ufs_vnops.c revision 292540
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: stable/10/sys/ufs/ufs/ufs_vnops.c 292540 2015-12-21 11:44:54Z kib $"); 39 40#include "opt_quota.h" 41#include "opt_suiddir.h" 42#include "opt_ufs.h" 43#include "opt_ffs.h" 44 45#include <sys/param.h> 46#include <sys/systm.h> 47#include <sys/malloc.h> 48#include <sys/namei.h> 49#include <sys/kernel.h> 50#include <sys/fcntl.h> 51#include <sys/filio.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/priv.h> 57#include <sys/refcount.h> 58#include <sys/unistd.h> 59#include <sys/vnode.h> 60#include <sys/dirent.h> 61#include <sys/lockf.h> 62#include <sys/conf.h> 63#include <sys/acl.h> 64 65#include <security/mac/mac_framework.h> 66 67#include <sys/file.h> /* XXX */ 68 69#include <vm/vm.h> 70#include <vm/vm_extern.h> 71 72#include <ufs/ufs/acl.h> 73#include <ufs/ufs/extattr.h> 74#include <ufs/ufs/quota.h> 75#include <ufs/ufs/inode.h> 76#include <ufs/ufs/dir.h> 77#include <ufs/ufs/ufsmount.h> 78#include <ufs/ufs/ufs_extern.h> 79#ifdef UFS_DIRHASH 80#include <ufs/ufs/dirhash.h> 81#endif 82#ifdef UFS_GJOURNAL 83#include <ufs/ufs/gjournal.h> 84FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 85#endif 86 87#ifdef QUOTA 88FEATURE(ufs_quota, "UFS disk quotas support"); 89FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 90#endif 91 92#ifdef SUIDDIR 93FEATURE(suiddir, 94 "Give all new files in directory the same ownership as the directory"); 95#endif 96 97 98#include <ufs/ffs/ffs_extern.h> 99 100static vop_accessx_t ufs_accessx; 101static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 102static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 103static vop_close_t ufs_close; 104static vop_create_t ufs_create; 105static vop_getattr_t ufs_getattr; 106static vop_ioctl_t ufs_ioctl; 107static vop_link_t ufs_link; 108static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *); 109static vop_markatime_t ufs_markatime; 110static vop_mkdir_t ufs_mkdir; 111static vop_mknod_t ufs_mknod; 112static vop_open_t ufs_open; 113static vop_pathconf_t ufs_pathconf; 114static vop_print_t ufs_print; 115static vop_readlink_t ufs_readlink; 116static vop_remove_t ufs_remove; 117static vop_rename_t ufs_rename; 118static vop_rmdir_t ufs_rmdir; 119static vop_setattr_t ufs_setattr; 120static vop_strategy_t ufs_strategy; 121static vop_symlink_t ufs_symlink; 122static vop_whiteout_t ufs_whiteout; 123static vop_close_t ufsfifo_close; 124static vop_kqfilter_t ufsfifo_kqfilter; 125static vop_pathconf_t ufsfifo_pathconf; 126 127SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD, 0, "UFS filesystem"); 128 129/* 130 * A virgin directory (no blushing please). 131 */ 132static struct dirtemplate mastertemplate = { 133 0, 12, DT_DIR, 1, ".", 134 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 135}; 136static struct odirtemplate omastertemplate = { 137 0, 12, 1, ".", 138 0, DIRBLKSIZ - 12, 2, ".." 139}; 140 141static void 142ufs_itimes_locked(struct vnode *vp) 143{ 144 struct inode *ip; 145 struct timespec ts; 146 147 ASSERT_VI_LOCKED(vp, __func__); 148 149 ip = VTOI(vp); 150 if (UFS_RDONLY(ip)) 151 goto out; 152 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 153 return; 154 155 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 156 ip->i_flag |= IN_LAZYMOD; 157 else if (((vp->v_mount->mnt_kern_flag & 158 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 159 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 160 ip->i_flag |= IN_MODIFIED; 161 else if (ip->i_flag & IN_ACCESS) 162 ip->i_flag |= IN_LAZYACCESS; 163 vfs_timestamp(&ts); 164 if (ip->i_flag & IN_ACCESS) { 165 DIP_SET(ip, i_atime, ts.tv_sec); 166 DIP_SET(ip, i_atimensec, ts.tv_nsec); 167 } 168 if (ip->i_flag & IN_UPDATE) { 169 DIP_SET(ip, i_mtime, ts.tv_sec); 170 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 171 } 172 if (ip->i_flag & IN_CHANGE) { 173 DIP_SET(ip, i_ctime, ts.tv_sec); 174 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 175 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 176 } 177 178 out: 179 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 180} 181 182void 183ufs_itimes(struct vnode *vp) 184{ 185 186 VI_LOCK(vp); 187 ufs_itimes_locked(vp); 188 VI_UNLOCK(vp); 189} 190 191/* 192 * Create a regular file 193 */ 194static int 195ufs_create(ap) 196 struct vop_create_args /* { 197 struct vnode *a_dvp; 198 struct vnode **a_vpp; 199 struct componentname *a_cnp; 200 struct vattr *a_vap; 201 } */ *ap; 202{ 203 int error; 204 205 error = 206 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 207 ap->a_dvp, ap->a_vpp, ap->a_cnp); 208 if (error != 0) 209 return (error); 210 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 211 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 212 return (0); 213} 214 215/* 216 * Mknod vnode call 217 */ 218/* ARGSUSED */ 219static int 220ufs_mknod(ap) 221 struct vop_mknod_args /* { 222 struct vnode *a_dvp; 223 struct vnode **a_vpp; 224 struct componentname *a_cnp; 225 struct vattr *a_vap; 226 } */ *ap; 227{ 228 struct vattr *vap = ap->a_vap; 229 struct vnode **vpp = ap->a_vpp; 230 struct inode *ip; 231 ino_t ino; 232 int error; 233 234 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 235 ap->a_dvp, vpp, ap->a_cnp); 236 if (error) 237 return (error); 238 ip = VTOI(*vpp); 239 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 240 if (vap->va_rdev != VNOVAL) { 241 /* 242 * Want to be able to use this to make badblock 243 * inodes, so don't truncate the dev number. 244 */ 245 DIP_SET(ip, i_rdev, vap->va_rdev); 246 } 247 /* 248 * Remove inode, then reload it through VFS_VGET so it is 249 * checked to see if it is an alias of an existing entry in 250 * the inode cache. XXX I don't believe this is necessary now. 251 */ 252 (*vpp)->v_type = VNON; 253 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 254 vgone(*vpp); 255 vput(*vpp); 256 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 257 if (error) { 258 *vpp = NULL; 259 return (error); 260 } 261 return (0); 262} 263 264/* 265 * Open called. 266 */ 267/* ARGSUSED */ 268static int 269ufs_open(struct vop_open_args *ap) 270{ 271 struct vnode *vp = ap->a_vp; 272 struct inode *ip; 273 274 if (vp->v_type == VCHR || vp->v_type == VBLK) 275 return (EOPNOTSUPP); 276 277 ip = VTOI(vp); 278 /* 279 * Files marked append-only must be opened for appending. 280 */ 281 if ((ip->i_flags & APPEND) && 282 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 283 return (EPERM); 284 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 285 return (0); 286} 287 288/* 289 * Close called. 290 * 291 * Update the times on the inode. 292 */ 293/* ARGSUSED */ 294static int 295ufs_close(ap) 296 struct vop_close_args /* { 297 struct vnode *a_vp; 298 int a_fflag; 299 struct ucred *a_cred; 300 struct thread *a_td; 301 } */ *ap; 302{ 303 struct vnode *vp = ap->a_vp; 304 int usecount; 305 306 VI_LOCK(vp); 307 usecount = vp->v_usecount; 308 if (usecount > 1) 309 ufs_itimes_locked(vp); 310 VI_UNLOCK(vp); 311 return (0); 312} 313 314static int 315ufs_accessx(ap) 316 struct vop_accessx_args /* { 317 struct vnode *a_vp; 318 accmode_t a_accmode; 319 struct ucred *a_cred; 320 struct thread *a_td; 321 } */ *ap; 322{ 323 struct vnode *vp = ap->a_vp; 324 struct inode *ip = VTOI(vp); 325 accmode_t accmode = ap->a_accmode; 326 int error; 327#ifdef QUOTA 328 int relocked; 329#endif 330#ifdef UFS_ACL 331 struct acl *acl; 332 acl_type_t type; 333#endif 334 335 /* 336 * Disallow write attempts on read-only filesystems; 337 * unless the file is a socket, fifo, or a block or 338 * character device resident on the filesystem. 339 */ 340 if (accmode & VMODIFY_PERMS) { 341 switch (vp->v_type) { 342 case VDIR: 343 case VLNK: 344 case VREG: 345 if (vp->v_mount->mnt_flag & MNT_RDONLY) 346 return (EROFS); 347#ifdef QUOTA 348 /* 349 * Inode is accounted in the quotas only if struct 350 * dquot is attached to it. VOP_ACCESS() is called 351 * from vn_open_cred() and provides a convenient 352 * point to call getinoquota(). 353 */ 354 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) { 355 356 /* 357 * Upgrade vnode lock, since getinoquota() 358 * requires exclusive lock to modify inode. 359 */ 360 relocked = 1; 361 vhold(vp); 362 vn_lock(vp, LK_UPGRADE | LK_RETRY); 363 VI_LOCK(vp); 364 if (vp->v_iflag & VI_DOOMED) { 365 vdropl(vp); 366 error = ENOENT; 367 goto relock; 368 } 369 vdropl(vp); 370 } else 371 relocked = 0; 372 error = getinoquota(ip); 373relock: 374 if (relocked) 375 vn_lock(vp, LK_DOWNGRADE | LK_RETRY); 376 if (error != 0) 377 return (error); 378#endif 379 break; 380 default: 381 break; 382 } 383 } 384 385 /* 386 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 387 * is here, because without it, * it would be impossible for the owner 388 * to remove the IMMUTABLE flag. 389 */ 390 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 391 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 392 return (EPERM); 393 394#ifdef UFS_ACL 395 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 396 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 397 type = ACL_TYPE_NFS4; 398 else 399 type = ACL_TYPE_ACCESS; 400 401 acl = acl_alloc(M_WAITOK); 402 if (type == ACL_TYPE_NFS4) 403 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 404 else 405 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 406 switch (error) { 407 case 0: 408 if (type == ACL_TYPE_NFS4) { 409 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 410 ip->i_gid, acl, accmode, ap->a_cred, NULL); 411 } else { 412 error = vfs_unixify_accmode(&accmode); 413 if (error == 0) 414 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 415 ip->i_gid, acl, accmode, ap->a_cred, NULL); 416 } 417 break; 418 default: 419 if (error != EOPNOTSUPP) 420 printf( 421"ufs_accessx(): Error retrieving ACL on object (%d).