xref: /titanic_50/usr/src/uts/common/fs/devfs/devfs_vnops.c (revision 45818ee124adeaaf947698996b4f4c722afc6d1f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 /*
26  * vnode ops for the devfs
27  *
28  * For leaf vnode special files (VCHR|VBLK) specfs will always see the VOP
29  * first because dv_find always performs leaf vnode substitution, returning
30  * a specfs vnode with an s_realvp pointing to the devfs leaf vnode. This
31  * means that the only leaf special file VOP operations that devfs will see
32  * after VOP_LOOKUP are the ones that specfs forwards.
33  */
34 
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/t_lock.h>
38 #include <sys/systm.h>
39 #include <sys/sysmacros.h>
40 #include <sys/user.h>
41 #include <sys/time.h>
42 #include <sys/vfs.h>
43 #include <sys/vnode.h>
44 #include <sys/vfs_opreg.h>
45 #include <sys/file.h>
46 #include <sys/fcntl.h>
47 #include <sys/flock.h>
48 #include <sys/kmem.h>
49 #include <sys/uio.h>
50 #include <sys/errno.h>
51 #include <sys/stat.h>
52 #include <sys/cred.h>
53 #include <sys/dirent.h>
54 #include <sys/pathname.h>
55 #include <sys/cmn_err.h>
56 #include <sys/debug.h>
57 #include <sys/policy.h>
58 #include <sys/modctl.h>
59 #include <sys/sunndi.h>
60 #include <fs/fs_subr.h>
61 #include <sys/fs/dv_node.h>
62 
63 extern struct vattr	dv_vattr_dir, dv_vattr_file;
64 extern dev_t rconsdev;
65 
66 /*
67  * Open of devices (leaf nodes) is handled by specfs.
68  * There is nothing to do to open a directory
69  */
70 /*ARGSUSED*/
71 static int
72 devfs_open(struct vnode **vpp, int flag, struct cred *cred,
73     caller_context_t *ct)
74 {
75 	struct dv_node	*dv = VTODV(*vpp);
76 
77 	dcmn_err2(("devfs_open %s\n", dv->dv_name));
78 	ASSERT((*vpp)->v_type == VDIR);
79 	return (0);
80 }
81 
82 /*
83  * Close of devices (leaf nodes) is handled by specfs.
84  * There is nothing much to do inorder to close a directory.
85  */
86 /*ARGSUSED1*/
87 static int
88 devfs_close(struct vnode *vp, int flag, int count,
89     offset_t offset, struct cred *cred, caller_context_t *ct)
90 {
91 	struct dv_node	*dv = VTODV(vp);
92 
93 	dcmn_err2(("devfs_close %s\n", dv->dv_name));
94 	ASSERT(vp->v_type == VDIR);
95 
96 	cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
97 	cleanshares(vp, ttoproc(curthread)->p_pid);
98 	return (0);
99 }
100 
101 /*
102  * Read of devices (leaf nodes) is handled by specfs.
103  * Read of directories is not supported.
104  */
105 /*ARGSUSED*/
106 static int
107 devfs_read(struct vnode *vp, struct uio *uiop, int ioflag, struct cred *cred,
108 	struct caller_context *ct)
109 {
110 	dcmn_err2(("devfs_read %s\n", VTODV(vp)->dv_name));
111 	ASSERT(vp->v_type == VDIR);
112 	ASSERT(RW_READ_HELD(&VTODV(vp)->dv_contents));
113 	return (EISDIR);
114 }
115 
116 /*
117  * Write of devices (leaf nodes) is handled by specfs.
118  * Write of directories is not supported.
119  */
120 /*ARGSUSED*/
121 static int
122 devfs_write(struct vnode *vp, struct uio *uiop, int ioflag, struct cred *cred,
123 	struct caller_context *ct)
124 {
125 	dcmn_err2(("devfs_write %s\n", VTODV(vp)->dv_name));
126 	ASSERT(vp->v_type == VDIR);
127 	ASSERT(RW_WRITE_HELD(&VTODV(vp)->dv_contents));
128 	return (EISDIR);
129 }
130 
131 /*
132  * Ioctls to device (leaf nodes) is handled by specfs.
133  * Ioctl to directories is not supported.
134  */
135 /*ARGSUSED*/
136 static int
137 devfs_ioctl(struct vnode *vp, int cmd, intptr_t arg, int flag,
138     struct cred *cred, int *rvalp, caller_context_t *ct)
139 {
140 	dcmn_err2(("devfs_ioctl %s\n", VTODV(vp)->dv_name));
141 	ASSERT(vp->v_type == VDIR);
142 
143 	return (ENOTTY);	/* no ioctls supported */
144 }
145 
146 /*
147  * We can be asked directly about the attributes of directories, or
148  * (via sp->s_realvp) about the filesystem attributes of special files.
149  *
150  * For directories, we just believe the attribute store
151  * though we mangle the nodeid, fsid, and rdev to convince userland we
152  * really are a different filesystem.
153  *
154  * For special files, a little more fakery is required.
155  *
156  * If the attribute store is not there (read only root), we believe our
157  * memory based attributes.
158  */
159 static int
160 devfs_getattr(struct vnode *vp, struct vattr *vap, int flags, struct cred *cr,
161     caller_context_t *ct)
162 {
163 	struct dv_node	*dv = VTODV(vp);
164 	int		error = 0;
165 	uint_t		mask;
166 
167 	/*
168 	 * Message goes to console only. Otherwise, the message
169 	 * causes devfs_getattr to be invoked again... infinite loop
170 	 */
171 	dcmn_err2(("?devfs_getattr %s\n", dv->dv_name));
172 	ASSERT(dv->dv_attr || dv->dv_attrvp);
173 
174 	if (!(vp->v_type == VDIR || vp->v_type == VCHR || vp->v_type == VBLK)) {
175 		cmn_err(CE_WARN,	/* panic ? */
176 		    "?%s: getattr on vnode type %d", dvnm, vp->v_type);
177 		return (ENOENT);
178 	}
179 
180 	rw_enter(&dv->dv_contents, RW_READER);
181 	if (dv->dv_attr) {
182 		/*
183 		 * obtain from the memory version of attribute.
