ufs_vnops.c revision 332750
1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 35 */ 36 37#include <sys/cdefs.h> 38__FBSDID("$FreeBSD: stable/10/sys/ufs/ufs/ufs_vnops.c 332750 2018-04-19 02:50:15Z pfg $"); 39 40#include "opt_quota.h" 41#include "opt_suiddir.h" 42#include "opt_ufs.h" 43#include "opt_ffs.h" 44 45#include <sys/param.h> 46#include <sys/systm.h> 47#include <sys/malloc.h> 48#include <sys/namei.h> 49#include <sys/kernel.h> 50#include <sys/fcntl.h> 51#include <sys/filio.h> 52#include <sys/stat.h> 53#include <sys/bio.h> 54#include <sys/buf.h> 55#include <sys/mount.h> 56#include <sys/priv.h> 57#include <sys/refcount.h> 58#include <sys/unistd.h> 59#include <sys/vnode.h> 60#include <sys/dirent.h> 61#include <sys/lockf.h> 62#include <sys/conf.h> 63#include <sys/acl.h> 64 65#include <security/mac/mac_framework.h> 66 67#include <sys/file.h> /* XXX */ 68 69#include <vm/vm.h> 70#include <vm/vm_extern.h> 71 72#include <ufs/ufs/acl.h> 73#include <ufs/ufs/extattr.h> 74#include <ufs/ufs/quota.h> 75#include <ufs/ufs/inode.h> 76#include <ufs/ufs/dir.h> 77#include <ufs/ufs/ufsmount.h> 78#include <ufs/ufs/ufs_extern.h> 79#ifdef UFS_DIRHASH 80#include <ufs/ufs/dirhash.h> 81#endif 82#ifdef UFS_GJOURNAL 83#include <ufs/ufs/gjournal.h> 84FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS"); 85#endif 86 87#ifdef QUOTA 88FEATURE(ufs_quota, "UFS disk quotas support"); 89FEATURE(ufs_quota64, "64bit UFS disk quotas support"); 90#endif 91 92#ifdef SUIDDIR 93FEATURE(suiddir, 94 "Give all new files in directory the same ownership as the directory"); 95#endif 96 97 98#include <ufs/ffs/ffs_extern.h> 99 100static vop_accessx_t ufs_accessx; 101static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *); 102static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *); 103static vop_close_t ufs_close; 104static vop_create_t ufs_create; 105static vop_getattr_t ufs_getattr; 106static vop_ioctl_t ufs_ioctl; 107static vop_link_t ufs_link; 108static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *); 109static vop_markatime_t ufs_markatime; 110static vop_mkdir_t ufs_mkdir; 111static vop_mknod_t ufs_mknod; 112static vop_open_t ufs_open; 113static vop_pathconf_t ufs_pathconf; 114static vop_print_t ufs_print; 115static vop_readlink_t ufs_readlink; 116static vop_remove_t ufs_remove; 117static vop_rename_t ufs_rename; 118static vop_rmdir_t ufs_rmdir; 119static vop_setattr_t ufs_setattr; 120static vop_strategy_t ufs_strategy; 121static vop_symlink_t ufs_symlink; 122static vop_whiteout_t ufs_whiteout; 123static vop_close_t ufsfifo_close; 124static vop_kqfilter_t ufsfifo_kqfilter; 125static vop_pathconf_t ufsfifo_pathconf; 126 127SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD, 0, "UFS filesystem"); 128 129/* 130 * A virgin directory (no blushing please). 131 */ 132static struct dirtemplate mastertemplate = { 133 0, 12, DT_DIR, 1, ".", 134 0, DIRBLKSIZ - 12, DT_DIR, 2, ".." 135}; 136static struct odirtemplate omastertemplate = { 137 0, 12, 1, ".", 138 0, DIRBLKSIZ - 12, 2, ".." 139}; 140 141static void 142ufs_itimes_locked(struct vnode *vp) 143{ 144 struct inode *ip; 145 struct timespec ts; 146 147 ASSERT_VI_LOCKED(vp, __func__); 148 149 ip = VTOI(vp); 150 if (UFS_RDONLY(ip)) 151 goto out; 152 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0) 153 return; 154 155 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp)) 156 ip->i_flag |= IN_LAZYMOD; 157 else if (((vp->v_mount->mnt_kern_flag & 158 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) || 159 (ip->i_flag & (IN_CHANGE | IN_UPDATE))) 160 ip->i_flag |= IN_MODIFIED; 161 else if (ip->i_flag & IN_ACCESS) 162 ip->i_flag |= IN_LAZYACCESS; 163 vfs_timestamp(&ts); 164 if (ip->i_flag & IN_ACCESS) { 165 DIP_SET(ip, i_atime, ts.tv_sec); 166 DIP_SET(ip, i_atimensec, ts.tv_nsec); 167 } 168 if (ip->i_flag & IN_UPDATE) { 169 DIP_SET(ip, i_mtime, ts.tv_sec); 170 DIP_SET(ip, i_mtimensec, ts.tv_nsec); 171 } 172 if (ip->i_flag & IN_CHANGE) { 173 DIP_SET(ip, i_ctime, ts.tv_sec); 174 DIP_SET(ip, i_ctimensec, ts.tv_nsec); 175 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1); 176 } 177 178 out: 179 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE); 180} 181 182void 183ufs_itimes(struct vnode *vp) 184{ 185 186 VI_LOCK(vp); 187 ufs_itimes_locked(vp); 188 VI_UNLOCK(vp); 189} 190 191/* 192 * Create a regular file 193 */ 194static int 195ufs_create(ap) 196 struct vop_create_args /* { 197 struct vnode *a_dvp; 198 struct vnode **a_vpp; 199 struct componentname *a_cnp; 200 struct vattr *a_vap; 201 } */ *ap; 202{ 203 int error; 204 205 error = 206 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), 207 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create"); 208 if (error != 0) 209 return (error); 210 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0) 211 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp); 212 return (0); 213} 214 215/* 216 * Mknod vnode call 217 */ 218/* ARGSUSED */ 219static int 220ufs_mknod(ap) 221 struct vop_mknod_args /* { 222 struct vnode *a_dvp; 223 struct vnode **a_vpp; 224 struct componentname *a_cnp; 225 struct vattr *a_vap; 226 } */ *ap; 227{ 228 struct vattr *vap = ap->a_vap; 229 struct vnode **vpp = ap->a_vpp; 230 struct inode *ip; 231 ino_t ino; 232 int error; 233 234 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode), 235 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod"); 236 if (error) 237 return (error); 238 ip = VTOI(*vpp); 239 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 240 if (vap->va_rdev != VNOVAL) { 241 /* 242 * Want to be able to use this to make badblock 243 * inodes, so don't truncate the dev number. 244 */ 245 DIP_SET(ip, i_rdev, vap->va_rdev); 246 } 247 /* 248 * Remove inode, then reload it through VFS_VGET so it is 249 * checked to see if it is an alias of an existing entry in 250 * the inode cache. XXX I don't believe this is necessary now. 251 */ 252 (*vpp)->v_type = VNON; 253 ino = ip->i_number; /* Save this before vgone() invalidates ip. */ 254 vgone(*vpp); 255 vput(*vpp); 256 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp); 257 if (error) { 258 *vpp = NULL; 259 return (error); 260 } 261 return (0); 262} 263 264/* 265 * Open called. 266 */ 267/* ARGSUSED */ 268static int 269ufs_open(struct vop_open_args *ap) 270{ 271 struct vnode *vp = ap->a_vp; 272 struct inode *ip; 273 274 if (vp->v_type == VCHR || vp->v_type == VBLK) 275 return (EOPNOTSUPP); 276 277 ip = VTOI(vp); 278 /* 279 * Files marked append-only must be opened for appending. 280 */ 281 if ((ip->i_flags & APPEND) && 282 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE) 283 return (EPERM); 284 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td); 285 return (0); 286} 287 288/* 289 * Close called. 290 * 291 * Update the times on the inode. 292 */ 293/* ARGSUSED */ 294static int 295ufs_close(ap) 296 struct vop_close_args /* { 297 struct vnode *a_vp; 298 int a_fflag; 299 struct ucred *a_cred; 300 struct thread *a_td; 301 } */ *ap; 302{ 303 struct vnode *vp = ap->a_vp; 304 int usecount; 305 306 VI_LOCK(vp); 307 usecount = vp->v_usecount; 308 if (usecount > 1) 309 ufs_itimes_locked(vp); 310 VI_UNLOCK(vp); 311 return (0); 312} 313 314static int 315ufs_accessx(ap) 316 struct vop_accessx_args /* { 317 struct vnode *a_vp; 318 accmode_t a_accmode; 319 struct ucred *a_cred; 320 struct thread *a_td; 321 } */ *ap; 322{ 323 struct vnode *vp = ap->a_vp; 324 struct inode *ip = VTOI(vp); 325 accmode_t accmode = ap->a_accmode; 326 int error; 327#ifdef QUOTA 328 int relocked; 329#endif 330#ifdef UFS_ACL 331 struct acl *acl; 332 acl_type_t type; 333#endif 334 335 /* 336 * Disallow write attempts on read-only filesystems; 337 * unless the file is a socket, fifo, or a block or 338 * character device resident on the filesystem. 339 */ 340 if (accmode & VMODIFY_PERMS) { 341 switch (vp->v_type) { 342 case VDIR: 343 case VLNK: 344 case VREG: 345 if (vp->v_mount->mnt_flag & MNT_RDONLY) 346 return (EROFS); 347#ifdef QUOTA 348 /* 349 * Inode is accounted in the quotas only if struct 350 * dquot is attached to it. VOP_ACCESS() is called 351 * from vn_open_cred() and provides a convenient 352 * point to call getinoquota(). 353 */ 354 if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) { 355 356 /* 357 * Upgrade vnode lock, since getinoquota() 358 * requires exclusive lock to modify inode. 359 */ 360 relocked = 1; 361 vhold(vp); 362 vn_lock(vp, LK_UPGRADE | LK_RETRY); 363 VI_LOCK(vp); 364 if (vp->v_iflag & VI_DOOMED) { 365 vdropl(vp); 366 error = ENOENT; 367 goto relock; 368 } 369 vdropl(vp); 370 } else 371 relocked = 0; 372 error = getinoquota(ip); 373relock: 374 if (relocked) 375 vn_lock(vp, LK_DOWNGRADE | LK_RETRY); 376 if (error != 0) 377 return (error); 378#endif 379 break; 380 default: 381 break; 382 } 383 } 384 385 /* 386 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS" 387 * is here, because without it, * it would be impossible for the owner 388 * to remove the IMMUTABLE flag. 389 */ 390 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) && 391 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) 392 return (EPERM); 393 394#ifdef UFS_ACL 395 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) { 396 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS) 397 type = ACL_TYPE_NFS4; 398 else 399 type = ACL_TYPE_ACCESS; 400 401 acl = acl_alloc(M_WAITOK); 402 if (type == ACL_TYPE_NFS4) 403 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td); 404 else 405 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td); 406 switch (error) { 407 case 0: 408 if (type == ACL_TYPE_NFS4) { 409 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid, 410 ip->i_gid, acl, accmode, ap->a_cred, NULL); 411 } else { 412 error = vfs_unixify_accmode(&accmode); 413 if (error == 0) 414 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, 415 ip->i_gid, acl, accmode, ap->a_cred, NULL); 416 } 417 break; 418 default: 419 if (error != EOPNOTSUPP) 420 printf( 421"ufs_accessx(): Error retrieving ACL on object (%d).