setlast(pnp); 578 VN_RELE(vp); 579 VN_RELE(cvp); 580 if (rootvp != rootdir) 581 VN_RELE(rootvp); 582 if (pp) 583 pn_free(pp); 584 return (EINVAL); 585 } 586 *dirvpp = vp; 587 } else 588 VN_RELE(vp); 589 if (auditing) 590 (void) audit_savepath(pnp, cvp, vp, 0, cr); 591 if (pnp->pn_path == pnp->pn_buf) 592 (void) pn_set(pnp, "."); 593 else 594 pn_setlast(pnp); 595 if (rpnp) { 596 if (VN_CMP(cvp, rootvp)) 597 (void) pn_set(rpnp, "/"); 598 else if (rpnp->pn_pathlen == 0) 599 (void) pn_set(rpnp, "."); 600 } 601 602 if (compvpp != NULL) 603 *compvpp = cvp; 604 else 605 VN_RELE(cvp); 606 if (rootvp != rootdir) 607 VN_RELE(rootvp); 608 if (pp) 609 pn_free(pp); 610 return (0); 611 } 612 613 /* 614 * Skip over slashes from end of last component. 615 */ 616 while (pnp->pn_path[0] == '/') { 617 pnp->pn_path++; 618 pnp->pn_pathlen--; 619 } 620 621 /* 622 * Searched through another level of directory: 623 * release previous directory handle and save new (result 624 * of lookup) as current directory. 625 */ 626 VN_RELE(vp); 627 vp = cvp; 628 cvp = NULL; 629 goto next; 630 631 bad: 632 if (auditing) /* reached end of path */ 633 (void) audit_savepath(pnp, cvp, vp, error, cr); 634 bad_noaudit: 635 /* 636 * Error. Release vnodes and return. 637 */ 638 if (cvp) 639 VN_RELE(cvp); 640 /* 641 * If the error was ESTALE and the current directory to look in 642 * was the root for this lookup, the root for a mounted file 643 * system, or the starting directory for lookups, then 644 * return ENOENT instead of ESTALE. In this case, no recovery 645 * is possible by the higher level. If ESTALE was returned for 646 * some intermediate directory along the path, then recovery 647 * is potentially possible and retrying from the higher level 648 * will either correct the situation by purging stale cache 649 * entries or eventually get back to the point where no recovery 650 * is possible. 651 */ 652 if (error == ESTALE && 653 (VN_CMP(vp, rootvp) || (vp->v_flag & VROOT) || vp == startvp)) 654 error = ENOENT; 655 VN_RELE(vp); 656 if (rootvp != rootdir) 657 VN_RELE(rootvp); 658 if (pp) 659 pn_free(pp); 660 return (error); 661 } 662 663 /* 664 * Traverse a mount point. Routine accepts a vnode pointer as a reference 665 * parameter and performs the indirection, releasing the original vnode. 666 */ 667 int 668 traverse(vnode_t **cvpp) 669 { 670 int error = 0; 671 vnode_t *cvp; 672 vnode_t *tvp; 673 vfs_t *vfsp; 674 675 cvp = *cvpp; 676 677 /* 678 * If this vnode is mounted on, then we transparently indirect 679 * to the vnode which is the root of the mounted file system. 680 * Before we do this we must check that an unmount is not in 681 * progress on this vnode. 682 */ 683 684 for (;;) { 685 /* 686 * Try to read lock the vnode. If this fails because 687 * the vnode is already write locked, then check to 688 * see whether it is the current thread which locked 689 * the vnode. If it is not, then read lock the vnode 690 * by waiting to acquire the lock. 691 * 692 * The code path in domount() is an example of support 693 * which needs to look up two pathnames and locks one 694 * of them in between the two lookups. 