184 		 * preserve mask for those that optimize.
185 		 * devfs specific fields are already merged on creation.
186 		 */
187 		mask = vap->va_mask;
188 		*vap = *dv->dv_attr;
189 		vap->va_mask = mask;
190 	} else {
191 		/* obtain from attribute store and merge */
192 		error = VOP_GETATTR(dv->dv_attrvp, vap, flags, cr, ct);
193 		dsysdebug(error, ("vop_getattr %s %d\n", dv->dv_name, error));
194 		dv_vattr_merge(dv, vap);
195 	}
196 	rw_exit(&dv->dv_contents);
197 
198 	/*
199 	 * Restrict the permissions of the node fronting the console
200 	 * to 0600 with root as the owner.  This prevents a non-root
201 	 * user from gaining access to a serial terminal (like /dev/term/a)
202 	 * which is in reality serving as the console device (/dev/console).
203 	 */
204 	if (vp->v_rdev == rconsdev) {
205 		mode_t	rconsmask = S_IXUSR|S_IRWXG|S_IRWXO;
206 		vap->va_mode &= (~rconsmask);
207 		vap->va_uid = 0;
208 	}
209 
210 	return (error);
211 }
212 
213 static int devfs_unlocked_access(void *, int, struct cred *);
214 
215 /*ARGSUSED4*/
216 static int
217 devfs_setattr_dir(
218 	struct dv_node *dv,
219 	struct vnode *vp,
220 	struct vattr *vap,
221 	int flags,
222 	struct cred *cr)
223 {
224 	struct vattr	*map;
225 	uint_t		mask;
226 	int		error = 0;
227 	struct vattr	vattr;
228 
229 	ASSERT(dv->dv_attr || dv->dv_attrvp);
230 
231 	ASSERT(vp->v_type == VDIR);
232 	ASSERT((dv->dv_flags & DV_NO_FSPERM) == 0);
233 
234 	if (vap->va_mask & AT_NOSET)
235 		return (EINVAL);
236 
237 	/* to ensure consistency, single thread setting of attributes */
238 	rw_enter(&dv->dv_contents, RW_WRITER);
239 
240 again:	if (dv->dv_attr) {
241 
242 		error = secpolicy_vnode_setattr(cr, vp, vap,
243 		    dv->dv_attr, flags, devfs_unlocked_access, dv);
244 
245 		if (error)
246 			goto out;
247 
248 		/*
249 		 * Apply changes to the memory based attribute. This code
250 		 * is modeled after the tmpfs implementation of memory
251 		 * based vnodes
252 		 */
253 		map = dv->dv_attr;
254 		mask = vap->va_mask;
255 
256 		/* Change file access modes. */
257 		if (mask & AT_MODE) {
258 			map->va_mode &= S_IFMT;
259 			map->va_mode |= vap->va_mode & ~S_IFMT;
260 		}
261 		if (mask & AT_UID)
262 			map->va_uid = vap->va_uid;
263 		if (mask & AT_GID)
264 			map->va_gid = vap->va_gid;
265 		if (mask & AT_ATIME)
266 			map->va_atime = vap->va_atime;
267 		if (mask & AT_MTIME)
268 			map->va_mtime = vap->va_mtime;
269 
270 		if (mask & (AT_MODE | AT_UID | AT_GID | AT_MTIME))
271 			gethrestime(&map->va_ctime);
272 	} else {
273 		/* use the backing attribute store */
274 		ASSERT(dv->dv_attrvp);
275 
276 		/*
277 		 * See if we are changing something we care about
278 		 * the persistence of - return success if we don't care.
279 		 */
280 		if (vap->va_mask & (AT_MODE|AT_UID|AT_GID|AT_ATIME|AT_MTIME)) {
281 			/* Set the attributes */
282 			error = VOP_SETATTR(dv->dv_attrvp,
283 			    vap, flags, cr, NULL);
284 			dsysdebug(error,
285 			    ("vop_setattr %s %d\n", dv->dv_name, error));
286 
287 			/*
288 			 * Some file systems may return EROFS for a setattr
289 			 * on a readonly file system.  In this case we create
290 			 * our own memory based attribute.
291 			 */
292 			if (error == EROFS) {
293 				/*
294 				 * obtain attributes from existing file
295 				 * that we will modify and switch to memory
296 				 * based attribute until attribute store is
297 				 * read/write.
298 				 */
299 				vattr = dv_vattr_dir;
300 				if (VOP_GETATTR(dv->dv_attrvp,
301 				    &vattr, flags, cr, NULL) == 0) {
302 					dv->dv_attr = kmem_alloc(
303 					    sizeof (struct vattr), KM_SLEEP);
304 					*dv->dv_attr = vattr;
305 					dv_vattr_merge(dv, dv->dv_attr);
306 					goto again;
307 				}
308 			}
309 		}
310 	}
311 out:
312 	rw_exit(&dv->dv_contents);
313 	return (error);
314 }
315 
316 
317 /*
318  * Compare the uid/gid/mode changes requested for a setattr
319  * operation with the same details of a node's default minor
320  * perm information.  Return 0 if identical.
