2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
42 #include <sys/param.h>
43 #include <sys/systm.h>
46 #include <sys/sysent.h>
47 #include <sys/malloc.h>
48 #include <sys/mount.h>
49 #include <sys/mountctl.h>
50 #include <sys/sysproto.h>
51 #include <sys/filedesc.h>
52 #include <sys/kernel.h>
53 #include <sys/fcntl.h>
55 #include <sys/linker.h>
57 #include <sys/unistd.h>
58 #include <sys/vnode.h>
62 #include <sys/namei.h>
63 #include <sys/nlookup.h>
64 #include <sys/dirent.h>
65 #include <sys/extattr.h>
66 #include <sys/spinlock.h>
67 #include <sys/kern_syscall.h>
68 #include <sys/objcache.h>
69 #include <sys/sysctl.h>
72 #include <sys/file2.h>
73 #include <sys/spinlock2.h>
74 #include <sys/mplock2.h>
77 #include <vm/vm_object.h>
78 #include <vm/vm_page.h>
80 #include <machine/limits.h>
81 #include <machine/stdarg.h>
83 #include <vfs/union/union.h>
85 static void mount_warning(struct mount *mp, const char *ctl, ...)
87 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
88 static int checkvp_chdir (struct vnode *vn, struct thread *td);
89 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
90 static int chroot_refuse_vdir_fds (struct filedesc *fdp);
91 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
92 static int getutimes (const struct timeval *, struct timespec *);
93 static int setfown (struct vnode *, uid_t, gid_t);
94 static int setfmode (struct vnode *, int);
95 static int setfflags (struct vnode *, int);
96 static int setutimes (struct vnode *, struct vattr *,
97 const struct timespec *, int);
98 static int usermount = 0; /* if 1, non-root can mount fs. */
100 int (*union_dircheckp) (struct thread *, struct vnode **, struct file *);
102 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
103 "Allow non-root users to mount filesystems");
106 * Virtual File System System Calls
110 * Mount a file system.
112 * mount_args(char *type, char *path, int flags, caddr_t data)
117 sys_mount(struct mount_args *uap)
119 struct thread *td = curthread;
122 struct mount *mp, *nullmp;
123 struct vfsconf *vfsp;
124 int error, flag = 0, flag2 = 0;
127 struct nlookupdata nd;
128 char fstypename[MFSNAMELEN];
137 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
141 * Do not allow NFS export by non-root users.
143 if (uap->flags & MNT_EXPORTED) {
144 error = priv_check(td, PRIV_ROOT);
149 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
151 if (priv_check(td, PRIV_ROOT))
152 uap->flags |= MNT_NOSUID | MNT_NODEV;
155 * Lookup the requested path and extract the nch and vnode.
157 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
159 if ((error = nlookup(&nd)) == 0) {
160 if (nd.nl_nch.ncp->nc_vp == NULL)
170 * If the target filesystem is resolved via a nullfs mount, then
171 * nd.nl_nch.mount will be pointing to the nullfs mount structure
172 * instead of the target file system. We need it in case we are
175 nullmp = nd.nl_nch.mount;
178 * Extract the locked+refd ncp and cleanup the nd structure
181 cache_zero(&nd.nl_nch);
184 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) && cache_findmount(&nch))
191 * now we have the locked ref'd nch and unreferenced vnode.
194 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
201 * Extract the file system type. We need to know this early, to take
202 * appropriate actions if we are dealing with a nullfs.
204 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0) {
211 * Now we have an unlocked ref'd nch and a locked ref'd vp
213 if (uap->flags & MNT_UPDATE) {
214 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
221 if (strncmp(fstypename, "null", 5) == 0) {
229 flag2 = mp->mnt_kern_flag;
231 * We only allow the filesystem to be reloaded if it
232 * is currently mounted read-only.
234 if ((uap->flags & MNT_RELOAD) &&
235 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
238 error = EOPNOTSUPP; /* Needs translation */
242 * Only root, or the user that did the original mount is
243 * permitted to update it.
245 if (mp->mnt_stat.f_owner != cred->cr_uid &&
246 (error = priv_check(td, PRIV_ROOT))) {
251 if (vfs_busy(mp, LK_NOWAIT)) {
257 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
264 vsetflags(vp, VMOUNT);
266 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
271 * If the user is not root, ensure that they own the directory
272 * onto which we are attempting to mount.
274 if ((error = VOP_GETATTR(vp, &va)) ||
275 (va.va_uid != cred->cr_uid && (error = priv_check(td, PRIV_ROOT)))) {
280 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
285 if (vp->v_type != VDIR) {
291 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
297 vfsp = vfsconf_find_by_name(fstypename);
301 /* Only load modules for root (very important!) */
302 if ((error = priv_check(td, PRIV_ROOT)) != 0) {
307 error = linker_load_file(fstypename, &lf);
308 if (error || lf == NULL) {
316 /* lookup again, see if the VFS was loaded */
317 vfsp = vfsconf_find_by_name(fstypename);
320 linker_file_unload(lf);
327 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
333 vsetflags(vp, VMOUNT);
336 * Allocate and initialize the filesystem.