\n", 422 error); 423 /* 424 * XXX: Fall back until debugged. Should 425 * eventually possibly log an error, and return 426 * EPERM for safety. 427 */ 428 error = vfs_unixify_accmode(&accmode); 429 if (error == 0) 430 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, 431 ip->i_gid, accmode, ap->a_cred, NULL); 432 } 433 acl_free(acl); 434 435 return (error); 436 } 437#endif /* !UFS_ACL */ 438 error = vfs_unixify_accmode(&accmode); 439 if (error == 0) 440 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, 441 accmode, ap->a_cred, NULL); 442 return (error); 443} 444 445/* ARGSUSED */ 446static int 447ufs_getattr(ap) 448 struct vop_getattr_args /* { 449 struct vnode *a_vp; 450 struct vattr *a_vap; 451 struct ucred *a_cred; 452 } */ *ap; 453{ 454 struct vnode *vp = ap->a_vp; 455 struct inode *ip = VTOI(vp); 456 struct vattr *vap = ap->a_vap; 457 458 VI_LOCK(vp); 459 ufs_itimes_locked(vp); 460 if (ip->i_ump->um_fstype == UFS1) { 461 vap->va_atime.tv_sec = ip->i_din1->di_atime; 462 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec; 463 } else { 464 vap->va_atime.tv_sec = ip->i_din2->di_atime; 465 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec; 466 } 467 VI_UNLOCK(vp); 468 /* 469 * Copy from inode table 470 */ 471 vap->va_fsid = dev2udev(ip->i_dev); 472 vap->va_fileid = ip->i_number; 473 vap->va_mode = ip->i_mode & ~IFMT; 474 vap->va_nlink = ip->i_effnlink; 475 vap->va_uid = ip->i_uid; 476 vap->va_gid = ip->i_gid; 477 if (ip->i_ump->um_fstype == UFS1) { 478 vap->va_rdev = ip->i_din1->di_rdev; 479 vap->va_size = ip->i_din1->di_size; 480 vap->va_mtime.tv_sec = ip->i_din1->di_mtime; 481 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec; 482 vap->va_ctime.tv_sec = ip->i_din1->di_ctime; 483 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec; 484 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks); 485 vap->va_filerev = ip->i_din1->di_modrev; 486 } else { 487 vap->va_rdev = ip->i_din2->di_rdev; 488 vap->va_size = ip->i_din2->di_size; 489 vap->va_mtime.tv_sec = ip->i_din2->di_mtime; 490 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec; 491 vap->va_ctime.tv_sec = ip->i_din2->di_ctime; 492 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec; 493 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime; 494 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec; 495 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks); 496 vap->va_filerev = ip->i_din2->di_modrev; 497 } 498 vap->va_flags = ip->i_flags; 499 vap->va_gen = ip->i_gen; 500 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize; 501 vap->va_type = IFTOVT(ip->i_mode); 502 return (0); 503} 504 505/* 506 * Set attribute vnode op. called from several syscalls 507 */ 508static int 509ufs_setattr(ap) 510 struct vop_setattr_args /* { 511 struct vnode *a_vp; 512 struct vattr *a_vap; 513 struct ucred *a_cred; 514 } */ *ap; 515{ 516 struct vattr *vap = ap->a_vap; 517 struct vnode *vp = ap->a_vp; 518 struct inode *ip = VTOI(vp); 519 struct ucred *cred = ap->a_cred; 520 struct thread *td = curthread; 521 int error; 522 523 /* 524 * Check for unsettable attributes. 525 */ 526 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) || 527 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) || 528 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) || 529 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) { 530 return (EINVAL); 531 } 532 if (vap->va_flags != VNOVAL) { 533 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE | 534 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE | 535 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK | 536 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE | 537 UF_SPARSE | UF_SYSTEM)) != 0) 538 return (EOPNOTSUPP); 539 if (vp->v_mount->mnt_flag & MNT_RDONLY) 540 return (EROFS); 541 /* 542 * Callers may only modify the file flags on objects they 543 * have VADMIN rights for. 544 */ 545 if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) 546 return (error); 547 /* 548 * Unprivileged processes are not permitted to unset system 549 * flags, or modify flags if any system flags are set. 550 * Privileged non-jail processes may not modify system flags 551 * if securelevel > 0 and any existing system flags are set. 552 * Privileged jail processes behave like privileged non-jail 553 * processes if the security.jail.chflags_allowed sysctl is 554 * is non-zero; otherwise, they behave like unprivileged 555 * processes. 556 */ 557 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { 558 if (ip->i_flags & 559 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { 560 error = securelevel_gt(cred, 0); 561 if (error) 562 return (error); 563 } 564 /* The snapshot flag cannot be toggled. */ 565 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT) 566 return (EPERM); 567 } else { 568 if (ip->i_flags & 569 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) || 570 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE)) 571 return (EPERM); 572 } 573 ip->i_flags = vap->va_flags; 574 DIP_SET(ip, i_flags, vap->va_flags); 575 ip->i_flag |= IN_CHANGE; 576 error = UFS_UPDATE(vp, 0); 577 if (ip->i_flags & (IMMUTABLE | APPEND)) 578 return (error); 579 } 580 /* 581 * If immutable or append, no one can change any of its attributes 582 * except the ones already handled (in some cases, file flags 583 * including the immutability flags themselves for the superuser). 584 */ 585 if (ip->i_flags & (IMMUTABLE | APPEND)) 586 return (EPERM); 587 /* 588 * Go through the fields and update iff not VNOVAL. 589 */ 590 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { 591 if (vp->v_mount->mnt_flag & MNT_RDONLY) 592 return (EROFS); 593 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred, 594 td)) != 0) 595 return (error); 596 } 597 if (vap->va_size != VNOVAL) { 598 /* 599 * XXX most of the following special cases should be in 600 * callers instead of in N filesystems. The VDIR check 601 * mostly already is. 602 */ 603 switch (vp->v_type) { 604 case VDIR: 605 return (EISDIR); 606 case VLNK: 607 case VREG: 608 /* 609 * Truncation should have an effect in these cases. 610 * Disallow it if the filesystem is read-only or 611 * the file is being snapshotted. 612 */ 613 if (vp->v_mount->mnt_flag & MNT_RDONLY) 614 return (EROFS); 615 if ((ip->i_flags & SF_SNAPSHOT) != 0) 616 return (EPERM); 617 break; 618 default: 619 /* 620 * According to POSIX, the result is unspecified 621 * for file types other than regular files, 622 * directories and shared memory objects. We 623 * don't support shared memory objects in the file 624 * system, and have dubious support for truncating 625 * symlinks. Just ignore the request in other cases. 626 */ 627 return (0); 628 } 629 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL | 630 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0), 631 cred)) != 0) 632 return (error); 633 } 634 if (vap->va_atime.tv_sec != VNOVAL || 635 vap->va_mtime.tv_sec != VNOVAL || 636 vap->va_birthtime.tv_sec != VNOVAL) { 637 if (vp->v_mount->mnt_flag & MNT_RDONLY) 638 return (EROFS); 639 if ((ip->i_flags & SF_SNAPSHOT) != 0) 640 return (EPERM); 641 error = vn_utimes_perm(vp, vap, cred, td); 642 if (error != 0) 643 return (error); 644 ip->i_flag |= IN_CHANGE | IN_MODIFIED; 645 if (vap->va_atime.tv_sec != VNOVAL) { 646 ip->i_flag &= ~IN_ACCESS; 647 DIP_SET(ip, i_atime, vap->va_atime.tv_sec); 648 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec); 649 } 650 if (vap->va_mtime.tv_sec != VNOVAL) { 651 ip->i_flag &= ~IN_UPDATE; 652 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec); 653 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec); 654 } 655 if (vap->va_birthtime.tv_sec != VNOVAL && 656 ip->i_ump->um_fstype == UFS2) { 657 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec; 658 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec; 659 } 660 error = UFS_UPDATE(vp, 0); 661 if (error) 662 return (error); 663 } 664 error = 0; 665 if (vap->va_mode != (mode_t)VNOVAL) { 666 if (vp->v_mount->mnt_flag & MNT_RDONLY) 667 return (EROFS); 668 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode & 669 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH))) 670 return (EPERM); 671 error = ufs_chmod(vp, (int)vap->va_mode, cred, td); 672 } 673 return (error); 674} 675 676#ifdef UFS_ACL 677static int 678ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode, 679 int file_owner_id, struct ucred *cred, struct thread *td) 680{ 681 int error; 682 struct acl *aclp; 683 684 aclp = acl_alloc(M_WAITOK); 685 error = ufs_getacl_nfs4_internal(vp, aclp, td); 686 /* 687 * We don't have to handle EOPNOTSUPP here, as the filesystem claims 688 * it supports ACLs. 689 */ 690 if (error) 691 goto out; 692 693 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id); 694 error = ufs_setacl_nfs4_internal(vp, aclp, td); 695 696out: 697 acl_free(aclp); 698 return (error); 699} 700#endif /* UFS_ACL */ 701 702/* 703 * Mark this file's access time for update for vfs_mark_atime(). This 704 * is called from execve() and mmap(). 705 */ 706static int 707ufs_markatime(ap) 708 struct vop_markatime_args /* { 709 struct vnode *a_vp; 710 } */ *ap; 711{ 712 struct vnode *vp = ap->a_vp; 713 struct inode *ip = VTOI(vp); 714 715 VI_LOCK(vp); 716 ip->i_flag |= IN_ACCESS; 717 VI_UNLOCK(vp); 718 /* 719 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there. 720 */ 721 return (0); 722} 723 724/* 725 * Change the mode on a file. 726 * Inode must be locked before calling. 