321  */
322 static int
323 dv_setattr_cmp(struct vattr *map, mperm_t *mp)
324 {
325 	if ((map->va_mode & S_IAMB) != (mp->mp_mode & S_IAMB))
326 		return (1);
327 	if (map->va_uid != mp->mp_uid)
328 		return (1);
329 	if (map->va_gid != mp->mp_gid)
330 		return (1);
331 	return (0);
332 }
333 
334 
335 /*ARGSUSED4*/
336 static int
337 devfs_setattr(
338 	struct vnode *vp,
339 	struct vattr *vap,
340 	int flags,
341 	struct cred *cr,
342 	caller_context_t *ct)
343 {
344 	struct dv_node	*dv = VTODV(vp);
345 	struct dv_node	*ddv;
346 	struct vnode	*dvp;
347 	struct vattr	*map;
348 	uint_t		mask;
349 	int		error = 0;
350 	struct vattr	*free_vattr = NULL;
351 	struct vattr	*vattrp = NULL;
352 	mperm_t		mp;
353 	int		persist;
354 
355 	/*
356 	 * Message goes to console only. Otherwise, the message
357 	 * causes devfs_getattr to be invoked again... infinite loop
358 	 */
359 	dcmn_err2(("?devfs_setattr %s\n", dv->dv_name));
360 	ASSERT(dv->dv_attr || dv->dv_attrvp);
361 
362 	if (!(vp->v_type == VDIR || vp->v_type == VCHR || vp->v_type == VBLK)) {
363 		cmn_err(CE_WARN,	/* panic ? */
364 		    "?%s: getattr on vnode type %d", dvnm, vp->v_type);
365 		return (ENOENT);
366 	}
367 
368 	if (vap->va_mask & AT_NOSET)
369 		return (EINVAL);
370 
371 	/*
372 	 * If we are changing something we don't care about
373 	 * the persistence of, return success.
374 	 */
375 	if ((vap->va_mask &
376 	    (AT_MODE|AT_UID|AT_GID|AT_ATIME|AT_MTIME)) == 0)
377 		return (0);
378 
379 	/*
380 	 * If driver overrides fs perm, disallow chmod
381 	 * and do not create attribute nodes.
382 	 */
383 	if (dv->dv_flags & DV_NO_FSPERM) {
384 		ASSERT(dv->dv_attr);
385 		if (vap->va_mask & (AT_MODE | AT_UID | AT_GID))
386 			return (EPERM);
387 		if ((vap->va_mask & (AT_ATIME|AT_MTIME)) == 0)
388 			return (0);
389 		rw_enter(&dv->dv_contents, RW_WRITER);
390 		if (vap->va_mask & AT_ATIME)
391 			dv->dv_attr->va_atime = vap->va_atime;
392 		if (vap->va_mask & AT_MTIME)
393 			dv->dv_attr->va_mtime = vap->va_mtime;
394 		rw_exit(&dv->dv_contents);
395 		return (0);
396 	}
397 
398 	/*
399 	 * Directories are always created but device nodes are
400 	 * only used to persist non-default permissions.
401 	 */
402 	if (vp->v_type == VDIR) {
403 		ASSERT(dv->dv_attr || dv->dv_attrvp);
404 		return (devfs_setattr_dir(dv, vp, vap, flags, cr));
405 	}
406 
407 	/*
408 	 * Allocate now before we take any locks
409 	 */
410 	vattrp = kmem_zalloc(sizeof (*vattrp), KM_SLEEP);
411 
412 	/* to ensure consistency, single thread setting of attributes */
413 	rw_enter(&dv->dv_contents, RW_WRITER);
414 
415 	/*
416 	 * We don't need to create an attribute node
417 	 * to persist access or modification times.
418 	 */
419 	persist = (vap->va_mask & (AT_MODE | AT_UID | AT_GID));
420 
421 	/*
422 	 * If persisting something, get the default permissions
423 	 * for this minor to compare against what the attributes
424 	 * are now being set to.  Default ordering is:
425 	 *	- minor_perm match for this minor
426 	 *	- mode supplied by ddi_create_priv_minor_node
427 	 *	- devfs defaults
428 	 */
429 	if (persist) {
430 		if (dev_minorperm(dv->dv_devi, dv->dv_name, &mp) != 0) {
431 			mp.mp_uid = dv_vattr_file.va_uid;
432 			mp.mp_gid = dv_vattr_file.va_gid;
433 			mp.mp_mode = dv_vattr_file.va_mode;
434 			if (dv->dv_flags & DV_DFLT_MODE) {
435 				ASSERT((dv->dv_dflt_mode & ~S_IAMB) == 0);
436 				mp.mp_mode &= ~S_IAMB;
437 				mp.mp_mode |= dv->dv_dflt_mode;
438 				dcmn_err5(("%s: setattr priv default 0%o\n",
439 				    dv->dv_name, mp.mp_mode));
440 			} else {
441 				dcmn_err5(("%s: setattr devfs default 0%o\n",
442 				    dv->dv_name, mp.mp_mode));
443 			}
444 		} else {
445 			dcmn_err5(("%s: setattr minor perm default 0%o\n",
446 			    dv->dv_name, mp.mp_mode));
447 		}
448 	}
449 
450 	/*
451 	 * If we don't have a vattr for this node, construct one.
452 	 */
453 	if (dv->dv_attr) {
454 		free_vattr = vattrp;
455 		vattrp = NULL;
456 	} else {
457 		ASSERT(dv->dv_attrvp);
458 		ASSERT(vp->v_type != VDIR);
459 		*vattrp = dv_vattr_file;
460 		error = VOP_GETATTR(dv->dv_attrvp, vattrp, 0, cr, ct);
461 		dsysdebug(error, ("vop_getattr %s %d\n", dv->dv_name, error));
462 		if (error)
463 			goto out;
464 		dv->dv_attr = vattrp;
465 		dv_vattr_merge(dv, dv->dv_attr);
466 		vattrp = NULL;
467 	}
468 
469 	error = secpolicy_vnode_setattr(cr, vp, vap, dv->dv_attr,
470 	    flags, devfs_unlocked_access, dv);
471 	if (error) {
472 		dsysdebug(error, ("devfs_setattr %s secpolicy error %d\n",
473 		    dv->dv_name, error));
474 		goto out;
475 	}
476 
477 	/*
478 	 * Apply changes to the memory based attribute. This code
479 	 * is modeled after the tmpfs implementation of memory
480 	 * based vnodes
481 	 */
482 	map = dv->dv_attr;
483 	mask = vap->va_mask;
484 
485 	/* Change file access modes. */
486 	if (mask & AT_MODE) {
487 		map->va_mode &= S_IFMT;
488 		map->va_mode |= vap->va_mode & ~S_IFMT;
489 	}
490 	if (mask & AT_UID)
491 		map->va_uid = vap->va_uid;
492 	if (mask & AT_GID)
493 		map->va_gid = vap->va_gid;
494 	if (mask & AT_ATIME)
495 		map->va_atime = vap->va_atime;
496 	if (mask & AT_MTIME)
497 		map->va_mtime = vap->va_mtime;
498 
499 	if (mask & (AT_MODE | AT_UID | AT_GID | AT_MTIME)) {
500 		gethrestime(&map->va_ctime);
501 	}
502 
503 	/*
504 	 * A setattr to defaults means we no longer need the
505 	 * shadow node as a persistent store, unless there
506 	 * are ACLs.  Otherwise create a shadow node if one
507 	 * doesn't exist yet.
