2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
35 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
38 #include <sys/param.h>
39 #include <sys/systm.h>
42 #include <sys/sysent.h>
43 #include <sys/malloc.h>
44 #include <sys/mount.h>
45 #include <sys/mountctl.h>
46 #include <sys/sysproto.h>
47 #include <sys/filedesc.h>
48 #include <sys/kernel.h>
49 #include <sys/fcntl.h>
51 #include <sys/linker.h>
53 #include <sys/unistd.h>
54 #include <sys/vnode.h>
58 #include <sys/namei.h>
59 #include <sys/nlookup.h>
60 #include <sys/dirent.h>
61 #include <sys/extattr.h>
62 #include <sys/spinlock.h>
63 #include <sys/kern_syscall.h>
64 #include <sys/objcache.h>
65 #include <sys/sysctl.h>
68 #include <sys/file2.h>
69 #include <sys/spinlock2.h>
72 #include <vm/vm_object.h>
73 #include <vm/vm_page.h>
75 #include <machine/limits.h>
76 #include <machine/stdarg.h>
78 static void mount_warning(struct mount *mp, const char *ctl, ...)
80 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
81 static int checkvp_chdir (struct vnode *vn, struct thread *td);
82 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
83 static int get_fspriv(const char *);
84 static int chroot_refuse_vdir_fds (thread_t td, struct filedesc *fdp);
85 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
86 static int getutimes (struct timeval *, struct timespec *);
87 static int getutimens (const struct timespec *, struct timespec *, int *);
88 static int setfown (struct mount *, struct vnode *, uid_t, gid_t);
89 static int setfmode (struct vnode *, int);
90 static int setfflags (struct vnode *, u_long);
91 static int setutimes (struct vnode *, struct vattr *,
92 const struct timespec *, int);
94 static int usermount = 0; /* if 1, non-root can mount fs. */
95 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
96 "Allow non-root users to mount filesystems");
98 static int debug_unmount = 0; /* if 1 loop until unmount success */
99 SYSCTL_INT(_vfs, OID_AUTO, debug_unmount, CTLFLAG_RW, &debug_unmount, 0,
100 "Stall failed unmounts in loop");
102 * Virtual File System System Calls
106 * Mount a file system.
108 * mount_args(char *type, char *path, int flags, caddr_t data)
113 sys_mount(struct mount_args *uap)
115 struct thread *td = curthread;
118 struct mount *mp, *nullmp;
119 struct vfsconf *vfsp;
120 int error, flag = 0, flag2 = 0;
124 struct nlookupdata nd;
125 char fstypename[MFSNAMELEN];
130 /* We do not allow user mounts inside a jail for now */
131 if (usermount && jailed(cred)) {
137 * Extract the file system type. We need to know this early, to take
138 * appropriate actions for jails and nullfs mounts.
140 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0)
144 * Select the correct priv according to the file system type.
146 priv = get_fspriv(fstypename);
148 if (usermount == 0 && (error = priv_check(td, priv)))
152 * Do not allow NFS export by non-root users.
154 if (uap->flags & MNT_EXPORTED) {
155 error = priv_check(td, priv);
160 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
162 if (priv_check(td, priv))
163 uap->flags |= MNT_NOSUID | MNT_NODEV;
166 * Lookup the requested path and extract the nch and vnode.
168 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
170 if ((error = nlookup(&nd)) == 0) {
171 if (nd.nl_nch.ncp->nc_vp == NULL)
181 * If the target filesystem is resolved via a nullfs mount, then
182 * nd.nl_nch.mount will be pointing to the nullfs mount structure
183 * instead of the target file system. We need it in case we are
186 nullmp = nd.nl_nch.mount;
189 * Extract the locked+refd ncp and cleanup the nd structure
192 cache_zero(&nd.nl_nch);
195 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
196 (mp = cache_findmount(&nch)) != NULL) {
205 * now we have the locked ref'd nch and unreferenced vnode.
208 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
215 * Now we have an unlocked ref'd nch and a locked ref'd vp
217 if (uap->flags & MNT_UPDATE) {
218 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
225 if (strncmp(fstypename, "null", 5) == 0) {
233 flag2 = mp->mnt_kern_flag;
235 * We only allow the filesystem to be reloaded if it
236 * is currently mounted read-only.
238 if ((uap->flags & MNT_RELOAD) &&
239 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
242 error = EOPNOTSUPP; /* Needs translation */
246 * Only root, or the user that did the original mount is
247 * permitted to update it.
249 if (mp->mnt_stat.f_owner != cred->cr_uid &&
250 (error = priv_check(td, priv))) {
255 if (vfs_busy(mp, LK_NOWAIT)) {
269 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
270 lwkt_gettoken(&mp->mnt_token);
277 * If the user is not root, ensure that they own the directory
278 * onto which we are attempting to mount.
280 if ((error = VOP_GETATTR(vp, &va)) ||
281 (va.va_uid != cred->cr_uid &&
282 (error = priv_check(td, priv)))) {
287 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
292 if (vp->v_type != VDIR) {
298 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
304 vfsp = vfsconf_find_by_name(fstypename);
308 /* Only load modules for root (very important!) */
309 if ((error = priv_check(td, PRIV_ROOT)) != 0) {
314 error = linker_load_file(fstypename, &lf);
315 if (error || lf == NULL) {
323 /* lookup again, see if the VFS was loaded */
324 vfsp = vfsconf_find_by_name(fstypename);
327 linker_file_unload(lf);
342 * Allocate and initialize the filesystem.
344 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
345 mount_init(mp, vfsp->vfc_vfsops);
346 vfs_busy(mp, LK_NOWAIT);
348 mp->mnt_pbuf_count = nswbuf_kva / NSWBUF_SPLIT;
349 vfsp->vfc_refcount++;
350 mp->mnt_stat.f_type = vfsp->vfc_typenum;
351 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
352 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
353 mp->mnt_stat.f_owner = cred->cr_uid;
354 lwkt_gettoken(&mp->mnt_token);
358 * (per-mount token acquired at this point)
360 * Set the mount level flags.
362 if (uap->flags & MNT_RDONLY)
363 mp->mnt_flag |= MNT_RDONLY;
364 else if (mp->mnt_flag & MNT_RDONLY)
365 mp->mnt_kern_flag |= MNTK_WANTRDWR;
366 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
367 MNT_SYNCHRONOUS | MNT_ASYNC | MNT_NOATIME |
368 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
369 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
371 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
372 MNT_NODEV | MNT_SYNCHRONOUS | MNT_ASYNC | MNT_FORCE |
373 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
374 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
378 * Pre-set the mount's ALL_MPSAFE flags if specified in the vfsconf.
379 * This way the initial VFS_MOUNT() call will also be MPSAFE.
381 if (vfsp->vfc_flags & VFCF_MPSAFE)
382 mp->mnt_kern_flag |= MNTK_ALL_MPSAFE;
385 * Mount the filesystem.
386 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
389 if (mp->mnt_flag & MNT_UPDATE) {
390 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
391 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
392 mp->mnt_flag &= ~MNT_RDONLY;
393 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
394 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
397 mp->mnt_kern_flag = flag2;
399 lwkt_reltoken(&mp->mnt_token);
405 mp->mnt_ncmounton = nch;
406 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
407 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
410 * Put the new filesystem on the mount list after root. The mount
411 * point gets its own mnt_ncmountpt (unless the VFS already set one
412 * up) which represents the root of the mount. The lookup code
413 * detects the mount point going forward and checks the root of
414 * the mount going backwards.
416 * It is not necessary to invalidate or purge the vnode underneath
417 * because elements under the mount will be given their own glue
421 if (mp->mnt_ncmountpt.ncp == NULL) {
423 * Allocate, then unlock, but leave the ref intact.
424 * This is the mnt_refs (1) that we will retain
425 * through to the unmount.
427 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
428 cache_unlock(&mp->mnt_ncmountpt);
432 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
434 cache_ismounting(mp);
435 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
437 mountlist_insert(mp, MNTINS_LAST);
439 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
440 error = vfs_allocate_syncvnode(mp);
441 lwkt_reltoken(&mp->mnt_token);
443 error = VFS_START(mp, 0);
445 KNOTE(&fs_klist, VQ_MOUNT);
447 bzero(&mp->mnt_ncmounton, sizeof(mp->mnt_ncmounton));
448 vn_syncer_thr_stop(mp);
449 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
450 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
451 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
452 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
453 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
455 crfree(mp->mnt_cred);
458 mp->mnt_vfc->vfc_refcount--;
459 lwkt_reltoken(&mp->mnt_token);
470 * Scan all active processes to see if any of them have a current
471 * or root directory onto which the new filesystem has just been
472 * mounted. If so, replace them with the new mount point.
474 * Both old_nch and new_nch are ref'd on call but not locked.
475 * new_nch must be temporarily locked so it can be associated with the
476 * vnode representing the root of the mount point.
478 struct checkdirs_info {
479 struct nchandle old_nch;
480 struct nchandle new_nch;
481 struct vnode *old_vp;
482 struct vnode *new_vp;
485 static int checkdirs_callback(struct proc *p, void *data);
488 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
490 struct checkdirs_info info;
496 * If the old mount point's vnode has a usecount of 1, it is not
497 * being held as a descriptor anywhere.
499 olddp = old_nch->ncp->nc_vp;
500 if (olddp == NULL || VREFCNT(olddp) == 1)
504 * Force the root vnode of the new mount point to be resolved
505 * so we can update any matching processes.
508 if (VFS_ROOT(mp, &newdp))
509 panic("mount: lost mount");
512 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY);
513 cache_setunresolved(new_nch);
514 cache_setvp(new_nch, newdp);
515 cache_unlock(new_nch);
518 * Special handling of the root node
520 if (rootvnode == olddp) {
522 vfs_cache_setroot(newdp, cache_hold(new_nch));
526 * Pass newdp separately so the callback does not have to access
527 * it via new_nch->ncp->nc_vp.
529 info.old_nch = *old_nch;
530 info.new_nch = *new_nch;
532 allproc_scan(checkdirs_callback, &info, 0);
537 * NOTE: callback is not MP safe because the scanned process's filedesc
538 * structure can be ripped out from under us, amoung other things.
541 checkdirs_callback(struct proc *p, void *data)
543 struct checkdirs_info *info = data;
544 struct filedesc *fdp;
545 struct nchandle ncdrop1;
546 struct nchandle ncdrop2;
547 struct vnode *vprele1;
548 struct vnode *vprele2;
550 if ((fdp = p->p_fd) != NULL) {
551 cache_zero(&ncdrop1);
552 cache_zero(&ncdrop2);
557 * MPUNSAFE - XXX fdp can be pulled out from under a
560 * A shared filedesc is ok, we don't have to copy it
561 * because we are making this change globally.
563 spin_lock(&fdp->fd_spin);
564 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
565 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
566 vprele1 = fdp->fd_cdir;
568 fdp->fd_cdir = info->new_vp;
569 ncdrop1 = fdp->fd_ncdir;
570 cache_copy(&info->new_nch, &fdp->fd_ncdir);
572 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
573 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
574 vprele2 = fdp->fd_rdir;
576 fdp->fd_rdir = info->new_vp;
577 ncdrop2 = fdp->fd_nrdir;
578 cache_copy(&info->new_nch, &fdp->fd_nrdir);
580 spin_unlock(&fdp->fd_spin);
582 cache_drop(&ncdrop1);
584 cache_drop(&ncdrop2);
594 * Unmount a file system.
596 * Note: unmount takes a path to the vnode mounted on as argument,
597 * not special file (as before).