\n", 422 error); 423 /* 424 * XXX: Fall back until debugged. Should 425 * eventually possibly log an error, and return 426 * EPERM for safety. 427 */ 428 error = vfs_unixify_accmode(&accmode); 429 if (error == 0) 430 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 431 ip->i_gid, accmode, ap->a_cred, NULL); 432 } 433 acl_free(acl); 434 435 return (error); 436 } 437#endif /* !UFS_ACL */ 438 error = vfs_unixify_accmode(&accmode); 439 if (error == 0) 440 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 441 accmode, ap->a_cred, NULL); 442 return (error); 443} 444 445/* ARGSUSED */ 446static int 447ufs_getattr(ap) 448 struct vop_getattr_args /* { 449 struct vnode *a_vp; 450 struct vattr *a_vap; 451 struct ucred *a_cred; 452 } */ *ap; 453{ 454 struct vnode *vp = ap->a_vp; 455 struct inode *ip = VTOI(vp); 456 struct vattr *vap = ap->a_vap; 457 458 VI_LOCK(vp); 459 ufs_itimes_locked(vp); 460 if (ip->i_ump->um_fstype == UFS1) { 461 vap->va_atime.tv_sec = ip->i_din1->di_atime; 462 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 463 } else { 464 vap->va_atime.tv_sec = ip->i_din2->di_atime; 465 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 466 } 467 VI_UNLOCK(vp); 468 /* 469 * Copy from inode table 470 */ 471 vap->va_fsid = dev2udev(ip->i_dev); 472 vap->va_fileid = ip->i_number; 473 vap->va_mode = ip->i_mode & ~IFMT; 474 vap->va_nlink = ip->i_effnlink; 475 vap->va_uid = ip->i_uid; 476 vap->va_gid = ip->i_gid; 477 if (ip->i_ump->um_fstype == UFS1) { 478 vap->va_rdev = ip->i_din1->di_rdev; 479 vap->va_size = ip->i_din1->di_size; 480 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 481 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 482 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 483 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 484 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 485 vap->va_filerev = ip->i_din1->di_modrev; 486 } else { 487 vap->va_rdev = ip->i_din2->di_rdev; 488 vap->va_size = ip->i_din2->di_size; 489 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 490 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 491 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 492 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 493 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 494 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 495 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 496 vap->va_filerev = ip->i_din2->di_modrev; 497 } 498 vap->va_flags = ip->i_flags; 499 vap->va_gen = ip->i_gen; 500 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 501 vap->va_type = IFTOVT(ip->i_mode); 502 return (0); 503} 504 505/* 506 * Set attribute vnode op. called from several syscalls 507 */ 508static int 509ufs_setattr(ap) 510 struct vop_setattr_args /* { 511 struct vnode *a_vp; 512 struct vattr *a_vap; 513 struct ucred *a_cred; 514 } */ *ap; 515{ 516 struct vattr *vap = ap->a_vap; 517 struct vnode *vp = ap->a_vp; 518 struct inode *ip = VTOI(vp); 519 struct ucred *cred = ap->a_cred; 520 struct thread *td = curthread; 521 int error; 522 523 /* 524 * Check for unsettable attributes. 525 */ 526 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 527 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 528 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 529 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 530 return (EINVAL); 531 } 532 if (vap->va_flags != VNOVAL) { 533 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 534 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 535 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 536 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 537 UF_SPARSE | UF_SYSTEM)) != 0) 538 return (EOPNOTSUPP); 539 if (vp->v_mount->mnt_flag & MNT_RDONLY) 540 return (EROFS); 541 /* 542 * Callers may only modify the file flags on objects they 543 * have VADMIN rights for. 544 */ 545 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 546 return (error); 547 /* 548 * Unprivileged processes are not permitted to unset system 549 * flags, or modify flags if any system flags are set. 550 * Privileged non-jail processes may not modify system flags 551 * if securelevel > 0 and any existing system flags are set. 552 * Privileged jail processes behave like privileged non-jail 553 * processes if the security.jail.chflags_allowed sysctl is 554 * is non-zero; otherwise, they behave like unprivileged 555 * processes. 556 */ 557 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { 558 if (ip->i_flags & 559 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 560 error = securelevel_gt(cred, 0); 561 if (error) 562 return (error); 563 } 564 /* The snapshot flag cannot be toggled. */ 565 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 566 return (EPERM); 567 } else { 568 if (ip->i_flags & 569 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 570 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 571 return (EPERM); 572 } 573 ip->i_flags = vap->va_flags; 574 DIP_SET(ip, i_flags, vap->va_flags); 575 ip->i_flag |= IN_CHANGE; 576 error = UFS_UPDATE(vp, 0); 577 if (ip->i_flags & (IMMUTABLE | APPEND)) 578 return (error); 579 } 580 /* 581 * If immutable or append, no one can change any of its attributes 582 * except the ones already handled (in some cases, file flags 583 * including the immutability flags themselves for the superuser). 584 */ 585 if (ip->i_flags & (IMMUTABLE | APPEND)) 586 return (EPERM); 587 /* 588 * Go through the fields and update iff not VNOVAL. 589 */ 590 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 591 if (vp->v_mount->mnt_flag & MNT_RDONLY) 592 return (EROFS); 593 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 594 td)) != 0) 595 return (error); 596 } 597 if (vap->va_size != VNOVAL) { 598 /* 599 * XXX most of the following special cases should be in 600 * callers instead of in N filesystems. The VDIR check 601 * mostly already is. 602 */ 603 switch (vp->v_type) { 604 case VDIR: 605 return (EISDIR); 606 case VLNK: 607 case VREG: 608 /* 609 * Truncation should have an effect in these cases. 610 * Disallow it if the filesystem is read-only or 611 * the file is being snapshotted. 612 */ 613 if (vp->v_mount->mnt_flag & MNT_RDONLY) 614 return (EROFS); 615 if ((ip->i_flags & SF_SNAPSHOT) != 0) 616 return (EPERM); 617 break; 618 default: 619 /* 620 * According to POSIX, the result is unspecified 621 * for file types other than regular files, 622 * directories and shared memory objects. We 623 * don't support shared memory objects in the file 624 * system, and have dubious support for truncating 625 * symlinks. Just ignore the request in other cases. 626 */ 627 return (0); 628 } 629 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL, 630 cred)) != 0) 631 return (error); 632 } 633 if (vap->va_atime.tv_sec != VNOVAL || 634 vap->va_mtime.tv_sec != VNOVAL || 635 vap->va_birthtime.tv_sec != VNOVAL) { 636 if (vp->v_mount->mnt_flag & MNT_RDONLY) 637 return (EROFS); 638 if ((ip->i_flags & SF_SNAPSHOT) != 0) 639 return (EPERM); 640 error = vn_utimes_perm(vp, vap, cred, td); 641 if (error != 0) 642 return (error); 643 ip->i_flag |= IN_CHANGE | IN_MODIFIED; 644 if (vap->va_atime.tv_sec != VNOVAL) { 645 ip->i_flag &= ~IN_ACCESS; 646 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 647 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 648 } 649 if (vap->va_mtime.tv_sec != VNOVAL) { 650 ip->i_flag &= ~IN_UPDATE; 651 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 652 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 653 } 654 if (vap->va_birthtime.tv_sec != VNOVAL && 655 ip->i_ump->um_fstype == UFS2) { 656 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 657 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 658 } 659 error = UFS_UPDATE(vp, 0); 660 if (error) 661 return (error); 662 } 663 error = 0; 664 if (vap->va_mode != (mode_t)VNOVAL) { 665 if (vp->v_mount->mnt_flag & MNT_RDONLY) 666 return (EROFS); 667 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 668 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 669 return (EPERM); 670 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 671 } 672 return (error); 673} 674 675#ifdef UFS_ACL 676static int 677ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 678 int file_owner_id, struct ucred *cred, struct thread *td) 679{ 680 int error; 681 struct acl *aclp; 682 683 aclp = acl_alloc(M_WAITOK); 684 error = ufs_getacl_nfs4_internal(vp, aclp, td); 685 /* 686 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 687 * it supports ACLs. 688 */ 689 if (error) 690 goto out; 691 692 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 693 error = ufs_setacl_nfs4_internal(vp, aclp, td); 694 695out: 696 acl_free(aclp); 697 return (error); 698} 699#endif /* UFS_ACL */ 700 701/* 702 * Mark this file's access time for update for vfs_mark_atime(). This 703 * is called from execve() and mmap(). 704 */ 705static int 706ufs_markatime(ap) 707 struct vop_markatime_args /* { 708 struct vnode *a_vp; 709 } */ *ap; 710{ 711 struct vnode *vp = ap->a_vp; 712 struct inode *ip = VTOI(vp); 713 714 VI_LOCK(vp); 715 ip->i_flag |= IN_ACCESS; 716 VI_UNLOCK(vp); 717 /* 718 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 719 */ 720 return (0); 721} 722 723/* 724 * Change the mode on a file. 725 * Inode must be locked before calling. 