695 */ 696 error = vn_vfsrlock(cvp); 697 if (error) { 698 if (!vn_vfswlock_held(cvp)) 699 error = vn_vfsrlock_wait(cvp); 700 if (error != 0) { 701 /* 702 * lookuppn() expects a held vnode to be 703 * returned because it promptly calls 704 * VN_RELE after the error return 705 */ 706 *cvpp = cvp; 707 return (error); 708 } 709 } 710 711 /* 712 * Reached the end of the mount chain? 713 */ 714 vfsp = vn_mountedvfs(cvp); 715 if (vfsp == NULL) { 716 vn_vfsunlock(cvp); 717 break; 718 } 719 720 /* 721 * The read lock must be held across the call to VFS_ROOT() to 722 * prevent a concurrent unmount from destroying the vfs. 723 */ 724 error = VFS_ROOT(vfsp, &tvp); 725 vn_vfsunlock(cvp); 726 727 if (error) 728 break; 729 730 VN_RELE(cvp); 731 732 cvp = tvp; 733 } 734 735 *cvpp = cvp; 736 return (error); 737 } 738 739 /* 740 * Return the lowermost vnode if this is a mountpoint. 741 */ 742 static vnode_t * 743 vn_under(vnode_t *vp) 744 { 745 vnode_t *uvp; 746 vfs_t *vfsp; 747 748 while (vp->v_flag & VROOT) { 749 750 vfsp = vp->v_vfsp; 751 vfs_rlock_wait(vfsp); 752 if ((uvp = vfsp->vfs_vnodecovered) == NULL || 753 (vfsp->vfs_flag & VFS_UNMOUNTED)) { 754 vfs_unlock(vfsp); 755 break; 756 } 757 VN_HOLD(uvp); 758 vfs_unlock(vfsp); 759 VN_RELE(vp); 760 vp = uvp; 761 } 762 763 return (vp); 764 } 765 766 static int 767 vnode_match(vnode_t *v1, vnode_t *v2, cred_t *cr) 768 { 769 vattr_t v1attr, v2attr; 770 771 /* 772 * If we have a device file, check to see if is a cloned open of the 773 * same device. For self-cloning devices, the major numbers will match. 774 * For devices cloned through the 'clone' driver, the minor number of 775 * the source device will be the same as the major number of the cloned 776 * device. 777 */ 778 if ((v1->v_type == VCHR || v1->v_type == VBLK) && 779 v1->v_type == v2->v_type) { 780 if ((spec_is_selfclone(v1) || spec_is_selfclone(v2)) && 781 getmajor(v1->v_rdev) == getmajor(v2->v_rdev)) 782 return (1); 783 784 if (spec_is_clone(v1) && 785 getmajor(v1->v_rdev) == getminor(v2->v_rdev)) 786 return (1); 787 788 if (spec_is_clone(v2) && 789 getmajor(v2->v_rdev) == getminor(v1->v_rdev)) 790 return (1); 791 } 792 793 v1attr.va_mask = v2attr.va_mask = AT_TYPE; 794 795 /* 796 * This check for symbolic links handles the pseudo-symlinks in procfs. 797 * These particular links have v_type of VDIR, but the attributes have a 798 * type of VLNK. We need to avoid these links because otherwise if we 799 * are currently in '/proc/self/fd', then '/proc/self/cwd' will compare 800 * as the same vnode. 801 */ 802 if (VOP_GETATTR(v1, &v1attr, 0, cr, NULL) != 0 || 803 VOP_GETATTR(v2, &v2attr, 0, cr, NULL) != 0 || 804 v1attr.va_type == VLNK || v2attr.va_type == VLNK) 805 return (0); 806 807 v1attr.va_mask = v2attr.va_mask = AT_TYPE | AT_FSID | AT_NODEID; 808 809 if (VOP_GETATTR(v1, &v1attr, ATTR_REAL, cr, NULL) != 0 || 810 VOP_GETATTR(v2, &v2attr, ATTR_REAL, cr, NULL) != 0) 811 return (0); 812 813 return (v1attr.va_fsid == v2attr.va_fsid && 814 v1attr.va_nodeid == v2attr.va_nodeid); 815 } 816 817 818 /* 819 * Find the entry in the directory corresponding to the target vnode. 