599 * umount_args(char *path, int flags)
604 sys_unmount(struct unmount_args *uap)
606 struct thread *td = curthread;
607 struct proc *p __debugvar = td->td_proc;
608 struct mount *mp = NULL;
609 struct nlookupdata nd;
610 char fstypename[MFSNAMELEN];
619 /* We do not allow user umounts inside a jail for now */
620 if (usermount && jailed(cred)) {
625 error = nlookup_init(&nd, uap->path, UIO_USERSPACE,
626 NLC_FOLLOW | NLC_IGNBADDIR);
628 error = nlookup(&nd);
632 mp = nd.nl_nch.mount;
634 /* Figure out the fsname in order to select proper privs */
635 ksnprintf(fstypename, MFSNAMELEN, "%s", mp->mnt_vfc->vfc_name);
636 priv = get_fspriv(fstypename);
638 if (usermount == 0 && (error = priv_check(td, priv))) {
644 * Only root, or the user that did the original mount is
645 * permitted to unmount this filesystem.
647 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
648 (error = priv_check(td, priv)))
652 * Don't allow unmounting the root file system.
654 if (mp->mnt_flag & MNT_ROOTFS) {
660 * Must be the root of the filesystem
662 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
667 /* Check if this mount belongs to this prison */
668 if (jailed(cred) && mp->mnt_cred && (!mp->mnt_cred->cr_prison ||
669 mp->mnt_cred->cr_prison != cred->cr_prison)) {
670 kprintf("mountpoint %s does not belong to this jail\n",
677 * If no error try to issue the unmount. We lose our cache
678 * ref when we call nlookup_done so we must hold the mount point
679 * to prevent use-after-free races.
685 error = dounmount(mp, uap->flags, 0);
695 * Do the actual file system unmount (interlocked against the mountlist
696 * token and mp->mnt_token).
699 dounmount_interlock(struct mount *mp)
701 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
703 mp->mnt_kern_flag |= MNTK_UNMOUNT;
708 unmount_allproc_cb(struct proc *p, void *arg)
712 if (p->p_textnch.ncp == NULL)
715 mp = (struct mount *)arg;
716 if (p->p_textnch.mount == mp)
717 cache_drop(&p->p_textnch);
723 * The guts of the unmount code. The mount owns one ref and one hold
724 * count. If we successfully interlock the unmount, those refs are ours.
725 * (The ref is from mnt_ncmountpt).
727 * When halting we shortcut certain mount types such as devfs by not actually
728 * issuing the VFS_SYNC() or VFS_UNMOUNT(). They are still disconnected
729 * from the mountlist so higher-level filesytems can unmount cleanly.
731 * The mount types that allow QUICKHALT are: devfs, tmpfs, procfs.
734 dounmount(struct mount *mp, int flags, int halting)
736 struct namecache *ncp;
747 lwkt_gettoken(&mp->mnt_token);
750 * When halting, certain mount points can essentially just
751 * be unhooked and otherwise ignored.
753 if (halting && (mp->mnt_kern_flag & MNTK_QUICKHALT)) {
762 * Exclusive access for unmounting purposes.
764 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
768 * We now 'own' the last mp->mnt_refs
770 * Allow filesystems to detect that a forced unmount is in progress.
772 if (flags & MNT_FORCE)
773 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
774 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_TIMELOCK);
775 error = lockmgr(&mp->mnt_lock, lflags);
777 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
778 if (mp->mnt_kern_flag & MNTK_MWAIT) {
779 mp->mnt_kern_flag &= ~MNTK_MWAIT;
785 if (mp->mnt_flag & MNT_EXPUBLIC)
786 vfs_setpublicfs(NULL, NULL, NULL);
788 vfs_msync(mp, MNT_WAIT);
789 async_flag = mp->mnt_flag & MNT_ASYNC;
790 mp->mnt_flag &=~ MNT_ASYNC;
793 * Decomission our special mnt_syncer vnode. This also stops
794 * the vnlru code. If we are unable to unmount we recommission
797 * Then sync the filesystem.
799 if ((vp = mp->mnt_syncer) != NULL) {
800 mp->mnt_syncer = NULL;
801 atomic_set_int(&vp->v_refcnt, VREF_FINALIZE);
807 * Sync normally-mounted filesystem.
809 if (quickhalt == 0) {
810 if ((mp->mnt_flag & MNT_RDONLY) == 0)
811 VFS_SYNC(mp, MNT_WAIT);
815 * nchandle records ref the mount structure. Expect a count of 1
816 * (our mount->mnt_ncmountpt).
818 * Scans can get temporary refs on a mountpoint (thought really
819 * heavy duty stuff like cache_findmount() do not).
821 for (retry = 0; (retry < 10 || debug_unmount); ++retry) {
823 * Invalidate the namecache topology under the mount.
824 * nullfs mounts alias a real mount's namecache topology
825 * and it should not be invalidated in that case.
827 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
828 cache_lock(&mp->mnt_ncmountpt);
829 cache_inval(&mp->mnt_ncmountpt,
830 CINV_DESTROY|CINV_CHILDREN);
831 cache_unlock(&mp->mnt_ncmountpt);
837 cache_unmounting(mp);
838 if (mp->mnt_refs != 1)
839 cache_clearmntcache();
842 * Break out if we are good. Don't count ncp refs if the
845 ncp = (mp->mnt_kern_flag & MNTK_NCALIASED) ?
846 NULL : mp->mnt_ncmountpt.ncp;
847 if (mp->mnt_refs == 1 &&
848 (ncp == NULL || (ncp->nc_refs == 1 &&
849 TAILQ_FIRST(&ncp->nc_list) == NULL))) {
854 * If forcing the unmount, clean out any p->p_textnch
855 * nchandles that match this mount.
857 if (flags & MNT_FORCE)
858 allproc_scan(&unmount_allproc_cb, mp, 0);
863 tsleep(&mp->mnt_refs, 0, "mntbsy", hz / 10 + 1);
864 if ((retry & 15) == 15) {
866 "(%p) debug - retry %d, "
867 "%d namecache refs, %d mount refs",
869 (ncp ? ncp->nc_refs - 1 : 0),
875 ncp = (mp->mnt_kern_flag & MNTK_NCALIASED) ?
876 NULL : mp->mnt_ncmountpt.ncp;
877 if (mp->mnt_refs != 1 ||
878 (ncp != NULL && (ncp->nc_refs != 1 ||
879 TAILQ_FIRST(&ncp->nc_list)))) {
881 "(%p): %d namecache refs, %d mount refs "
884 (ncp ? ncp->nc_refs - 1 : 0),
886 if (flags & MNT_FORCE) {
888 mount_warning(mp, "forcing unmount\n");
895 * So far so good, sync the filesystem once more and
896 * call the VFS unmount code if the sync succeeds.
898 if (error == 0 && quickhalt == 0) {
899 if (mp->mnt_flag & MNT_RDONLY) {
900 error = VFS_UNMOUNT(mp, flags);
902 error = VFS_SYNC(mp, MNT_WAIT);
903 if (error == 0 || /* no error */
904 error == EOPNOTSUPP || /* no sync avail */
905 (flags & MNT_FORCE)) { /* force anyway */
906 error = VFS_UNMOUNT(mp, flags);
911 "(%p) unmount: vfs refused to unmount, "
918 * If an error occurred we can still recover, restoring the
919 * syncer vnode and misc flags.
922 if (mp->mnt_syncer == NULL && hadsyncer)
923 vfs_allocate_syncvnode(mp);
924 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
925 mp->mnt_flag |= async_flag;
926 lockmgr(&mp->mnt_lock, LK_RELEASE);
927 if (mp->mnt_kern_flag & MNTK_MWAIT) {
928 mp->mnt_kern_flag &= ~MNTK_MWAIT;
934 * Clean up any journals still associated with the mount after
935 * filesystem activity has ceased.
937 journal_remove_all_journals(mp,
938 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
940 mountlist_remove(mp);
943 * Remove any installed vnode ops here so the individual VFSs don't
946 * mnt_refs should go to zero when we scrap mnt_ncmountpt.
948 * When quickhalting we have to keep these intact because the
949 * underlying vnodes have not been destroyed, and some might be
952 if (quickhalt == 0) {
953 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
954 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
955 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
956 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
957 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
960 if (mp->mnt_ncmountpt.ncp != NULL) {
961 nch = mp->mnt_ncmountpt;
962 cache_zero(&mp->mnt_ncmountpt);
963 cache_clrmountpt(&nch);
966 if (mp->mnt_ncmounton.ncp != NULL) {
967 cache_unmounting(mp);
968 nch = mp->mnt_ncmounton;
969 cache_zero(&mp->mnt_ncmounton);
970 cache_clrmountpt(&nch);
975 crfree(mp->mnt_cred);
979 mp->mnt_vfc->vfc_refcount--;
982 * If not quickhalting the mount, we expect there to be no
985 if (quickhalt == 0 && !TAILQ_EMPTY(&mp->mnt_nvnodelist))
986 panic("unmount: dangling vnode");
991 lockmgr(&mp->mnt_lock, LK_RELEASE);
992 if (mp->mnt_kern_flag & MNTK_MWAIT) {
993 mp->mnt_kern_flag &= ~MNTK_MWAIT;
998 * If we reach here and freeok != 0 we must free the mount.
999 * mnt_refs should already have dropped to 0, so if it is not
1000 * zero we must cycle the caches and wait.
1002 * When we are satisfied that the mount has disconnected we can
1003 * drop the hold on the mp that represented the mount (though the
1004 * caller might actually have another, so the caller's drop may
1005 * do the actual free).
1008 if (mp->mnt_refs > 0)
1009 cache_clearmntcache();
1010 while (mp->mnt_refs > 0) {
1011 cache_unmounting(mp);
1013 tsleep(&mp->mnt_refs, 0, "umntrwait", hz / 10 + 1);
1014 cache_clearmntcache();
1016 lwkt_reltoken(&mp->mnt_token);
1020 cache_clearmntcache();
1023 KNOTE(&fs_klist, VQ_UNMOUNT);
1026 lwkt_reltoken(&mp->mnt_token);
1032 mount_warning(struct mount *mp, const char *ctl, ...)
1038 __va_start(va, ctl);
1039 if (cache_fullpath(NULL, &mp->mnt_ncmounton, NULL,
1040 &ptr, &buf, 0) == 0) {
1041 kprintf("unmount(%s): ", ptr);
1046 kprintf("unmount(%p", mp);
1047 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
1048 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
1057 * Shim cache_fullpath() to handle the case where a process is chrooted into
1058 * a subdirectory of a mount. In this case if the root mount matches the
1059 * process root directory's mount we have to specify the process's root
1060 * directory instead of the mount point, because the mount point might
1061 * be above the root directory.
1065 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
1067 struct nchandle *nch;
1069 if (p && p->p_fd->fd_nrdir.mount == mp)
1070 nch = &p->p_fd->fd_nrdir;
1072 nch = &mp->mnt_ncmountpt;
1073 return(cache_fullpath(p, nch, NULL, rb, fb, 0));
1077 * Sync each mounted filesystem.
1081 static int syncprt = 0;
1082 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
1085 static int sync_callback(struct mount *mp, void *data);
1088 sys_sync(struct sync_args *uap)
1090 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
1096 sync_callback(struct mount *mp, void *data __unused)
1100 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
1101 lwkt_gettoken(&mp->mnt_token);
1102 asyncflag = mp->mnt_flag & MNT_ASYNC;
1103 mp->mnt_flag &= ~MNT_ASYNC;
1104 lwkt_reltoken(&mp->mnt_token);
1105 vfs_msync(mp, MNT_NOWAIT);
1106 VFS_SYNC(mp, MNT_NOWAIT);
1107 lwkt_gettoken(&mp->mnt_token);
1108 mp->mnt_flag |= asyncflag;
1109 lwkt_reltoken(&mp->mnt_token);
1114 /* XXX PRISON: could be per prison flag */
1115 static int prison_quotas;
1117 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
1121 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
1123 * Change filesystem quotas.