726 */ 727static int 728ufs_chmod(vp, mode, cred, td) 729 struct vnode *vp; 730 int mode; 731 struct ucred *cred; 732 struct thread *td; 733{ 734 struct inode *ip = VTOI(vp); 735 int error; 736 737 /* 738 * To modify the permissions on a file, must possess VADMIN 739 * for that file. 740 */ 741 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 742 return (error); 743 /* 744 * Privileged processes may set the sticky bit on non-directories, 745 * as well as set the setgid bit on a file with a group that the 746 * process is not a member of. Both of these are allowed in 747 * jail(8). 748 */ 749 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 750 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) 751 return (EFTYPE); 752 } 753 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 754 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); 755 if (error) 756 return (error); 757 } 758 759 /* 760 * Deny setting setuid if we are not the file owner. 761 */ 762 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 763 error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); 764 if (error) 765 return (error); 766 } 767 768 ip->i_mode &= ~ALLPERMS; 769 ip->i_mode |= (mode & ALLPERMS); 770 DIP_SET(ip, i_mode, ip->i_mode); 771 ip->i_flag |= IN_CHANGE; 772#ifdef UFS_ACL 773 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 774 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 775#endif 776 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 777 error = UFS_UPDATE(vp, 0); 778 779 return (error); 780} 781 782/* 783 * Perform chown operation on inode ip; 784 * inode must be locked prior to call. 785 */ 786static int 787ufs_chown(vp, uid, gid, cred, td) 788 struct vnode *vp; 789 uid_t uid; 790 gid_t gid; 791 struct ucred *cred; 792 struct thread *td; 793{ 794 struct inode *ip = VTOI(vp); 795 uid_t ouid; 796 gid_t ogid; 797 int error = 0; 798#ifdef QUOTA 799 int i; 800 ufs2_daddr_t change; 801#endif 802 803 if (uid == (uid_t)VNOVAL) 804 uid = ip->i_uid; 805 if (gid == (gid_t)VNOVAL) 806 gid = ip->i_gid; 807 /* 808 * To modify the ownership of a file, must possess VADMIN for that 809 * file. 810 */ 811 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 812 return (error); 813 /* 814 * To change the owner of a file, or change the group of a file to a 815 * group of which we are not a member, the caller must have 816 * privilege. 817 */ 818 if (((uid != ip->i_uid && uid != cred->cr_uid) || 819 (gid != ip->i_gid && !groupmember(gid, cred))) && 820 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) 821 return (error); 822 ogid = ip->i_gid; 823 ouid = ip->i_uid; 824#ifdef QUOTA 825 if ((error = getinoquota(ip)) != 0) 826 return (error); 827 if (ouid == uid) { 828 dqrele(vp, ip->i_dquot[USRQUOTA]); 829 ip->i_dquot[USRQUOTA] = NODQUOT; 830 } 831 if (ogid == gid) { 832 dqrele(vp, ip->i_dquot[GRPQUOTA]); 833 ip->i_dquot[GRPQUOTA] = NODQUOT; 834 } 835 change = DIP(ip, i_blocks); 836 (void) chkdq(ip, -change, cred, CHOWN); 837 (void) chkiq(ip, -1, cred, CHOWN); 838 for (i = 0; i < MAXQUOTAS; i++) { 839 dqrele(vp, ip->i_dquot[i]); 840 ip->i_dquot[i] = NODQUOT; 841 } 842#endif 843 ip->i_gid = gid; 844 DIP_SET(ip, i_gid, gid); 845 ip->i_uid = uid; 846 DIP_SET(ip, i_uid, uid); 847#ifdef QUOTA 848 if ((error = getinoquota(ip)) == 0) { 849 if (ouid == uid) { 850 dqrele(vp, ip->i_dquot[USRQUOTA]); 851 ip->i_dquot[USRQUOTA] = NODQUOT; 852 } 853 if (ogid == gid) { 854 dqrele(vp, ip->i_dquot[GRPQUOTA]); 855 ip->i_dquot[GRPQUOTA] = NODQUOT; 856 } 857 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 858 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 859 goto good; 860 else 861 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 862 } 863 for (i = 0; i < MAXQUOTAS; i++) { 864 dqrele(vp, ip->i_dquot[i]); 865 ip->i_dquot[i] = NODQUOT; 866 } 867 } 868 ip->i_gid = ogid; 869 DIP_SET(ip, i_gid, ogid); 870 ip->i_uid = ouid; 871 DIP_SET(ip, i_uid, ouid); 872 if (getinoquota(ip) == 0) { 873 if (ouid == uid) { 874 dqrele(vp, ip->i_dquot[USRQUOTA]); 875 ip->i_dquot[USRQUOTA] = NODQUOT; 876 } 877 if (ogid == gid) { 878 dqrele(vp, ip->i_dquot[GRPQUOTA]); 879 ip->i_dquot[GRPQUOTA] = NODQUOT; 880 } 881 (void) chkdq(ip, change, cred, FORCE|CHOWN); 882 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 883 (void) getinoquota(ip); 884 } 885 return (error); 886good: 887 if (getinoquota(ip)) 888 panic("ufs_chown: lost quota"); 889#endif /* QUOTA */ 890 ip->i_flag |= IN_CHANGE; 891 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 892 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { 893 ip->i_mode &= ~(ISUID | ISGID); 894 DIP_SET(ip, i_mode, ip->i_mode); 895 } 896 } 897 error = UFS_UPDATE(vp, 0); 898 return (error); 899} 900 901static int 902ufs_remove(ap) 903 struct vop_remove_args /* { 904 struct vnode *a_dvp; 905 struct vnode *a_vp; 906 struct componentname *a_cnp; 907 } */ *ap; 908{ 909 struct inode *ip; 910 struct vnode *vp = ap->a_vp; 911 struct vnode *dvp = ap->a_dvp; 912 int error; 913 struct thread *td; 914 915 td = curthread; 916 ip = VTOI(vp); 917 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 918 (VTOI(dvp)->i_flags & APPEND)) { 919 error = EPERM; 920 goto out; 921 } 922#ifdef UFS_GJOURNAL 923 ufs_gjournal_orphan(vp); 924#endif 925 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 926 if (ip->i_nlink <= 0) 927 vp->v_vflag |= VV_NOSYNC; 928 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 929 /* 930 * Avoid deadlock where another thread is trying to 931 * update the inodeblock for dvp and is waiting on 932 * snaplk. Temporary unlock the vnode lock for the 933 * unlinked file and sync the directory. This should 934 * allow vput() of the directory to not block later on 935 * while holding the snapshot vnode locked, assuming 936 * that the directory hasn't been unlinked too. 937 */ 938 VOP_UNLOCK(vp, 0); 939 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 940 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 941 } 942out: 943 return (error); 944} 945 946/* 947 * link vnode call 948 */ 949static int 950ufs_link(ap) 951 struct vop_link_args /* { 952 struct vnode *a_tdvp; 953 struct vnode *a_vp; 954 struct componentname *a_cnp; 955 } */ *ap; 956{ 957 struct vnode *vp = ap->a_vp; 958 struct vnode *tdvp = ap->a_tdvp; 959 struct componentname *cnp = ap->a_cnp; 960 struct inode *ip; 961 struct direct newdir; 962 int error; 963 964#ifdef INVARIANTS 965 if ((cnp->cn_flags & HASBUF) == 0) 966 panic("ufs_link: no name"); 967#endif 968 if (VTOI(tdvp)->i_effnlink < 2) 969 panic("ufs_link: Bad link count %d on parent", 970 VTOI(tdvp)->i_effnlink); 971 ip = VTOI(vp); 972 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 973 error = EMLINK; 974 goto out; 975 } 976 /* 977 * The file may have been removed after namei droped the original 978 * lock. 979 */ 980 if (ip->i_effnlink == 0) { 981 error = ENOENT; 982 goto out; 983 } 984 if (ip->i_flags & (IMMUTABLE | APPEND)) { 985 error = EPERM; 986 goto out; 987 } 988 ip->i_effnlink++; 989 ip->i_nlink++; 990 DIP_SET(ip, i_nlink, ip->i_nlink); 991 ip->i_flag |= IN_CHANGE; 992 if (DOINGSOFTDEP(vp)) 993 softdep_setup_link(VTOI(tdvp), ip); 994 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 995 if (!error) { 996 ufs_makedirentry(ip, cnp, &newdir); 997 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 998 } 999 1000 if (error) { 1001 ip->i_effnlink--; 1002 ip->i_nlink--; 1003 DIP_SET(ip, i_nlink, ip->i_nlink); 1004 ip->i_flag |= IN_CHANGE; 1005 if (DOINGSOFTDEP(vp)) 1006 softdep_revert_link(VTOI(tdvp), ip); 1007 } 1008out: 1009 return (error); 1010} 1011 1012/* 1013 * whiteout vnode call 1014 */ 1015static int 1016ufs_whiteout(ap) 1017 struct vop_whiteout_args /* { 1018 struct vnode *a_dvp; 1019 struct componentname *a_cnp; 1020 int a_flags; 1021 } */ *ap; 1022{ 1023 struct vnode *dvp = ap->a_dvp; 1024 struct componentname *cnp = ap->a_cnp; 1025 struct direct newdir; 1026 int error = 0; 1027 1028 switch (ap->a_flags) { 1029 case LOOKUP: 1030 /* 4.4 format directories support whiteout operations */ 1031 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1032 return (0); 1033 return (EOPNOTSUPP); 1034 1035 case CREATE: 1036 /* create a new directory whiteout */ 1037#ifdef INVARIANTS 1038 if ((cnp->cn_flags & SAVENAME) == 0) 1039 panic("ufs_whiteout: missing name"); 1040 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1041 panic("ufs_whiteout: old format filesystem"); 1042#endif 1043 1044 newdir.d_ino = WINO; 1045 newdir.d_namlen = cnp->cn_namelen; 1046 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1047 newdir.d_type = DT_WHT; 1048 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1049 break; 1050 1051 case DELETE: 1052 /* remove an existing directory whiteout */ 1053#ifdef INVARIANTS 1054 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1055 panic("ufs_whiteout: old format filesystem"); 1056#endif 1057 1058 cnp->cn_flags &= ~DOWHITEOUT; 1059 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1060 break; 1061 default: 1062 panic("ufs_whiteout: unknown op"); 1063 } 1064 return (error); 1065} 1066 1067static volatile int rename_restarts; 1068SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1069 __DEVOLATILE(int *, &rename_restarts), 0, 1070 "Times rename had to restart due to lock contention"); 1071 1072/* 1073 * Rename system call. 1074 * rename("foo", "bar"); 1075 * is essentially 1076 * unlink("bar"); 1077 * link("foo", "bar"); 1078 * unlink("foo"); 1079 * but ``atomically''. Can't do full commit without saving state in the 1080 * inode on disk which isn't feasible at this time. Best we can do is 1081 * always guarantee the target exists. 