820 */ 821 int 822 dirfindvp(vnode_t *vrootp, vnode_t *dvp, vnode_t *tvp, cred_t *cr, char *dbuf, 823 size_t dlen, dirent64_t **rdp) 824 { 825 size_t dbuflen; 826 struct iovec iov; 827 struct uio uio; 828 int error; 829 int eof; 830 vnode_t *cmpvp; 831 struct dirent64 *dp; 832 pathname_t pnp; 833 834 ASSERT(dvp->v_type == VDIR); 835 836 /* 837 * This is necessary because of the strange semantics of VOP_LOOKUP(). 838 */ 839 bzero(&pnp, sizeof (pnp)); 840 841 eof = 0; 842 843 uio.uio_iov = &iov; 844 uio.uio_iovcnt = 1; 845 uio.uio_segflg = UIO_SYSSPACE; 846 uio.uio_fmode = 0; 847 uio.uio_extflg = UIO_COPY_CACHED; 848 uio.uio_loffset = 0; 849 850 if ((error = VOP_ACCESS(dvp, VREAD, 0, cr, NULL)) != 0) 851 return (error); 852 853 while (!eof) { 854 uio.uio_resid = dlen; 855 iov.iov_base = dbuf; 856 iov.iov_len = dlen; 857 858 (void) VOP_RWLOCK(dvp, V_WRITELOCK_FALSE, NULL); 859 error = VOP_READDIR(dvp, &uio, cr, &eof, NULL, 0); 860 VOP_RWUNLOCK(dvp, V_WRITELOCK_FALSE, NULL); 861 862 dbuflen = dlen - uio.uio_resid; 863 864 if (error || dbuflen == 0) 865 break; 866 867 dp = (dirent64_t *)dbuf; 868 while ((intptr_t)dp < (intptr_t)dbuf + dbuflen) { 869 /* 870 * Ignore '.' and '..' entries 871 */ 872 if (strcmp(dp->d_name, ".") == 0 || 873 strcmp(dp->d_name, "..") == 0) { 874 dp = (dirent64_t *)((intptr_t)dp + 875 dp->d_reclen); 876 continue; 877 } 878 879 error = VOP_LOOKUP(dvp, dp->d_name, &cmpvp, &pnp, 0, 880 vrootp, cr, NULL, NULL, NULL); 881 882 /* 883 * We only want to bail out if there was an error other 884 * than ENOENT. Otherwise, it could be that someone 885 * just removed an entry since the readdir() call, and 886 * the entry we want is further on in the directory. 887 */ 888 if (error == 0) { 889 if (vnode_match(tvp, cmpvp, cr)) { 890 VN_RELE(cmpvp); 891 *rdp = dp; 892 return (0); 893 } 894 895 VN_RELE(cmpvp); 896 } else if (error != ENOENT) { 897 return (error); 898 } 899 900 dp = (dirent64_t *)((intptr_t)dp + dp->d_reclen); 901 } 902 } 903 904 /* 905 * Something strange has happened, this directory does not contain the 906 * specified vnode. This should never happen in the normal case, since 907 * we ensured that dvp is the parent of vp. This is possible in some 908 * rare conditions (races and the special .zfs directory). 909 */ 910 if (error == 0) { 911 error = VOP_LOOKUP(dvp, ".zfs", &cmpvp, &pnp, 0, vrootp, cr, 912 NULL, NULL, NULL); 913 if (error == 0) { 914 if (vnode_match(tvp, cmpvp, cr)) { 915 (void) strcpy(dp->d_name, ".zfs"); 916 dp->d_reclen = strlen(".zfs"); 917 dp->d_off = 2; 918 dp->d_ino = 1; 919 *rdp = dp; 920 } else { 921 error = ENOENT; 922 } 923 VN_RELE(cmpvp); 924 } 925 } 926 927 return (error); 928 } 929 930 /* 931 * Given a global path (from rootdir), and a vnode that is the current root, 932 * return the portion of the path that is beneath the current root or NULL on 933 * failure. The path MUST be a resolved path (no '..' entries or symlinks), 934 * otherwise this function will fail. 935 */ 936 static char * 937 localpath(char *path, struct vnode *vrootp, cred_t *cr) 938 { 939 vnode_t *vp; 940 vnode_t *cvp; 941 char component[MAXNAMELEN]; 942 char *ret = NULL; 943 pathname_t pn; 944 945 /* 946 * We use vn_compare() instead of VN_CMP() in order to detect lofs 947 * mounts and stacked vnodes. 