1128 sys_quotactl(struct quotactl_args *uap)
1130 struct nlookupdata nd;
1136 if (td->td_ucred->cr_prison && !prison_quotas) {
1141 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1143 error = nlookup(&nd);
1145 mp = nd.nl_nch.mount;
1146 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
1147 uap->arg, nd.nl_cred);
1155 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
1156 * void *buf, int buflen)
1158 * This function operates on a mount point and executes the specified
1159 * operation using the specified control data, and possibly returns data.
1161 * The actual number of bytes stored in the result buffer is returned, 0
1162 * if none, otherwise an error is returned.
1167 sys_mountctl(struct mountctl_args *uap)
1169 struct thread *td = curthread;
1177 * Sanity and permissions checks. We must be root.
1179 if (td->td_ucred->cr_prison != NULL)
1181 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
1182 (error = priv_check(td, PRIV_ROOT)) != 0)
1186 * Argument length checks
1188 if (uap->ctllen < 0 || uap->ctllen > 1024)
1190 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
1192 if (uap->path == NULL)
1196 * Allocate the necessary buffers and copyin data
1198 path = objcache_get(namei_oc, M_WAITOK);
1199 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
1204 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
1205 error = copyin(uap->ctl, ctl, uap->ctllen);
1210 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1213 * Validate the descriptor
1216 fp = holdfp(td, uap->fd, -1);
1226 * Execute the internal kernel function and clean up.
1228 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen,
1229 buf, uap->buflen, &uap->sysmsg_result);
1231 dropfp(td, uap->fd, fp);
1232 if (error == 0 && uap->sysmsg_result > 0)
1233 error = copyout(buf, uap->buf, uap->sysmsg_result);
1236 objcache_put(namei_oc, path);
1245 * Execute a mount control operation by resolving the path to a mount point
1246 * and calling vop_mountctl().
1248 * Use the mount point from the nch instead of the vnode so nullfs mounts
1249 * can properly spike the VOP.
1252 kern_mountctl(const char *path, int op, struct file *fp,
1253 const void *ctl, int ctllen,
1254 void *buf, int buflen, int *res)
1257 struct nlookupdata nd;
1258 struct nchandle nch;
1264 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1267 error = nlookup(&nd);
1272 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1279 * Yes, all this is needed to use the nch.mount below, because
1280 * we must maintain a ref on the mount to avoid ripouts (e.g.
1281 * due to heavy mount/unmount use by synth or poudriere).
1284 cache_zero(&nd.nl_nch);
1292 * Must be the root of the filesystem
1294 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1299 if (mp == NULL || mp->mnt_kern_flag & MNTK_UNMOUNT) {
1300 kprintf("kern_mountctl: Warning, \"%s\" racing unmount\n",
1306 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1315 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1317 struct thread *td = curthread;
1318 struct proc *p = td->td_proc;
1321 char *fullpath, *freepath;
1324 if ((error = nlookup(nd)) != 0)
1326 mp = nd->nl_nch.mount;
1330 * Ignore refresh error, user should have visibility.
1331 * This can happen if a NFS mount goes bad (e.g. server
1332 * revokes perms or goes down).
1334 error = VFS_STATFS(mp, sp, nd->nl_cred);
1337 error = mount_path(p, mp, &fullpath, &freepath);
1340 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1341 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1342 kfree(freepath, M_TEMP);
1344 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1345 bcopy(sp, buf, sizeof(*buf));
1346 /* Only root should have access to the fsid's. */
1347 if (priv_check(td, PRIV_ROOT))
1348 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1353 * statfs_args(char *path, struct statfs *buf)
1355 * Get filesystem statistics.
1358 sys_statfs(struct statfs_args *uap)
1360 struct nlookupdata nd;
1364 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1366 error = kern_statfs(&nd, &buf);
1369 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1374 kern_fstatfs(int fd, struct statfs *buf)
1376 struct thread *td = curthread;
1377 struct proc *p = td->td_proc;
1381 char *fullpath, *freepath;
1385 if ((error = holdvnode(td, fd, &fp)) != 0)
1389 * Try to use mount info from any overlays rather than the
1390 * mount info for the underlying vnode, otherwise we will
1391 * fail when operating on null-mounted paths inside a chroot.
1393 if ((mp = fp->f_nchandle.mount) == NULL)
1394 mp = ((struct vnode *)fp->f_data)->v_mount;
1399 if (fp->f_cred == NULL) {
1405 * Ignore refresh error, user should have visibility.
1406 * This can happen if a NFS mount goes bad (e.g. server
1407 * revokes perms or goes down).
1410 error = VFS_STATFS(mp, sp, fp->f_cred);
1412 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1414 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1415 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1416 kfree(freepath, M_TEMP);
1418 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1419 bcopy(sp, buf, sizeof(*buf));
1421 /* Only root should have access to the fsid's. */
1422 if (priv_check(td, PRIV_ROOT))
1423 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1431 * fstatfs_args(int fd, struct statfs *buf)
1433 * Get filesystem statistics.
1436 sys_fstatfs(struct fstatfs_args *uap)
1441 error = kern_fstatfs(uap->fd, &buf);
1444 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1449 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1455 if ((error = nlookup(nd)) != 0)
1457 mp = nd->nl_nch.mount;
1458 sp = &mp->mnt_vstat;
1459 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1463 if (mp->mnt_flag & MNT_RDONLY)
1464 sp->f_flag |= ST_RDONLY;
1465 if (mp->mnt_flag & MNT_NOSUID)
1466 sp->f_flag |= ST_NOSUID;
1467 bcopy(sp, buf, sizeof(*buf));
1472 * statfs_args(char *path, struct statfs *buf)
1474 * Get filesystem statistics.
1477 sys_statvfs(struct statvfs_args *uap)
1479 struct nlookupdata nd;
1483 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1485 error = kern_statvfs(&nd, &buf);
1488 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1493 kern_fstatvfs(int fd, struct statvfs *buf)
1495 struct thread *td = curthread;
1501 if ((error = holdvnode(td, fd, &fp)) != 0)
1503 if ((mp = fp->f_nchandle.mount) == NULL)
1504 mp = ((struct vnode *)fp->f_data)->v_mount;
1509 if (fp->f_cred == NULL) {
1513 sp = &mp->mnt_vstat;
1514 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1518 if (mp->mnt_flag & MNT_RDONLY)
1519 sp->f_flag |= ST_RDONLY;
1520 if (mp->mnt_flag & MNT_NOSUID)
1521 sp->f_flag |= ST_NOSUID;
1523 bcopy(sp, buf, sizeof(*buf));
1531 * fstatfs_args(int fd, struct statfs *buf)
1533 * Get filesystem statistics.
1536 sys_fstatvfs(struct fstatvfs_args *uap)
1541 error = kern_fstatvfs(uap->fd, &buf);
1544 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1549 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1551 * Get statistics on all filesystems.
1554 struct getfsstat_info {
1555 struct statfs *sfsp;
1563 static int getfsstat_callback(struct mount *, void *);
1566 sys_getfsstat(struct getfsstat_args *uap)
1568 struct thread *td = curthread;
1569 struct getfsstat_info info;
1571 bzero(&info, sizeof(info));
1573 info.maxcount = uap->bufsize / sizeof(struct statfs);
1574 info.sfsp = uap->buf;
1576 info.flags = uap->flags;
1579 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1580 if (info.sfsp && info.count > info.maxcount)
1581 uap->sysmsg_result = info.maxcount;
1583 uap->sysmsg_result = info.count;
1584 return (info.error);
1588 getfsstat_callback(struct mount *mp, void *data)
1590 struct getfsstat_info *info = data;
1596 if (info->td->td_proc && !chroot_visible_mnt(mp, info->td->td_proc))
1599 if (info->sfsp && info->count < info->maxcount) {
1603 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1604 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1605 * overrides MNT_WAIT.
1607 * Ignore refresh error, user should have visibility.
1608 * This can happen if a NFS mount goes bad (e.g. server
1609 * revokes perms or goes down).
1611 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1612 (info->flags & MNT_WAIT)) &&
1613 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1616 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1618 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1620 info->error = error;
1623 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1624 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1625 kfree(freepath, M_TEMP);
1627 error = copyout(sp, info->sfsp, sizeof(*sp));
1629 info->error = error;
1639 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1640 long bufsize, int flags)
1642 * Get statistics on all filesystems.
1645 struct getvfsstat_info {
1646 struct statfs *sfsp;
1647 struct statvfs *vsfsp;
1655 static int getvfsstat_callback(struct mount *, void *);
1658 sys_getvfsstat(struct getvfsstat_args *uap)
1660 struct thread *td = curthread;
1661 struct getvfsstat_info info;
1663 bzero(&info, sizeof(info));
1665 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1666 info.sfsp = uap->buf;
1667 info.vsfsp = uap->vbuf;
1669 info.flags = uap->flags;
1672 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1673 if (info.vsfsp && info.count > info.maxcount)
1674 uap->sysmsg_result = info.maxcount;
1676 uap->sysmsg_result = info.count;
1677 return (info.error);
1681 getvfsstat_callback(struct mount *mp, void *data)
1683 struct getvfsstat_info *info = data;
1685 struct statvfs *vsp;
1690 if (info->td->td_proc && !chroot_visible_mnt(mp, info->td->td_proc))
1693 if (info->vsfsp && info->count < info->maxcount) {
1695 vsp = &mp->mnt_vstat;
1698 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1699 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1700 * overrides MNT_WAIT.
1702 * Ignore refresh error, user should have visibility.
1703 * This can happen if a NFS mount goes bad (e.g. server
1704 * revokes perms or goes down).
1706 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1707 (info->flags & MNT_WAIT)) &&
1708 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1711 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1713 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1714 (info->flags & MNT_WAIT)) &&
1715 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1719 if (mp->mnt_flag & MNT_RDONLY)
1720 vsp->f_flag |= ST_RDONLY;
1721 if (mp->mnt_flag & MNT_NOSUID)
1722 vsp->f_flag |= ST_NOSUID;
1724 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1726 info->error = error;
1729 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1730 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1731 kfree(freepath, M_TEMP);
1733 error = copyout(sp, info->sfsp, sizeof(*sp));
1735 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1737 info->error = error;
1749 * fchdir_args(int fd)
1751 * Change current working directory to a given file descriptor.