727 */ 728static int 729ufs_chmod(vp, mode, cred, td) 730 struct vnode *vp; 731 int mode; 732 struct ucred *cred; 733 struct thread *td; 734{ 735 struct inode *ip = VTOI(vp); 736 int error; 737 738 /* 739 * To modify the permissions on a file, must possess VADMIN 740 * for that file. 741 */ 742 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td))) 743 return (error); 744 /* 745 * Privileged processes may set the sticky bit on non-directories, 746 * as well as set the setgid bit on a file with a group that the 747 * process is not a member of. Both of these are allowed in 748 * jail(8). 749 */ 750 if (vp->v_type != VDIR && (mode & S_ISTXT)) { 751 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) 752 return (EFTYPE); 753 } 754 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { 755 error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); 756 if (error) 757 return (error); 758 } 759 760 /* 761 * Deny setting setuid if we are not the file owner. 762 */ 763 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) { 764 error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); 765 if (error) 766 return (error); 767 } 768 769 ip->i_mode &= ~ALLPERMS; 770 ip->i_mode |= (mode & ALLPERMS); 771 DIP_SET(ip, i_mode, ip->i_mode); 772 ip->i_flag |= IN_CHANGE; 773#ifdef UFS_ACL 774 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0) 775 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td); 776#endif 777 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0) 778 error = UFS_UPDATE(vp, 0); 779 780 return (error); 781} 782 783/* 784 * Perform chown operation on inode ip; 785 * inode must be locked prior to call. 786 */ 787static int 788ufs_chown(vp, uid, gid, cred, td) 789 struct vnode *vp; 790 uid_t uid; 791 gid_t gid; 792 struct ucred *cred; 793 struct thread *td; 794{ 795 struct inode *ip = VTOI(vp); 796 uid_t ouid; 797 gid_t ogid; 798 int error = 0; 799#ifdef QUOTA 800 int i; 801 ufs2_daddr_t change; 802#endif 803 804 if (uid == (uid_t)VNOVAL) 805 uid = ip->i_uid; 806 if (gid == (gid_t)VNOVAL) 807 gid = ip->i_gid; 808 /* 809 * To modify the ownership of a file, must possess VADMIN for that 810 * file. 811 */ 812 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td))) 813 return (error); 814 /* 815 * To change the owner of a file, or change the group of a file to a 816 * group of which we are not a member, the caller must have 817 * privilege. 818 */ 819 if (((uid != ip->i_uid && uid != cred->cr_uid) || 820 (gid != ip->i_gid && !groupmember(gid, cred))) && 821 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) 822 return (error); 823 ogid = ip->i_gid; 824 ouid = ip->i_uid; 825#ifdef QUOTA 826 if ((error = getinoquota(ip)) != 0) 827 return (error); 828 if (ouid == uid) { 829 dqrele(vp, ip->i_dquot[USRQUOTA]); 830 ip->i_dquot[USRQUOTA] = NODQUOT; 831 } 832 if (ogid == gid) { 833 dqrele(vp, ip->i_dquot[GRPQUOTA]); 834 ip->i_dquot[GRPQUOTA] = NODQUOT; 835 } 836 change = DIP(ip, i_blocks); 837 (void) chkdq(ip, -change, cred, CHOWN); 838 (void) chkiq(ip, -1, cred, CHOWN); 839 for (i = 0; i < MAXQUOTAS; i++) { 840 dqrele(vp, ip->i_dquot[i]); 841 ip->i_dquot[i] = NODQUOT; 842 } 843#endif 844 ip->i_gid = gid; 845 DIP_SET(ip, i_gid, gid); 846 ip->i_uid = uid; 847 DIP_SET(ip, i_uid, uid); 848#ifdef QUOTA 849 if ((error = getinoquota(ip)) == 0) { 850 if (ouid == uid) { 851 dqrele(vp, ip->i_dquot[USRQUOTA]); 852 ip->i_dquot[USRQUOTA] = NODQUOT; 853 } 854 if (ogid == gid) { 855 dqrele(vp, ip->i_dquot[GRPQUOTA]); 856 ip->i_dquot[GRPQUOTA] = NODQUOT; 857 } 858 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) { 859 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0) 860 goto good; 861 else 862 (void) chkdq(ip, -change, cred, CHOWN|FORCE); 863 } 864 for (i = 0; i < MAXQUOTAS; i++) { 865 dqrele(vp, ip->i_dquot[i]); 866 ip->i_dquot[i] = NODQUOT; 867 } 868 } 869 ip->i_gid = ogid; 870 DIP_SET(ip, i_gid, ogid); 871 ip->i_uid = ouid; 872 DIP_SET(ip, i_uid, ouid); 873 if (getinoquota(ip) == 0) { 874 if (ouid == uid) { 875 dqrele(vp, ip->i_dquot[USRQUOTA]); 876 ip->i_dquot[USRQUOTA] = NODQUOT; 877 } 878 if (ogid == gid) { 879 dqrele(vp, ip->i_dquot[GRPQUOTA]); 880 ip->i_dquot[GRPQUOTA] = NODQUOT; 881 } 882 (void) chkdq(ip, change, cred, FORCE|CHOWN); 883 (void) chkiq(ip, 1, cred, FORCE|CHOWN); 884 (void) getinoquota(ip); 885 } 886 return (error); 887good: 888 if (getinoquota(ip)) 889 panic("ufs_chown: lost quota"); 890#endif /* QUOTA */ 891 ip->i_flag |= IN_CHANGE; 892 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { 893 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { 894 ip->i_mode &= ~(ISUID | ISGID); 895 DIP_SET(ip, i_mode, ip->i_mode); 896 } 897 } 898 error = UFS_UPDATE(vp, 0); 899 return (error); 900} 901 902static int 903ufs_remove(ap) 904 struct vop_remove_args /* { 905 struct vnode *a_dvp; 906 struct vnode *a_vp; 907 struct componentname *a_cnp; 908 } */ *ap; 909{ 910 struct inode *ip; 911 struct vnode *vp = ap->a_vp; 912 struct vnode *dvp = ap->a_dvp; 913 int error; 914 struct thread *td; 915 916 td = curthread; 917 ip = VTOI(vp); 918 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 919 (VTOI(dvp)->i_flags & APPEND)) { 920 error = EPERM; 921 goto out; 922 } 923#ifdef UFS_GJOURNAL 924 ufs_gjournal_orphan(vp); 925#endif 926 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0); 927 if (ip->i_nlink <= 0) 928 vp->v_vflag |= VV_NOSYNC; 929 if ((ip->i_flags & SF_SNAPSHOT) != 0) { 930 /* 931 * Avoid deadlock where another thread is trying to 932 * update the inodeblock for dvp and is waiting on 933 * snaplk. Temporary unlock the vnode lock for the 934 * unlinked file and sync the directory. This should 935 * allow vput() of the directory to not block later on 936 * while holding the snapshot vnode locked, assuming 937 * that the directory hasn't been unlinked too. 938 */ 939 VOP_UNLOCK(vp, 0); 940 (void) VOP_FSYNC(dvp, MNT_WAIT, td); 941 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 942 } 943out: 944 return (error); 945} 946 947static void 948print_bad_link_count(const char *funcname, struct vnode *dvp) 949{ 950 struct inode *dip; 951 952 dip = VTOI(dvp); 953 uprintf("%s: Bad link count %d on parent inode %d in file system %s\n", 954 funcname, dip->i_effnlink, dip->i_number, 955 dvp->v_mount->mnt_stat.f_mntonname); 956} 957 958/* 959 * link vnode call 960 */ 961static int 962ufs_link(ap) 963 struct vop_link_args /* { 964 struct vnode *a_tdvp; 965 struct vnode *a_vp; 966 struct componentname *a_cnp; 967 } */ *ap; 968{ 969 struct vnode *vp = ap->a_vp; 970 struct vnode *tdvp = ap->a_tdvp; 971 struct componentname *cnp = ap->a_cnp; 972 struct inode *ip; 973 struct direct newdir; 974 int error; 975 976#ifdef INVARIANTS 977 if ((cnp->cn_flags & HASBUF) == 0) 978 panic("ufs_link: no name"); 979#endif 980 if (VTOI(tdvp)->i_effnlink < 2) { 981 print_bad_link_count("ufs_link", tdvp); 982 error = EINVAL; 983 goto out; 984 } 985 ip = VTOI(vp); 986 if ((nlink_t)ip->i_nlink >= LINK_MAX) { 987 error = EMLINK; 988 goto out; 989 } 990 /* 991 * The file may have been removed after namei droped the original 992 * lock. 993 */ 994 if (ip->i_effnlink == 0) { 995 error = ENOENT; 996 goto out; 997 } 998 if (ip->i_flags & (IMMUTABLE | APPEND)) { 999 error = EPERM; 1000 goto out; 1001 } 1002 ip->i_effnlink++; 1003 ip->i_nlink++; 1004 DIP_SET(ip, i_nlink, ip->i_nlink); 1005 ip->i_flag |= IN_CHANGE; 1006 if (DOINGSOFTDEP(vp)) 1007 softdep_setup_link(VTOI(tdvp), ip); 1008 error = UFS_UPDATE(vp, !(DOINGSOFTDEP(vp) | DOINGASYNC(vp))); 1009 if (!error) { 1010 ufs_makedirentry(ip, cnp, &newdir); 1011 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0); 1012 } 1013 1014 if (error) { 1015 ip->i_effnlink--; 1016 ip->i_nlink--; 1017 DIP_SET(ip, i_nlink, ip->i_nlink); 1018 ip->i_flag |= IN_CHANGE; 1019 if (DOINGSOFTDEP(vp)) 1020 softdep_revert_link(VTOI(tdvp), ip); 1021 } 1022out: 1023 return (error); 1024} 1025 1026/* 1027 * whiteout vnode call 1028 */ 1029static int 1030ufs_whiteout(ap) 1031 struct vop_whiteout_args /* { 1032 struct vnode *a_dvp; 1033 struct componentname *a_cnp; 1034 int a_flags; 1035 } */ *ap; 1036{ 1037 struct vnode *dvp = ap->a_dvp; 1038 struct componentname *cnp = ap->a_cnp; 1039 struct direct newdir; 1040 int error = 0; 1041 1042 switch (ap->a_flags) { 1043 case LOOKUP: 1044 /* 4.4 format directories support whiteout operations */ 1045 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1046 return (0); 1047 return (EOPNOTSUPP); 1048 1049 case CREATE: 1050 /* create a new directory whiteout */ 1051#ifdef INVARIANTS 1052 if ((cnp->cn_flags & SAVENAME) == 0) 1053 panic("ufs_whiteout: missing name"); 1054 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1055 panic("ufs_whiteout: old format filesystem"); 1056#endif 1057 1058 newdir.d_ino = WINO; 1059 newdir.d_namlen = cnp->cn_namelen; 1060 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1); 1061 newdir.d_type = DT_WHT; 1062 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0); 1063 break; 1064 1065 case DELETE: 1066 /* remove an existing directory whiteout */ 1067#ifdef INVARIANTS 1068 if (dvp->v_mount->mnt_maxsymlinklen <= 0) 1069 panic("ufs_whiteout: old format filesystem"); 1070#endif 1071 1072 cnp->cn_flags &= ~DOWHITEOUT; 1073 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0); 1074 break; 1075 default: 1076 panic("ufs_whiteout: unknown op"); 1077 } 1078 return (error); 1079} 1080 1081static volatile int rename_restarts; 1082SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD, 1083 __DEVOLATILE(int *, &rename_restarts), 0, 1084 "Times rename had to restart due to lock contention"); 1085 1086/* 1087 * Rename system call. 1088 * rename("foo", "bar"); 1089 * is essentially 1090 * unlink("bar"); 1091 * link("foo", "bar"); 1092 * unlink("foo"); 1093 * but ``atomically''. Can't do full commit without saving state in the 1094 * inode on disk which isn't feasible at this time. Best we can do is 1095 * always guarantee the target exists. 