948 */ 949 if (vn_compare(vrootp, rootdir)) 950 return (path); 951 952 if (pn_get(path, UIO_SYSSPACE, &pn) != 0) 953 return (NULL); 954 955 vp = rootdir; 956 VN_HOLD(vp); 957 958 if (vn_ismntpt(vp) && traverse(&vp) != 0) { 959 VN_RELE(vp); 960 pn_free(&pn); 961 return (NULL); 962 } 963 964 while (pn_pathleft(&pn)) { 965 pn_skipslash(&pn); 966 967 if (pn_getcomponent(&pn, component) != 0) 968 break; 969 970 if (VOP_LOOKUP(vp, component, &cvp, &pn, 0, rootdir, cr, 971 NULL, NULL, NULL) != 0) 972 break; 973 VN_RELE(vp); 974 vp = cvp; 975 976 if (vn_ismntpt(vp) && traverse(&vp) != 0) 977 break; 978 979 if (vn_compare(vp, vrootp)) { 980 ret = path + (pn.pn_path - pn.pn_buf); 981 break; 982 } 983 } 984 985 VN_RELE(vp); 986 pn_free(&pn); 987 988 return (ret); 989 } 990 991 /* 992 * Given a directory, return the full, resolved path. This looks up "..", 993 * searches for the given vnode in the parent, appends the component, etc. It 994 * is used to implement vnodetopath() and getcwd() when the cached path fails. 995 */ 996 static int 997 dirtopath(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen, int flags, 998 cred_t *cr) 999 { 1000 pathname_t pn, rpn, emptypn; 1001 vnode_t *cmpvp, *pvp = NULL; 1002 vnode_t *startvp = vp; 1003 int err = 0, vprivs; 1004 size_t complen; 1005 char *dbuf; 1006 dirent64_t *dp; 1007 char *bufloc; 1008 size_t dlen = DIRENT64_RECLEN(MAXPATHLEN); 1009 refstr_t *mntpt; 1010 1011 /* Operation only allowed on directories */ 1012 ASSERT(vp->v_type == VDIR); 1013 1014 /* We must have at least enough space for "/" */ 1015 if (buflen < 2) 1016 return (ENAMETOOLONG); 1017 1018 /* Start at end of string with terminating null */ 1019 bufloc = &buf[buflen - 1]; 1020 *bufloc = '\0'; 1021 1022 pn_alloc(&pn); 1023 pn_alloc(&rpn); 1024 dbuf = kmem_alloc(dlen, KM_SLEEP); 1025 bzero(&emptypn, sizeof (emptypn)); 1026 1027 /* 1028 * Begin with an additional reference on vp. This will be decremented 1029 * during the loop. 1030 */ 1031 VN_HOLD(vp); 1032 1033 for (;;) { 1034 /* 1035 * Return if we've reached the root. If the buffer is empty, 1036 * return '/'. We explicitly don't use vn_compare(), since it 1037 * compares the real vnodes. A lofs mount of '/' would produce 1038 * incorrect results otherwise. 1039 */ 1040 if (VN_CMP(vrootp, vp)) { 1041 if (*bufloc == '\0') 1042 *--bufloc = '/'; 1043 break; 1044 } 1045 1046 /* 1047 * If we've reached the VFS root, something has gone wrong. We 1048 * should have reached the root in the above check. The only 1049 * explantation is that 'vp' is not contained withing the given 1050 * root, in which case we return EPERM. 1051 */ 1052 if (VN_CMP(rootdir, vp)) { 1053 err = EPERM; 1054 goto out; 1055 } 1056 1057 /* 1058 * Shortcut: see if this vnode is a mountpoint. If so, 1059 * grab the path information from the vfs_t. 1060 */ 1061 if (vp->v_flag & VROOT) { 1062 1063 mntpt = vfs_getmntpoint(vp->v_vfsp); 1064 if ((err = pn_set(&pn, (char *)refstr_value(mntpt))) 1065 == 0) { 1066 refstr_rele(mntpt); 1067 rpn.pn_path = rpn.pn_buf; 1068 1069 /* 1070 * Ensure the mountpoint still exists. 