1754 sys_fchdir(struct fchdir_args *uap)
1756 struct thread *td = curthread;
1757 struct proc *p = td->td_proc;
1758 struct filedesc *fdp = p->p_fd;
1759 struct vnode *vp, *ovp;
1762 struct nchandle nch, onch, tnch;
1765 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
1767 lwkt_gettoken(&p->p_token);
1768 vp = (struct vnode *)fp->f_data;
1770 vn_lock(vp, LK_SHARED | LK_RETRY);
1771 if (fp->f_nchandle.ncp == NULL)
1774 error = checkvp_chdir(vp, td);
1779 cache_copy(&fp->f_nchandle, &nch);
1782 * If the ncp has become a mount point, traverse through
1786 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1787 (mp = cache_findmount(&nch)) != NULL
1789 error = nlookup_mp(mp, &tnch);
1791 cache_unlock(&tnch); /* leave ref intact */
1793 vp = tnch.ncp->nc_vp;
1794 error = vget(vp, LK_SHARED);
1795 KKASSERT(error == 0);
1799 cache_dropmount(mp);
1802 spin_lock(&fdp->fd_spin);
1804 onch = fdp->fd_ncdir;
1806 fdp->fd_ncdir = nch;
1807 spin_unlock(&fdp->fd_spin);
1808 vn_unlock(vp); /* leave ref intact */
1817 lwkt_reltoken(&p->p_token);
1822 kern_chdir(struct nlookupdata *nd)
1824 struct thread *td = curthread;
1825 struct proc *p = td->td_proc;
1826 struct filedesc *fdp = p->p_fd;
1827 struct vnode *vp, *ovp;
1828 struct nchandle onch;
1831 nd->nl_flags |= NLC_SHAREDLOCK;
1832 if ((error = nlookup(nd)) != 0)
1834 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1836 if ((error = vget(vp, LK_SHARED)) != 0)
1839 lwkt_gettoken(&p->p_token);
1840 error = checkvp_chdir(vp, td);
1843 spin_lock(&fdp->fd_spin);
1845 onch = fdp->fd_ncdir;
1846 fdp->fd_ncdir = nd->nl_nch;
1848 spin_unlock(&fdp->fd_spin);
1849 cache_unlock(&nd->nl_nch); /* leave reference intact */
1852 cache_zero(&nd->nl_nch);
1856 lwkt_reltoken(&p->p_token);
1861 * chdir_args(char *path)
1863 * Change current working directory (``.'').
1866 sys_chdir(struct chdir_args *uap)
1868 struct nlookupdata nd;
1871 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1873 error = kern_chdir(&nd);
1879 * Helper function for raised chroot(2) security function: Refuse if
1880 * any filedescriptors are open directories.
1883 chroot_refuse_vdir_fds(thread_t td, struct filedesc *fdp)
1890 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1891 if ((error = holdvnode(td, fd, &fp)) != 0)
1893 vp = (struct vnode *)fp->f_data;
1894 if (vp->v_type != VDIR) {
1905 * This sysctl determines if we will allow a process to chroot(2) if it
1906 * has a directory open:
1907 * 0: disallowed for all processes.
1908 * 1: allowed for processes that were not already chroot(2)'ed.
1909 * 2: allowed for all processes.
1912 static int chroot_allow_open_directories = 1;
1914 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1915 &chroot_allow_open_directories, 0, "");
1918 * chroot to the specified namecache entry. We obtain the vp from the
1919 * namecache data. The passed ncp must be locked and referenced and will
1920 * remain locked and referenced on return.
1923 kern_chroot(struct nchandle *nch)
1925 struct thread *td = curthread;
1926 struct proc *p = td->td_proc;
1927 struct filedesc *fdp = p->p_fd;
1932 * Only privileged user can chroot
1934 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1939 * Disallow open directory descriptors (fchdir() breakouts).
1941 if (chroot_allow_open_directories == 0 ||
1942 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1943 if ((error = chroot_refuse_vdir_fds(td, fdp)) != 0)
1946 if ((vp = nch->ncp->nc_vp) == NULL)
1949 if ((error = vget(vp, LK_SHARED)) != 0)
1953 * Check the validity of vp as a directory to change to and
1954 * associate it with rdir/jdir.
1956 error = checkvp_chdir(vp, td);
1957 vn_unlock(vp); /* leave reference intact */
1959 lwkt_gettoken(&p->p_token);
1960 vrele(fdp->fd_rdir);
1961 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1962 cache_drop(&fdp->fd_nrdir);
1963 cache_copy(nch, &fdp->fd_nrdir);
1964 if (fdp->fd_jdir == NULL) {
1967 cache_copy(nch, &fdp->fd_njdir);
1969 if ((p->p_flags & P_DIDCHROOT) == 0) {
1970 p->p_flags |= P_DIDCHROOT;
1971 if (p->p_depth <= 65535 - 32)
1974 lwkt_reltoken(&p->p_token);
1982 * chroot_args(char *path)
1984 * Change notion of root (``/'') directory.
1987 sys_chroot(struct chroot_args *uap)
1989 struct thread *td __debugvar = curthread;
1990 struct nlookupdata nd;
1993 KKASSERT(td->td_proc);
1994 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1996 nd.nl_flags |= NLC_EXEC;
1997 error = nlookup(&nd);
1999 error = kern_chroot(&nd.nl_nch);
2006 sys_chroot_kernel(struct chroot_kernel_args *uap)
2008 struct thread *td = curthread;
2009 struct nlookupdata nd;
2010 struct nchandle *nch;
2014 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2018 error = nlookup(&nd);
2024 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
2028 if ((vp = nch->ncp->nc_vp) == NULL) {
2033 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
2036 vfs_cache_setroot(vp, cache_hold(nch));
2045 * Common routine for chroot and chdir. Given a locked, referenced vnode,
2046 * determine whether it is legal to chdir to the vnode. The vnode's state
2047 * is not changed by this call.
2050 checkvp_chdir(struct vnode *vp, struct thread *td)
2054 if (vp->v_type != VDIR)
2057 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
2062 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
2064 struct thread *td = curthread;
2065 struct proc *p = td->td_proc;
2066 struct lwp *lp = td->td_lwp;
2067 struct filedesc *fdp = p->p_fd;
2072 int type, indx, error = 0;
2075 if ((oflags & O_ACCMODE) == O_ACCMODE)
2077 flags = FFLAGS(oflags);
2078 error = falloc(lp, &nfp, NULL);
2082 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
2085 * XXX p_dupfd is a real mess. It allows a device to return a
2086 * file descriptor to be duplicated rather then doing the open
2092 * Call vn_open() to do the lookup and assign the vnode to the
2093 * file pointer. vn_open() does not change the ref count on fp
2094 * and the vnode, on success, will be inherited by the file pointer
2097 * Request a shared lock on the vnode if possible.
2099 * Executable binaries can race VTEXT against O_RDWR opens, so
2100 * use an exclusive lock for O_RDWR opens as well.
2102 * NOTE: We need a flag to separate terminal vnode locking from
2103 * parent locking. O_CREAT needs parent locking, but O_TRUNC
2104 * and O_RDWR only need to lock the terminal vnode exclusively.
2106 nd->nl_flags |= NLC_LOCKVP;
2107 if ((flags & (O_CREAT|O_TRUNC|O_RDWR)) == 0)
2108 nd->nl_flags |= NLC_SHAREDLOCK;
2110 error = vn_open(nd, fp, flags, cmode);
2115 * handle special fdopen() case. bleh. dupfdopen() is
2116 * responsible for dropping the old contents of ofiles[indx]
2119 * Note that fsetfd() will add a ref to fp which represents
2120 * the fd_files[] assignment. We must still drop our
2123 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
2124 if (fdalloc(p, 0, &indx) == 0) {
2125 error = dupfdopen(td, indx, lp->lwp_dupfd, flags, error);
2128 fdrop(fp); /* our ref */
2131 fsetfd(fdp, NULL, indx);
2134 fdrop(fp); /* our ref */
2135 if (error == ERESTART)
2141 * ref the vnode for ourselves so it can't be ripped out from under
2142 * is. XXX need an ND flag to request that the vnode be returned
2145 * Reserve a file descriptor but do not assign it until the open
2148 vp = (struct vnode *)fp->f_data;
2150 if ((error = fdalloc(p, 0, &indx)) != 0) {
2157 * If no error occurs the vp will have been assigned to the file
2162 if (flags & (O_EXLOCK | O_SHLOCK)) {
2163 lf.l_whence = SEEK_SET;
2166 if (flags & O_EXLOCK)
2167 lf.l_type = F_WRLCK;
2169 lf.l_type = F_RDLCK;
2170 if (flags & FNONBLOCK)
2175 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
2177 * lock request failed. Clean up the reserved
2181 fsetfd(fdp, NULL, indx);
2185 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
2189 * Assert that all regular file vnodes were created with a object.
2191 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
2192 ("open: regular file has no backing object after vn_open"));
2198 * release our private reference, leaving the one associated with the
2199 * descriptor table intact.
2201 if (oflags & O_CLOEXEC)
2202 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
2203 fsetfd(fdp, fp, indx);
2211 * open_args(char *path, int flags, int mode)
2213 * Check permissions, allocate an open file structure,
2214 * and call the device open routine if any.
2217 sys_open(struct open_args *uap)
2219 struct nlookupdata nd;
2222 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2224 error = kern_open(&nd, uap->flags,
2225 uap->mode, &uap->sysmsg_result);
2232 * openat_args(int fd, char *path, int flags, int mode)
2235 sys_openat(struct openat_args *uap)
2237 struct nlookupdata nd;
2241 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2243 error = kern_open(&nd, uap->flags, uap->mode,
2244 &uap->sysmsg_result);
2246 nlookup_done_at(&nd, fp);
2251 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
2253 struct thread *td = curthread;
2254 struct proc *p = td->td_proc;
2263 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2264 vattr.va_rmajor = rmajor;
2265 vattr.va_rminor = rminor;
2267 switch (mode & S_IFMT) {
2268 case S_IFMT: /* used by badsect to flag bad sectors */
2269 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_BAD, 0);
2270 vattr.va_type = VBAD;
2273 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2274 vattr.va_type = VCHR;
2277 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2278 vattr.va_type = VBLK;
2281 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_WHT, 0);
2284 case S_IFDIR: /* special directories support for HAMMER */
2285 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_DIR, 0);
2286 vattr.va_type = VDIR;
2297 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2298 if ((error = nlookup(nd)) != 0)
2300 if (nd->nl_nch.ncp->nc_vp)
2302 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2306 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2307 nd->nl_cred, NAMEI_CREATE);
2310 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2311 &vp, nd->nl_cred, &vattr);
2319 * mknod_args(char *path, int mode, int dev)
2321 * Create a special file.
2324 sys_mknod(struct mknod_args *uap)
2326 struct nlookupdata nd;
2329 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2331 error = kern_mknod(&nd, uap->mode,
2332 umajor(uap->dev), uminor(uap->dev));
2339 * mknodat_args(int fd, char *path, mode_t mode, dev_t dev)
2341 * Create a special file. The path is relative to the directory associated
2345 sys_mknodat(struct mknodat_args *uap)
2347 struct nlookupdata nd;
2351 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2353 error = kern_mknod(&nd, uap->mode,
2354 umajor(uap->dev), uminor(uap->dev));
2356 nlookup_done_at(&nd, fp);
2361 kern_mkfifo(struct nlookupdata *nd, int mode)
2363 struct thread *td = curthread;
2364 struct proc *p = td->td_proc;
2371 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2372 if ((error = nlookup(nd)) != 0)
2374 if (nd->nl_nch.ncp->nc_vp)
2376 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2380 vattr.va_type = VFIFO;
2381 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2383 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2390 * mkfifo_args(char *path, int mode)
2392 * Create a named pipe.
2395 sys_mkfifo(struct mkfifo_args *uap)
2397 struct nlookupdata nd;
2400 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2402 error = kern_mkfifo(&nd, uap->mode);
2408 * mkfifoat_args(int fd, char *path, mode_t mode)
2410 * Create a named pipe. The path is relative to the directory associated
2414 sys_mkfifoat(struct mkfifoat_args *uap)
2416 struct nlookupdata nd;
2420 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2422 error = kern_mkfifo(&nd, uap->mode);
2423 nlookup_done_at(&nd, fp);
2427 static int hardlink_check_uid = 0;
2428 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2429 &hardlink_check_uid, 0,
2430 "Unprivileged processes cannot create hard links to files owned by other "
2432 static int hardlink_check_gid = 0;
2433 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2434 &hardlink_check_gid, 0,
2435 "Unprivileged processes cannot create hard links to files owned by other "
2439 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2445 * Shortcut if disabled
2447 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2451 * Privileged user can always hardlink
2453 if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
2457 * Otherwise only if the originating file is owned by the
2458 * same user or group. Note that any group is allowed if
2459 * the file is owned by the caller.