1096 * 1097 * Basic algorithm is: 1098 * 1099 * 1) Bump link count on source while we're linking it to the 1100 * target. This also ensure the inode won't be deleted out 1101 * from underneath us while we work (it may be truncated by 1102 * a concurrent `trunc' or `open' for creation). 1103 * 2) Link source to destination. If destination already exists, 1104 * delete it first. 1105 * 3) Unlink source reference to inode if still around. If a 1106 * directory was moved and the parent of the destination 1107 * is different from the source, patch the ".." entry in the 1108 * directory. 1109 */ 1110static int 1111ufs_rename(ap) 1112 struct vop_rename_args /* { 1113 struct vnode *a_fdvp; 1114 struct vnode *a_fvp; 1115 struct componentname *a_fcnp; 1116 struct vnode *a_tdvp; 1117 struct vnode *a_tvp; 1118 struct componentname *a_tcnp; 1119 } */ *ap; 1120{ 1121 struct vnode *tvp = ap->a_tvp; 1122 struct vnode *tdvp = ap->a_tdvp; 1123 struct vnode *fvp = ap->a_fvp; 1124 struct vnode *fdvp = ap->a_fdvp; 1125 struct vnode *nvp; 1126 struct componentname *tcnp = ap->a_tcnp; 1127 struct componentname *fcnp = ap->a_fcnp; 1128 struct thread *td = fcnp->cn_thread; 1129 struct inode *fip, *tip, *tdp, *fdp; 1130 struct direct newdir; 1131 off_t endoff; 1132 int doingdirectory, newparent; 1133 int error = 0; 1134 struct mount *mp; 1135 ino_t ino; 1136 1137#ifdef INVARIANTS 1138 if ((tcnp->cn_flags & HASBUF) == 0 || 1139 (fcnp->cn_flags & HASBUF) == 0) 1140 panic("ufs_rename: no name"); 1141#endif 1142 endoff = 0; 1143 mp = tdvp->v_mount; 1144 VOP_UNLOCK(tdvp, 0); 1145 if (tvp && tvp != tdvp) 1146 VOP_UNLOCK(tvp, 0); 1147 /* 1148 * Check for cross-device rename. 1149 */ 1150 if ((fvp->v_mount != tdvp->v_mount) || 1151 (tvp && (fvp->v_mount != tvp->v_mount))) { 1152 error = EXDEV; 1153 mp = NULL; 1154 goto releout; 1155 } 1156relock: 1157 /* 1158 * We need to acquire 2 to 4 locks depending on whether tvp is NULL 1159 * and fdvp and tdvp are the same directory. Subsequently we need 1160 * to double-check all paths and in the directory rename case we 1161 * need to verify that we are not creating a directory loop. To 1162 * handle this we acquire all but fdvp using non-blocking 1163 * acquisitions. If we fail to acquire any lock in the path we will 1164 * drop all held locks, acquire the new lock in a blocking fashion, 1165 * and then release it and restart the rename. This acquire/release 1166 * step ensures that we do not spin on a lock waiting for release. 1167 */ 1168 error = vn_lock(fdvp, LK_EXCLUSIVE); 1169 if (error) 1170 goto releout; 1171 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) { 1172 VOP_UNLOCK(fdvp, 0); 1173 error = vn_lock(tdvp, LK_EXCLUSIVE); 1174 if (error) 1175 goto releout; 1176 VOP_UNLOCK(tdvp, 0); 1177 atomic_add_int(&rename_restarts, 1); 1178 goto relock; 1179 } 1180 /* 1181 * Re-resolve fvp to be certain it still exists and fetch the 1182 * correct vnode. 1183 */ 1184 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1185 if (error) { 1186 VOP_UNLOCK(fdvp, 0); 1187 VOP_UNLOCK(tdvp, 0); 1188 goto releout; 1189 } 1190 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1191 if (error) { 1192 VOP_UNLOCK(fdvp, 0); 1193 VOP_UNLOCK(tdvp, 0); 1194 if (error != EBUSY) 1195 goto releout; 1196 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1197 if (error != 0) 1198 goto releout; 1199 VOP_UNLOCK(nvp, 0); 1200 vrele(fvp); 1201 fvp = nvp; 1202 atomic_add_int(&rename_restarts, 1); 1203 goto relock; 1204 } 1205 vrele(fvp); 1206 fvp = nvp; 1207 /* 1208 * Re-resolve tvp and acquire the vnode lock if present. 1209 */ 1210 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino); 1211 if (error != 0 && error != EJUSTRETURN) { 1212 VOP_UNLOCK(fdvp, 0); 1213 VOP_UNLOCK(tdvp, 0); 1214 VOP_UNLOCK(fvp, 0); 1215 goto releout; 1216 } 1217 /* 1218 * If tvp disappeared we just carry on. 1219 */ 1220 if (error == EJUSTRETURN && tvp != NULL) { 1221 vrele(tvp); 1222 tvp = NULL; 1223 } 1224 /* 1225 * Get the tvp ino if the lookup succeeded. We may have to restart 1226 * if the non-blocking acquire fails. 1227 */ 1228 if (error == 0) { 1229 nvp = NULL; 1230 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp); 1231 if (tvp) 1232 vrele(tvp); 1233 tvp = nvp; 1234 if (error) { 1235 VOP_UNLOCK(fdvp, 0); 1236 VOP_UNLOCK(tdvp, 0); 1237 VOP_UNLOCK(fvp, 0); 1238 if (error != EBUSY) 1239 goto releout; 1240 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp); 1241 if (error != 0) 1242 goto releout; 1243 vput(nvp); 1244 atomic_add_int(&rename_restarts, 1); 1245 goto relock; 1246 } 1247 } 1248 fdp = VTOI(fdvp); 1249 fip = VTOI(fvp); 1250 tdp = VTOI(tdvp); 1251 tip = NULL; 1252 if (tvp) 1253 tip = VTOI(tvp); 1254 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) || 1255 (VTOI(tdvp)->i_flags & APPEND))) { 1256 error = EPERM; 1257 goto unlockout; 1258 } 1259 /* 1260 * Renaming a file to itself has no effect. The upper layers should 1261 * not call us in that case. However, things could change after 1262 * we drop the locks above. 1263 */ 1264 if (fvp == tvp) { 1265 error = 0; 1266 goto unlockout; 1267 } 1268 doingdirectory = 0; 1269 newparent = 0; 1270 ino = fip->i_number; 1271 if (fip->i_nlink >= LINK_MAX) { 1272 error = EMLINK; 1273 goto unlockout; 1274 } 1275 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) 1276 || (fdp->i_flags & APPEND)) { 1277 error = EPERM; 1278 goto unlockout; 1279 } 1280 if ((fip->i_mode & IFMT) == IFDIR) { 1281 /* 1282 * Avoid ".", "..", and aliases of "." for obvious reasons. 1283 */ 1284 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') || 1285 fdp == fip || 1286 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) { 1287 error = EINVAL; 1288 goto unlockout; 1289 } 1290 if (fdp->i_number != tdp->i_number) 1291 newparent = tdp->i_number; 1292 doingdirectory = 1; 1293 } 1294 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) || 1295 (tvp != NULL && tvp->v_type == VDIR && 1296 tvp->v_mountedhere != NULL)) { 1297 error = EXDEV; 1298 goto unlockout; 1299 } 1300 1301 /* 1302 * If ".." must be changed (ie the directory gets a new 1303 * parent) then the source directory must not be in the 1304 * directory hierarchy above the target, as this would 1305 * orphan everything below the source directory. Also 1306 * the user must have write permission in the source so 1307 * as to be able to change "..". 1308 */ 1309 if (doingdirectory && newparent) { 1310 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread); 1311 if (error) 1312 goto unlockout; 1313 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred, 1314 &ino); 1315 /* 1316 * We encountered a lock that we have to wait for. Unlock 1317 * everything else and VGET before restarting. 1318 */ 1319 if (ino) { 1320 VOP_UNLOCK(fdvp, 0); 1321 VOP_UNLOCK(fvp, 0); 1322 VOP_UNLOCK(tdvp, 0); 1323 if (tvp) 1324 VOP_UNLOCK(tvp, 0); 1325 error = VFS_VGET(mp, ino, LK_SHARED, &nvp); 1326 if (error == 0) 1327 vput(nvp); 1328 atomic_add_int(&rename_restarts, 1); 1329 goto relock; 1330 } 1331 if (error) 1332 goto unlockout; 1333 if ((tcnp->cn_flags & SAVESTART) == 0) 1334 panic("ufs_rename: lost to startdir"); 1335 } 1336 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 || 1337 tdp->i_effnlink == 0) 1338 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp); 1339 1340 /* 1341 * 1) Bump link count while we're moving stuff 1342 * around. If we crash somewhere before 1343 * completing our work, the link count 1344 * may be wrong, but correctable. 1345 */ 1346 fip->i_effnlink++; 1347 fip->i_nlink++; 1348 DIP_SET(fip, i_nlink, fip->i_nlink); 1349 fip->i_flag |= IN_CHANGE; 1350 if (DOINGSOFTDEP(fvp)) 1351 softdep_setup_link(tdp, fip); 1352 error = UFS_UPDATE(fvp, !(DOINGSOFTDEP(fvp) | DOINGASYNC(fvp))); 1353 if (error) 1354 goto bad; 1355 1356 /* 1357 * 2) If target doesn't exist, link the target 1358 * to the source and unlink the source. 1359 * Otherwise, rewrite the target directory 1360 * entry to reference the source inode and 1361 * expunge the original entry's existence. 1362 */ 1363 if (tip == NULL) { 1364 if (tdp->i_dev != fip->i_dev) 1365 panic("ufs_rename: EXDEV"); 1366 if (doingdirectory && newparent) { 1367 /* 1368 * Account for ".." in new directory. 1369 * When source and destination have the same 1370 * parent we don't adjust the link count. The 1371 * actual link modification is completed when 1372 * .. is rewritten below. 1373 */ 1374 if ((nlink_t)tdp->i_nlink >= LINK_MAX) { 1375 error = EMLINK; 1376 goto bad; 1377 } 1378 } 1379 ufs_makedirentry(fip, tcnp, &newdir); 1380 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1); 1381 if (error) 1382 goto bad; 1383 /* Setup tdvp for directory compaction if needed. */ 1384 if (tdp->i_count && tdp->i_endoff && 1385 tdp->i_endoff < tdp->i_size) 1386 endoff = tdp->i_endoff; 1387 } else { 1388 if (tip->i_dev != tdp->i_dev || tip->i_dev != fip->i_dev) 1389 panic("ufs_rename: EXDEV"); 1390 /* 1391 * Short circuit rename(foo, foo). 1392 */ 1393 if (tip->i_number == fip->i_number) 1394 panic("ufs_rename: same file"); 1395 /* 1396 * If the parent directory is "sticky", then the caller 1397 * must possess VADMIN for the parent directory, or the 1398 * destination of the rename. This implements append-only 1399 * directories. 1400 */ 1401 if ((tdp->i_mode & S_ISTXT) && 1402 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) && 1403 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) { 1404 error = EPERM; 1405 goto bad; 1406 } 1407 /* 1408 * Target must be empty if a directory and have no links 1409 * to it. Also, ensure source and target are compatible 1410 * (both directories, or both not directories). 