1071 */ 1072 VN_HOLD(vrootp); 1073 if (vrootp != rootdir) 1074 VN_HOLD(vrootp); 1075 if (lookuppnvp(&pn, &rpn, flags, NULL, 1076 &cmpvp, vrootp, vrootp, cr) == 0) { 1077 1078 if (VN_CMP(vp, cmpvp)) { 1079 VN_RELE(cmpvp); 1080 1081 complen = strlen(rpn.pn_path); 1082 bufloc -= complen; 1083 if (bufloc < buf) { 1084 err = ERANGE; 1085 goto out; 1086 } 1087 bcopy(rpn.pn_path, bufloc, 1088 complen); 1089 break; 1090 } else { 1091 VN_RELE(cmpvp); 1092 } 1093 } 1094 } else { 1095 refstr_rele(mntpt); 1096 } 1097 } 1098 1099 /* 1100 * Shortcut: see if this vnode has correct v_path. If so, 1101 * we have the work done. 1102 */ 1103 mutex_enter(&vp->v_lock); 1104 if (vp->v_path != NULL) { 1105 1106 if ((err = pn_set(&pn, vp->v_path)) == 0) { 1107 mutex_exit(&vp->v_lock); 1108 rpn.pn_path = rpn.pn_buf; 1109 1110 /* 1111 * Ensure the v_path pointing to correct vnode 1112 */ 1113 VN_HOLD(vrootp); 1114 if (vrootp != rootdir) 1115 VN_HOLD(vrootp); 1116 if (lookuppnvp(&pn, &rpn, flags, NULL, 1117 &cmpvp, vrootp, vrootp, cr) == 0) { 1118 1119 if (VN_CMP(vp, cmpvp)) { 1120 VN_RELE(cmpvp); 1121 1122 complen = strlen(rpn.pn_path); 1123 bufloc -= complen; 1124 if (bufloc < buf) { 1125 err = ERANGE; 1126 goto out; 1127 } 1128 bcopy(rpn.pn_path, bufloc, 1129 complen); 1130 break; 1131 } else { 1132 VN_RELE(cmpvp); 1133 } 1134 } 1135 } else { 1136 mutex_exit(&vp->v_lock); 1137 } 1138 } else { 1139 mutex_exit(&vp->v_lock); 1140 } 1141 1142 /* 1143 * Shortcuts failed, search for this vnode in its parent. If 1144 * this is a mountpoint, then get the vnode underneath. 1145 */ 1146 if (vp->v_flag & VROOT) 1147 vp = vn_under(vp); 1148 if ((err = VOP_LOOKUP(vp, "..", &pvp, &emptypn, 0, vrootp, cr, 1149 NULL, NULL, NULL)) != 0) 1150 goto out; 1151 1152 /* 1153 * With extended attributes, it's possible for a directory to 1154 * have a parent that is a regular file. Check for that here. 1155 */ 1156 if (pvp->v_type != VDIR) { 1157 err = ENOTDIR; 1158 goto out; 1159 } 1160 1161 /* 1162 * If this is true, something strange has happened. This is 1163 * only true if we are the root of a filesystem, which should 1164 * have been caught by the check above. 1165 */ 1166 if (VN_CMP(pvp, vp)) { 1167 err = ENOENT; 1168 goto out; 1169 } 1170 1171 /* 1172 * Check if we have read and search privilege so, that 1173 * we can lookup the path in the directory 1174 */ 1175 vprivs = (flags & LOOKUP_CHECKREAD) ? VREAD | VEXEC : VEXEC; 1176 if ((err = VOP_ACCESS(pvp, vprivs, 0, cr, NULL)) != 0) { 1177 goto out; 1178 } 1179 1180 /* 1181 * Try to obtain the path component from dnlc cache 1182 * before searching through the directory. 1183 */ 1184 if ((cmpvp = dnlc_reverse_lookup(vp, dbuf, dlen)) != NULL) { 1185 /* 1186 * If we got parent vnode as a result, 1187 * then the answered path is correct. 1188 */ 1189 if (VN_CMP(cmpvp, pvp)) { 1190 VN_RELE(cmpvp); 1191 complen = strlen(dbuf); 1192 bufloc -= complen; 1193 if (bufloc <= buf) { 1194 err = ENAMETOOLONG; 1195 goto out; 1196 } 1197 bcopy(dbuf, bufloc, complen); 1198 1199 /* Prepend a slash to the current path */ 1200 *--bufloc = '/'; 1201 1202 /* And continue with the next component */ 1203 VN_RELE(vp); 1204 vp = pvp; 1205 pvp = NULL; 1206 continue; 1207 } else { 1208 VN_RELE(cmpvp); 1209 } 1210 } 1211 1212 /* 1213 * Search the parent directory for the entry corresponding to 1214 * this vnode. 