1082 * 1083 * Basic algorithm is: 1084 * 1085 * 1) Bump link count on source while we're linking it to the 1086 * target. This also ensure the inode won't be deleted out 1087 * from underneath us while we work (it may be truncated by 1088 * a concurrent `trunc' or `open' for creation). 1089 * 2) Link source to destination. If destination already exists, 1090 * delete it first. 1091 * 3) Unlink source reference to inode if still around. If a 1092 * directory was moved and the parent of the destination 1093 * is different from the source, patch the ".." entry in the 1094 * directory. 1095 */ 1096static int 1097ufs_rename(ap) 1098 struct vop_rename_args /* { 1099 struct vnode *a_fdvp; 1100 struct vnode *a_fvp; 1101 struct componentname *a_fcnp; 1102 struct vnode *a_tdvp; 1103 struct vnode *a_tvp; 1104 struct componentname *a_tcnp; 1105 } */ *ap; 1106{ 1107 struct vnode *tvp = ap->a_tvp; 1108 struct vnode *tdvp = ap->a_tdvp; 1109 struct vnode *fvp = ap->a_fvp; 1110 struct vnode *fdvp = ap->a_fdvp; 1111 struct vnode *nvp; 1112 struct componentname *tcnp = ap->a_tcnp; 1113 struct componentname *fcnp = ap->a_fcnp; 1114 struct thread *td = fcnp->cn_thread; 1115 struct inode *fip, *tip, *tdp, *fdp; 1116 struct direct newdir; 1117 off_t endoff; 1118 int doingdirectory, newparent; 1119 int error = 0; 1120 struct mount *mp; 1121 ino_t ino; 1122 1123#ifdef INVARIANTS 1124 if ((tcnp->cn_flags & HASBUF) == 0 || 1125 (fcnp->cn_flags & HASBUF) == 0) 1126 panic("ufs_rename: no name"); 1127#endif 1128 endoff = 0; 1129 mp = tdvp->v_mount; 1130 VOP_UNLOCK(tdvp, 0); 1131 if (tvp && tvp != tdvp) 1132 VOP_UNLOCK(tvp, 0); 1133 /* 1134 * Check for cross-device rename. 1135 */ 1136 if ((fvp->v_mount != tdvp->v_mount) || 1137 (tvp && (fvp->v_mount != tvp->v_mount))) { 1138 error = EXDEV; 1139 mp = NULL; 1140 goto releout; 1141 } 1142relock: 1143 /* 1144 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1145 * and fdvp and tdvp are the same directory. Subsequently we need 1146 * to double-check all paths and in the directory rename case we 1147 * need to verify that we are not creating a directory loop. To 1148 * handle this we acquire all but fdvp using non-blocking 1149 * acquisitions. If we fail to acquire any lock in the path we will 1150 * drop all held locks, acquire the new lock in a blocking fashion, 1151 * and then release it and restart the rename. This acquire/release 1152 * step ensures that we do not spin on a lock waiting for release. 1153 */ 1154 error = vn_lock(fdvp, LK_EXCLUSIVE); 1155 if (error) 1156 goto releout; 1157 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1158 VOP_UNLOCK(fdvp, 0); 1159 error = vn_lock(tdvp, LK_EXCLUSIVE); 1160 if (error) 1161 goto releout; 1162 VOP_UNLOCK(tdvp, 0); 1163 atomic_add_int(&rename_restarts, 1); 1164 goto relock; 1165 } 1166 /* 1167 * Re-resolve fvp to be certain it still exists and fetch the 1168 * correct vnode. 1169 */ 1170 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1171 if (error) { 1172 VOP_UNLOCK(fdvp, 0); 1173 VOP_UNLOCK(tdvp, 0); 1174 goto releout; 1175 } 1176 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1177 if (error) { 1178 VOP_UNLOCK(fdvp, 0); 1179 VOP_UNLOCK(tdvp, 0); 1180 if (error != EBUSY) 1181 goto releout; 1182 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1183 if (error != 0) 1184 goto releout; 1185 VOP_UNLOCK(nvp, 0); 1186 vrele(fvp); 1187 fvp = nvp; 1188 atomic_add_int(&rename_restarts, 1); 1189 goto relock; 1190 } 1191 vrele(fvp); 1192 fvp = nvp; 1193 /* 1194 * Re-resolve tvp and acquire the vnode lock if present. 1195 */ 1196 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1197 if (error != 0 && error != EJUSTRETURN) { 1198 VOP_UNLOCK(fdvp, 0); 1199 VOP_UNLOCK(tdvp, 0); 1200 VOP_UNLOCK(fvp, 0); 1201 goto releout; 1202 } 1203 /* 1204 * If tvp disappeared we just carry on. 1205 */ 1206 if (error == EJUSTRETURN && tvp != NULL) { 1207 vrele(tvp); 1208 tvp = NULL; 1209 } 1210 /* 1211 * Get the tvp ino if the lookup succeeded. We may have to restart 1212 * if the non-blocking acquire fails. 1213 */ 1214 if (error == 0) { 1215 nvp = NULL; 1216 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1217 if (tvp) 1218 vrele(tvp); 1219 tvp = nvp; 1220 if (error) { 1221 VOP_UNLOCK(fdvp, 0); 1222 VOP_UNLOCK(tdvp, 0); 1223 VOP_UNLOCK(fvp, 0); 1224 if (error != EBUSY) 1225 goto releout; 1226 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1227 if (error != 0) 1228 goto releout; 1229 vput(nvp); 1230 atomic_add_int(&rename_restarts, 1); 1231 goto relock; 1232 } 1233 } 1234 fdp = VTOI(fdvp); 1235 fip = VTOI(fvp); 1236 tdp = VTOI(tdvp); 1237 tip = NULL; 1238 if (tvp) 1239 tip = VTOI(tvp); 1240 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1241 (VTOI(tdvp)->i_flags & APPEND))) { 1242 error = EPERM; 1243 goto unlockout; 1244 } 1245 /* 1246 * Renaming a file to itself has no effect. The upper layers should 1247 * not call us in that case. However, things could change after 1248 * we drop the locks above. 1249 */ 1250 if (fvp == tvp) { 1251 error = 0; 1252 goto unlockout; 1253 } 1254 doingdirectory = 0; 1255 newparent = 0; 1256 ino = fip->i_number; 1257 if (fip->i_nlink >= LINK_MAX) { 1258 error = EMLINK; 1259 goto unlockout; 1260 } 1261 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1262 || (fdp->i_flags & APPEND)) { 1263 error = EPERM; 1264 goto unlockout; 1265 } 1266 if ((fip->i_mode & IFMT) == IFDIR) { 1267 /* 1268 * Avoid ".", "..", and aliases of "." for obvious reasons. 1269 */ 1270 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1271 fdp == fip || 1272 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1273 error = EINVAL; 1274 goto unlockout; 1275 } 1276 if (fdp->i_number != tdp->i_number) 1277 newparent = tdp->i_number; 1278 doingdirectory = 1; 1279 } 1280 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1281 (tvp != NULL && tvp->v_type == VDIR && 1282 tvp->v_mountedhere != NULL)) { 1283 error = EXDEV; 1284 goto unlockout; 1285 } 1286 1287 /* 1288 * If ".." must be changed (ie the directory gets a new 1289 * parent) then the source directory must not be in the 1290 * directory hierarchy above the target, as this would 1291 * orphan everything below the source directory. Also 1292 * the user must have write permission in the source so 1293 * as to be able to change "..". 1294 */ 1295 if (doingdirectory && newparent) { 1296 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1297 if (error) 1298 goto unlockout; 1299 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1300 &ino); 1301 /* 1302 * We encountered a lock that we have to wait for. Unlock 1303 * everything else and VGET before restarting. 1304 */ 1305 if (ino) { 1306 VOP_UNLOCK(fdvp, 0); 1307 VOP_UNLOCK(fvp, 0); 1308 VOP_UNLOCK(tdvp, 0); 1309 if (tvp) 1310 VOP_UNLOCK(tvp, 0); 1311 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1312 if (error == 0) 1313 vput(nvp); 1314 atomic_add_int(&rename_restarts, 1); 1315 goto relock; 1316 } 1317 if (error) 1318 goto unlockout; 1319 if ((tcnp->cn_flags & SAVESTART) == 0) 1320 panic("ufs_rename: lost to startdir"); 1321 } 1322 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1323 tdp->i_effnlink == 0) 1324 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1325 1326 /* 1327 * 1) Bump link count while we're moving stuff 1328 * around. If we crash somewhere before 1329 * completing our work, the link count 1330 * may be wrong, but correctable. 1331 */ 1332 fip->i_effnlink++; 1333 fip->i_nlink++; 1334 DIP_SET(fip, i_nlink, fip->i_nlink); 1335 fip->i_flag |= IN_CHANGE; 1336 if (DOINGSOFTDEP(fvp)) 1337 softdep_setup_link(tdp, fip); 1338 error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | DOINGASYNC(fvp))); 1339 if (error) 1340 goto bad; 1341 1342 /* 1343 * 2) If target doesn't exist, link the target 1344 * to the source and unlink the source. 1345 * Otherwise, rewrite the target directory 1346 * entry to reference the source inode and 1347 * expunge the original entry's existence. 1348 */ 1349 if (tip == NULL) { 1350 if (tdp->i_dev != fip->i_dev) 1351 panic("ufs_rename: EXDEV"); 1352 if (doingdirectory && newparent) { 1353 /* 1354 * Account for ".." in new directory. 1355 * When source and destination have the same 1356 * parent we don't adjust the link count. The 1357 * actual link modification is completed when 1358 * .. is rewritten below. 1359 */ 1360 if ((nlink_t)tdp->i_nlink >= LINK_MAX) { 1361 error = EMLINK; 1362 goto bad; 1363 } 1364 } 1365 ufs_makedirentry(fip, tcnp, &newdir); 1366 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1367 if (error) 1368 goto bad; 1369 /* Setup tdvp for directory compaction if needed. */ 1370 if (tdp->i_count && tdp->i_endoff && 1371 tdp->i_endoff < tdp->i_size) 1372 endoff = tdp->i_endoff; 1373 } else { 1374 if (tip->i_dev != tdp->i_dev || tip->i_dev != fip->i_dev) 1375 panic("ufs_rename: EXDEV"); 1376 /* 1377 * Short circuit rename(foo, foo). 1378 */ 1379 if (tip->i_number == fip->i_number) 1380 panic("ufs_rename: same file"); 1381 /* 1382 * If the parent directory is "sticky", then the caller 1383 * must possess VADMIN for the parent directory, or the 1384 * destination of the rename. This implements append-only 1385 * directories. 1386 */ 1387 if ((tdp->i_mode & S_ISTXT) && 1388 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1389 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1390 error = EPERM; 1391 goto bad; 1392 } 1393 /* 1394 * Target must be empty if a directory and have no links 1395 * to it. Also, ensure source and target are compatible 1396 * (both directories, or both not directories). 