338 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
340 vfs_busy(mp, LK_NOWAIT);
341 mp->mnt_op = vfsp->vfc_vfsops;
343 vfsp->vfc_refcount++;
344 mp->mnt_stat.f_type = vfsp->vfc_typenum;
345 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
346 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
347 mp->mnt_stat.f_owner = cred->cr_uid;
351 * Set the mount level flags.
353 if (uap->flags & MNT_RDONLY)
354 mp->mnt_flag |= MNT_RDONLY;
355 else if (mp->mnt_flag & MNT_RDONLY)
356 mp->mnt_kern_flag |= MNTK_WANTRDWR;
357 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
358 MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
359 MNT_NOSYMFOLLOW | MNT_IGNORE |
360 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
361 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
362 MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
363 MNT_NOSYMFOLLOW | MNT_IGNORE |
364 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
366 * Mount the filesystem.
367 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
370 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
371 if (mp->mnt_flag & MNT_UPDATE) {
372 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
373 mp->mnt_flag &= ~MNT_RDONLY;
374 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
375 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
378 mp->mnt_kern_flag = flag2;
381 vclrflags(vp, VMOUNT);
386 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
388 * Put the new filesystem on the mount list after root. The mount
389 * point gets its own mnt_ncmountpt (unless the VFS already set one
390 * up) which represents the root of the mount. The lookup code
391 * detects the mount point going forward and checks the root of
392 * the mount going backwards.
394 * It is not necessary to invalidate or purge the vnode underneath
395 * because elements under the mount will be given their own glue
399 if (mp->mnt_ncmountpt.ncp == NULL) {
401 * allocate, then unlock, but leave the ref intact
403 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
404 cache_unlock(&mp->mnt_ncmountpt);
406 mp->mnt_ncmounton = nch; /* inherits ref */
407 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
409 /* XXX get the root of the fs and cache_setvp(mnt_ncmountpt...) */
410 vclrflags(vp, VMOUNT);
411 mountlist_insert(mp, MNTINS_LAST);
413 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
414 error = vfs_allocate_syncvnode(mp);
416 error = VFS_START(mp, 0);
419 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
420 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
421 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
422 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
423 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
424 vclrflags(vp, VMOUNT);
425 mp->mnt_vfc->vfc_refcount--;
437 * Scan all active processes to see if any of them have a current
438 * or root directory onto which the new filesystem has just been
439 * mounted. If so, replace them with the new mount point.
441 * The passed ncp is ref'd and locked (from the mount code) and
442 * must be associated with the vnode representing the root of the
445 struct checkdirs_info {
446 struct nchandle old_nch;
447 struct nchandle new_nch;
448 struct vnode *old_vp;
449 struct vnode *new_vp;
452 static int checkdirs_callback(struct proc *p, void *data);
455 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
457 struct checkdirs_info info;
463 * If the old mount point's vnode has a usecount of 1, it is not
464 * being held as a descriptor anywhere.
466 olddp = old_nch->ncp->nc_vp;
467 if (olddp == NULL || olddp->v_sysref.refcnt == 1)
471 * Force the root vnode of the new mount point to be resolved
472 * so we can update any matching processes.
475 if (VFS_ROOT(mp, &newdp))
476 panic("mount: lost mount");
477 cache_setunresolved(new_nch);
478 cache_setvp(new_nch, newdp);
481 * Special handling of the root node
483 if (rootvnode == olddp) {
485 vfs_cache_setroot(newdp, cache_hold(new_nch));
489 * Pass newdp separately so the callback does not have to access
490 * it via new_nch->ncp->nc_vp.
492 info.old_nch = *old_nch;
493 info.new_nch = *new_nch;
495 allproc_scan(checkdirs_callback, &info);
500 * NOTE: callback is not MP safe because the scanned process's filedesc
501 * structure can be ripped out from under us, amoung other things.
504 checkdirs_callback(struct proc *p, void *data)
506 struct checkdirs_info *info = data;
507 struct filedesc *fdp;
508 struct nchandle ncdrop1;
509 struct nchandle ncdrop2;
510 struct vnode *vprele1;
511 struct vnode *vprele2;
513 if ((fdp = p->p_fd) != NULL) {
514 cache_zero(&ncdrop1);
515 cache_zero(&ncdrop2);
520 * MPUNSAFE - XXX fdp can be pulled out from under a
523 * A shared filedesc is ok, we don't have to copy it
524 * because we are making this change globally.