1215 */ 1216 if ((err = dirfindvp(vrootp, pvp, vp, cr, dbuf, dlen, &dp)) 1217 != 0) 1218 goto out; 1219 complen = strlen(dp->d_name); 1220 bufloc -= complen; 1221 if (bufloc <= buf) { 1222 err = ENAMETOOLONG; 1223 goto out; 1224 } 1225 bcopy(dp->d_name, bufloc, complen); 1226 1227 /* Prepend a slash to the current path. */ 1228 *--bufloc = '/'; 1229 1230 /* And continue with the next component */ 1231 VN_RELE(vp); 1232 vp = pvp; 1233 pvp = NULL; 1234 } 1235 1236 /* 1237 * Place the path at the beginning of the buffer. 1238 */ 1239 if (bufloc != buf) 1240 ovbcopy(bufloc, buf, buflen - (bufloc - buf)); 1241 1242 out: 1243 /* 1244 * If the error was ESTALE and the current directory to look in 1245 * was the root for this lookup, the root for a mounted file 1246 * system, or the starting directory for lookups, then 1247 * return ENOENT instead of ESTALE. In this case, no recovery 1248 * is possible by the higher level. If ESTALE was returned for 1249 * some intermediate directory along the path, then recovery 1250 * is potentially possible and retrying from the higher level 1251 * will either correct the situation by purging stale cache 1252 * entries or eventually get back to the point where no recovery 1253 * is possible. 1254 */ 1255 if (err == ESTALE && 1256 (VN_CMP(vp, vrootp) || (vp->v_flag & VROOT) || vp == startvp)) 1257 err = ENOENT; 1258 1259 kmem_free(dbuf, dlen); 1260 VN_RELE(vp); 1261 if (pvp) 1262 VN_RELE(pvp); 1263 pn_free(&pn); 1264 pn_free(&rpn); 1265 1266 return (err); 1267 } 1268 1269 /* 1270 * The additional flag, LOOKUP_CHECKREAD, is used to enforce artificial 1271 * constraints in order to be standards compliant. For example, if we have 1272 * the cached path of '/foo/bar', and '/foo' has permissions 100 (execute 1273 * only), then we can legitimately look up the path to the current working 1274 * directory without needing read permission. Existing standards tests, 1275 * however, assume that we are determining the path by repeatedly looking up 1276 * "..". We need to keep this behavior in order to maintain backwards 1277 * compatibility. 1278 */ 1279 static int 1280 vnodetopath_common(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen, 1281 cred_t *cr, int flags) 1282 { 1283 pathname_t pn, rpn; 1284 int ret, len; 1285 vnode_t *compvp, *pvp, *realvp; 1286 proc_t *p = curproc; 1287 char path[MAXNAMELEN]; 1288 int doclose = 0; 1289 1290 /* 1291 * If vrootp is NULL, get the root for curproc. Callers with any other 1292 * requirements should pass in a different vrootp. 1293 */ 1294 if (vrootp == NULL) { 1295 mutex_enter(&p->p_lock); 1296 if ((vrootp = PTOU(p)->u_rdir) == NULL) 1297 vrootp = rootdir; 1298 VN_HOLD(vrootp); 1299 mutex_exit(&p->p_lock); 1300 } else { 1301 VN_HOLD(vrootp); 1302 } 1303 1304 /* 1305 * This is to get around an annoying artifact of the /proc filesystem, 1306 * which is the behavior of {cwd/root}. Trying to resolve this path 1307 * will result in /proc/pid/cwd instead of whatever the real working 1308 * directory is. We can't rely on VOP_REALVP(), since that will break 1309 * lofs. The only difference between procfs and lofs is that opening 1310 * the file will return the underling vnode in the case of procfs. 