508 	 */
509 	if (persist) {
510 		if ((dv_setattr_cmp(map, &mp) == 0) &&
511 		    ((dv->dv_flags & DV_ACL) == 0)) {
512 
513 			if (dv->dv_attrvp) {
514 				ddv = dv->dv_dotdot;
515 				ASSERT(ddv->dv_attrvp);
516 				error = VOP_REMOVE(ddv->dv_attrvp,
517 				    dv->dv_name, cr, ct, 0);
518 				dsysdebug(error,
519 				    ("vop_remove %s %s %d\n",
520 				    ddv->dv_name, dv->dv_name, error));
521 
522 				if (error == EROFS)
523 					error = 0;
524 				VN_RELE(dv->dv_attrvp);
525 				dv->dv_attrvp = NULL;
526 			}
527 			ASSERT(dv->dv_attr);
528 		} else {
529 			if (mask & AT_MODE)
530 				dcmn_err5(("%s persisting mode 0%o\n",
531 				    dv->dv_name, vap->va_mode));
532 			if (mask & AT_UID)
533 				dcmn_err5(("%s persisting uid %d\n",
534 				    dv->dv_name, vap->va_uid));
535 			if (mask & AT_GID)
536 				dcmn_err5(("%s persisting gid %d\n",
537 				    dv->dv_name, vap->va_gid));
538 
539 			if (dv->dv_attrvp == NULL) {
540 				dvp = DVTOV(dv->dv_dotdot);
541 				dv_shadow_node(dvp, dv->dv_name, vp,
542 				    NULL, NULLVP, cr,
543 				    DV_SHADOW_CREATE | DV_SHADOW_WRITE_HELD);
544 			}
545 			if (dv->dv_attrvp) {
546 				/* If map still valid do TIME for free. */
547 				if (dv->dv_attr == map) {
548 					mask = map->va_mask;
549 					map->va_mask =
550 					    vap->va_mask | AT_ATIME | AT_MTIME;
551 					error = VOP_SETATTR(dv->dv_attrvp, map,
552 					    flags, cr, NULL);
553 					map->va_mask = mask;
554 				} else {
555 					error = VOP_SETATTR(dv->dv_attrvp,
556 					    vap, flags, cr, NULL);
557 				}
558 				dsysdebug(error, ("vop_setattr %s %d\n",
559 				    dv->dv_name, error));
560 			}
561 			/*
562 			 * Some file systems may return EROFS for a setattr
563 			 * on a readonly file system.  In this case save
564 			 * as our own memory based attribute.
565 			 * NOTE: ufs is NOT one of these (see ufs_iupdat).
566 			 */
567 			if (dv->dv_attr && dv->dv_attrvp && error == 0) {
568 				vattrp = dv->dv_attr;
569 				dv->dv_attr = NULL;
570 			} else if (error == EROFS)
571 				error = 0;
572 		}
573 	}
574 
575 out:
576 	rw_exit(&dv->dv_contents);
577 
578 	if (vattrp)
579 		kmem_free(vattrp, sizeof (*vattrp));
580 	if (free_vattr)
581 		kmem_free(free_vattr, sizeof (*free_vattr));
582 	return (error);
583 }
584 
585 static int
586 devfs_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
587     caller_context_t *ct)
588 {
589 	switch (cmd) {
590 	case _PC_ACL_ENABLED:
591 		/*
592 		 * We rely on the underlying filesystem for ACLs,
593 		 * so direct the query for ACL support there.
594 		 * ACL support isn't relative to the file
595 		 * and we can't guarantee that the dv node
596 		 * has an attribute node, so any valid
597 		 * attribute node will suffice.
598 		 */
599 		ASSERT(dvroot);
600 		ASSERT(dvroot->dv_attrvp);
601 		return (VOP_PATHCONF(dvroot->dv_attrvp, cmd, valp, cr, ct));
602 		/*NOTREACHED*/
603 	}
604 
605 	return (fs_pathconf(vp, cmd, valp, cr, ct));
606 }
607 
608 /*
609  * Let avp handle security attributes (acl's).
610  */
611 static int
612 devfs_getsecattr(struct vnode *vp, struct vsecattr *vsap, int flags,
613     struct cred *cr, caller_context_t *ct)
614 {
615 	dvnode_t *dv = VTODV(vp);
616 	struct vnode *avp;
617 	int	error;
618 
619 	dcmn_err2(("devfs_getsecattr %s\n", dv->dv_name));
620 	ASSERT(vp->v_type == VDIR || vp->v_type == VCHR || vp->v_type == VBLK);
621 
622 	rw_enter(&dv->dv_contents, RW_READER);
623 
624 	avp = dv->dv_attrvp;
625 
626 	/* fabricate the acl */
627 	if (avp == NULL) {
628 		error = fs_fab_acl(vp, vsap, flags, cr, ct);
629 		rw_exit(&dv->dv_contents);
630 		return (error);
631 	}
632 
633 	error = VOP_GETSECATTR(avp, vsap, flags, cr, ct);
634 	dsysdebug(error, ("vop_getsecattr %s %d\n", VTODV(vp)->dv_name, error));
635 	rw_exit(&dv->dv_contents);
636 	return (error);
637 }
638 
639 /*
640  * Set security attributes (acl's)
641  *
642  * Note that the dv_contents lock has already been acquired
643  * by the caller's VOP_RWLOCK.