2461 error = VOP_GETATTR(vp, &va);
2465 if (hardlink_check_uid) {
2466 if (cred->cr_uid != va.va_uid)
2470 if (hardlink_check_gid) {
2471 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2479 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2481 struct thread *td = curthread;
2486 * Lookup the source and obtained a locked vnode.
2488 * You may only hardlink a file which you have write permission
2489 * on or which you own.
2491 * XXX relookup on vget failure / race ?
2494 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2495 if ((error = nlookup(nd)) != 0)
2497 vp = nd->nl_nch.ncp->nc_vp;
2498 KKASSERT(vp != NULL);
2499 if (vp->v_type == VDIR)
2500 return (EPERM); /* POSIX */
2501 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2503 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2507 * Unlock the source so we can lookup the target without deadlocking
2508 * (XXX vp is locked already, possible other deadlock?). The target
2511 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2512 nd->nl_flags &= ~NLC_NCPISLOCKED;
2513 cache_unlock(&nd->nl_nch);
2516 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2517 if ((error = nlookup(linknd)) != 0) {
2521 if (linknd->nl_nch.ncp->nc_vp) {
2525 VFS_MODIFYING(vp->v_mount);
2526 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
2533 * Finally run the new API VOP.
2535 error = can_hardlink(vp, td, td->td_ucred);
2537 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2538 vp, linknd->nl_cred);
2545 * link_args(char *path, char *link)
2547 * Make a hard file link.
2550 sys_link(struct link_args *uap)
2552 struct nlookupdata nd, linknd;
2555 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2557 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2559 error = kern_link(&nd, &linknd);
2560 nlookup_done(&linknd);
2567 * linkat_args(int fd1, char *path1, int fd2, char *path2, int flags)
2569 * Make a hard file link. The path1 argument is relative to the directory
2570 * associated with fd1, and similarly the path2 argument is relative to
2571 * the directory associated with fd2.
2574 sys_linkat(struct linkat_args *uap)
2576 struct nlookupdata nd, linknd;
2577 struct file *fp1, *fp2;
2580 error = nlookup_init_at(&nd, &fp1, uap->fd1, uap->path1, UIO_USERSPACE,
2581 (uap->flags & AT_SYMLINK_FOLLOW) ? NLC_FOLLOW : 0);
2583 error = nlookup_init_at(&linknd, &fp2, uap->fd2,
2584 uap->path2, UIO_USERSPACE, 0);
2586 error = kern_link(&nd, &linknd);
2587 nlookup_done_at(&linknd, fp2);
2589 nlookup_done_at(&nd, fp1);
2594 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2602 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2603 if ((error = nlookup(nd)) != 0)
2605 if (nd->nl_nch.ncp->nc_vp)
2607 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2611 vattr.va_mode = mode;
2612 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2619 * symlink(char *path, char *link)
2621 * Make a symbolic link.
2624 sys_symlink(struct symlink_args *uap)
2626 struct thread *td = curthread;
2627 struct nlookupdata nd;
2632 path = objcache_get(namei_oc, M_WAITOK);
2633 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2635 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2637 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2638 error = kern_symlink(&nd, path, mode);
2642 objcache_put(namei_oc, path);
2647 * symlinkat_args(char *path1, int fd, char *path2)
2649 * Make a symbolic link. The path2 argument is relative to the directory
2650 * associated with fd.
2653 sys_symlinkat(struct symlinkat_args *uap)
2655 struct thread *td = curthread;
2656 struct nlookupdata nd;
2662 path1 = objcache_get(namei_oc, M_WAITOK);
2663 error = copyinstr(uap->path1, path1, MAXPATHLEN, NULL);
2665 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path2,
2668 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2669 error = kern_symlink(&nd, path1, mode);
2671 nlookup_done_at(&nd, fp);
2673 objcache_put(namei_oc, path1);
2678 * undelete_args(char *path)
2680 * Delete a whiteout from the filesystem.
2683 sys_undelete(struct undelete_args *uap)
2685 struct nlookupdata nd;
2688 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2690 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2692 error = nlookup(&nd);
2694 error = ncp_writechk(&nd.nl_nch);
2696 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2704 kern_unlink(struct nlookupdata *nd)
2709 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2710 if ((error = nlookup(nd)) != 0)
2712 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2714 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2719 * unlink_args(char *path)
2721 * Delete a name from the filesystem.
2724 sys_unlink(struct unlink_args *uap)
2726 struct nlookupdata nd;
2729 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2731 error = kern_unlink(&nd);
2738 * unlinkat_args(int fd, char *path, int flags)
2740 * Delete the file or directory entry pointed to by fd/path.
2743 sys_unlinkat(struct unlinkat_args *uap)
2745 struct nlookupdata nd;
2749 if (uap->flags & ~AT_REMOVEDIR)
2752 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2754 if (uap->flags & AT_REMOVEDIR)
2755 error = kern_rmdir(&nd);
2757 error = kern_unlink(&nd);
2759 nlookup_done_at(&nd, fp);
2764 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2766 struct thread *td = curthread;
2773 fp = holdfp(td, fd, -1);
2776 if (fp->f_type != DTYPE_VNODE) {
2780 vp = (struct vnode *)fp->f_data;
2784 spin_lock(&fp->f_spin);
2785 new_offset = fp->f_offset + offset;
2789 error = VOP_GETATTR_FP(vp, &vattr, fp);
2790 spin_lock(&fp->f_spin);
2791 new_offset = offset + vattr.va_size;
2794 new_offset = offset;
2796 spin_lock(&fp->f_spin);
2801 spin_lock(&fp->f_spin);
2806 * Validate the seek position. Negative offsets are not allowed
2807 * for regular files or directories.
2809 * Normally we would also not want to allow negative offsets for
2810 * character and block-special devices. However kvm addresses
2811 * on 64 bit architectures might appear to be negative and must
2815 if (new_offset < 0 &&
2816 (vp->v_type == VREG || vp->v_type == VDIR)) {
2819 fp->f_offset = new_offset;
2822 *res = fp->f_offset;
2823 spin_unlock(&fp->f_spin);
2831 * lseek_args(int fd, int pad, off_t offset, int whence)
2833 * Reposition read/write file offset.
2836 sys_lseek(struct lseek_args *uap)
2840 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2841 &uap->sysmsg_offset);
2847 * Check if current process can access given file. amode is a bitmask of *_OK
2848 * access bits. flags is a bitmask of AT_* flags.
2851 kern_access(struct nlookupdata *nd, int amode, int flags)
2856 if (flags & ~AT_EACCESS)
2858 nd->nl_flags |= NLC_SHAREDLOCK;
2859 if ((error = nlookup(nd)) != 0)
2861 if ((amode & W_OK) && (error = ncp_writechk(&nd->nl_nch)) != 0)
2864 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
2868 /* Flags == 0 means only check for existence. */
2877 if ((mode & VWRITE) == 0 ||
2878 (error = vn_writechk(vp)) == 0) {
2879 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2883 * If the file handle is stale we have to re-resolve the
2884 * entry with the ncp held exclusively. This is a hack
2887 if (error == ESTALE) {
2889 cache_unlock(&nd->nl_nch);
2890 cache_lock(&nd->nl_nch);
2891 cache_setunresolved(&nd->nl_nch);
2892 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2905 * access_args(char *path, int flags)
2907 * Check access permissions.
2910 sys_access(struct access_args *uap)
2912 struct nlookupdata nd;
2915 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2917 error = kern_access(&nd, uap->flags, 0);
2924 * eaccess_args(char *path, int flags)
2926 * Check access permissions.
2929 sys_eaccess(struct eaccess_args *uap)
2931 struct nlookupdata nd;
2934 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2936 error = kern_access(&nd, uap->flags, AT_EACCESS);
2943 * faccessat_args(int fd, char *path, int amode, int flags)
2945 * Check access permissions.
2948 sys_faccessat(struct faccessat_args *uap)
2950 struct nlookupdata nd;
2954 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2957 error = kern_access(&nd, uap->amode, uap->flags);
2958 nlookup_done_at(&nd, fp);
2963 kern_stat(struct nlookupdata *nd, struct stat *st)
2968 nd->nl_flags |= NLC_SHAREDLOCK;
2969 if ((error = nlookup(nd)) != 0)
2972 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2975 if ((error = vget(vp, LK_SHARED)) != 0)
2977 error = vn_stat(vp, st, nd->nl_cred);
2980 * If the file handle is stale we have to re-resolve the
2981 * entry with the ncp held exclusively. This is a hack
2984 if (error == ESTALE) {
2986 cache_unlock(&nd->nl_nch);
2987 cache_lock(&nd->nl_nch);
2988 cache_setunresolved(&nd->nl_nch);
2989 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2999 * stat_args(char *path, struct stat *ub)
3001 * Get file status; this version follows links.
3004 sys_stat(struct stat_args *uap)
3006 struct nlookupdata nd;
3010 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3012 error = kern_stat(&nd, &st);
3014 error = copyout(&st, uap->ub, sizeof(*uap->ub));
3021 * lstat_args(char *path, struct stat *ub)
3023 * Get file status; this version does not follow links.
3026 sys_lstat(struct lstat_args *uap)
3028 struct nlookupdata nd;
3032 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3034 error = kern_stat(&nd, &st);
3036 error = copyout(&st, uap->ub, sizeof(*uap->ub));
3043 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
3045 * Get status of file pointed to by fd/path.
3048 sys_fstatat(struct fstatat_args *uap)
3050 struct nlookupdata nd;
3056 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3059 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3061 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3062 UIO_USERSPACE, flags);
3064 error = kern_stat(&nd, &st);
3066 error = copyout(&st, uap->sb, sizeof(*uap->sb));
3068 nlookup_done_at(&nd, fp);
3073 kern_pathconf(char *path, int name, int flags, register_t *sysmsg_regp)
3075 struct nlookupdata nd;
3080 error = nlookup_init(&nd, path, UIO_USERSPACE, flags);
3082 error = nlookup(&nd);
3084 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3087 error = VOP_PATHCONF(vp, name, sysmsg_regp);
3094 * pathconf_Args(char *path, int name)
3096 * Get configurable pathname variables.
3099 sys_pathconf(struct pathconf_args *uap)
3101 return (kern_pathconf(uap->path, uap->name, NLC_FOLLOW,
3106 * lpathconf_Args(char *path, int name)
3108 * Get configurable pathname variables, but don't follow symlinks.
3111 sys_lpathconf(struct lpathconf_args *uap)
3113 return (kern_pathconf(uap->path, uap->name, 0, &uap->sysmsg_reg));
3118 * kern_readlink isn't properly split yet. There is a copyin burried
3119 * in VOP_READLINK().
3122 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
3124 struct thread *td = curthread;
3130 nd->nl_flags |= NLC_SHAREDLOCK;
3131 if ((error = nlookup(nd)) != 0)
3133 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
3136 if (vp->v_type != VLNK) {
3139 aiov.iov_base = buf;
3140 aiov.iov_len = count;
3141 auio.uio_iov = &aiov;
3142 auio.uio_iovcnt = 1;
3143 auio.uio_offset = 0;
3144 auio.uio_rw = UIO_READ;
3145 auio.uio_segflg = UIO_USERSPACE;
3147 auio.uio_resid = count;
3148 error = VOP_READLINK(vp, &auio, td->td_ucred);
3151 *res = count - auio.uio_resid;
3156 * readlink_args(char *path, char *buf, int count)
3158 * Return target name of a symbolic link.