1311 */ 1312 if (vp->v_type == VDIR && VOP_REALVP(vp, &realvp, NULL) == 0 && 1313 realvp != vp) { 1314 VN_HOLD(vp); 1315 if (VOP_OPEN(&vp, FREAD, cr, NULL) == 0) 1316 doclose = 1; 1317 else 1318 VN_RELE(vp); 1319 } 1320 1321 pn_alloc(&pn); 1322 1323 /* 1324 * Check to see if we have a cached path in the vnode. 1325 */ 1326 mutex_enter(&vp->v_lock); 1327 if (vp->v_path != NULL) { 1328 (void) pn_set(&pn, vp->v_path); 1329 mutex_exit(&vp->v_lock); 1330 1331 pn_alloc(&rpn); 1332 1333 /* We should only cache absolute paths */ 1334 ASSERT(pn.pn_buf[0] == '/'); 1335 1336 /* 1337 * If we are in a zone or a chroot environment, then we have to 1338 * take additional steps, since the path to the root might not 1339 * be readable with the current credentials, even though the 1340 * process can legitmately access the file. In this case, we 1341 * do the following: 1342 * 1343 * lookuppnvp() with all privileges to get the resolved path. 1344 * call localpath() to get the local portion of the path, and 1345 * continue as normal. 1346 * 1347 * If the the conversion to a local path fails, then we continue 1348 * as normal. This is a heuristic to make process object file 1349 * paths available from within a zone. Because lofs doesn't 1350 * support page operations, the vnode stored in the seg_t is 1351 * actually the underlying real vnode, not the lofs node itself. 1352 * Most of the time, the lofs path is the same as the underlying 1353 * vnode (for example, /usr/lib/libc.so.1). 1354 */ 1355 if (vrootp != rootdir) { 1356 char *local = NULL; 1357 VN_HOLD(rootdir); 1358 if (lookuppnvp(&pn, &rpn, FOLLOW, 1359 NULL, &compvp, rootdir, rootdir, kcred) == 0) { 1360 local = localpath(rpn.pn_path, vrootp, 1361 kcred); 1362 VN_RELE(compvp); 1363 } 1364 1365 /* 1366 * The original pn was changed through lookuppnvp(). 1367 * Set it to local for next validation attempt. 1368 */ 1369 if (local) { 1370 (void) pn_set(&pn, local); 1371 } else { 1372 goto notcached; 1373 } 1374 } 1375 1376 /* 1377 * We should have a local path at this point, so start the 1378 * search from the root of the current process. 1379 */ 1380 VN_HOLD(vrootp); 1381 if (vrootp != rootdir) 1382 VN_HOLD(vrootp); 1383 ret = lookuppnvp(&pn, &rpn, FOLLOW | flags, NULL, 1384 &compvp, vrootp, vrootp, cr); 1385 if (ret == 0) { 1386 /* 1387 * Check to see if the returned vnode is the same as 1388 * the one we expect. If not, give up. 1389 */ 1390 if (!vn_compare(vp, compvp) && 1391 !vnode_match(vp, compvp, cr)) { 1392 VN_RELE(compvp); 1393 goto notcached; 1394 } 1395 1396 VN_RELE(compvp); 1397 1398 /* 1399 * Return the result. 1400 */ 1401 if (buflen <= rpn.pn_pathlen) 1402 goto notcached; 1403 1404 bcopy(rpn.pn_path, buf, rpn.pn_pathlen + 1); 1405 pn_free(&pn); 1406 pn_free(&rpn); 1407 VN_RELE(vrootp); 1408 if (doclose) { 1409 (void) VOP_CLOSE(vp, FREAD, 1, 0, cr, NULL); 1410 VN_RELE(vp); 1411 } 1412 return (0); 1413 } 1414 1415 notcached: 1416 pn_free(&rpn); 1417 } else { 1418 mutex_exit(&vp->v_lock); 1419 } 1420 1421 pn_free(&pn); 1422 1423 if (vp->v_type != VDIR) { 1424 /* 1425 * If we don't have a directory, try to find it in the dnlc via 1426 * reverse lookup. Once