644  */
645 static int
646 devfs_setsecattr(struct vnode *vp, struct vsecattr *vsap, int flags,
647     struct cred *cr, caller_context_t *ct)
648 {
649 	dvnode_t *dv = VTODV(vp);
650 	struct vnode *avp;
651 	int	error;
652 
653 	dcmn_err2(("devfs_setsecattr %s\n", dv->dv_name));
654 	ASSERT(vp->v_type == VDIR || vp->v_type == VCHR || vp->v_type == VBLK);
655 	ASSERT(RW_LOCK_HELD(&dv->dv_contents));
656 
657 	/*
658 	 * Not a supported operation on drivers not providing
659 	 * file system based permissions.
660 	 */
661 	if (dv->dv_flags & DV_NO_FSPERM)
662 		return (ENOTSUP);
663 
664 	/*
665 	 * To complete, the setsecattr requires an underlying attribute node.
666 	 */
667 	if (dv->dv_attrvp == NULL) {
668 		ASSERT(vp->v_type == VCHR || vp->v_type == VBLK);
669 		dv_shadow_node(DVTOV(dv->dv_dotdot), dv->dv_name, vp,
670 		    NULL, NULLVP, cr, DV_SHADOW_CREATE | DV_SHADOW_WRITE_HELD);
671 	}
672 
673 	if ((avp = dv->dv_attrvp) == NULL) {
674 		dcmn_err2(("devfs_setsecattr %s: "
675 		    "cannot construct attribute node\n", dv->dv_name));
676 		return (fs_nosys());
677 	}
678 
679 	/*
680 	 * The acl(2) system call issues a VOP_RWLOCK before setting an ACL.
681 	 * Since backing file systems expect the lock to be held before seeing
682 	 * a VOP_SETSECATTR ACL, we need to issue the VOP_RWLOCK to the backing
683 	 * store before forwarding the ACL.
684 	 */
685 	(void) VOP_RWLOCK(avp, V_WRITELOCK_TRUE, NULL);
686 	error = VOP_SETSECATTR(avp, vsap, flags, cr, ct);
687 	dsysdebug(error, ("vop_setsecattr %s %d\n", VTODV(vp)->dv_name, error));
688 	VOP_RWUNLOCK(avp, V_WRITELOCK_TRUE, NULL);
689 
690 	/*
691 	 * Set DV_ACL if we have a non-trivial set of ACLs.  It is not
692 	 * necessary to hold VOP_RWLOCK since fs_acl_nontrivial only does
693 	 * VOP_GETSECATTR calls.
694 	 */
695 	if (fs_acl_nontrivial(avp, cr))
696 		dv->dv_flags |= DV_ACL;
697 	return (error);
698 }
699 
700 /*
701  * This function is used for secpolicy_setattr().  It must call an
702  * access() like function while it is already holding the
703  * dv_contents lock.  We only care about this when dv_attr != NULL;
704  * so the unlocked access call only concerns itself with that
705  * particular branch of devfs_access().
706  */
707 static int
708 devfs_unlocked_access(void *vdv, int mode, struct cred *cr)
709 {
710 	struct dv_node *dv = vdv;
711 	int shift = 0;
712 	uid_t owner = dv->dv_attr->va_uid;
713 
714 	/* Check access based on owner, group and public permissions. */
715 	if (crgetuid(cr) != owner) {
716 		shift += 3;
717 		if (groupmember(dv->dv_attr->va_gid, cr) == 0)
718 			shift += 3;
719 	}
720 
721 	return (secpolicy_vnode_access2(cr, DVTOV(dv), owner,
722 	    dv->dv_attr->va_mode << shift, mode));
723 }
724 
725 static int
726 devfs_access(struct vnode *vp, int mode, int flags, struct cred *cr,
727     caller_context_t *ct)
728 {
729 	struct dv_node	*dv = VTODV(vp);
730 	int		res;
731 
732 	dcmn_err2(("devfs_access %s\n", dv->dv_name));
733 	ASSERT(dv->dv_attr || dv->dv_attrvp);
734 
735 	/* restrict console access to privileged processes */
736 	if ((vp->v_rdev == rconsdev) && secpolicy_console(cr) != 0) {
737 		return (EACCES);
738 	}
739 
740 	rw_enter(&dv->dv_contents, RW_READER);
741 	if (dv->dv_attr && ((dv->dv_flags & DV_ACL) == 0)) {
742 		res = devfs_unlocked_access(dv, mode, cr);
743 	} else {
744 		res = VOP_ACCESS(dv->dv_attrvp, mode, flags, cr, ct);
745 	}
746 	rw_exit(&dv->dv_contents);
747 	return (res);
748 }
749 
750 /*
751  * Lookup
752  *
753  * Given the directory vnode and the name of the component, return
754  * the corresponding held vnode for that component.
755  *
756  * Of course in these fictional filesystems, nothing's ever quite
757  * -that- simple.