1411 */ 1412 if ((tip->i_mode & IFMT) == IFDIR) { 1413 if ((tip->i_effnlink > 2) || 1414 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) { 1415 error = ENOTEMPTY; 1416 goto bad; 1417 } 1418 if (!doingdirectory) { 1419 error = ENOTDIR; 1420 goto bad; 1421 } 1422 cache_purge(tdvp); 1423 } else if (doingdirectory) { 1424 error = EISDIR; 1425 goto bad; 1426 } 1427 if (doingdirectory) { 1428 if (!newparent) { 1429 tdp->i_effnlink--; 1430 if (DOINGSOFTDEP(tdvp)) 1431 softdep_change_linkcnt(tdp); 1432 } 1433 tip->i_effnlink--; 1434 if (DOINGSOFTDEP(tvp)) 1435 softdep_change_linkcnt(tip); 1436 } 1437 error = ufs_dirrewrite(tdp, tip, fip->i_number, 1438 IFTODT(fip->i_mode), 1439 (doingdirectory && newparent) ? newparent : doingdirectory); 1440 if (error) { 1441 if (doingdirectory) { 1442 if (!newparent) { 1443 tdp->i_effnlink++; 1444 if (DOINGSOFTDEP(tdvp)) 1445 softdep_change_linkcnt(tdp); 1446 } 1447 tip->i_effnlink++; 1448 if (DOINGSOFTDEP(tvp)) 1449 softdep_change_linkcnt(tip); 1450 } 1451 } 1452 if (doingdirectory && !DOINGSOFTDEP(tvp)) { 1453 /* 1454 * The only stuff left in the directory is "." 1455 * and "..". The "." reference is inconsequential 1456 * since we are quashing it. We have removed the "." 1457 * reference and the reference in the parent directory, 1458 * but there may be other hard links. The soft 1459 * dependency code will arrange to do these operations 1460 * after the parent directory entry has been deleted on 1461 * disk, so when running with that code we avoid doing 1462 * them now. 1463 */ 1464 if (!newparent) { 1465 tdp->i_nlink--; 1466 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1467 tdp->i_flag |= IN_CHANGE; 1468 } 1469 tip->i_nlink--; 1470 DIP_SET(tip, i_nlink, tip->i_nlink); 1471 tip->i_flag |= IN_CHANGE; 1472 } 1473 } 1474 1475 /* 1476 * 3) Unlink the source. We have to resolve the path again to 1477 * fixup the directory offset and count for ufs_dirremove. 1478 */ 1479 if (fdvp == tdvp) { 1480 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino); 1481 if (error) 1482 panic("ufs_rename: from entry went away!"); 1483 if (ino != fip->i_number) 1484 panic("ufs_rename: ino mismatch %ju != %ju\n", 1485 (uintmax_t)ino, (uintmax_t)fip->i_number); 1486 } 1487 /* 1488 * If the source is a directory with a 1489 * new parent, the link count of the old 1490 * parent directory must be decremented 1491 * and ".." set to point to the new parent. 1492 */ 1493 if (doingdirectory && newparent) { 1494 /* 1495 * If tip exists we simply use its link, otherwise we must 1496 * add a new one. 1497 */ 1498 if (tip == NULL) { 1499 tdp->i_effnlink++; 1500 tdp->i_nlink++; 1501 DIP_SET(tdp, i_nlink, tdp->i_nlink); 1502 tdp->i_flag |= IN_CHANGE; 1503 if (DOINGSOFTDEP(tdvp)) 1504 softdep_setup_dotdot_link(tdp, fip); 1505 error = UFS_UPDATE(tdvp, !(DOINGSOFTDEP(tdvp) | 1506 DOINGASYNC(tdvp))); 1507 /* Don't go to bad here as the new link exists. */ 1508 if (error) 1509 goto unlockout; 1510 } else if (DOINGSUJ(tdvp)) 1511 /* Journal must account for each new link. */ 1512 softdep_setup_dotdot_link(tdp, fip); 1513 fip->i_offset = mastertemplate.dot_reclen; 1514 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0); 1515 cache_purge(fdvp); 1516 } 1517 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0); 1518 /* 1519 * The kern_renameat() looks up the fvp using the DELETE flag, which 1520 * causes the removal of the name cache entry for fvp. 1521 * As the relookup of the fvp is done in two steps: 1522 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a 1523 * normal lookup of the from name just before the VFS_VGET() call, 1524 * causing the cache entry to be re-instantiated. 1525 * 1526 * The same issue also applies to tvp if it exists as 1527 * otherwise we may have a stale name cache entry for the new 1528 * name that references the old i-node if it has other links 1529 * or open file descriptors. 1530 */ 1531 cache_purge(fvp); 1532 if (tvp) 1533 cache_purge(tvp); 1534 cache_purge_negative(tdvp); 1535 1536unlockout: 1537 vput(fdvp); 1538 vput(fvp); 1539 if (tvp) 1540 vput(tvp); 1541 /* 1542 * If compaction or fsync was requested do it now that other locks 1543 * are no longer needed. 1544 */ 1545 if (error == 0 && endoff != 0) { 1546 error = UFS_TRUNCATE(tdvp, endoff, IO_NORMAL | IO_SYNC, 1547 tcnp->cn_cred); 1548 if (error != 0) 1549 vn_printf(tdvp, "ufs_rename: failed to truncate " 1550 "err %d", error); 1551#ifdef UFS_DIRHASH 1552 else if (tdp->i_dirhash != NULL) 1553 ufsdirhash_dirtrunc(tdp, endoff); 1554#endif 1555 /* 1556 * Even if the directory compaction failed, rename was 1557 * succesful. Do not propagate a UFS_TRUNCATE() error 1558 * to the caller. 1559 */ 1560 error = 0; 1561 } 1562 if (error == 0 && tdp->i_flag & IN_NEEDSYNC) 1563 error = VOP_FSYNC(tdvp, MNT_WAIT, td); 1564 vput(tdvp); 1565 return (error); 1566 1567bad: 1568 fip->i_effnlink--; 1569 fip->i_nlink--; 1570 DIP_SET(fip, i_nlink, fip->i_nlink); 1571 fip->i_flag |= IN_CHANGE; 1572 if (DOINGSOFTDEP(fvp)) 1573 softdep_revert_link(tdp, fip); 1574 goto unlockout; 1575 1576releout: 1577 vrele(fdvp); 1578 vrele(fvp); 1579 vrele(tdvp); 1580 if (tvp) 1581 vrele(tvp); 1582 1583 return (error); 1584} 1585 1586#ifdef UFS_ACL 1587static int 1588ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp, 1589 mode_t dmode, struct ucred *cred, struct thread *td) 1590{ 1591 int error; 1592 struct inode *ip = VTOI(tvp); 1593 struct acl *dacl, *acl; 1594 1595 acl = acl_alloc(M_WAITOK); 1596 dacl = acl_alloc(M_WAITOK); 1597 1598 /* 1599 * Retrieve default ACL from parent, if any. 1600 */ 1601 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1602 switch (error) { 1603 case 0: 1604 /* 1605 * Retrieved a default ACL, so merge mode and ACL if 1606 * necessary. If the ACL is empty, fall through to 1607 * the "not defined or available" case. 1608 */ 1609 if (acl->acl_cnt != 0) { 1610 dmode = acl_posix1e_newfilemode(dmode, acl); 1611 ip->i_mode = dmode; 1612 DIP_SET(ip, i_mode, dmode); 1613 *dacl = *acl; 1614 ufs_sync_acl_from_inode(ip, acl); 1615 break; 1616 } 1617 /* FALLTHROUGH */ 1618 1619 case EOPNOTSUPP: 1620 /* 1621 * Just use the mode as-is. 1622 */ 1623 ip->i_mode = dmode; 1624 DIP_SET(ip, i_mode, dmode); 1625 error = 0; 1626 goto out; 1627 1628 default: 1629 goto out; 1630 } 1631 1632 /* 1633 * XXX: If we abort now, will Soft Updates notify the extattr 1634 * code that the EAs for the file need to be released? 1635 */ 1636 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1637 if (error == 0) 1638 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td); 1639 switch (error) { 1640 case 0: 1641 break; 1642 1643 case EOPNOTSUPP: 1644 /* 1645 * XXX: This should not happen, as EOPNOTSUPP above 1646 * was supposed to free acl. 1647 */ 1648 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n"); 1649 /* 1650 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()"); 1651 */ 1652 break; 1653 1654 default: 1655 goto out; 1656 } 1657 1658out: 1659 acl_free(acl); 1660 acl_free(dacl); 1661 1662 return (error); 1663} 1664 1665static int 1666ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp, 1667 mode_t mode, struct ucred *cred, struct thread *td) 1668{ 1669 int error; 1670 struct inode *ip = VTOI(tvp); 1671 struct acl *acl; 1672 1673 acl = acl_alloc(M_WAITOK); 1674 1675 /* 1676 * Retrieve default ACL for parent, if any. 1677 */ 1678 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td); 1679 switch (error) { 1680 case 0: 1681 /* 1682 * Retrieved a default ACL, so merge mode and ACL if 1683 * necessary. 1684 */ 1685 if (acl->acl_cnt != 0) { 1686 /* 1687 * Two possible ways for default ACL to not 1688 * be present. First, the EA can be 1689 * undefined, or second, the default ACL can 1690 * be blank. If it's blank, fall through to 1691 * the it's not defined case. 1692 */ 1693 mode = acl_posix1e_newfilemode(mode, acl); 1694 ip->i_mode = mode; 1695 DIP_SET(ip, i_mode, mode); 1696 ufs_sync_acl_from_inode(ip, acl); 1697 break; 1698 } 1699 /* FALLTHROUGH */ 1700 1701 case EOPNOTSUPP: 1702 /* 1703 * Just use the mode as-is. 1704 */ 1705 ip->i_mode = mode; 1706 DIP_SET(ip, i_mode, mode); 1707 error = 0; 1708 goto out; 1709 1710 default: 1711 goto out; 1712 } 1713 1714 /* 1715 * XXX: If we abort now, will Soft Updates notify the extattr 1716 * code that the EAs for the file need to be released? 1717 */ 1718 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td); 1719 switch (error) { 1720 case 0: 1721 break; 1722 1723 case EOPNOTSUPP: 1724 /* 1725 * XXX: This should not happen, as EOPNOTSUPP above was 1726 * supposed to free acl. 1727 */ 1728 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1729 "but no VOP_SETACL()\n"); 1730 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() " 1731 "but no VOP_SETACL()"); */ 1732 break; 1733 1734 default: 1735 goto out; 1736 } 1737 1738out: 1739 acl_free(acl); 1740 1741 return (error); 1742} 1743 1744static int 1745ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp, 1746 mode_t child_mode, struct ucred *cred, struct thread *td) 1747{ 1748 int error; 1749 struct acl *parent_aclp, *child_aclp; 1750 1751 parent_aclp = acl_alloc(M_WAITOK); 1752 child_aclp = acl_alloc(M_WAITOK | M_ZERO); 1753 1754 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td); 1755 if (error) 1756 goto out; 1757 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp, 1758 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR); 1759 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td); 1760 if (error) 1761 goto out; 1762out: 1763 acl_free(parent_aclp); 1764 acl_free(child_aclp); 1765 1766 return (error); 1767} 1768#endif 1769 1770/* 1771 * Mkdir system call 1772 */ 1773static int 1774ufs_mkdir(ap) 1775 struct vop_mkdir_args /* { 1776 struct vnode *a_dvp; 1777 struct vnode **a_vpp; 1778 struct componentname *a_cnp; 1779 struct vattr *a_vap; 1780 } */ *ap; 1781{ 1782 struct vnode *dvp = ap->a_dvp; 1783 struct vattr *vap = ap->a_vap; 1784 struct componentname *cnp = ap->a_cnp; 1785 struct inode *ip, *dp; 1786 struct vnode *tvp; 1787 struct buf *bp; 1788 struct dirtemplate dirtemplate, *dtp; 1789 struct direct newdir; 1790 int error, dmode; 1791 long blkoff; 1792 1793#ifdef INVARIANTS 1794 if ((cnp->cn_flags & HASBUF) == 0) 1795 panic("ufs_mkdir: no name"); 1796#endif 1797 dp = VTOI(dvp); 1798 if ((nlink_t)dp->i_nlink >= LINK_MAX) { 1799 error = EMLINK; 1800 goto out; 1801 } 1802 dmode = vap->va_mode & 0777; 1803 dmode |= IFDIR; 1804 /* 1805 * Must simulate part of ufs_makeinode here to acquire the inode, 1806 * but not have it entered in the parent directory. The entry is 1807 * made later after writing "." and ".." entries. 