1397 */ 1398 if ((tip->i_mode & IFMT) == IFDIR) { 1399 if ((tip->i_effnlink > 2) || 1400 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1401 error = ENOTEMPTY; 1402 goto bad; 1403 } 1404 if (!doingdirectory) { 1405 error = ENOTDIR; 1406 goto bad; 1407 } 1408 cache_purge(tdvp); 1409 } else if (doingdirectory) { 1410 error = EISDIR; 1411 goto bad; 1412 } 1413 if (doingdirectory) { 1414 if (!newparent) { 1415 tdp->i_effnlink--; 1416 if (DOINGSOFTDEP(tdvp)) 1417 softdep_change_linkcnt(tdp); 1418 } 1419 tip->i_effnlink--; 1420 if (DOINGSOFTDEP(tvp)) 1421 softdep_change_linkcnt(tip); 1422 } 1423 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1424 IFTODT(fip->i_mode), 1425 (doingdirectory && newparent) ? newparent : doingdirectory); 1426 if (error) { 1427 if (doingdirectory) { 1428 if (!newparent) { 1429 tdp->i_effnlink++; 1430 if (DOINGSOFTDEP(tdvp)) 1431 softdep_change_linkcnt(tdp); 1432 } 1433 tip->i_effnlink++; 1434 if (DOINGSOFTDEP(tvp)) 1435 softdep_change_linkcnt(tip); 1436 } 1437 } 1438 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1439 /* 1440 * The only stuff left in the directory is "." 1441 * and "..". The "." reference is inconsequential 1442 * since we are quashing it. We have removed the "." 1443 * reference and the reference in the parent directory, 1444 * but there may be other hard links. The soft 1445 * dependency code will arrange to do these operations 1446 * after the parent directory entry has been deleted on 1447 * disk, so when running with that code we avoid doing 1448 * them now. 1449 */ 1450 if (!newparent) { 1451 tdp->i_nlink--; 1452 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1453 tdp->i_flag |= IN_CHANGE; 1454 } 1455 tip->i_nlink--; 1456 DIP_SET(tip, i_nlink, tip->i_nlink); 1457 tip->i_flag |= IN_CHANGE; 1458 } 1459 } 1460 1461 /* 1462 * 3) Unlink the source. We have to resolve the path again to 1463 * fixup the directory offset and count for ufs_dirremove. 1464 */ 1465 if (fdvp == tdvp) { 1466 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1467 if (error) 1468 panic("ufs_rename: from entry went away!"); 1469 if (ino != fip->i_number) 1470 panic("ufs_rename: ino mismatch %ju != %ju\n", 1471 (uintmax_t)ino, (uintmax_t)fip->i_number); 1472 } 1473 /* 1474 * If the source is a directory with a 1475 * new parent, the link count of the old 1476 * parent directory must be decremented 1477 * and ".." set to point to the new parent. 1478 */ 1479 if (doingdirectory && newparent) { 1480 /* 1481 * If tip exists we simply use its link, otherwise we must 1482 * add a new one. 1483 */ 1484 if (tip == NULL) { 1485 tdp->i_effnlink++; 1486 tdp->i_nlink++; 1487 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1488 tdp->i_flag |= IN_CHANGE; 1489 if (DOINGSOFTDEP(tdvp)) 1490 softdep_setup_dotdot_link(tdp, fip); 1491 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1492 DOINGASYNC(tdvp))); 1493 /* Don't go to bad here as the new link exists. */ 1494 if (error) 1495 goto unlockout; 1496 } else if (DOINGSUJ(tdvp)) 1497 /* Journal must account for each new link. */ 1498 softdep_setup_dotdot_link(tdp, fip); 1499 fip->i_offset = mastertemplate.dot_reclen; 1500 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1501 cache_purge(fdvp); 1502 } 1503 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1504 /* 1505 * The kern_renameat() looks up the fvp using the DELETE flag, which 1506 * causes the removal of the name cache entry for fvp. 1507 * As the relookup of the fvp is done in two steps: 1508 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1509 * normal lookup of the from name just before the VFS_VGET() call, 1510 * causing the cache entry to be re-instantiated. 1511 * 1512 * The same issue also applies to tvp if it exists as 1513 * otherwise we may have a stale name cache entry for the new 1514 * name that references the old i-node if it has other links 1515 * or open file descriptors. 1516 */ 1517 cache_purge(fvp); 1518 if (tvp) 1519 cache_purge(tvp); 1520 cache_purge_negative(tdvp); 1521 1522unlockout: 1523 vput(fdvp); 1524 vput(fvp); 1525 if (tvp) 1526 vput(tvp); 1527 /* 1528 * If compaction or fsync was requested do it now that other locks 1529 * are no longer needed. 1530 */ 1531 if (error == 0 && endoff != 0) { 1532#ifdef UFS_DIRHASH 1533 if (tdp->i_dirhash != NULL) 1534 ufsdirhash_dirtrunc(tdp, endoff); 1535#endif 1536 UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | IO_SYNC, tcnp->cn_cred); 1537 } 1538 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1539 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1540 vput(tdvp); 1541 return (error); 1542 1543bad: 1544 fip->i_effnlink--; 1545 fip->i_nlink--; 1546 DIP_SET(fip, i_nlink, fip->i_nlink); 1547 fip->i_flag |= IN_CHANGE; 1548 if (DOINGSOFTDEP(fvp)) 1549 softdep_revert_link(tdp, fip); 1550 goto unlockout; 1551 1552releout: 1553 vrele(fdvp); 1554 vrele(fvp); 1555 vrele(tdvp); 1556 if (tvp) 1557 vrele(tvp); 1558 1559 return (error); 1560} 1561 1562#ifdef UFS_ACL 1563static int 1564ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1565 mode_t dmode, struct ucred *cred, struct thread *td) 1566{ 1567 int error; 1568 struct inode *ip = VTOI(tvp); 1569 struct acl *dacl, *acl; 1570 1571 acl = acl_alloc(M_WAITOK); 1572 dacl = acl_alloc(M_WAITOK); 1573 1574 /* 1575 * Retrieve default ACL from parent, if any. 1576 */ 1577 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1578 switch (error) { 1579 case 0: 1580 /* 1581 * Retrieved a default ACL, so merge mode and ACL if 1582 * necessary. If the ACL is empty, fall through to 1583 * the "not defined or available" case. 1584 */ 1585 if (acl->acl_cnt != 0) { 1586 dmode = acl_posix1e_newfilemode(dmode, acl); 1587 ip->i_mode = dmode; 1588 DIP_SET(ip, i_mode, dmode); 1589 *dacl = *acl; 1590 ufs_sync_acl_from_inode(ip, acl); 1591 break; 1592 } 1593 /* FALLTHROUGH */ 1594 1595 case EOPNOTSUPP: 1596 /* 1597 * Just use the mode as-is. 1598 */ 1599 ip->i_mode = dmode; 1600 DIP_SET(ip, i_mode, dmode); 1601 error = 0; 1602 goto out; 1603 1604 default: 1605 goto out; 1606 } 1607 1608 /* 1609 * XXX: If we abort now, will Soft Updates notify the extattr 1610 * code that the EAs for the file need to be released? 1611 */ 1612 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1613 if (error == 0) 1614 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1615 switch (error) { 1616 case 0: 1617 break; 1618 1619 case EOPNOTSUPP: 1620 /* 1621 * XXX: This should not happen, as EOPNOTSUPP above 1622 * was supposed to free acl. 1623 */ 1624 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1625 /* 1626 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1627 */ 1628 break; 1629 1630 default: 1631 goto out; 1632 } 1633 1634out: 1635 acl_free(acl); 1636 acl_free(dacl); 1637 1638 return (error); 1639} 1640 1641static int 1642ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1643 mode_t mode, struct ucred *cred, struct thread *td) 1644{ 1645 int error; 1646 struct inode *ip = VTOI(tvp); 1647 struct acl *acl; 1648 1649 acl = acl_alloc(M_WAITOK); 1650 1651 /* 1652 * Retrieve default ACL for parent, if any. 1653 */ 1654 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1655 switch (error) { 1656 case 0: 1657 /* 1658 * Retrieved a default ACL, so merge mode and ACL if 1659 * necessary. 1660 */ 1661 if (acl->acl_cnt != 0) { 1662 /* 1663 * Two possible ways for default ACL to not 1664 * be present. First, the EA can be 1665 * undefined, or second, the default ACL can 1666 * be blank. If it's blank, fall through to 1667 * the it's not defined case. 1668 */ 1669 mode = acl_posix1e_newfilemode(mode, acl); 1670 ip->i_mode = mode; 1671 DIP_SET(ip, i_mode, mode); 1672 ufs_sync_acl_from_inode(ip, acl); 1673 break; 1674 } 1675 /* FALLTHROUGH */ 1676 1677 case EOPNOTSUPP: 1678 /* 1679 * Just use the mode as-is. 1680 */ 1681 ip->i_mode = mode; 1682 DIP_SET(ip, i_mode, mode); 1683 error = 0; 1684 goto out; 1685 1686 default: 1687 goto out; 1688 } 1689 1690 /* 1691 * XXX: If we abort now, will Soft Updates notify the extattr 1692 * code that the EAs for the file need to be released? 1693 */ 1694 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1695 switch (error) { 1696 case 0: 1697 break; 1698 1699 case EOPNOTSUPP: 1700 /* 1701 * XXX: This should not happen, as EOPNOTSUPP above was 1702 * supposed to free acl. 1703 */ 1704 printf("ufs_makeinode: VOP_GETACL() but no " 1705 "VOP_SETACL()\n"); 1706 /* panic("ufs_makeinode: VOP_GETACL() but no " 1707 "VOP_SETACL()"); */ 1708 break; 1709 1710 default: 1711 goto out; 1712 } 1713 1714out: 1715 acl_free(acl); 1716 1717 return (error); 1718} 1719 1720static int 1721ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1722 mode_t child_mode, struct ucred *cred, struct thread *td) 1723{ 1724 int error; 1725 struct acl *parent_aclp, *child_aclp; 1726 1727 parent_aclp = acl_alloc(M_WAITOK); 1728 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1729 1730 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1731 if (error) 1732 goto out; 1733 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1734 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1735 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1736 if (error) 1737 goto out; 1738out: 1739 acl_free(parent_aclp); 1740 acl_free(child_aclp); 1741 1742 return (error); 1743} 1744#endif 1745 1746/* 1747 * Mkdir system call 1748 */ 1749static int 1750ufs_mkdir(ap) 1751 struct vop_mkdir_args /* { 1752 struct vnode *a_dvp; 1753 struct vnode **a_vpp; 1754 struct componentname *a_cnp; 1755 struct vattr *a_vap; 1756 } */ *ap; 1757{ 1758 struct vnode *dvp = ap->a_dvp; 1759 struct vattr *vap = ap->a_vap; 1760 struct componentname *cnp = ap->a_cnp; 1761 struct inode *ip, *dp; 1762 struct vnode *tvp; 1763 struct buf *bp; 1764 struct dirtemplate dirtemplate, *dtp; 1765 struct direct newdir; 1766 int error, dmode; 1767 long blkoff; 1768 1769#ifdef INVARIANTS 1770 if ((cnp->cn_flags & HASBUF) == 0) 1771 panic("ufs_mkdir: no name"); 1772#endif 1773 dp = VTOI(dvp); 1774 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1775 error = EMLINK; 1776 goto out; 1777 } 1778 dmode = vap->va_mode & 0777; 1779 dmode |= IFDIR; 1780 /* 1781 * Must simulate part of ufs_makeinode here to acquire the inode, 1782 * but not have it entered in the parent directory. The entry is 1783 * made later after writing "." and ".." entries. 