758  *
759  * devfs name	type		shadow (fs attributes)	type	comments
760  * -------------------------------------------------------------------------
761  * drv[@addr]	VDIR		drv[@addr]		VDIR	nexus driver
762  * drv[@addr]:m	VCHR/VBLK	drv[@addr]:m		VREG	leaf driver
763  * drv[@addr]	VCHR/VBLK	drv[@addr]:.default	VREG	leaf driver
764  * -------------------------------------------------------------------------
765  *
766  * The following names are reserved for the attribute filesystem (which
767  * could easily be another layer on top of this one - we simply need to
768  * hold the vnode of the thing we're looking at)
769  *
770  * attr name	type		shadow (fs attributes)	type	comments
771  * -------------------------------------------------------------------------
772  * drv[@addr]	VDIR		-			-	attribute dir
773  * minorname	VDIR		-			-	minorname
774  * attribute	VREG		-			-	attribute
775  * -------------------------------------------------------------------------
776  *
777  * Examples:
778  *
779  *	devfs:/devices/.../mm@0:zero		VCHR
780  *	shadow:/.devices/.../mm@0:zero		VREG, fs attrs
781  *	devfs:/devices/.../mm@0:/zero/attr	VREG, driver attribute
782  *
783  *	devfs:/devices/.../sd@0,0:a		VBLK
784  *	shadow:/.devices/.../sd@0,0:a		VREG, fs attrs
785  *	devfs:/devices/.../sd@0,0:/a/.type	VREG, "ddi_block:chan"
786  *
787  *	devfs:/devices/.../mm@0			VCHR
788  *	shadow:/.devices/.../mm@0:.default	VREG, fs attrs
789  *	devfs:/devices/.../mm@0:/.default/attr	VREG, driver attribute
790  *	devfs:/devices/.../mm@0:/.default/.type	VREG, "ddi_pseudo"
791  *
792  *	devfs:/devices/.../obio			VDIR
793  *	shadow:/devices/.../obio		VDIR, needed for fs attrs.
794  *	devfs:/devices/.../obio:/.default/attr	VDIR, driver attribute
795  *
796  * We also need to be able deal with "old" devices that have gone away,
797  * though I think that provided we return them with readdir, they can
798  * be removed (i.e. they don't have to respond to lookup, though it might
799  * be weird if they didn't ;-)
800  *
801  * Lookup has side-effects.
802  *
803  * - It will create directories and fs attribute files in the shadow hierarchy.
804  * - It should cause non-SID devices to be probed (ask the parent nexi).
805  */
806 /*ARGSUSED3*/
807 static int
808 devfs_lookup(struct vnode *dvp, char *nm, struct vnode **vpp,
809     struct pathname *pnp, int flags, struct vnode *rdir, struct cred *cred,
810     caller_context_t *ct, int *direntflags, pathname_t *realpnp)
811 {
812 	ASSERT(dvp->v_type == VDIR);
813 	dcmn_err2(("devfs_lookup: %s\n", nm));
814 	return (dv_find(VTODV(dvp), nm, vpp, pnp, rdir, cred, 0));
815 }
816 
817 /*
818  * devfs nodes can't really be created directly by userland - however,
819  * we do allow creates to find existing nodes:
820  *
821  * - any create fails if the node doesn't exist - EROFS.
822  * - creating an existing directory read-only succeeds, otherwise EISDIR.
823  * - exclusive creates fail if the node already exists - EEXIST.
824  * - failure to create the snode for an existing device - ENOSYS.
825  */
826 /*ARGSUSED2*/
827 static int
828 devfs_create(struct vnode *dvp, char *nm, struct vattr *vap, vcexcl_t excl,
829     int mode, struct vnode **vpp, struct cred *cred, int flag,
830     caller_context_t *ct, vsecattr_t *vsecp)
831 {
832 	int error;
833 	struct vnode *vp;
834 
835 	dcmn_err2(("devfs_create %s\n", nm));
836 	error = dv_find(VTODV(dvp), nm, &vp, NULL, NULLVP, cred, 0);
837 	if (error == 0) {
838 		if (excl == EXCL)
839 			error = EEXIST;
840 		else if (vp->v_type == VDIR && (mode & VWRITE))
841 			error = EISDIR;
842 		else
843 			error = VOP_ACCESS(vp, mode, 0, cred, ct);
844 
845 		if (error) {
846 			VN_RELE(vp);
847 		} else
848 			*vpp = vp;
849 	} else if (error == ENOENT)
850 		error = EROFS;
851 
852 	return (error);
853 }
854 
855 /*
856  * If DV_BUILD is set, we call into nexus driver to do a BUS_CONFIG_ALL.
857  * Otherwise, simply return cached dv_node's. Hotplug code always call
858  * devfs_clean() to invalid the dv_node cache.
859  */
860 /*ARGSUSED5*/
861 static int
862 devfs_readdir(struct vnode *dvp, struct uio *uiop, struct cred *cred, int *eofp,
863     caller_context_t *ct, int flags)
864 {
865 	struct dv_node *ddv, *dv;
866 	struct dirent64 *de, *bufp;
867 	offset_t diroff;
868 	offset_t	soff;
869 	size_t reclen, movesz;
870 	int error;
871 	struct vattr va;
872 	size_t bufsz;
873 
874 	ddv = VTODV(dvp);
875 	dcmn_err2(("devfs_readdir %s: offset %lld len %ld\n",
876 	    ddv->dv_name, uiop->uio_loffset, uiop->uio_iov->iov_len));
877 	ASSERT(ddv->dv_attr || ddv->dv_attrvp);
878 	ASSERT(RW_READ_HELD(&ddv->dv_contents));
879 
880 	if (uiop->uio_loffset >= MAXOFF_T) {
881 		if (eofp)
882 			*eofp = 1;
883 		return (0);
884 	}
885 
886 	if (uiop->uio_iovcnt != 1)
887 		return (EINVAL);
888 
889 	if (dvp->v_type != VDIR)
890 		return (ENOTDIR);
891 
892 	/* Load the initial contents */
893 	if (ddv->dv_flags & DV_BUILD) {
894 		if (!rw_tryupgrade(&ddv->dv_contents)) {
895 			rw_exit(&ddv->dv_contents);
896 			rw_enter(&ddv->dv_contents, RW_WRITER);
897 		}
898 
899 		/* recheck and fill */
900 		if (ddv->dv_flags & DV_BUILD)
901 			dv_filldir(ddv);
902 
903 		rw_downgrade(&ddv->dv_contents);
904 	}
905 
906 	soff = uiop->uio_loffset;
907 	bufsz = uiop->uio_iov->iov_len;
908 	de = bufp = kmem_alloc(bufsz, KM_SLEEP);
909 	movesz = 0;
910 	dv = (struct dv_node *)-1;
911 
912 	/*
913 	 * Move as many entries into the uio structure as it will take.