1808 */ 1809 if (dp->i_effnlink < 2) { 1810 print_bad_link_count("ufs_mkdir", dvp); 1811 error = EINVAL; 1812 goto out; 1813 } 1814 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp); 1815 if (error) 1816 goto out; 1817 ip = VTOI(tvp); 1818 ip->i_gid = dp->i_gid; 1819 DIP_SET(ip, i_gid, dp->i_gid); 1820#ifdef SUIDDIR 1821 { 1822#ifdef QUOTA 1823 struct ucred ucred, *ucp; 1824 gid_t ucred_group; 1825 ucp = cnp->cn_cred; 1826#endif 1827 /* 1828 * If we are hacking owners here, (only do this where told to) 1829 * and we are not giving it TO root, (would subvert quotas) 1830 * then go ahead and give it to the other user. 1831 * The new directory also inherits the SUID bit. 1832 * If user's UID and dir UID are the same, 1833 * 'give it away' so that the SUID is still forced on. 1834 */ 1835 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 1836 (dp->i_mode & ISUID) && dp->i_uid) { 1837 dmode |= ISUID; 1838 ip->i_uid = dp->i_uid; 1839 DIP_SET(ip, i_uid, dp->i_uid); 1840#ifdef QUOTA 1841 if (dp->i_uid != cnp->cn_cred->cr_uid) { 1842 /* 1843 * Make sure the correct user gets charged 1844 * for the space. 1845 * Make a dummy credential for the victim. 1846 * XXX This seems to never be accessed out of 1847 * our context so a stack variable is ok. 1848 */ 1849 refcount_init(&ucred.cr_ref, 1); 1850 ucred.cr_uid = ip->i_uid; 1851 ucred.cr_ngroups = 1; 1852 ucred.cr_groups = &ucred_group; 1853 ucred.cr_groups[0] = dp->i_gid; 1854 ucp = &ucred; 1855 } 1856#endif 1857 } else { 1858 ip->i_uid = cnp->cn_cred->cr_uid; 1859 DIP_SET(ip, i_uid, ip->i_uid); 1860 } 1861#ifdef QUOTA 1862 if ((error = getinoquota(ip)) || 1863 (error = chkiq(ip, 1, ucp, 0))) { 1864 if (DOINGSOFTDEP(tvp)) 1865 softdep_revert_link(dp, ip); 1866 UFS_VFREE(tvp, ip->i_number, dmode); 1867 vput(tvp); 1868 return (error); 1869 } 1870#endif 1871 } 1872#else /* !SUIDDIR */ 1873 ip->i_uid = cnp->cn_cred->cr_uid; 1874 DIP_SET(ip, i_uid, ip->i_uid); 1875#ifdef QUOTA 1876 if ((error = getinoquota(ip)) || 1877 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 1878 if (DOINGSOFTDEP(tvp)) 1879 softdep_revert_link(dp, ip); 1880 UFS_VFREE(tvp, ip->i_number, dmode); 1881 vput(tvp); 1882 return (error); 1883 } 1884#endif 1885#endif /* !SUIDDIR */ 1886 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 1887 ip->i_mode = dmode; 1888 DIP_SET(ip, i_mode, dmode); 1889 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */ 1890 ip->i_effnlink = 2; 1891 ip->i_nlink = 2; 1892 DIP_SET(ip, i_nlink, 2); 1893 1894 if (cnp->cn_flags & ISWHITEOUT) { 1895 ip->i_flags |= UF_OPAQUE; 1896 DIP_SET(ip, i_flags, ip->i_flags); 1897 } 1898 1899 /* 1900 * Bump link count in parent directory to reflect work done below. 1901 * Should be done before reference is created so cleanup is 1902 * possible if we crash. 1903 */ 1904 dp->i_effnlink++; 1905 dp->i_nlink++; 1906 DIP_SET(dp, i_nlink, dp->i_nlink); 1907 dp->i_flag |= IN_CHANGE; 1908 if (DOINGSOFTDEP(dvp)) 1909 softdep_setup_mkdir(dp, ip); 1910 error = UFS_UPDATE(dvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); 1911 if (error) 1912 goto bad; 1913#ifdef MAC 1914 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 1915 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 1916 dvp, tvp, cnp); 1917 if (error) 1918 goto bad; 1919 } 1920#endif 1921#ifdef UFS_ACL 1922 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 1923 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode, 1924 cnp->cn_cred, cnp->cn_thread); 1925 if (error) 1926 goto bad; 1927 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 1928 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode, 1929 cnp->cn_cred, cnp->cn_thread); 1930 if (error) 1931 goto bad; 1932 } 1933#endif /* !UFS_ACL */ 1934 1935 /* 1936 * Initialize directory with "." and ".." from static template. 1937 */ 1938 if (dvp->v_mount->mnt_maxsymlinklen > 0) 1939 dtp = &mastertemplate; 1940 else 1941 dtp = (struct dirtemplate *)&omastertemplate; 1942 dirtemplate = *dtp; 1943 dirtemplate.dot_ino = ip->i_number; 1944 dirtemplate.dotdot_ino = dp->i_number; 1945 vnode_pager_setsize(tvp, DIRBLKSIZ); 1946 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred, 1947 BA_CLRBUF, &bp)) != 0) 1948 goto bad; 1949 ip->i_size = DIRBLKSIZ; 1950 DIP_SET(ip, i_size, DIRBLKSIZ); 1951 ip->i_flag |= IN_CHANGE | IN_UPDATE; 1952 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); 1953 if (DOINGSOFTDEP(tvp)) { 1954 /* 1955 * Ensure that the entire newly allocated block is a 1956 * valid directory so that future growth within the 1957 * block does not have to ensure that the block is 1958 * written before the inode. 1959 */ 1960 blkoff = DIRBLKSIZ; 1961 while (blkoff < bp->b_bcount) { 1962 ((struct direct *) 1963 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ; 1964 blkoff += DIRBLKSIZ; 1965 } 1966 } 1967 if ((error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | 1968 DOINGASYNC(tvp)))) != 0) { 1969 (void)bwrite(bp); 1970 goto bad; 1971 } 1972 /* 1973 * Directory set up, now install its entry in the parent directory. 1974 * 1975 * If we are not doing soft dependencies, then we must write out the 1976 * buffer containing the new directory body before entering the new 1977 * name in the parent. If we are doing soft dependencies, then the 1978 * buffer containing the new directory body will be passed to and 1979 * released in the soft dependency code after the code has attached 1980 * an appropriate ordering dependency to the buffer which ensures that 1981 * the buffer is written before the new name is written in the parent. 1982 */ 1983 if (DOINGASYNC(dvp)) 1984 bdwrite(bp); 1985 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp)))) 1986 goto bad; 1987 ufs_makedirentry(ip, cnp, &newdir); 1988 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0); 1989 1990bad: 1991 if (error == 0) { 1992 *ap->a_vpp = tvp; 1993 } else { 1994 dp->i_effnlink--; 1995 dp->i_nlink--; 1996 DIP_SET(dp, i_nlink, dp->i_nlink); 1997 dp->i_flag |= IN_CHANGE; 1998 /* 1999 * No need to do an explicit VOP_TRUNCATE here, vrele will 2000 * do this for us because we set the link count to 0. 2001 */ 2002 ip->i_effnlink = 0; 2003 ip->i_nlink = 0; 2004 DIP_SET(ip, i_nlink, 0); 2005 ip->i_flag |= IN_CHANGE; 2006 if (DOINGSOFTDEP(tvp)) 2007 softdep_revert_mkdir(dp, ip); 2008 2009 vput(tvp); 2010 } 2011out: 2012 return (error); 2013} 2014 2015/* 2016 * Rmdir system call. 2017 */ 2018static int 2019ufs_rmdir(ap) 2020 struct vop_rmdir_args /* { 2021 struct vnode *a_dvp; 2022 struct vnode *a_vp; 2023 struct componentname *a_cnp; 2024 } */ *ap; 2025{ 2026 struct vnode *vp = ap->a_vp; 2027 struct vnode *dvp = ap->a_dvp; 2028 struct componentname *cnp = ap->a_cnp; 2029 struct inode *ip, *dp; 2030 int error; 2031 2032 ip = VTOI(vp); 2033 dp = VTOI(dvp); 2034 2035 /* 2036 * Do not remove a directory that is in the process of being renamed. 2037 * Verify the directory is empty (and valid). Rmdir ".." will not be 2038 * valid since ".." will contain a reference to the current directory 2039 * and thus be non-empty. Do not allow the removal of mounted on 2040 * directories (this can happen when an NFS exported filesystem 2041 * tries to remove a locally mounted on directory). 2042 */ 2043 error = 0; 2044 if (dp->i_effnlink <= 2) { 2045 if (dp->i_effnlink == 2) 2046 print_bad_link_count("ufs_rmdir", dvp); 2047 error = EINVAL; 2048 goto out; 2049 } 2050 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) { 2051 error = ENOTEMPTY; 2052 goto out; 2053 } 2054 if ((dp->i_flags & APPEND) 2055 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) { 2056 error = EPERM; 2057 goto out; 2058 } 2059 if (vp->v_mountedhere != 0) { 2060 error = EINVAL; 2061 goto out; 2062 } 2063#ifdef UFS_GJOURNAL 2064 ufs_gjournal_orphan(vp); 2065#endif 2066 /* 2067 * Delete reference to directory before purging 2068 * inode. If we crash in between, the directory 2069 * will be reattached to lost+found, 2070 */ 2071 dp->i_effnlink--; 2072 ip->i_effnlink--; 2073 if (DOINGSOFTDEP(vp)) 2074 softdep_setup_rmdir(dp, ip); 2075 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1); 2076 if (error) { 2077 dp->i_effnlink++; 2078 ip->i_effnlink++; 2079 if (DOINGSOFTDEP(vp)) 2080 softdep_revert_rmdir(dp, ip); 2081 goto out; 2082 } 2083 cache_purge(dvp); 2084 /* 2085 * The only stuff left in the directory is "." and "..". The "." 