this is found, we can use the regular 1427 * directory search to find the full path. 1428 */ 1429 if ((pvp = dnlc_reverse_lookup(vp, path, MAXNAMELEN)) != NULL) { 1430 /* 1431 * Check if we have read privilege so, that 1432 * we can lookup the path in the directory 1433 */ 1434 ret = 0; 1435 if ((flags & LOOKUP_CHECKREAD)) { 1436 ret = VOP_ACCESS(pvp, VREAD, 0, cr, NULL); 1437 } 1438 if (ret == 0) { 1439 ret = dirtopath(vrootp, pvp, buf, buflen, 1440 flags, cr); 1441 } 1442 if (ret == 0) { 1443 len = strlen(buf); 1444 if (len + strlen(path) + 1 >= buflen) { 1445 ret = ENAMETOOLONG; 1446 } else { 1447 if (buf[len - 1] != '/') 1448 buf[len++] = '/'; 1449 bcopy(path, buf + len, 1450 strlen(path) + 1); 1451 } 1452 } 1453 1454 VN_RELE(pvp); 1455 } else 1456 ret = ENOENT; 1457 } else 1458 ret = dirtopath(vrootp, vp, buf, buflen, flags, cr); 1459 1460 VN_RELE(vrootp); 1461 if (doclose) { 1462 (void) VOP_CLOSE(vp, FREAD, 1, 0, cr, NULL); 1463 VN_RELE(vp); 1464 } 1465 1466 return (ret); 1467 } 1468 1469 int 1470 vnodetopath(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen, cred_t *cr) 1471 { 1472 return (vnodetopath_common(vrootp, vp, buf, buflen, cr, 0)); 1473 } 1474 1475 int 1476 dogetcwd(char *buf, size_t buflen) 1477 { 1478 int ret; 1479 vnode_t *vp; 1480 vnode_t *compvp; 1481 refstr_t *cwd, *oldcwd; 1482 const char *value; 1483 pathname_t rpnp, pnp; 1484 proc_t *p = curproc; 1485 1486 /* 1487 * Check to see if there is a cached version of the cwd. If so, lookup 1488 * the cached value and make sure it is the same vnode. 1489 */ 1490 mutex_enter(&p->p_lock); 1491 if ((cwd = PTOU(p)->u_cwd) != NULL) 1492 refstr_hold(cwd); 1493 vp = PTOU(p)->u_cdir; 1494 VN_HOLD(vp); 1495 mutex_exit(&p->p_lock); 1496 1497 /* 1498 * Make sure we have permission to access the current directory. 1499 */ 1500 if ((ret = VOP_ACCESS(vp, VEXEC, 0, CRED(), NULL)) != 0) { 1501 if (cwd != NULL) 1502 refstr_rele(cwd); 1503 VN_RELE(vp); 1504 return (ret); 1505 } 1506 1507 if (cwd) { 1508 value = refstr_value(cwd); 1509 if ((ret = pn_get((char *)value, UIO_SYSSPACE, &pnp)) != 0) { 1510 refstr_rele(cwd); 1511 VN_RELE(vp); 1512 return (ret); 1513 } 1514 1515 pn_alloc(&rpnp); 1516 1517 if (lookuppn(&pnp, &rpnp, NO_FOLLOW, NULL, &compvp) == 0) { 1518 1519 if (VN_CMP(vp, compvp) && 1520 strcmp(value, rpnp.pn_path) == 0) { 1521 VN_RELE(compvp); 1522 VN_RELE(vp); 1523 pn_free(&pnp); 1524 pn_free(&rpnp); 1525 if (strlen(value) + 1 > buflen) { 1526 refstr_rele(cwd); 1527 return (ENAMETOOLONG); 1528 } 1529 bcopy(value, buf, strlen(value) + 1); 1530 refstr_rele(cwd); 1531 return (0); 1532 } 1533 1534 VN_RELE(compvp); 1535 } 1536 1537 pn_free(&rpnp); 1538 pn_free(&pnp); 1539 1540 refstr_rele(cwd); 1541 } 1542 1543 ret = vnodetopath_common(NULL, vp, buf, buflen, CRED(), 1544 LOOKUP_CHECKREAD); 1545 1546 VN_RELE(vp); 1547 1548 /* 1549 * Store the new cwd and replace the existing cached copy. 1550 */ 1551 if (ret == 0) 1552 cwd = refstr_alloc(buf); 1553 else 1554 cwd = NULL; 1555 1556 mutex_enter(&p->p_lock); 1557 oldcwd = PTOU(p)->u_cwd; 1558 PTOU(p)->u_cwd = cwd; 1559 mutex_exit(&p->p_lock); 1560 1561 if (oldcwd) 1562 refstr_rele(oldcwd); 1563 1564 return (ret); 1565 } 1566