914 	 * Special case "." and "..".
915 	 */
916 	diroff = 0;
917 	if (soff == 0) {				/* . */
918 		reclen = DIRENT64_RECLEN(strlen("."));
919 		if ((movesz + reclen) > bufsz)
920 			goto full;
921 		de->d_ino = (ino64_t)ddv->dv_ino;
922 		de->d_off = (off64_t)diroff + 1;
923 		de->d_reclen = (ushort_t)reclen;
924 
925 		/* use strncpy(9f) to zero out uninitialized bytes */
926 
927 		(void) strncpy(de->d_name, ".", DIRENT64_NAMELEN(reclen));
928 		movesz += reclen;
929 		de = (dirent64_t *)(intptr_t)((char *)de + reclen);
930 		dcmn_err3(("devfs_readdir: A: diroff %lld, soff %lld: '%s' "
931 		    "reclen %lu\n", diroff, soff, ".", reclen));
932 	}
933 
934 	diroff++;
935 	if (soff <= 1) {				/* .. */
936 		reclen = DIRENT64_RECLEN(strlen(".."));
937 		if ((movesz + reclen) > bufsz)
938 			goto full;
939 		de->d_ino = (ino64_t)ddv->dv_dotdot->dv_ino;
940 		de->d_off = (off64_t)diroff + 1;
941 		de->d_reclen = (ushort_t)reclen;
942 
943 		/* use strncpy(9f) to zero out uninitialized bytes */
944 
945 		(void) strncpy(de->d_name, "..", DIRENT64_NAMELEN(reclen));
946 		movesz += reclen;
947 		de = (dirent64_t *)(intptr_t)((char *)de + reclen);
948 		dcmn_err3(("devfs_readdir: B: diroff %lld, soff %lld: '%s' "
949 		    "reclen %lu\n", diroff, soff, "..", reclen));
950 	}
951 
952 	diroff++;
953 	for (dv = DV_FIRST_ENTRY(ddv); dv;
954 	    dv = DV_NEXT_ENTRY(ddv, dv), diroff++) {
955 		/* skip entries until at correct directory offset */
956 		if (diroff < soff)
957 			continue;
958 
959 		/*
960 		 * hidden nodes are skipped (but they still occupy a
961 		 * directory offset).
962 		 */
963 		if (dv->dv_devi && ndi_dev_is_hidden_node(dv->dv_devi))
964 			continue;
965 
966 		/*
967 		 * DDM_INTERNAL_PATH minor nodes are skipped for readdirs
968 		 * outside the kernel (but they still occupy a directory
969 		 * offset).
970 		 */
971 		if ((dv->dv_flags & DV_INTERNAL) && (cred != kcred))
972 			continue;
973 
974 		reclen = DIRENT64_RECLEN(strlen(dv->dv_name));
975 		if ((movesz + reclen) > bufsz) {
976 			dcmn_err3(("devfs_readdir: C: diroff "
977 			    "%lld, soff %lld: '%s' reclen %lu\n",
978 			    diroff, soff, dv->dv_name, reclen));
979 			goto full;
980 		}
981 		de->d_ino = (ino64_t)dv->dv_ino;
982 		de->d_off = (off64_t)diroff + 1;
983 		de->d_reclen = (ushort_t)reclen;
984 
985 		/* use strncpy(9f) to zero out uninitialized bytes */
986 
987 		ASSERT(strlen(dv->dv_name) + 1 <=
988 		    DIRENT64_NAMELEN(reclen));
989 		(void) strncpy(de->d_name, dv->dv_name,
990 		    DIRENT64_NAMELEN(reclen));
991 
992 		movesz += reclen;
993 		de = (dirent64_t *)(intptr_t)((char *)de + reclen);
994 		dcmn_err4(("devfs_readdir: D: diroff "
995 		    "%lld, soff %lld: '%s' reclen %lu\n", diroff, soff,
996 		    dv->dv_name, reclen));
997 	}
998 
999 	/* the buffer is full, or we exhausted everything */
1000 full:	dcmn_err3(("devfs_readdir: moving %lu bytes: "
1001 	    "diroff %lld, soff %lld, dv %p\n",
1002 	    movesz, diroff, soff, (void *)dv));
1003 
1004 	if ((movesz == 0) && dv)
1005 		error = EINVAL;		/* cannot be represented */
1006 	else {
1007 		error = uiomove(bufp, movesz, UIO_READ, uiop);
1008 		if (error == 0) {
1009 			if (eofp)
1010 				*eofp = dv ? 0 : 1;
1011 			uiop->uio_loffset = diroff;
1012 		}
1013 
1014 		va.va_mask = AT_ATIME;
1015 		gethrestime(&va.va_atime);
1016 		rw_exit(&ddv->dv_contents);
1017 		(void) devfs_setattr(dvp, &va, 0, cred, ct);
1018 		rw_enter(&ddv->dv_contents, RW_READER);
1019 	}
1020 
1021 	kmem_free(bufp, bufsz);
1022 	return (error);
1023 }
1024 
1025 /*ARGSUSED*/
1026 static int
1027 devfs_fsync(struct vnode *vp, int syncflag, struct cred *cred,
1028     caller_context_t *ct)
1029 {
1030 	/*
1031 	 * Message goes to console only. Otherwise, the message
1032 	 * causes devfs_fsync to be invoked again... infinite loop
1033 	 */
1034 	dcmn_err2(("devfs_fsync %s\n", VTODV(vp)->dv_name));
1035 	return (0);
1036 }
1037 
1038 /*
1039  * Normally, we leave the dv_node here at count of 0.