2086 * reference is inconsequential since we are quashing it. The soft 2087 * dependency code will arrange to do these operations after 2088 * the parent directory entry has been deleted on disk, so 2089 * when running with that code we avoid doing them now. 2090 */ 2091 if (!DOINGSOFTDEP(vp)) { 2092 dp->i_nlink--; 2093 DIP_SET(dp, i_nlink, dp->i_nlink); 2094 dp->i_flag |= IN_CHANGE; 2095 error = UFS_UPDATE(dvp, 0); 2096 ip->i_nlink--; 2097 DIP_SET(ip, i_nlink, ip->i_nlink); 2098 ip->i_flag |= IN_CHANGE; 2099 } 2100 cache_purge(vp); 2101#ifdef UFS_DIRHASH 2102 /* Kill any active hash; i_effnlink == 0, so it will not come back. */ 2103 if (ip->i_dirhash != NULL) 2104 ufsdirhash_free(ip); 2105#endif 2106out: 2107 return (error); 2108} 2109 2110/* 2111 * symlink -- make a symbolic link 2112 */ 2113static int 2114ufs_symlink(ap) 2115 struct vop_symlink_args /* { 2116 struct vnode *a_dvp; 2117 struct vnode **a_vpp; 2118 struct componentname *a_cnp; 2119 struct vattr *a_vap; 2120 char *a_target; 2121 } */ *ap; 2122{ 2123 struct vnode *vp, **vpp = ap->a_vpp; 2124 struct inode *ip; 2125 int len, error; 2126 2127 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp, 2128 vpp, ap->a_cnp, "ufs_symlink"); 2129 if (error) 2130 return (error); 2131 vp = *vpp; 2132 len = strlen(ap->a_target); 2133 if (len < vp->v_mount->mnt_maxsymlinklen) { 2134 ip = VTOI(vp); 2135 bcopy(ap->a_target, SHORTLINK(ip), len); 2136 ip->i_size = len; 2137 DIP_SET(ip, i_size, len); 2138 ip->i_flag |= IN_CHANGE | IN_UPDATE; 2139 error = UFS_UPDATE(vp, 0); 2140 } else 2141 error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0, 2142 UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, 2143 ap->a_cnp->cn_cred, NOCRED, NULL, NULL); 2144 if (error) 2145 vput(vp); 2146 return (error); 2147} 2148 2149/* 2150 * Vnode op for reading directories. 2151 */ 2152int 2153ufs_readdir(ap) 2154 struct vop_readdir_args /* { 2155 struct vnode *a_vp; 2156 struct uio *a_uio; 2157 struct ucred *a_cred; 2158 int *a_eofflag; 2159 int *a_ncookies; 2160 u_long **a_cookies; 2161 } */ *ap; 2162{ 2163 struct vnode *vp = ap->a_vp; 2164 struct uio *uio = ap->a_uio; 2165 struct buf *bp; 2166 struct inode *ip; 2167 struct direct *dp, *edp; 2168 u_long *cookies; 2169 struct dirent dstdp; 2170 off_t offset, startoffset; 2171 size_t readcnt, skipcnt; 2172 ssize_t startresid; 2173 int ncookies; 2174 int error; 2175 2176 if (uio->uio_offset < 0) 2177 return (EINVAL); 2178 ip = VTOI(vp); 2179 if (ip->i_effnlink == 0) 2180 return (0); 2181 if (ap->a_ncookies != NULL) { 2182 if (uio->uio_resid < 0) 2183 ncookies = 0; 2184 else 2185 ncookies = uio->uio_resid; 2186 if (uio->uio_offset >= ip->i_size) 2187 ncookies = 0; 2188 else if (ip->i_size - uio->uio_offset < ncookies) 2189 ncookies = ip->i_size - uio->uio_offset; 2190 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1; 2191 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK); 2192 *ap->a_ncookies = ncookies; 2193 *ap->a_cookies = cookies; 2194 } else { 2195 ncookies = 0; 2196 cookies = NULL; 2197 } 2198 offset = startoffset = uio->uio_offset; 2199 startresid = uio->uio_resid; 2200 error = 0; 2201 while (error == 0 && uio->uio_resid > 0 && 2202 uio->uio_offset < ip->i_size) { 2203 error = ffs_blkatoff(vp, uio->uio_offset, NULL, &bp); 2204 if (error) 2205 break; 2206 if (bp->b_offset + bp->b_bcount > ip->i_size) 2207 readcnt = ip->i_size - bp->b_offset; 2208 else 2209 readcnt = bp->b_bcount; 2210 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) & 2211 ~(size_t)(DIRBLKSIZ - 1); 2212 offset = bp->b_offset + skipcnt; 2213 dp = (struct direct *)&bp->b_data[skipcnt]; 2214 edp = (struct direct *)&bp->b_data[readcnt]; 2215 while (error == 0 && uio->uio_resid > 0 && dp < edp) { 2216 if (dp->d_reclen <= offsetof(struct direct, d_name) || 2217 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) { 2218 error = EIO; 2219 break; 2220 } 2221#if BYTE_ORDER == LITTLE_ENDIAN 2222 /* Old filesystem format. */ 2223 if (vp->v_mount->mnt_maxsymlinklen <= 0) { 2224 dstdp.d_namlen = dp->d_type; 2225 dstdp.d_type = dp->d_namlen; 2226 } else 2227#endif 2228 { 2229 dstdp.d_namlen = dp->d_namlen; 2230 dstdp.d_type = dp->d_type; 2231 } 2232 if (offsetof(struct direct, d_name) + dstdp.d_namlen > 2233 dp->d_reclen) { 2234 error = EIO; 2235 break; 2236 } 2237 if (offset < startoffset || dp->d_ino == 0) 2238 goto nextentry; 2239 dstdp.d_fileno = dp->d_ino; 2240 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); 2241 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); 2242 dstdp.d_name[dstdp.d_namlen] = '\0'; 2243 if (dstdp.d_reclen > uio->uio_resid) { 2244 if (uio->uio_resid == startresid) 2245 error = EINVAL; 2246 else 2247 error = EJUSTRETURN; 2248 break; 2249 } 2250 /* Advance dp. */ 2251 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio); 2252 if (error) 2253 break; 2254 if (cookies != NULL) { 2255 KASSERT(ncookies > 0, 2256 ("ufs_readdir: cookies buffer too small")); 2257 *cookies = offset + dp->d_reclen; 2258 cookies++; 2259 ncookies--; 2260 } 2261nextentry: 2262 offset += dp->d_reclen; 2263 dp = (struct direct *)((caddr_t)dp + dp->d_reclen); 2264 } 2265 bqrelse(bp); 2266 uio->uio_offset = offset; 2267 } 2268 /* We need to correct uio_offset. */ 2269 uio->uio_offset = offset; 2270 if (error == EJUSTRETURN) 2271 error = 0; 2272 if (ap->a_ncookies != NULL) { 2273 if (error == 0) { 2274 ap->a_ncookies -= ncookies; 2275 } else { 2276 free(*ap->a_cookies, M_TEMP); 2277 *ap->a_ncookies = 0; 2278 *ap->a_cookies = NULL; 2279 } 2280 } 2281 if (error == 0 && ap->a_eofflag) 2282 *ap->a_eofflag = ip->i_size <= uio->uio_offset; 2283 return (error); 2284} 2285 2286/* 2287 * Return target name of a symbolic link 2288 */ 2289static int 2290ufs_readlink(ap) 2291 struct vop_readlink_args /* { 2292 struct vnode *a_vp; 2293 struct uio *a_uio; 2294 struct ucred *a_cred; 2295 } */ *ap; 2296{ 2297 struct vnode *vp = ap->a_vp; 2298 struct inode *ip = VTOI(vp); 2299 doff_t isize; 2300 2301 isize = ip->i_size; 2302 if ((isize < vp->v_mount->mnt_maxsymlinklen) || 2303 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */ 2304 return (uiomove(SHORTLINK(ip), isize, ap->a_uio)); 2305 } 2306 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred)); 2307} 2308 2309/* 2310 * Calculate the logical to physical mapping if not done already, 2311 * then call the device strategy routine. 2312 * 2313 * In order to be able to swap to a file, the ufs_bmaparray() operation may not 2314 * deadlock on memory. See ufs_bmap() for details. 2315 */ 2316static int 2317ufs_strategy(ap) 2318 struct vop_strategy_args /* { 2319 struct vnode *a_vp; 2320 struct buf *a_bp; 2321 } */ *ap; 2322{ 2323 struct buf *bp = ap->a_bp; 2324 struct vnode *vp = ap->a_vp; 2325 struct bufobj *bo; 2326 struct inode *ip; 2327 ufs2_daddr_t blkno; 2328 int error; 2329 2330 ip = VTOI(vp); 2331 if (bp->b_blkno == bp->b_lblkno) { 2332 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL); 2333 bp->b_blkno = blkno; 2334 if (error) { 2335 bp->b_error = error; 2336 bp->b_ioflags |= BIO_ERROR; 2337 bufdone(bp); 2338 return (0); 2339 } 2340 if ((long)bp->b_blkno == -1) 2341 vfs_bio_clrbuf(bp); 2342 } 2343 if ((long)bp->b_blkno == -1) { 2344 bufdone(bp); 2345 return (0); 2346 } 2347 bp->b_iooffset = dbtob(bp->b_blkno); 2348 bo = ip->i_umbufobj; 2349 BO_STRATEGY(bo, bp); 2350 return (0); 2351} 2352 2353/* 2354 * Print out the contents of an inode. 2355 */ 2356static int 2357ufs_print(ap) 2358 struct vop_print_args /* { 2359 struct vnode *a_vp; 2360 } */ *ap; 2361{ 2362 struct vnode *vp = ap->a_vp; 2363 struct inode *ip = VTOI(vp); 2364 2365 printf("\tino %lu, on dev %s", (u_long)ip->i_number, 2366 devtoname(ip->i_dev)); 2367 if (vp->v_type == VFIFO) 2368 fifo_printinfo(vp); 2369 printf("\n"); 2370 return (0); 2371} 2372 2373/* 2374 * Close wrapper for fifos. 2375 * 2376 * Update the times on the inode then do device close. 2377 */ 2378static int 2379ufsfifo_close(ap) 2380 struct vop_close_args /* { 2381 struct vnode *a_vp; 2382 int a_fflag; 2383 struct ucred *a_cred; 2384 struct thread *a_td; 2385 } */ *ap; 2386{ 2387 struct vnode *vp = ap->a_vp; 2388 int usecount; 2389 2390 VI_LOCK(vp); 2391 usecount = vp->v_usecount; 2392 if (usecount > 1) 2393 ufs_itimes_locked(vp); 2394 VI_UNLOCK(vp); 2395 return (fifo_specops.vop_close(ap)); 2396} 2397 2398/* 2399 * Kqfilter wrapper for fifos. 2400 * 2401 * Fall through to ufs kqfilter routines if needed 2402 */ 2403static int 2404ufsfifo_kqfilter(ap) 2405 struct vop_kqfilter_args *ap; 2406{ 2407 int error; 2408 2409 error = fifo_specops.vop_kqfilter(ap); 2410 if (error) 2411 error = vfs_kqfilter(ap); 2412 return (error); 2413} 2414 2415/* 2416 * Return POSIX pathconf information applicable to fifos. 2417 */ 2418static int 2419ufsfifo_pathconf(ap) 2420 struct vop_pathconf_args /* { 2421 struct vnode *a_vp; 2422 int a_name; 2423 int *a_retval; 2424 } */ *ap; 2425{ 2426 2427 switch (ap->a_name) { 2428 case _PC_ACL_EXTENDED: 2429 case _PC_ACL_NFS4: 2430 case _PC_ACL_PATH_MAX: 2431 case _PC_MAC_PRESENT: 2432 return (ufs_pathconf(ap)); 2433 default: 2434 return (fifo_specops.vop_pathconf(ap)); 2435 } 2436 /* NOTREACHED */ 2437} 2438 2439/* 2440 * Return POSIX pathconf information applicable to ufs filesystems. 