3161 sys_readlink(struct readlink_args *uap)
3163 struct nlookupdata nd;
3166 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3168 error = kern_readlink(&nd, uap->buf, uap->count,
3169 &uap->sysmsg_result);
3176 * readlinkat_args(int fd, char *path, char *buf, size_t bufsize)
3178 * Return target name of a symbolic link. The path is relative to the
3179 * directory associated with fd.
3182 sys_readlinkat(struct readlinkat_args *uap)
3184 struct nlookupdata nd;
3188 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
3190 error = kern_readlink(&nd, uap->buf, uap->bufsize,
3191 &uap->sysmsg_result);
3193 nlookup_done_at(&nd, fp);
3198 setfflags(struct vnode *vp, u_long flags)
3200 struct thread *td = curthread;
3205 * Prevent non-root users from setting flags on devices. When
3206 * a device is reused, users can retain ownership of the device
3207 * if they are allowed to set flags and programs assume that
3208 * chown can't fail when done as root.
3210 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
3211 ((error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
3215 * note: vget is required for any operation that might mod the vnode
3216 * so VINACTIVE is properly cleared.
3218 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3220 vattr.va_flags = flags;
3221 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3228 * chflags(const char *path, u_long flags)
3230 * Change flags of a file given a path name.
3233 sys_chflags(struct chflags_args *uap)
3235 struct nlookupdata nd;
3240 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3242 error = nlookup(&nd);
3244 error = ncp_writechk(&nd.nl_nch);
3246 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3249 error = setfflags(vp, uap->flags);
3256 * lchflags(const char *path, u_long flags)
3258 * Change flags of a file given a path name, but don't follow symlinks.
3261 sys_lchflags(struct lchflags_args *uap)
3263 struct nlookupdata nd;
3268 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3270 error = nlookup(&nd);
3272 error = ncp_writechk(&nd.nl_nch);
3274 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3277 error = setfflags(vp, uap->flags);
3284 * fchflags_args(int fd, u_flags flags)
3286 * Change flags of a file given a file descriptor.
3289 sys_fchflags(struct fchflags_args *uap)
3291 struct thread *td = curthread;
3295 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3297 if (fp->f_nchandle.ncp)
3298 error = ncp_writechk(&fp->f_nchandle);
3300 error = setfflags((struct vnode *) fp->f_data, uap->flags);
3306 * chflagsat_args(int fd, const char *path, u_long flags, int atflags)
3307 * change flags given a pathname relative to a filedescriptor
3309 int sys_chflagsat(struct chflagsat_args *uap)
3311 struct nlookupdata nd;
3317 if (uap->atflags & ~AT_SYMLINK_NOFOLLOW)
3320 lookupflags = (uap->atflags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3323 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, lookupflags);
3325 error = nlookup(&nd);
3327 error = ncp_writechk(&nd.nl_nch);
3329 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3330 nlookup_done_at(&nd, fp);
3332 error = setfflags(vp, uap->flags);
3340 setfmode(struct vnode *vp, int mode)
3342 struct thread *td = curthread;
3347 * note: vget is required for any operation that might mod the vnode
3348 * so VINACTIVE is properly cleared.
3350 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3352 vattr.va_mode = mode & ALLPERMS;
3353 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3354 cache_inval_wxok(vp);
3361 kern_chmod(struct nlookupdata *nd, int mode)
3366 if ((error = nlookup(nd)) != 0)
3368 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3370 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3371 error = setfmode(vp, mode);
3377 * chmod_args(char *path, int mode)
3379 * Change mode of a file given path name.
3382 sys_chmod(struct chmod_args *uap)
3384 struct nlookupdata nd;
3387 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3389 error = kern_chmod(&nd, uap->mode);
3395 * lchmod_args(char *path, int mode)
3397 * Change mode of a file given path name (don't follow links.)
3400 sys_lchmod(struct lchmod_args *uap)
3402 struct nlookupdata nd;
3405 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3407 error = kern_chmod(&nd, uap->mode);
3413 * fchmod_args(int fd, int mode)
3415 * Change mode of a file given a file descriptor.
3418 sys_fchmod(struct fchmod_args *uap)
3420 struct thread *td = curthread;
3424 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3426 if (fp->f_nchandle.ncp)
3427 error = ncp_writechk(&fp->f_nchandle);
3429 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3435 * fchmodat_args(char *path, int mode)
3437 * Change mode of a file pointed to by fd/path.
3440 sys_fchmodat(struct fchmodat_args *uap)
3442 struct nlookupdata nd;
3447 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3449 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3451 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3452 UIO_USERSPACE, flags);
3454 error = kern_chmod(&nd, uap->mode);
3455 nlookup_done_at(&nd, fp);
3460 setfown(struct mount *mp, struct vnode *vp, uid_t uid, gid_t gid)
3462 struct thread *td = curthread;
3470 * note: vget is required for any operation that might mod the vnode
3471 * so VINACTIVE is properly cleared.
3473 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3474 if ((error = VOP_GETATTR(vp, &vattr)) != 0)
3476 o_uid = vattr.va_uid;
3477 o_gid = vattr.va_gid;
3478 size = vattr.va_size;
3483 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3492 VFS_ACCOUNT(mp, o_uid, o_gid, -size);
3493 VFS_ACCOUNT(mp, uid, gid, size);
3500 kern_chown(struct nlookupdata *nd, int uid, int gid)
3505 if ((error = nlookup(nd)) != 0)
3507 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3509 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3510 error = setfown(nd->nl_nch.mount, vp, uid, gid);
3516 * chown(char *path, int uid, int gid)
3518 * Set ownership given a path name.
3521 sys_chown(struct chown_args *uap)
3523 struct nlookupdata nd;
3526 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3528 error = kern_chown(&nd, uap->uid, uap->gid);
3534 * lchown_args(char *path, int uid, int gid)
3536 * Set ownership given a path name, do not cross symlinks.
3539 sys_lchown(struct lchown_args *uap)
3541 struct nlookupdata nd;
3544 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3546 error = kern_chown(&nd, uap->uid, uap->gid);
3552 * fchown_args(int fd, int uid, int gid)
3554 * Set ownership given a file descriptor.
3557 sys_fchown(struct fchown_args *uap)
3559 struct thread *td = curthread;
3560 struct proc *p = td->td_proc;
3564 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3566 if (fp->f_nchandle.ncp)
3567 error = ncp_writechk(&fp->f_nchandle);
3569 error = setfown(p->p_fd->fd_ncdir.mount,
3570 (struct vnode *)fp->f_data, uap->uid, uap->gid);
3576 * fchownat(int fd, char *path, int uid, int gid, int flags)
3578 * Set ownership of file pointed to by fd/path.
3581 sys_fchownat(struct fchownat_args *uap)
3583 struct nlookupdata nd;
3588 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3590 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3592 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3593 UIO_USERSPACE, flags);
3595 error = kern_chown(&nd, uap->uid, uap->gid);
3596 nlookup_done_at(&nd, fp);
3602 getutimes(struct timeval *tvp, struct timespec *tsp)
3604 struct timeval tv[2];
3609 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3612 if ((error = itimerfix(tvp)) != 0)
3614 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3615 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3621 getutimens(const struct timespec *ts, struct timespec *newts, int *nullflag)
3623 struct timespec tsnow;
3637 if (newts[0].tv_nsec == UTIME_OMIT && newts[1].tv_nsec == UTIME_OMIT)
3639 if (newts[0].tv_nsec == UTIME_NOW && newts[1].tv_nsec == UTIME_NOW)
3642 if (newts[0].tv_nsec == UTIME_OMIT)
3643 newts[0].tv_sec = VNOVAL;
3644 else if (newts[0].tv_nsec == UTIME_NOW)
3646 else if ((error = itimespecfix(&newts[0])) != 0)
3649 if (newts[1].tv_nsec == UTIME_OMIT)
3650 newts[1].tv_sec = VNOVAL;
3651 else if (newts[1].tv_nsec == UTIME_NOW)
3653 else if ((error = itimespecfix(&newts[1])) != 0)
3660 setutimes(struct vnode *vp, struct vattr *vattr,
3661 const struct timespec *ts, int nullflag)
3663 struct thread *td = curthread;
3667 vattr->va_atime = ts[0];
3668 vattr->va_mtime = ts[1];
3670 vattr->va_vaflags |= VA_UTIMES_NULL;
3671 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3677 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3679 struct timespec ts[2];
3683 if ((error = getutimes(tptr, ts)) != 0)
3686 error = kern_utimensat(nd, tptr ? ts : NULL, 0);
3691 * utimes_args(char *path, struct timeval *tptr)
3693 * Set the access and modification times of a file.
3696 sys_utimes(struct utimes_args *uap)
3698 struct timeval tv[2];
3699 struct nlookupdata nd;
3703 error = copyin(uap->tptr, tv, sizeof(tv));
3707 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3709 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3715 * lutimes_args(char *path, struct timeval *tptr)
3717 * Set the access and modification times of a file.
3720 sys_lutimes(struct lutimes_args *uap)
3722 struct timeval tv[2];
3723 struct nlookupdata nd;
3727 error = copyin(uap->tptr, tv, sizeof(tv));
3731 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3733 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3739 * Set utimes on a file descriptor. The creds used to open the
3740 * file are used to determine whether the operation is allowed
3744 kern_futimens(int fd, struct timespec *ts)
3746 struct thread *td = curthread;
3747 struct timespec newts[2];
3754 error = getutimens(ts, newts, &nullflag);
3757 if ((error = holdvnode(td, fd, &fp)) != 0)
3759 if (fp->f_nchandle.ncp)
3760 error = ncp_writechk(&fp->f_nchandle);
3763 error = vget(vp, LK_EXCLUSIVE);
3765 error = VOP_GETATTR_FP(vp, &vattr, fp);
3767 error = naccess_va(&vattr, NLC_OWN | NLC_WRITE,
3771 error = setutimes(vp, &vattr, newts, nullflag);
3781 * futimens_args(int fd, struct timespec *ts)
3783 * Set the access and modification times of a file.
3786 sys_futimens(struct futimens_args *uap)
3788 struct timespec ts[2];
3792 error = copyin(uap->ts, ts, sizeof(ts));
3796 error = kern_futimens(uap->fd, uap->ts ? ts : NULL);
3801 kern_futimes(int fd, struct timeval *tptr)
3803 struct timespec ts[2];
3807 if ((error = getutimes(tptr, ts)) != 0)
3810 error = kern_futimens(fd, tptr ? ts : NULL);
3815 * futimes_args(int fd, struct timeval *tptr)
3817 * Set the access and modification times of a file.
3820 sys_futimes(struct futimes_args *uap)
3822 struct timeval tv[2];
3826 error = copyin(uap->tptr, tv, sizeof(tv));
3830 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3835 kern_utimensat(struct nlookupdata *nd, const struct timespec *ts, int flags)
3837 struct timespec newts[2];
3843 if (flags & ~AT_SYMLINK_NOFOLLOW)
3846 error = getutimens(ts, newts, &nullflag);
3850 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3851 if ((error = nlookup(nd)) != 0)
3853 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3855 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3857 if ((error = vn_writechk(vp)) == 0) {
3858 error = vget(vp, LK_EXCLUSIVE);
3860 error = setutimes(vp, &vattr, newts, nullflag);
3869 * utimensat_args(int fd, const char *path, const struct timespec *ts, int flags);
3871 * Set file access and modification times of a file.