1040  * The node will be destroyed when dv_cleandir() is called.
1041  *
1042  * Stale dv_node's are already unlinked from the fs tree,
1043  * so dv_cleandir() won't find them. We destroy such nodes
1044  * immediately.
1045  */
1046 /*ARGSUSED1*/
1047 static void
1048 devfs_inactive(struct vnode *vp, struct cred *cred, caller_context_t *ct)
1049 {
1050 	int destroy;
1051 	struct dv_node *dv = VTODV(vp);
1052 
1053 	dcmn_err2(("devfs_inactive: %s\n", dv->dv_name));
1054 	mutex_enter(&vp->v_lock);
1055 	ASSERT(vp->v_count >= 1);
1056 	--vp->v_count;
1057 	destroy = (DV_STALE(dv) && vp->v_count == 0);
1058 	mutex_exit(&vp->v_lock);
1059 
1060 	/* stale nodes cannot be rediscovered, destroy it here */
1061 	if (destroy)
1062 		dv_destroy(dv, 0);
1063 }
1064 
1065 /*
1066  * XXX Why do we need this?  NFS mounted /dev directories?
1067  * XXX Talk to peter staubach about this.
1068  */
1069 /*ARGSUSED2*/
1070 static int
1071 devfs_fid(struct vnode *vp, struct fid *fidp, caller_context_t *ct)
1072 {
1073 	struct dv_node	*dv = VTODV(vp);
1074 	struct dv_fid	*dv_fid;
1075 
1076 	if (fidp->fid_len < (sizeof (struct dv_fid) - sizeof (ushort_t))) {
1077 		fidp->fid_len = sizeof (struct dv_fid) - sizeof (ushort_t);
1078 		return (ENOSPC);
1079 	}
1080 
1081 	dv_fid = (struct dv_fid *)fidp;
1082 	bzero(dv_fid, sizeof (struct dv_fid));
1083 	dv_fid->dvfid_len = (int)sizeof (struct dv_fid) - sizeof (ushort_t);
1084 	dv_fid->dvfid_ino = dv->dv_ino;
1085 	/* dv_fid->dvfid_gen = dv->tn_gen; XXX ? */
1086 
1087 	return (0);
1088 }
1089 
1090 /*
1091  * This pair of routines bracket all VOP_READ, VOP_WRITE
1092  * and VOP_READDIR requests.  The contents lock stops things
1093  * moving around while we're looking at them.
1094  *
1095  * Also used by file and record locking.
1096  */
1097 /*ARGSUSED2*/
1098 static int
1099 devfs_rwlock(struct vnode *vp, int write_flag, caller_context_t *ct)
1100 {
1101 	dcmn_err2(("devfs_rwlock %s\n", VTODV(vp)->dv_name));
1102 	rw_enter(&VTODV(vp)->dv_contents, write_flag ? RW_WRITER : RW_READER);
1103 	return (write_flag);
1104 }
1105 
1106 /*ARGSUSED1*/
1107 static void
1108 devfs_rwunlock(struct vnode *vp, int write_flag, caller_context_t *ct)
1109 {
1110 	dcmn_err2(("devfs_rwunlock %s\n", VTODV(vp)->dv_name));
1111 	rw_exit(&VTODV(vp)->dv_contents);
1112 }
1113 
1114 /*
1115  * XXX	Should probably do a better job of computing the maximum
1116  *	offset available in the directory.
1117  */
1118 /*ARGSUSED1*/
1119 static int
1120 devfs_seek(struct vnode *vp, offset_t ooff, offset_t *noffp,
1121     caller_context_t *ct)
1122 {
1123 	ASSERT(vp->v_type == VDIR);
1124 	dcmn_err2(("devfs_seek %s\n", VTODV(vp)->dv_name));
1125 	return ((*noffp < 0 || *noffp > MAXOFFSET_T) ? EINVAL : 0);
1126 }
1127 
1128 vnodeops_t *dv_vnodeops;
1129 
1130 const fs_operation_def_t dv_vnodeops_template[] = {
1131 	VOPNAME_OPEN,		{ .vop_open = devfs_open },
1132 	VOPNAME_CLOSE,		{ .vop_close = devfs_close },
1133 	VOPNAME_READ,		{ .vop_read = devfs_read },
1134 	VOPNAME_WRITE,		{ .vop_write = devfs_write },
1135 	VOPNAME_IOCTL,		{ .vop_ioctl = devfs_ioctl },
1136 	VOPNAME_GETATTR,	{ .vop_getattr = devfs_getattr },
1137 	VOPNAME_SETATTR,	{ .vop_setattr = devfs_setattr },
1138 	VOPNAME_ACCESS,		{ .vop_access = devfs_access },
1139 	VOPNAME_LOOKUP,		{ .vop_lookup = devfs_lookup },
1140 	VOPNAME_CREATE,		{ .vop_create = devfs_create },
1141 	VOPNAME_READDIR,	{ .vop_readdir = devfs_readdir },
1142 	VOPNAME_FSYNC,		{ .vop_fsync = devfs_fsync },
1143 	VOPNAME_INACTIVE,	{ .vop_inactive = devfs_inactive },
1144 	VOPNAME_FID,		{ .vop_fid = devfs_fid },
1145 	VOPNAME_RWLOCK,		{ .vop_rwlock = devfs_rwlock },
1146 	VOPNAME_RWUNLOCK,	{ .vop_rwunlock = devfs_rwunlock },
1147 	VOPNAME_SEEK,		{ .vop_seek = devfs_seek },
1148 	VOPNAME_PATHCONF,	{ .vop_pathconf = devfs_pathconf },
1149 	VOPNAME_DISPOSE,	{ .error = fs_error },
1150 	VOPNAME_SETSECATTR,	{ .vop_setsecattr = devfs_setsecattr },
1151 	VOPNAME_GETSECATTR,	{ .vop_getsecattr = devfs_getsecattr },
1152 	NULL,			NULL
1153 };
1154