1784 */ 1785 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1786 if (error) 1787 goto out; 1788 ip = VTOI(tvp); 1789 ip->i_gid = dp->i_gid; 1790 DIP_SET(ip, i_gid, dp->i_gid); 1791#ifdef SUIDDIR 1792 { 1793#ifdef QUOTA 1794 struct ucred ucred, *ucp; 1795 gid_t ucred_group; 1796 ucp = cnp->cn_cred; 1797#endif 1798 /* 1799 * If we are hacking owners here, (only do this where told to) 1800 * and we are not giving it TO root, (would subvert quotas) 1801 * then go ahead and give it to the other user. 1802 * The new directory also inherits the SUID bit. 1803 * If user's UID and dir UID are the same, 1804 * 'give it away' so that the SUID is still forced on. 1805 */ 1806 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1807 (dp->i_mode & ISUID) && dp->i_uid) { 1808 dmode |= ISUID; 1809 ip->i_uid = dp->i_uid; 1810 DIP_SET(ip, i_uid, dp->i_uid); 1811#ifdef QUOTA 1812 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1813 /* 1814 * Make sure the correct user gets charged 1815 * for the space. 1816 * Make a dummy credential for the victim. 1817 * XXX This seems to never be accessed out of 1818 * our context so a stack variable is ok. 1819 */ 1820 refcount_init(&ucred.cr_ref, 1); 1821 ucred.cr_uid = ip->i_uid; 1822 ucred.cr_ngroups = 1; 1823 ucred.cr_groups = &ucred_group; 1824 ucred.cr_groups[0] = dp->i_gid; 1825 ucp = &ucred; 1826 } 1827#endif 1828 } else { 1829 ip->i_uid = cnp->cn_cred->cr_uid; 1830 DIP_SET(ip, i_uid, ip->i_uid); 1831 } 1832#ifdef QUOTA 1833 if ((error = getinoquota(ip)) || 1834 (error = chkiq(ip, 1, ucp, 0))) { 1835 if (DOINGSOFTDEP(tvp)) 1836 softdep_revert_link(dp, ip); 1837 UFS_VFREE(tvp, ip->i_number, dmode); 1838 vput(tvp); 1839 return (error); 1840 } 1841#endif 1842 } 1843#else /* !SUIDDIR */ 1844 ip->i_uid = cnp->cn_cred->cr_uid; 1845 DIP_SET(ip, i_uid, ip->i_uid); 1846#ifdef QUOTA 1847 if ((error = getinoquota(ip)) || 1848 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1849 if (DOINGSOFTDEP(tvp)) 1850 softdep_revert_link(dp, ip); 1851 UFS_VFREE(tvp, ip->i_number, dmode); 1852 vput(tvp); 1853 return (error); 1854 } 1855#endif 1856#endif /* !SUIDDIR */ 1857 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1858 ip->i_mode = dmode; 1859 DIP_SET(ip, i_mode, dmode); 1860 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1861 ip->i_effnlink = 2; 1862 ip->i_nlink = 2; 1863 DIP_SET(ip, i_nlink, 2); 1864 1865 if (cnp->cn_flags & ISWHITEOUT) { 1866 ip->i_flags |= UF_OPAQUE; 1867 DIP_SET(ip, i_flags, ip->i_flags); 1868 } 1869 1870 /* 1871 * Bump link count in parent directory to reflect work done below. 1872 * Should be done before reference is created so cleanup is 1873 * possible if we crash. 1874 */ 1875 dp->i_effnlink++; 1876 dp->i_nlink++; 1877 DIP_SET(dp, i_nlink, dp->i_nlink); 1878 dp->i_flag |= IN_CHANGE; 1879 if (DOINGSOFTDEP(dvp)) 1880 softdep_setup_mkdir(dp, ip); 1881 error = UFS_UPDATE(dvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1882 if (error) 1883 goto bad; 1884#ifdef MAC 1885 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1886 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1887 dvp, tvp, cnp); 1888 if (error) 1889 goto bad; 1890 } 1891#endif 1892#ifdef UFS_ACL 1893 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 1894 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 1895 cnp->cn_cred, cnp->cn_thread); 1896 if (error) 1897 goto bad; 1898 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 1899 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 1900 cnp->cn_cred, cnp->cn_thread); 1901 if (error) 1902 goto bad; 1903 } 1904#endif /* !UFS_ACL */ 1905 1906 /* 1907 * Initialize directory with "." and ".." from static template. 1908 */ 1909 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1910 dtp = &mastertemplate; 1911 else 1912 dtp = (struct dirtemplate *)&omastertemplate; 1913 dirtemplate = *dtp; 1914 dirtemplate.dot_ino = ip->i_number; 1915 dirtemplate.dotdot_ino = dp->i_number; 1916 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1917 BA_CLRBUF, &bp)) != 0) 1918 goto bad; 1919 ip->i_size = DIRBLKSIZ; 1920 DIP_SET(ip, i_size, DIRBLKSIZ); 1921 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1922 vnode_pager_setsize(tvp, (u_long)ip->i_size); 1923 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1924 if (DOINGSOFTDEP(tvp)) { 1925 /* 1926 * Ensure that the entire newly allocated block is a 1927 * valid directory so that future growth within the 1928 * block does not have to ensure that the block is 1929 * written before the inode. 1930 */ 1931 blkoff = DIRBLKSIZ; 1932 while (blkoff < bp->b_bcount) { 1933 ((struct direct *) 1934 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1935 blkoff += DIRBLKSIZ; 1936 } 1937 } 1938 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1939 DOINGASYNC(tvp)))) != 0) { 1940 (void)bwrite(bp); 1941 goto bad; 1942 } 1943 /* 1944 * Directory set up, now install its entry in the parent directory. 1945 * 1946 * If we are not doing soft dependencies, then we must write out the 1947 * buffer containing the new directory body before entering the new 1948 * name in the parent. If we are doing soft dependencies, then the 1949 * buffer containing the new directory body will be passed to and 1950 * released in the soft dependency code after the code has attached 1951 * an appropriate ordering dependency to the buffer which ensures that 1952 * the buffer is written before the new name is written in the parent. 1953 */ 1954 if (DOINGASYNC(dvp)) 1955 bdwrite(bp); 1956 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1957 goto bad; 1958 ufs_makedirentry(ip, cnp, &newdir); 1959 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 1960 1961bad: 1962 if (error == 0) { 1963 *ap->a_vpp = tvp; 1964 } else { 1965 dp->i_effnlink--; 1966 dp->i_nlink--; 1967 DIP_SET(dp, i_nlink, dp->i_nlink); 1968 dp->i_flag |= IN_CHANGE; 1969 /* 1970 * No need to do an explicit VOP_TRUNCATE here, vrele will 1971 * do this for us because we set the link count to 0. 1972 */ 1973 ip->i_effnlink = 0; 1974 ip->i_nlink = 0; 1975 DIP_SET(ip, i_nlink, 0); 1976 ip->i_flag |= IN_CHANGE; 1977 if (DOINGSOFTDEP(tvp)) 1978 softdep_revert_mkdir(dp, ip); 1979 1980 vput(tvp); 1981 } 1982out: 1983 return (error); 1984} 1985 1986/* 1987 * Rmdir system call. 1988 */ 1989static int 1990ufs_rmdir(ap) 1991 struct vop_rmdir_args /* { 1992 struct vnode *a_dvp; 1993 struct vnode *a_vp; 1994 struct componentname *a_cnp; 1995 } */ *ap; 1996{ 1997 struct vnode *vp = ap->a_vp; 1998 struct vnode *dvp = ap->a_dvp; 1999 struct componentname *cnp = ap->a_cnp; 2000 struct inode *ip, *dp; 2001 int error; 2002 2003 ip = VTOI(vp); 2004 dp = VTOI(dvp); 2005 2006 /* 2007 * Do not remove a directory that is in the process of being renamed. 2008 * Verify the directory is empty (and valid). Rmdir ".." will not be 2009 * valid since ".." will contain a reference to the current directory 2010 * and thus be non-empty. Do not allow the removal of mounted on 2011 * directories (this can happen when an NFS exported filesystem 2012 * tries to remove a locally mounted on directory). 2013 */ 2014 error = 0; 2015 if (ip->i_effnlink < 2) { 2016 error = EINVAL; 2017 goto out; 2018 } 2019 if (dp->i_effnlink < 3) 2020 panic("ufs_dirrem: Bad link count %d on parent", 2021 dp->i_effnlink); 2022 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2023 error = ENOTEMPTY; 2024 goto out; 2025 } 2026 if ((dp->i_flags & APPEND) 2027 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2028 error = EPERM; 2029 goto out; 2030 } 2031 if (vp->v_mountedhere != 0) { 2032 error = EINVAL; 2033 goto out; 2034 } 2035#ifdef UFS_GJOURNAL 2036 ufs_gjournal_orphan(vp); 2037#endif 2038 /* 2039 * Delete reference to directory before purging 2040 * inode. If we crash in between, the directory 2041 * will be reattached to lost+found, 2042 */ 2043 dp->i_effnlink--; 2044 ip->i_effnlink--; 2045 if (DOINGSOFTDEP(vp)) 2046 softdep_setup_rmdir(dp, ip); 2047 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2048 if (error) { 2049 dp->i_effnlink++; 2050 ip->i_effnlink++; 2051 if (DOINGSOFTDEP(vp)) 2052 softdep_revert_rmdir(dp, ip); 2053 goto out; 2054 } 2055 cache_purge(dvp); 2056 /* 2057 * The only stuff left in the directory is "." and "..". The "." 