3874 sys_utimensat(struct utimensat_args *uap)
3876 struct timespec ts[2];
3877 struct nlookupdata nd;
3883 error = copyin(uap->ts, ts, sizeof(ts));
3888 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3889 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3890 UIO_USERSPACE, flags);
3892 error = kern_utimensat(&nd, uap->ts ? ts : NULL, uap->flags);
3893 nlookup_done_at(&nd, fp);
3898 kern_truncate(struct nlookupdata *nd, off_t length)
3905 uint64_t old_size = 0;
3909 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3910 if ((error = nlookup(nd)) != 0)
3912 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3914 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3916 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
3921 if (vp->v_type == VDIR) {
3925 if (vfs_quota_enabled) {
3926 error = VOP_GETATTR(vp, &vattr);
3927 KASSERT(error == 0, ("kern_truncate(): VOP_GETATTR didn't return 0"));
3930 old_size = vattr.va_size;
3933 if ((error = vn_writechk(vp)) == 0) {
3935 vattr.va_size = length;
3936 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3937 VFS_ACCOUNT(nd->nl_nch.mount, uid, gid, length - old_size);
3945 * truncate(char *path, int pad, off_t length)
3947 * Truncate a file given its path name.
3950 sys_truncate(struct truncate_args *uap)
3952 struct nlookupdata nd;
3955 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3957 error = kern_truncate(&nd, uap->length);
3963 kern_ftruncate(int fd, off_t length)
3965 struct thread *td = curthread;
3972 uint64_t old_size = 0;
3977 if ((error = holdvnode(td, fd, &fp)) != 0)
3979 if (fp->f_nchandle.ncp) {
3980 error = ncp_writechk(&fp->f_nchandle);
3984 if ((fp->f_flag & FWRITE) == 0) {
3988 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
3992 vp = (struct vnode *)fp->f_data;
3993 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3994 if (vp->v_type == VDIR) {
4000 if (vfs_quota_enabled) {
4001 error = VOP_GETATTR_FP(vp, &vattr, fp);
4002 KASSERT(error == 0, ("kern_ftruncate(): VOP_GETATTR didn't return 0"));
4005 old_size = vattr.va_size;
4008 if ((error = vn_writechk(vp)) == 0) {
4010 vattr.va_size = length;
4011 error = VOP_SETATTR_FP(vp, &vattr, fp->f_cred, fp);
4013 VFS_ACCOUNT(mp, uid, gid, length - old_size);
4022 * ftruncate_args(int fd, int pad, off_t length)
4024 * Truncate a file given a file descriptor.
4027 sys_ftruncate(struct ftruncate_args *uap)
4031 error = kern_ftruncate(uap->fd, uap->length);
4039 * Sync an open file.
4042 sys_fsync(struct fsync_args *uap)
4044 struct thread *td = curthread;
4050 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
4052 vp = (struct vnode *)fp->f_data;
4053 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4054 if ((obj = vp->v_object) != NULL) {
4055 if (vp->v_mount == NULL ||
4056 (vp->v_mount->mnt_kern_flag & MNTK_NOMSYNC) == 0) {
4057 vm_object_page_clean(obj, 0, 0, 0);
4060 error = VOP_FSYNC_FP(vp, MNT_WAIT, VOP_FSYNC_SYSCALL, fp);
4061 if (error == 0 && vp->v_mount)
4062 error = buf_fsync(vp);
4070 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
4072 struct nchandle fnchd;
4073 struct nchandle tnchd;
4074 struct namecache *ncp;
4083 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
4084 if ((error = nlookup(fromnd)) != 0)
4086 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
4088 fnchd.mount = fromnd->nl_nch.mount;
4092 * unlock the source nch so we can lookup the target nch without
4093 * deadlocking. The target may or may not exist so we do not check
4094 * for a target vp like kern_mkdir() and other creation functions do.
4096 * The source and target directories are ref'd and rechecked after
4097 * everything is relocked to determine if the source or target file
4100 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
4101 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
4103 fncp_gen = fromnd->nl_nch.ncp->nc_generation;
4105 cache_unlock(&fromnd->nl_nch);
4107 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
4108 if ((error = nlookup(tond)) != 0) {
4112 tncp_gen = tond->nl_nch.ncp->nc_generation;
4114 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
4118 tnchd.mount = tond->nl_nch.mount;
4122 * If the source and target are the same there is nothing to do
4124 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
4131 * Mount points cannot be renamed or overwritten
4133 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
4142 * Relock the source ncp. cache_relock() will deal with any
4143 * deadlocks against the already-locked tond and will also
4144 * make sure both are resolved.
4146 * NOTE AFTER RELOCKING: The source or target ncp may have become
4147 * invalid while they were unlocked, nc_vp and nc_mount could
4150 cache_relock(&fromnd->nl_nch, fromnd->nl_cred,
4151 &tond->nl_nch, tond->nl_cred);
4152 fromnd->nl_flags |= NLC_NCPISLOCKED;
4155 * If the namecache generation changed for either fromnd or tond,
4158 if (fromnd->nl_nch.ncp->nc_generation != fncp_gen ||
4159 tond->nl_nch.ncp->nc_generation != tncp_gen) {
4160 kprintf("kern_rename: retry due to gen on: "
4161 "\"%s\" -> \"%s\"\n",
4162 fromnd->nl_nch.ncp->nc_name,
4163 tond->nl_nch.ncp->nc_name);
4170 * If either fromnd or tond are marked destroyed a ripout occured
4171 * out from under us and we must retry.
4173 if ((fromnd->nl_nch.ncp->nc_flag & (NCF_DESTROYED | NCF_UNRESOLVED)) ||
4174 fromnd->nl_nch.ncp->nc_vp == NULL ||
4175 (tond->nl_nch.ncp->nc_flag & NCF_DESTROYED)) {
4176 kprintf("kern_rename: retry due to ripout on: "
4177 "\"%s\" -> \"%s\"\n",
4178 fromnd->nl_nch.ncp->nc_name,
4179 tond->nl_nch.ncp->nc_name);
4186 * Make sure the parent directories linkages are the same.
4187 * XXX shouldn't be needed any more w/ generation check above.
4189 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
4190 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
4197 * Both the source and target must be within the same filesystem and
4198 * in the same filesystem as their parent directories within the
4199 * namecache topology.
4201 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
4204 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
4205 mp != tond->nl_nch.mount) {
4212 * Make sure the mount point is writable
4214 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
4221 * If the target exists and either the source or target is a directory,
4222 * then both must be directories.
4224 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
4227 if (tond->nl_nch.ncp->nc_vp) {
4228 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
4230 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
4231 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
4233 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
4239 * You cannot rename a source into itself or a subdirectory of itself.
4240 * We check this by travsersing the target directory upwards looking
4241 * for a match against the source.
4246 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
4247 if (fromnd->nl_nch.ncp == ncp) {
4258 * Even though the namespaces are different, they may still represent
4259 * hardlinks to the same file. The filesystem might have a hard time
4260 * with this so we issue a NREMOVE of the source instead of a NRENAME
4261 * when we detect the situation.
4264 fdvp = fromnd->nl_dvp;
4265 tdvp = tond->nl_dvp;
4266 if (fdvp == NULL || tdvp == NULL) {
4268 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
4269 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
4272 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
4273 fdvp, tdvp, tond->nl_cred);
4280 * rename_args(char *from, char *to)
4282 * Rename files. Source and destination must either both be directories,
4283 * or both not be directories. If target is a directory, it must be empty.
4286 sys_rename(struct rename_args *uap)
4288 struct nlookupdata fromnd, tond;
4292 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
4294 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
4296 error = kern_rename(&fromnd, &tond);
4297 nlookup_done(&tond);
4299 nlookup_done(&fromnd);
4300 } while (error == EAGAIN);
4305 * renameat_args(int oldfd, char *old, int newfd, char *new)
4307 * Rename files using paths relative to the directories associated with
4308 * oldfd and newfd. Source and destination must either both be directories,
4309 * or both not be directories. If target is a directory, it must be empty.
4312 sys_renameat(struct renameat_args *uap)
4314 struct nlookupdata oldnd, newnd;
4315 struct file *oldfp, *newfp;
4319 error = nlookup_init_at(&oldnd, &oldfp,
4320 uap->oldfd, uap->old,
4323 error = nlookup_init_at(&newnd, &newfp,
4324 uap->newfd, uap->new,
4327 error = kern_rename(&oldnd, &newnd);
4328 nlookup_done_at(&newnd, newfp);
4330 nlookup_done_at(&oldnd, oldfp);
4331 } while (error == EAGAIN);
4336 kern_mkdir(struct nlookupdata *nd, int mode)
4338 struct thread *td = curthread;
4339 struct proc *p = td->td_proc;
4345 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
4346 if ((error = nlookup(nd)) != 0)
4349 if (nd->nl_nch.ncp->nc_vp)
4351 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4354 vattr.va_type = VDIR;
4355 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
4358 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
4365 * mkdir_args(char *path, int mode)
4367 * Make a directory file.
4370 sys_mkdir(struct mkdir_args *uap)
4372 struct nlookupdata nd;
4375 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4377 error = kern_mkdir(&nd, uap->mode);
4383 * mkdirat_args(int fd, char *path, mode_t mode)
4385 * Make a directory file. The path is relative to the directory associated
4389 sys_mkdirat(struct mkdirat_args *uap)
4391 struct nlookupdata nd;
4395 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
4397 error = kern_mkdir(&nd, uap->mode);
4398 nlookup_done_at(&nd, fp);
4403 kern_rmdir(struct nlookupdata *nd)
4408 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
4409 if ((error = nlookup(nd)) != 0)
4413 * Do not allow directories representing mount points to be
4414 * deleted, even if empty. Check write perms on mount point
4415 * in case the vnode is aliased (aka nullfs).
4417 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
4419 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4421 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
4426 * rmdir_args(char *path)
4428 * Remove a directory file.
4431 sys_rmdir(struct rmdir_args *uap)
4433 struct nlookupdata nd;
4436 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4438 error = kern_rmdir(&nd);
4444 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
4445 enum uio_seg direction)
4447 struct thread *td = curthread;
4455 if ((error = holdvnode(td, fd, &fp)) != 0)
4457 if ((fp->f_flag & FREAD) == 0) {
4461 vp = (struct vnode *)fp->f_data;
4462 if (vp->v_type != VDIR) {
4466 aiov.iov_base = buf;
4467 aiov.iov_len = count;
4468 auio.uio_iov = &aiov;
4469 auio.uio_iovcnt = 1;
4470 auio.uio_rw = UIO_READ;
4471 auio.uio_segflg = direction;
4473 auio.uio_resid = count;
4474 loff = auio.uio_offset = fp->f_offset;
4475 error = VOP_READDIR_FP(vp, &auio, fp->f_cred, &eofflag, NULL, NULL, fp);
4476 fp->f_offset = auio.uio_offset;
4481 * WARNING! *basep may not be wide enough to accomodate the
4482 * seek offset. XXX should we hack this to return the upper 32 bits
4483 * for offsets greater then 4G?
4486 *basep = (long)loff;
4488 *res = count - auio.uio_resid;
4495 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
4497 * Read a block of directory entries in a file system independent format.
4500 sys_getdirentries(struct getdirentries_args *uap)
4505 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
4506 &uap->sysmsg_result, UIO_USERSPACE);
4508 if (error == 0 && uap->basep)
4509 error = copyout(&base, uap->basep, sizeof(*uap->basep));
4514 * getdents_args(int fd, char *buf, size_t count)
4517 sys_getdents(struct getdents_args *uap)
4521 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
4522 &uap->sysmsg_result, UIO_USERSPACE);
4528 * Set the mode mask for creation of filesystem nodes.