2441 */ 2442static int 2443ufs_pathconf(ap) 2444 struct vop_pathconf_args /* { 2445 struct vnode *a_vp; 2446 int a_name; 2447 int *a_retval; 2448 } */ *ap; 2449{ 2450 int error; 2451 2452 error = 0; 2453 switch (ap->a_name) { 2454 case _PC_LINK_MAX: 2455 *ap->a_retval = LINK_MAX; 2456 break; 2457 case _PC_NAME_MAX: 2458 *ap->a_retval = NAME_MAX; 2459 break; 2460 case _PC_PATH_MAX: 2461 *ap->a_retval = PATH_MAX; 2462 break; 2463 case _PC_PIPE_BUF: 2464 *ap->a_retval = PIPE_BUF; 2465 break; 2466 case _PC_CHOWN_RESTRICTED: 2467 *ap->a_retval = 1; 2468 break; 2469 case _PC_NO_TRUNC: 2470 *ap->a_retval = 1; 2471 break; 2472 case _PC_ACL_EXTENDED: 2473#ifdef UFS_ACL 2474 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) 2475 *ap->a_retval = 1; 2476 else 2477 *ap->a_retval = 0; 2478#else 2479 *ap->a_retval = 0; 2480#endif 2481 break; 2482 2483 case _PC_ACL_NFS4: 2484#ifdef UFS_ACL 2485 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) 2486 *ap->a_retval = 1; 2487 else 2488 *ap->a_retval = 0; 2489#else 2490 *ap->a_retval = 0; 2491#endif 2492 break; 2493 2494 case _PC_ACL_PATH_MAX: 2495#ifdef UFS_ACL 2496 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) 2497 *ap->a_retval = ACL_MAX_ENTRIES; 2498 else 2499 *ap->a_retval = 3; 2500#else 2501 *ap->a_retval = 3; 2502#endif 2503 break; 2504 case _PC_MAC_PRESENT: 2505#ifdef MAC 2506 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL) 2507 *ap->a_retval = 1; 2508 else 2509 *ap->a_retval = 0; 2510#else 2511 *ap->a_retval = 0; 2512#endif 2513 break; 2514 case _PC_MIN_HOLE_SIZE: 2515 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2516 break; 2517 case _PC_ASYNC_IO: 2518 /* _PC_ASYNC_IO should have been handled by upper layers. */ 2519 KASSERT(0, ("_PC_ASYNC_IO should not get here")); 2520 error = EINVAL; 2521 break; 2522 case _PC_PRIO_IO: 2523 *ap->a_retval = 0; 2524 break; 2525 case _PC_SYNC_IO: 2526 *ap->a_retval = 0; 2527 break; 2528 case _PC_ALLOC_SIZE_MIN: 2529 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; 2530 break; 2531 case _PC_FILESIZEBITS: 2532 *ap->a_retval = 64; 2533 break; 2534 case _PC_REC_INCR_XFER_SIZE: 2535 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2536 break; 2537 case _PC_REC_MAX_XFER_SIZE: 2538 *ap->a_retval = -1; /* means ``unlimited'' */ 2539 break; 2540 case _PC_REC_MIN_XFER_SIZE: 2541 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize; 2542 break; 2543 case _PC_REC_XFER_ALIGN: 2544 *ap->a_retval = PAGE_SIZE; 2545 break; 2546 case _PC_SYMLINK_MAX: 2547 *ap->a_retval = MAXPATHLEN; 2548 break; 2549 2550 default: 2551 error = EINVAL; 2552 break; 2553 } 2554 return (error); 2555} 2556 2557/* 2558 * Initialize the vnode associated with a new inode, handle aliased 2559 * vnodes. 2560 */ 2561int 2562ufs_vinit(mntp, fifoops, vpp) 2563 struct mount *mntp; 2564 struct vop_vector *fifoops; 2565 struct vnode **vpp; 2566{ 2567 struct inode *ip; 2568 struct vnode *vp; 2569 2570 vp = *vpp; 2571 ip = VTOI(vp); 2572 vp->v_type = IFTOVT(ip->i_mode); 2573 if (vp->v_type == VFIFO) 2574 vp->v_op = fifoops; 2575 ASSERT_VOP_LOCKED(vp, "ufs_vinit"); 2576 if (ip->i_number == ROOTINO) 2577 vp->v_vflag |= VV_ROOT; 2578 *vpp = vp; 2579 return (0); 2580} 2581 2582/* 2583 * Allocate a new inode. 2584 * Vnode dvp must be locked. 2585 */ 2586static int 2587ufs_makeinode(mode, dvp, vpp, cnp, callfunc) 2588 int mode; 2589 struct vnode *dvp; 2590 struct vnode **vpp; 2591 struct componentname *cnp; 2592 const char *callfunc; 2593{ 2594 struct inode *ip, *pdir; 2595 struct direct newdir; 2596 struct vnode *tvp; 2597 int error; 2598 2599 pdir = VTOI(dvp); 2600#ifdef INVARIANTS 2601 if ((cnp->cn_flags & HASBUF) == 0) 2602 panic("%s: no name", callfunc); 2603#endif 2604 *vpp = NULL; 2605 if ((mode & IFMT) == 0) 2606 mode |= IFREG; 2607 2608 if (pdir->i_effnlink < 2) { 2609 print_bad_link_count(callfunc, dvp); 2610 return (EINVAL); 2611 } 2612 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp); 2613 if (error) 2614 return (error); 2615 ip = VTOI(tvp); 2616 ip->i_gid = pdir->i_gid; 2617 DIP_SET(ip, i_gid, pdir->i_gid); 2618#ifdef SUIDDIR 2619 { 2620#ifdef QUOTA 2621 struct ucred ucred, *ucp; 2622 gid_t ucred_group; 2623 ucp = cnp->cn_cred; 2624#endif 2625 /* 2626 * If we are not the owner of the directory, 2627 * and we are hacking owners here, (only do this where told to) 2628 * and we are not giving it TO root, (would subvert quotas) 2629 * then go ahead and give it to the other user. 2630 * Note that this drops off the execute bits for security. 2631 */ 2632 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) && 2633 (pdir->i_mode & ISUID) && 2634 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) { 2635 ip->i_uid = pdir->i_uid; 2636 DIP_SET(ip, i_uid, ip->i_uid); 2637 mode &= ~07111; 2638#ifdef QUOTA 2639 /* 2640 * Make sure the correct user gets charged 2641 * for the space. 2642 * Quickly knock up a dummy credential for the victim. 2643 * XXX This seems to never be accessed out of our 2644 * context so a stack variable is ok. 2645 */ 2646 refcount_init(&ucred.cr_ref, 1); 2647 ucred.cr_uid = ip->i_uid; 2648 ucred.cr_ngroups = 1; 2649 ucred.cr_groups = &ucred_group; 2650 ucred.cr_groups[0] = pdir->i_gid; 2651 ucp = &ucred; 2652#endif 2653 } else { 2654 ip->i_uid = cnp->cn_cred->cr_uid; 2655 DIP_SET(ip, i_uid, ip->i_uid); 2656 } 2657 2658#ifdef QUOTA 2659 if ((error = getinoquota(ip)) || 2660 (error = chkiq(ip, 1, ucp, 0))) { 2661 if (DOINGSOFTDEP(tvp)) 2662 softdep_revert_link(pdir, ip); 2663 UFS_VFREE(tvp, ip->i_number, mode); 2664 vput(tvp); 2665 return (error); 2666 } 2667#endif 2668 } 2669#else /* !SUIDDIR */ 2670 ip->i_uid = cnp->cn_cred->cr_uid; 2671 DIP_SET(ip, i_uid, ip->i_uid); 2672#ifdef QUOTA 2673 if ((error = getinoquota(ip)) || 2674 (error = chkiq(ip, 1, cnp->cn_cred, 0))) { 2675 if (DOINGSOFTDEP(tvp)) 2676 softdep_revert_link(pdir, ip); 2677 UFS_VFREE(tvp, ip->i_number, mode); 2678 vput(tvp); 2679 return (error); 2680 } 2681#endif 2682#endif /* !SUIDDIR */ 2683 ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; 2684 ip->i_mode = mode; 2685 DIP_SET(ip, i_mode, mode); 2686 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ 2687 ip->i_effnlink = 1; 2688 ip->i_nlink = 1; 2689 DIP_SET(ip, i_nlink, 1); 2690 if (DOINGSOFTDEP(tvp)) 2691 softdep_setup_create(VTOI(dvp), ip); 2692 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && 2693 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { 2694 ip->i_mode &= ~ISGID; 2695 DIP_SET(ip, i_mode, ip->i_mode); 2696 } 2697 2698 if (cnp->cn_flags & ISWHITEOUT) { 2699 ip->i_flags |= UF_OPAQUE; 2700 DIP_SET(ip, i_flags, ip->i_flags); 2701 } 2702 2703 /* 2704 * Make sure inode goes to disk before directory entry. 2705 */ 2706 error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); 2707 if (error) 2708 goto bad; 2709#ifdef MAC 2710 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) { 2711 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount, 2712 dvp, tvp, cnp); 2713 if (error) 2714 goto bad; 2715 } 2716#endif 2717#ifdef UFS_ACL 2718 if (dvp->v_mount->mnt_flag & MNT_ACLS) { 2719 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode, 2720 cnp->cn_cred, cnp->cn_thread); 2721 if (error) 2722 goto bad; 2723 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) { 2724 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode, 2725 cnp->cn_cred, cnp->cn_thread); 2726 if (error) 2727 goto bad; 2728 } 2729#endif /* !UFS_ACL */ 2730 ufs_makedirentry(ip, cnp, &newdir); 2731 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0); 2732 if (error) 2733 goto bad; 2734 *vpp = tvp; 2735 return (0); 2736 2737bad: 2738 /* 2739 * Write error occurred trying to update the inode 2740 * or the directory so must deallocate the inode. 2741 */ 2742 ip->i_effnlink = 0; 2743 ip->i_nlink = 0; 2744 DIP_SET(ip, i_nlink, 0); 2745 ip->i_flag |= IN_CHANGE; 2746 if (DOINGSOFTDEP(tvp)) 2747 softdep_revert_create(VTOI(dvp), ip); 2748 vput(tvp); 2749 return (error); 2750} 2751 2752static int 2753ufs_ioctl(struct vop_ioctl_args *ap) 2754{ 2755 2756 switch (ap->a_command) { 2757 case FIOSEEKDATA: 2758 case FIOSEEKHOLE: 2759 return (vn_bmap_seekhole(ap->a_vp, ap->a_command, 2760 (off_t *)ap->a_data, ap->a_cred)); 2761 default: 2762 return (ENOTTY); 2763 } 2764} 2765 2766/* Global vfs data structures for ufs. */ 2767struct vop_vector ufs_vnodeops = { 2768 .vop_default = &default_vnodeops, 2769 .vop_fsync = VOP_PANIC, 2770 .vop_read = VOP_PANIC, 2771 .vop_reallocblks = VOP_PANIC, 2772 .vop_write = VOP_PANIC, 2773 .vop_accessx = ufs_accessx, 2774 .vop_bmap = ufs_bmap, 2775 .vop_cachedlookup = ufs_lookup, 2776 .vop_close = ufs_close, 2777 .vop_create = ufs_create, 2778 .vop_getattr = ufs_getattr, 2779 .vop_inactive = ufs_inactive, 2780 .vop_ioctl = ufs_ioctl, 2781 .vop_link = ufs_link, 2782 .vop_lookup = vfs_cache_lookup, 2783 .vop_markatime = ufs_markatime, 2784 .vop_mkdir = ufs_mkdir, 2785 .vop_mknod = ufs_mknod, 2786 .vop_open = ufs_open, 2787 .vop_pathconf = ufs_pathconf, 2788 .vop_poll = vop_stdpoll, 2789 .vop_print = ufs_print, 2790 .vop_readdir = ufs_readdir, 2791 .vop_readlink = ufs_readlink, 2792 .vop_reclaim = ufs_reclaim, 2793 .vop_remove = ufs_remove, 2794 .vop_rename = ufs_rename, 2795 .vop_rmdir = ufs_rmdir, 2796 .vop_setattr = ufs_setattr, 2797#ifdef MAC 2798 .vop_setlabel = vop_stdsetlabel_ea, 2799#endif 2800 .vop_strategy = ufs_strategy, 2801 .vop_symlink = ufs_symlink, 2802 .vop_whiteout = ufs_whiteout, 2803#ifdef UFS_EXTATTR 2804 .vop_getextattr = ufs_getextattr, 2805 .vop_deleteextattr = ufs_deleteextattr, 2806 .vop_setextattr = ufs_setextattr, 2807#endif 2808#ifdef UFS_ACL 2809 .vop_getacl = ufs_getacl, 2810 .vop_setacl = ufs_setacl, 2811 .vop_aclcheck = ufs_aclcheck, 2812#endif 2813}; 2814 2815struct vop_vector ufs_fifoops = { 2816 .vop_default = &fifo_specops, 2817 .vop_fsync = VOP_PANIC, 2818 .vop_accessx = ufs_accessx, 2819 .vop_close = ufsfifo_close, 2820 .vop_getattr = ufs_getattr, 2821 .vop_inactive = ufs_inactive, 2822 .vop_kqfilter = ufsfifo_kqfilter, 2823 .vop_markatime = ufs_markatime, 2824 .vop_pathconf = ufsfifo_pathconf, 2825 .vop_print = ufs_print, 2826 .vop_read = VOP_PANIC, 2827 .vop_reclaim = ufs_reclaim, 2828 .vop_setattr = ufs_setattr, 2829#ifdef MAC 2830 .vop_setlabel = vop_stdsetlabel_ea, 2831#endif 2832 .vop_write = VOP_PANIC, 2833#ifdef UFS_EXTATTR 2834 .vop_getextattr = ufs_getextattr, 2835 .vop_deleteextattr = ufs_deleteextattr, 2836 .vop_setextattr = ufs_setextattr, 2837#endif 2838#ifdef UFS_ACL 2839 .vop_getacl = ufs_getacl, 2840 .vop_setacl = ufs_setacl, 2841 .vop_aclcheck = ufs_aclcheck, 2842#endif 2843}; 2844