2058 * reference is inconsequential since we are quashing it. The soft 2059 * dependency code will arrange to do these operations after 2060 * the parent directory entry has been deleted on disk, so 2061 * when running with that code we avoid doing them now. 2062 */ 2063 if (!DOINGSOFTDEP(vp)) { 2064 dp->i_nlink--; 2065 DIP_SET(dp, i_nlink, dp->i_nlink); 2066 dp->i_flag |= IN_CHANGE; 2067 error = UFS_UPDATE(dvp, 0); 2068 ip->i_nlink--; 2069 DIP_SET(ip, i_nlink, ip->i_nlink); 2070 ip->i_flag |= IN_CHANGE; 2071 } 2072 cache_purge(vp); 2073#ifdef UFS_DIRHASH 2074 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2075 if (ip->i_dirhash != NULL) 2076 ufsdirhash_free(ip); 2077#endif 2078out: 2079 return (error); 2080} 2081 2082/* 2083 * symlink -- make a symbolic link 2084 */ 2085static int 2086ufs_symlink(ap) 2087 struct vop_symlink_args /* { 2088 struct vnode *a_dvp; 2089 struct vnode **a_vpp; 2090 struct componentname *a_cnp; 2091 struct vattr *a_vap; 2092 char *a_target; 2093 } */ *ap; 2094{ 2095 struct vnode *vp, **vpp = ap->a_vpp; 2096 struct inode *ip; 2097 int len, error; 2098 2099 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2100 vpp, ap->a_cnp); 2101 if (error) 2102 return (error); 2103 vp = *vpp; 2104 len = strlen(ap->a_target); 2105 if (len < vp->v_mount->mnt_maxsymlinklen) { 2106 ip = VTOI(vp); 2107 bcopy(ap->a_target, SHORTLINK(ip), len); 2108 ip->i_size = len; 2109 DIP_SET(ip, i_size, len); 2110 ip->i_flag |= IN_CHANGE | IN_UPDATE; 2111 error = UFS_UPDATE(vp, 0); 2112 } else 2113 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 2114 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2115 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2116 if (error) 2117 vput(vp); 2118 return (error); 2119} 2120 2121/* 2122 * Vnode op for reading directories. 2123 */ 2124int 2125ufs_readdir(ap) 2126 struct vop_readdir_args /* { 2127 struct vnode *a_vp; 2128 struct uio *a_uio; 2129 struct ucred *a_cred; 2130 int *a_eofflag; 2131 int *a_ncookies; 2132 u_long **a_cookies; 2133 } */ *ap; 2134{ 2135 struct vnode *vp = ap->a_vp; 2136 struct uio *uio = ap->a_uio; 2137 struct buf *bp; 2138 struct inode *ip; 2139 struct direct *dp, *edp; 2140 u_long *cookies; 2141 struct dirent dstdp; 2142 off_t offset, startoffset; 2143 size_t readcnt, skipcnt; 2144 ssize_t startresid; 2145 int ncookies; 2146 int error; 2147 2148 if (uio->uio_offset < 0) 2149 return (EINVAL); 2150 ip = VTOI(vp); 2151 if (ip->i_effnlink == 0) 2152 return (0); 2153 if (ap->a_ncookies != NULL) { 2154 ncookies = uio->uio_resid; 2155 if (uio->uio_offset >= ip->i_size) 2156 ncookies = 0; 2157 else if (ip->i_size - uio->uio_offset < ncookies) 2158 ncookies = ip->i_size - uio->uio_offset; 2159 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2160 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2161 *ap->a_ncookies = ncookies; 2162 *ap->a_cookies = cookies; 2163 } else { 2164 ncookies = 0; 2165 cookies = NULL; 2166 } 2167 offset = startoffset = uio->uio_offset; 2168 startresid = uio->uio_resid; 2169 error = 0; 2170 while (error == 0 && uio->uio_resid > 0 && 2171 uio->uio_offset < ip->i_size) { 2172 error = ffs_blkatoff(vp, uio->uio_offset, NULL, &bp); 2173 if (error) 2174 break; 2175 if (bp->b_offset + bp->b_bcount > ip->i_size) 2176 readcnt = ip->i_size - bp->b_offset; 2177 else 2178 readcnt = bp->b_bcount; 2179 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2180 ~(size_t)(DIRBLKSIZ - 1); 2181 offset = bp->b_offset + skipcnt; 2182 dp = (struct direct *)&bp->b_data[skipcnt]; 2183 edp = (struct direct *)&bp->b_data[readcnt]; 2184 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2185 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2186 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2187 error = EIO; 2188 break; 2189 } 2190#if BYTE_ORDER == LITTLE_ENDIAN 2191 /* Old filesystem format. */ 2192 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2193 dstdp.d_namlen = dp->d_type; 2194 dstdp.d_type = dp->d_namlen; 2195 } else 2196#endif 2197 { 2198 dstdp.d_namlen = dp->d_namlen; 2199 dstdp.d_type = dp->d_type; 2200 } 2201 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2202 dp->d_reclen) { 2203 error = EIO; 2204 break; 2205 } 2206 if (offset < startoffset || dp->d_ino == 0) 2207 goto nextentry; 2208 dstdp.d_fileno = dp->d_ino; 2209 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2210 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2211 dstdp.d_name[dstdp.d_namlen] = '\0'; 2212 if (dstdp.d_reclen > uio->uio_resid) { 2213 if (uio->uio_resid == startresid) 2214 error = EINVAL; 2215 else 2216 error = EJUSTRETURN; 2217 break; 2218 } 2219 /* Advance dp. */ 2220 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2221 if (error) 2222 break; 2223 if (cookies != NULL) { 2224 KASSERT(ncookies > 0, 2225 ("ufs_readdir: cookies buffer too small")); 2226 *cookies = offset + dp->d_reclen; 2227 cookies++; 2228 ncookies--; 2229 } 2230nextentry: 2231 offset += dp->d_reclen; 2232 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2233 } 2234 bqrelse(bp); 2235 uio->uio_offset = offset; 2236 } 2237 /* We need to correct uio_offset. */ 2238 uio->uio_offset = offset; 2239 if (error == EJUSTRETURN) 2240 error = 0; 2241 if (ap->a_ncookies != NULL) { 2242 if (error == 0) { 2243 ap->a_ncookies -= ncookies; 2244 } else { 2245 free(*ap->a_cookies, M_TEMP); 2246 *ap->a_ncookies = 0; 2247 *ap->a_cookies = NULL; 2248 } 2249 } 2250 if (error == 0 && ap->a_eofflag) 2251 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2252 return (error); 2253} 2254 2255/* 2256 * Return target name of a symbolic link 2257 */ 2258static int 2259ufs_readlink(ap) 2260 struct vop_readlink_args /* { 2261 struct vnode *a_vp; 2262 struct uio *a_uio; 2263 struct ucred *a_cred; 2264 } */ *ap; 2265{ 2266 struct vnode *vp = ap->a_vp; 2267 struct inode *ip = VTOI(vp); 2268 doff_t isize; 2269 2270 isize = ip->i_size; 2271 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2272 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2273 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2274 } 2275 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2276} 2277 2278/* 2279 * Calculate the logical to physical mapping if not done already, 2280 * then call the device strategy routine. 2281 * 2282 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2283 * deadlock on memory. See ufs_bmap() for details. 2284 */ 2285static int 2286ufs_strategy(ap) 2287 struct vop_strategy_args /* { 2288 struct vnode *a_vp; 2289 struct buf *a_bp; 2290 } */ *ap; 2291{ 2292 struct buf *bp = ap->a_bp; 2293 struct vnode *vp = ap->a_vp; 2294 struct bufobj *bo; 2295 struct inode *ip; 2296 ufs2_daddr_t blkno; 2297 int error; 2298 2299 ip = VTOI(vp); 2300 if (bp->b_blkno == bp->b_lblkno) { 2301 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2302 bp->b_blkno = blkno; 2303 if (error) { 2304 bp->b_error = error; 2305 bp->b_ioflags |= BIO_ERROR; 2306 bufdone(bp); 2307 return (0); 2308 } 2309 if ((long)bp->b_blkno == -1) 2310 vfs_bio_clrbuf(bp); 2311 } 2312 if ((long)bp->b_blkno == -1) { 2313 bufdone(bp); 2314 return (0); 2315 } 2316 bp->b_iooffset = dbtob(bp->b_blkno); 2317 bo = ip->i_umbufobj; 2318 BO_STRATEGY(bo, bp); 2319 return (0); 2320} 2321 2322/* 2323 * Print out the contents of an inode. 2324 */ 2325static int 2326ufs_print(ap) 2327 struct vop_print_args /* { 2328 struct vnode *a_vp; 2329 } */ *ap; 2330{ 2331 struct vnode *vp = ap->a_vp; 2332 struct inode *ip = VTOI(vp); 2333 2334 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2335 devtoname(ip->i_dev)); 2336 if (vp->v_type == VFIFO) 2337 fifo_printinfo(vp); 2338 printf("\n"); 2339 return (0); 2340} 2341 2342/* 2343 * Close wrapper for fifos. 2344 * 2345 * Update the times on the inode then do device close. 2346 */ 2347static int 2348ufsfifo_close(ap) 2349 struct vop_close_args /* { 2350 struct vnode *a_vp; 2351 int a_fflag; 2352 struct ucred *a_cred; 2353 struct thread *a_td; 2354 } */ *ap; 2355{ 2356 struct vnode *vp = ap->a_vp; 2357 int usecount; 2358 2359 VI_LOCK(vp); 2360 usecount = vp->v_usecount; 2361 if (usecount > 1) 2362 ufs_itimes_locked(vp); 2363 VI_UNLOCK(vp); 2364 return (fifo_specops.vop_close(ap)); 2365} 2366 2367/* 2368 * Kqfilter wrapper for fifos. 2369 * 2370 * Fall through to ufs kqfilter routines if needed 2371 */ 2372static int 2373ufsfifo_kqfilter(ap) 2374 struct vop_kqfilter_args *ap; 2375{ 2376 int error; 2377 2378 error = fifo_specops.vop_kqfilter(ap); 2379 if (error) 2380 error = vfs_kqfilter(ap); 2381 return (error); 2382} 2383 2384/* 2385 * Return POSIX pathconf information applicable to fifos. 2386 */ 2387static int 2388ufsfifo_pathconf(ap) 2389 struct vop_pathconf_args /* { 2390 struct vnode *a_vp; 2391 int a_name; 2392 int *a_retval; 2393 } */ *ap; 2394{ 2395 2396 switch (ap->a_name) { 2397 case _PC_ACL_EXTENDED: 2398 case _PC_ACL_NFS4: 2399 case _PC_ACL_PATH_MAX: 2400 case _PC_MAC_PRESENT: 2401 return (ufs_pathconf(ap)); 2402 default: 2403 return (fifo_specops.vop_pathconf(ap)); 2404 } 2405 /* NOTREACHED */ 2406} 2407 2408/* 2409 * Return POSIX pathconf information applicable to ufs filesystems. 