4530 * umask(int newmask)
4533 sys_umask(struct umask_args *uap)
4535 struct thread *td = curthread;
4536 struct proc *p = td->td_proc;
4537 struct filedesc *fdp;
4540 uap->sysmsg_result = fdp->fd_cmask;
4541 fdp->fd_cmask = uap->newmask & ALLPERMS;
4546 * revoke(char *path)
4548 * Void all references to file by ripping underlying filesystem
4552 sys_revoke(struct revoke_args *uap)
4554 struct nlookupdata nd;
4561 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4563 error = nlookup(&nd);
4565 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4566 cred = crhold(nd.nl_cred);
4570 error = VOP_GETATTR(vp, &vattr);
4571 if (error == 0 && cred->cr_uid != vattr.va_uid)
4572 error = priv_check_cred(cred, PRIV_VFS_REVOKE, 0);
4573 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
4575 error = vrevoke(vp, cred);
4576 } else if (error == 0) {
4577 error = vrevoke(vp, cred);
4587 * getfh_args(char *fname, fhandle_t *fhp)
4589 * Get (NFS) file handle
4591 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4592 * mount. This allows nullfs mounts to be explicitly exported.
4594 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4596 * nullfs mounts of subdirectories are not safe. That is, it will
4597 * work, but you do not really have protection against access to
4598 * the related parent directories.
4601 sys_getfh(struct getfh_args *uap)
4603 struct thread *td = curthread;
4604 struct nlookupdata nd;
4611 * Must be super user
4613 if ((error = priv_check(td, PRIV_ROOT)) != 0)
4617 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4619 error = nlookup(&nd);
4621 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4622 mp = nd.nl_nch.mount;
4625 bzero(&fh, sizeof(fh));
4626 fh.fh_fsid = mp->mnt_stat.f_fsid;
4627 error = VFS_VPTOFH(vp, &fh.fh_fid);
4630 error = copyout(&fh, uap->fhp, sizeof(fh));
4636 * fhopen_args(const struct fhandle *u_fhp, int flags)
4638 * syscall for the rpc.lockd to use to translate a NFS file handle into
4639 * an open descriptor.
4641 * warning: do not remove the priv_check() call or this becomes one giant
4645 sys_fhopen(struct fhopen_args *uap)
4647 struct thread *td = curthread;
4648 struct filedesc *fdp = td->td_proc->p_fd;
4653 struct vattr *vap = &vat;
4655 int fmode, mode, error = 0, type;
4661 * Must be super user
4663 error = priv_check(td, PRIV_ROOT);
4667 fmode = FFLAGS(uap->flags);
4670 * Why not allow a non-read/write open for our lockd?
4672 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4674 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4679 * Find the mount point
4681 mp = vfs_getvfs(&fhp.fh_fsid);
4686 /* now give me my vnode, it gets returned to me locked */
4687 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4691 * from now on we have to make sure not
4692 * to forget about the vnode
4693 * any error that causes an abort must vput(vp)
4694 * just set error = err and 'goto bad;'.
4700 if (vp->v_type == VLNK) {
4704 if (vp->v_type == VSOCK) {
4709 if (fmode & (FWRITE | O_TRUNC)) {
4710 if (vp->v_type == VDIR) {
4714 error = vn_writechk(vp);
4722 error = VOP_ACCESS(vp, mode, td->td_ucred);
4726 if (fmode & O_TRUNC) {
4727 vn_unlock(vp); /* XXX */
4728 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4731 error = VOP_SETATTR(vp, vap, td->td_ucred);
4737 * VOP_OPEN needs the file pointer so it can potentially override
4740 * WARNING! no f_nchandle will be associated when fhopen()ing a
4743 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4747 error = VOP_OPEN(vp, fmode, td->td_ucred, fp);
4750 * setting f_ops this way prevents VOP_CLOSE from being
4751 * called or fdrop() releasing the vp from v_data. Since
4752 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4754 fp->f_ops = &badfileops;
4760 * The fp is given its own reference, we still have our ref and lock.
4762 * Assert that all regular files must be created with a VM object.
4764 if (vp->v_type == VREG && vp->v_object == NULL) {
4765 kprintf("fhopen: regular file did not "
4766 "have VM object: %p\n",
4772 * The open was successful. Handle any locking requirements.
4774 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4775 lf.l_whence = SEEK_SET;
4778 if (fmode & O_EXLOCK)
4779 lf.l_type = F_WRLCK;
4781 lf.l_type = F_RDLCK;
4782 if (fmode & FNONBLOCK)
4787 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK,
4790 * release our private reference.
4792 fsetfd(fdp, NULL, indx);
4797 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4798 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
4802 * Clean up. Associate the file pointer with the previously
4803 * reserved descriptor and return it.
4806 if (uap->flags & O_CLOEXEC)
4807 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
4808 fsetfd(fdp, fp, indx);
4810 uap->sysmsg_result = indx;
4816 fsetfd(fdp, NULL, indx);
4827 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4830 sys_fhstat(struct fhstat_args *uap)
4832 struct thread *td = curthread;
4840 * Must be super user
4842 error = priv_check(td, PRIV_ROOT);
4846 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4850 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4853 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4854 error = vn_stat(vp, &sb, td->td_ucred);
4859 error = copyout(&sb, uap->sb, sizeof(sb));
4867 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4870 sys_fhstatfs(struct fhstatfs_args *uap)
4872 struct thread *td = curthread;
4873 struct proc *p = td->td_proc;
4878 char *fullpath, *freepath;
4883 * Must be super user
4885 if ((error = priv_check(td, PRIV_ROOT)))
4888 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4891 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4895 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4900 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4905 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4908 error = mount_path(p, mp, &fullpath, &freepath);
4911 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
4912 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
4913 kfree(freepath, M_TEMP);
4915 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4916 if (priv_check(td, PRIV_ROOT)) {
4917 bcopy(sp, &sb, sizeof(sb));
4918 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
4921 error = copyout(sp, uap->buf, sizeof(*sp));
4930 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
4933 sys_fhstatvfs(struct fhstatvfs_args *uap)
4935 struct thread *td = curthread;
4936 struct proc *p = td->td_proc;
4944 * Must be super user
4946 if ((error = priv_check(td, PRIV_ROOT)))
4949 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4952 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4956 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4961 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
4964 sp = &mp->mnt_vstat;
4966 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
4970 if (mp->mnt_flag & MNT_RDONLY)
4971 sp->f_flag |= ST_RDONLY;
4972 if (mp->mnt_flag & MNT_NOSUID)
4973 sp->f_flag |= ST_NOSUID;
4974 error = copyout(sp, uap->buf, sizeof(*sp));
4983 * Syscall to push extended attribute configuration information into the
4984 * VFS. Accepts a path, which it converts to a mountpoint, as well as
4985 * a command (int cmd), and attribute name and misc data. For now, the
4986 * attribute name is left in userspace for consumption by the VFS_op.
4987 * It will probably be changed to be copied into sysspace by the
4988 * syscall in the future, once issues with various consumers of the
4989 * attribute code have raised their hands.
4991 * Currently this is used only by UFS Extended Attributes.
4994 sys_extattrctl(struct extattrctl_args *uap)
4996 struct nlookupdata nd;
4998 char attrname[EXTATTR_MAXNAMELEN];
5006 if (error == 0 && uap->filename) {
5007 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
5010 error = nlookup(&nd);
5012 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
5016 if (error == 0 && uap->attrname) {
5017 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
5022 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5024 error = nlookup(&nd);
5026 error = ncp_writechk(&nd.nl_nch);
5028 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
5030 uap->attrname, nd.nl_cred);
5039 * Syscall to get a named extended attribute on a file or directory.
5042 sys_extattr_set_file(struct extattr_set_file_args *uap)
5044 char attrname[EXTATTR_MAXNAMELEN];
5045 struct nlookupdata nd;
5051 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5057 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5059 error = nlookup(&nd);
5061 error = ncp_writechk(&nd.nl_nch);
5063 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5069 bzero(&auio, sizeof(auio));
5070 aiov.iov_base = uap->data;
5071 aiov.iov_len = uap->nbytes;
5072 auio.uio_iov = &aiov;
5073 auio.uio_iovcnt = 1;
5074 auio.uio_offset = 0;
5075 auio.uio_resid = uap->nbytes;
5076 auio.uio_rw = UIO_WRITE;
5077 auio.uio_td = curthread;
5079 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
5088 * Syscall to get a named extended attribute on a file or directory.
5091 sys_extattr_get_file(struct extattr_get_file_args *uap)
5093 char attrname[EXTATTR_MAXNAMELEN];
5094 struct nlookupdata nd;
5100 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5106 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5108 error = nlookup(&nd);
5110 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_SHARED, &vp);
5116 bzero(&auio, sizeof(auio));
5117 aiov.iov_base = uap->data;
5118 aiov.iov_len = uap->nbytes;
5119 auio.uio_iov = &aiov;
5120 auio.uio_iovcnt = 1;
5121 auio.uio_offset = 0;
5122 auio.uio_resid = uap->nbytes;
5123 auio.uio_rw = UIO_READ;
5124 auio.uio_td = curthread;
5126 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
5128 uap->sysmsg_result = uap->nbytes - auio.uio_resid;
5136 * Syscall to delete a named extended attribute from a file or directory.
5137 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
5140 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
5142 char attrname[EXTATTR_MAXNAMELEN];
5143 struct nlookupdata nd;
5147 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5151 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5153 error = nlookup(&nd);
5155 error = ncp_writechk(&nd.nl_nch);
5157 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5159 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
5160 attrname, NULL, nd.nl_cred);
5169 * Determine if the mount is visible to the process.
5172 chroot_visible_mnt(struct mount *mp, struct proc *p)
5174 struct nchandle nch;
5177 * Traverse from the mount point upwards. If we hit the process
5178 * root then the mount point is visible to the process.
5180 nch = mp->mnt_ncmountpt;
5182 if (nch.mount == p->p_fd->fd_nrdir.mount &&
5183 nch.ncp == p->p_fd->fd_nrdir.ncp) {
5186 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
5187 nch = nch.mount->mnt_ncmounton;
5189 nch.ncp = nch.ncp->nc_parent;
5194 * If the mount point is not visible to the process, but the
5195 * process root is in a subdirectory of the mount, return
5198 if (p->p_fd->fd_nrdir.mount == mp)
5204 /* Sets priv to PRIV_ROOT in case no matching fs */
5206 get_fspriv(const char *fsname)
5209 if (strncmp("null", fsname, 5) == 0) {
5210 return PRIV_VFS_MOUNT_NULLFS;
5211 } else if (strncmp(fsname, "tmpfs", 6) == 0) {
5212 return PRIV_VFS_MOUNT_TMPFS;
5219 sys___realpath(struct __realpath_args *uap)
5221 struct nlookupdata nd;
5228 * Invalid length if less than 0. 0 is allowed
5230 if ((ssize_t)uap->len < 0)
5235 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5239 nd.nl_flags |= NLC_SHAREDLOCK;
5240 error = nlookup(&nd);
5244 if (nd.nl_nch.ncp->nc_vp == NULL) {
5250 * Shortcut test for existence.
5252 if (uap->len == 0) {
5253 error = ENAMETOOLONG;
5258 * Obtain the path relative to the process root. The nch must not
5259 * be locked for the cache_fullpath() call.
5261 if (nd.nl_flags & NLC_NCPISLOCKED) {
5262 nd.nl_flags &= ~NLC_NCPISLOCKED;
5263 cache_unlock(&nd.nl_nch);
5265 error = cache_fullpath(curproc, &nd.nl_nch, NULL, &rbuf, &fbuf, 0);
5269 rlen = (ssize_t)strlen(rbuf);
5270 if (rlen >= uap->len) {
5271 error = ENAMETOOLONG;
5274 error = copyout(rbuf, uap->buf, rlen + 1);
5276 uap->sysmsg_szresult = rlen;
5280 kfree(fbuf, M_TEMP);