2410 */ 2411static int 2412ufs_pathconf(ap) 2413 struct vop_pathconf_args /* { 2414 struct vnode *a_vp; 2415 int a_name; 2416 int *a_retval; 2417 } */ *ap; 2418{ 2419 int error; 2420 2421 error = 0; 2422 switch (ap->a_name) { 2423 case _PC_LINK_MAX: 2424 *ap->a_retval = LINK_MAX; 2425 break; 2426 case _PC_NAME_MAX: 2427 *ap->a_retval = NAME_MAX; 2428 break; 2429 case _PC_PATH_MAX: 2430 *ap->a_retval = PATH_MAX; 2431 break; 2432 case _PC_PIPE_BUF: 2433 *ap->a_retval = PIPE_BUF; 2434 break; 2435 case _PC_CHOWN_RESTRICTED: 2436 *ap->a_retval = 1; 2437 break; 2438 case _PC_NO_TRUNC: 2439 *ap->a_retval = 1; 2440 break; 2441 case _PC_ACL_EXTENDED: 2442#ifdef UFS_ACL 2443 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2444 *ap->a_retval = 1; 2445 else 2446 *ap->a_retval = 0; 2447#else 2448 *ap->a_retval = 0; 2449#endif 2450 break; 2451 2452 case _PC_ACL_NFS4: 2453#ifdef UFS_ACL 2454 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2455 *ap->a_retval = 1; 2456 else 2457 *ap->a_retval = 0; 2458#else 2459 *ap->a_retval = 0; 2460#endif 2461 break; 2462 2463 case _PC_ACL_PATH_MAX: 2464#ifdef UFS_ACL 2465 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2466 *ap->a_retval = ACL_MAX_ENTRIES; 2467 else 2468 *ap->a_retval = 3; 2469#else 2470 *ap->a_retval = 3; 2471#endif 2472 break; 2473 case _PC_MAC_PRESENT: 2474#ifdef MAC 2475 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2476 *ap->a_retval = 1; 2477 else 2478 *ap->a_retval = 0; 2479#else 2480 *ap->a_retval = 0; 2481#endif 2482 break; 2483 case _PC_MIN_HOLE_SIZE: 2484 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2485 break; 2486 case _PC_ASYNC_IO: 2487 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2488 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2489 error = EINVAL; 2490 break; 2491 case _PC_PRIO_IO: 2492 *ap->a_retval = 0; 2493 break; 2494 case _PC_SYNC_IO: 2495 *ap->a_retval = 0; 2496 break; 2497 case _PC_ALLOC_SIZE_MIN: 2498 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2499 break; 2500 case _PC_FILESIZEBITS: 2501 *ap->a_retval = 64; 2502 break; 2503 case _PC_REC_INCR_XFER_SIZE: 2504 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2505 break; 2506 case _PC_REC_MAX_XFER_SIZE: 2507 *ap->a_retval = -1; /* means ``unlimited'' */ 2508 break; 2509 case _PC_REC_MIN_XFER_SIZE: 2510 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2511 break; 2512 case _PC_REC_XFER_ALIGN: 2513 *ap->a_retval = PAGE_SIZE; 2514 break; 2515 case _PC_SYMLINK_MAX: 2516 *ap->a_retval = MAXPATHLEN; 2517 break; 2518 2519 default: 2520 error = EINVAL; 2521 break; 2522 } 2523 return (error); 2524} 2525 2526/* 2527 * Initialize the vnode associated with a new inode, handle aliased 2528 * vnodes. 2529 */ 2530int 2531ufs_vinit(mntp, fifoops, vpp) 2532 struct mount *mntp; 2533 struct vop_vector *fifoops; 2534 struct vnode **vpp; 2535{ 2536 struct inode *ip; 2537 struct vnode *vp; 2538 2539 vp = *vpp; 2540 ip = VTOI(vp); 2541 vp->v_type = IFTOVT(ip->i_mode); 2542 if (vp->v_type == VFIFO) 2543 vp->v_op = fifoops; 2544 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2545 if (ip->i_number == ROOTINO) 2546 vp->v_vflag |= VV_ROOT; 2547 *vpp = vp; 2548 return (0); 2549} 2550 2551/* 2552 * Allocate a new inode. 2553 * Vnode dvp must be locked. 2554 */ 2555static int 2556ufs_makeinode(mode, dvp, vpp, cnp) 2557 int mode; 2558 struct vnode *dvp; 2559 struct vnode **vpp; 2560 struct componentname *cnp; 2561{ 2562 struct inode *ip, *pdir; 2563 struct direct newdir; 2564 struct vnode *tvp; 2565 int error; 2566 2567 pdir = VTOI(dvp); 2568#ifdef INVARIANTS 2569 if ((cnp->cn_flags & HASBUF) == 0) 2570 panic("ufs_makeinode: no name"); 2571#endif 2572 *vpp = NULL; 2573 if ((mode & IFMT) == 0) 2574 mode |= IFREG; 2575 2576 if (VTOI(dvp)->i_effnlink < 2) 2577 panic("ufs_makeinode: Bad link count %d on parent", 2578 VTOI(dvp)->i_effnlink); 2579 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2580 if (error) 2581 return (error); 2582 ip = VTOI(tvp); 2583 ip->i_gid = pdir->i_gid; 2584 DIP_SET(ip, i_gid, pdir->i_gid); 2585#ifdef SUIDDIR 2586 { 2587#ifdef QUOTA 2588 struct ucred ucred, *ucp; 2589 gid_t ucred_group; 2590 ucp = cnp->cn_cred; 2591#endif 2592 /* 2593 * If we are not the owner of the directory, 2594 * and we are hacking owners here, (only do this where told to) 2595 * and we are not giving it TO root, (would subvert quotas) 2596 * then go ahead and give it to the other user. 2597 * Note that this drops off the execute bits for security. 2598 */ 2599 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2600 (pdir->i_mode & ISUID) && 2601 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2602 ip->i_uid = pdir->i_uid; 2603 DIP_SET(ip, i_uid, ip->i_uid); 2604 mode &= ~07111; 2605#ifdef QUOTA 2606 /* 2607 * Make sure the correct user gets charged 2608 * for the space. 2609 * Quickly knock up a dummy credential for the victim. 2610 * XXX This seems to never be accessed out of our 2611 * context so a stack variable is ok. 2612 */ 2613 refcount_init(&ucred.cr_ref, 1); 2614 ucred.cr_uid = ip->i_uid; 2615 ucred.cr_ngroups = 1; 2616 ucred.cr_groups = &ucred_group; 2617 ucred.cr_groups[0] = pdir->i_gid; 2618 ucp = &ucred; 2619#endif 2620 } else { 2621 ip->i_uid = cnp->cn_cred->cr_uid; 2622 DIP_SET(ip, i_uid, ip->i_uid); 2623 } 2624 2625#ifdef QUOTA 2626 if ((error = getinoquota(ip)) || 2627 (error = chkiq(ip, 1, ucp, 0))) { 2628 if (DOINGSOFTDEP(tvp)) 2629 softdep_revert_link(pdir, ip); 2630 UFS_VFREE(tvp, ip->i_number, mode); 2631 vput(tvp); 2632 return (error); 2633 } 2634#endif 2635 } 2636#else /* !SUIDDIR */ 2637 ip->i_uid = cnp->cn_cred->cr_uid; 2638 DIP_SET(ip, i_uid, ip->i_uid); 2639#ifdef QUOTA 2640 if ((error = getinoquota(ip)) || 2641 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2642 if (DOINGSOFTDEP(tvp)) 2643 softdep_revert_link(pdir, ip); 2644 UFS_VFREE(tvp, ip->i_number, mode); 2645 vput(tvp); 2646 return (error); 2647 } 2648#endif 2649#endif /* !SUIDDIR */ 2650 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2651 ip->i_mode = mode; 2652 DIP_SET(ip, i_mode, mode); 2653 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2654 ip->i_effnlink = 1; 2655 ip->i_nlink = 1; 2656 DIP_SET(ip, i_nlink, 1); 2657 if (DOINGSOFTDEP(tvp)) 2658 softdep_setup_create(VTOI(dvp), ip); 2659 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2660 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { 2661 ip->i_mode &= ~ISGID; 2662 DIP_SET(ip, i_mode, ip->i_mode); 2663 } 2664 2665 if (cnp->cn_flags & ISWHITEOUT) { 2666 ip->i_flags |= UF_OPAQUE; 2667 DIP_SET(ip, i_flags, ip->i_flags); 2668 } 2669 2670 /* 2671 * Make sure inode goes to disk before directory entry. 2672 */ 2673 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2674 if (error) 2675 goto bad; 2676#ifdef MAC 2677 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2678 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2679 dvp, tvp, cnp); 2680 if (error) 2681 goto bad; 2682 } 2683#endif 2684#ifdef UFS_ACL 2685 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2686 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2687 cnp->cn_cred, cnp->cn_thread); 2688 if (error) 2689 goto bad; 2690 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2691 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2692 cnp->cn_cred, cnp->cn_thread); 2693 if (error) 2694 goto bad; 2695 } 2696#endif /* !UFS_ACL */ 2697 ufs_makedirentry(ip, cnp, &newdir); 2698 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2699 if (error) 2700 goto bad; 2701 *vpp = tvp; 2702 return (0); 2703 2704bad: 2705 /* 2706 * Write error occurred trying to update the inode 2707 * or the directory so must deallocate the inode. 2708 */ 2709 ip->i_effnlink = 0; 2710 ip->i_nlink = 0; 2711 DIP_SET(ip, i_nlink, 0); 2712 ip->i_flag |= IN_CHANGE; 2713 if (DOINGSOFTDEP(tvp)) 2714 softdep_revert_create(VTOI(dvp), ip); 2715 vput(tvp); 2716 return (error); 2717} 2718 2719static int 2720ufs_ioctl(struct vop_ioctl_args *ap) 2721{ 2722 2723 switch (ap->a_command) { 2724 case FIOSEEKDATA: 2725 case FIOSEEKHOLE: 2726 return (vn_bmap_seekhole(ap->a_vp, ap->a_command, 2727 (off_t *)ap->a_data, ap->a_cred)); 2728 default: 2729 return (ENOTTY); 2730 } 2731} 2732 2733/* Global vfs data structures for ufs. */ 2734struct vop_vector ufs_vnodeops = { 2735 .vop_default = &default_vnodeops, 2736 .vop_fsync = VOP_PANIC, 2737 .vop_read = VOP_PANIC, 2738 .vop_reallocblks = VOP_PANIC, 2739 .vop_write = VOP_PANIC, 2740 .vop_accessx = ufs_accessx, 2741 .vop_bmap = ufs_bmap, 2742 .vop_cachedlookup = ufs_lookup, 2743 .vop_close = ufs_close, 2744 .vop_create = ufs_create, 2745 .vop_getattr = ufs_getattr, 2746 .vop_inactive = ufs_inactive, 2747 .vop_ioctl = ufs_ioctl, 2748 .vop_link = ufs_link, 2749 .vop_lookup = vfs_cache_lookup, 2750 .vop_markatime = ufs_markatime, 2751 .vop_mkdir = ufs_mkdir, 2752 .vop_mknod = ufs_mknod, 2753 .vop_open = ufs_open, 2754 .vop_pathconf = ufs_pathconf, 2755 .vop_poll = vop_stdpoll, 2756 .vop_print = ufs_print, 2757 .vop_readdir = ufs_readdir, 2758 .vop_readlink = ufs_readlink, 2759 .vop_reclaim = ufs_reclaim, 2760 .vop_remove = ufs_remove, 2761 .vop_rename = ufs_rename, 2762 .vop_rmdir = ufs_rmdir, 2763 .vop_setattr = ufs_setattr, 2764#ifdef MAC 2765 .vop_setlabel = vop_stdsetlabel_ea, 2766#endif 2767 .vop_strategy = ufs_strategy, 2768 .vop_symlink = ufs_symlink, 2769 .vop_whiteout = ufs_whiteout, 2770#ifdef UFS_EXTATTR 2771 .vop_getextattr = ufs_getextattr, 2772 .vop_deleteextattr = ufs_deleteextattr, 2773 .vop_setextattr = ufs_setextattr, 2774#endif 2775#ifdef UFS_ACL 2776 .vop_getacl = ufs_getacl, 2777 .vop_setacl = ufs_setacl, 2778 .vop_aclcheck = ufs_aclcheck, 2779#endif 2780}; 2781 2782struct vop_vector ufs_fifoops = { 2783 .vop_default = &fifo_specops, 2784 .vop_fsync = VOP_PANIC, 2785 .vop_accessx = ufs_accessx, 2786 .vop_close = ufsfifo_close, 2787 .vop_getattr = ufs_getattr, 2788 .vop_inactive = ufs_inactive, 2789 .vop_kqfilter = ufsfifo_kqfilter, 2790 .vop_markatime = ufs_markatime, 2791 .vop_pathconf = ufsfifo_pathconf, 2792 .vop_print = ufs_print, 2793 .vop_read = VOP_PANIC, 2794 .vop_reclaim = ufs_reclaim, 2795 .vop_setattr = ufs_setattr, 2796#ifdef MAC 2797 .vop_setlabel = vop_stdsetlabel_ea, 2798#endif 2799 .vop_write = VOP_PANIC, 2800#ifdef UFS_EXTATTR 2801 .vop_getextattr = ufs_getextattr, 2802 .vop_deleteextattr = ufs_deleteextattr, 2803 .vop_setextattr = ufs_setextattr, 2804#endif 2805#ifdef UFS_ACL 2806 .vop_getacl = ufs_getacl, 2807 .vop_setacl = ufs_setacl, 2808 .vop_aclcheck = ufs_aclcheck, 2809#endif 2810}; 2811