526 spin_lock(&fdp->fd_spin);
527 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
528 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
529 vprele1 = fdp->fd_cdir;
531 fdp->fd_cdir = info->new_vp;
532 ncdrop1 = fdp->fd_ncdir;
533 cache_copy(&info->new_nch, &fdp->fd_ncdir);
535 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
536 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
537 vprele2 = fdp->fd_rdir;
539 fdp->fd_rdir = info->new_vp;
540 ncdrop2 = fdp->fd_nrdir;
541 cache_copy(&info->new_nch, &fdp->fd_nrdir);
543 spin_unlock(&fdp->fd_spin);
545 cache_drop(&ncdrop1);
547 cache_drop(&ncdrop2);
557 * Unmount a file system.
559 * Note: unmount takes a path to the vnode mounted on as argument,
560 * not special file (as before).
562 * umount_args(char *path, int flags)
567 sys_unmount(struct unmount_args *uap)
569 struct thread *td = curthread;
570 struct proc *p __debugvar = td->td_proc;
571 struct mount *mp = NULL;
572 struct nlookupdata nd;
577 if (td->td_ucred->cr_prison != NULL) {
581 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
584 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
586 error = nlookup(&nd);
590 mp = nd.nl_nch.mount;
593 * Only root, or the user that did the original mount is
594 * permitted to unmount this filesystem.
596 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
597 (error = priv_check(td, PRIV_ROOT)))
601 * Don't allow unmounting the root file system.
603 if (mp->mnt_flag & MNT_ROOTFS) {
609 * Must be the root of the filesystem
611 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
619 error = dounmount(mp, uap->flags);
626 * Do the actual file system unmount.
629 dounmount_interlock(struct mount *mp)
631 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
633 mp->mnt_kern_flag |= MNTK_UNMOUNT;
638 unmount_allproc_cb(struct proc *p, void *arg)
642 if (p->p_textnch.ncp == NULL)
645 mp = (struct mount *)arg;
646 if (p->p_textnch.mount == mp)
647 cache_drop(&p->p_textnch);
653 dounmount(struct mount *mp, int flags)
655 struct namecache *ncp;
664 * Exclusive access for unmounting purposes
666 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
670 * Allow filesystems to detect that a forced unmount is in progress.
672 if (flags & MNT_FORCE)
673 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
674 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_NOWAIT);
675 error = lockmgr(&mp->mnt_lock, lflags);
677 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
678 if (mp->mnt_kern_flag & MNTK_MWAIT)
683 if (mp->mnt_flag & MNT_EXPUBLIC)
684 vfs_setpublicfs(NULL, NULL, NULL);
686 vfs_msync(mp, MNT_WAIT);
687 async_flag = mp->mnt_flag & MNT_ASYNC;
688 mp->mnt_flag &=~ MNT_ASYNC;
691 * If this filesystem isn't aliasing other filesystems,
692 * try to invalidate any remaining namecache entries and
693 * check the count afterwords.
695 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
696 cache_lock(&mp->mnt_ncmountpt);
697 cache_inval(&mp->mnt_ncmountpt, CINV_DESTROY|CINV_CHILDREN);
698 cache_unlock(&mp->mnt_ncmountpt);
700 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
701 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
702 allproc_scan(&unmount_allproc_cb, mp);
705 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
706 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
708 if ((flags & MNT_FORCE) == 0) {
710 mount_warning(mp, "Cannot unmount: "
716 mount_warning(mp, "Forced unmount: "
727 * nchandle records ref the mount structure. Expect a count of 1
728 * (our mount->mnt_ncmountpt).
730 if (mp->mnt_refs != 1) {
731 if ((flags & MNT_FORCE) == 0) {
732 mount_warning(mp, "Cannot unmount: "
733 "%d process references still "
734 "present", mp->mnt_refs);
737 mount_warning(mp, "Forced unmount: "
738 "%d process references still "
739 "present", mp->mnt_refs);
745 * Decomission our special mnt_syncer vnode. This also stops
746 * the vnlru code. If we are unable to unmount we recommission
750 if ((vp = mp->mnt_syncer) != NULL) {
751 mp->mnt_syncer = NULL;
754 if (((mp->mnt_flag & MNT_RDONLY) ||
755 (error = VFS_SYNC(mp, MNT_WAIT)) == 0) ||
756 (flags & MNT_FORCE)) {
757 error = VFS_UNMOUNT(mp, flags);
761 if (mp->mnt_syncer == NULL)
762 vfs_allocate_syncvnode(mp);
763 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
764 mp->mnt_flag |= async_flag;
765 lockmgr(&mp->mnt_lock, LK_RELEASE);
766 if (mp->mnt_kern_flag & MNTK_MWAIT)
771 * Clean up any journals still associated with the mount after
772 * filesystem activity has ceased.
774 journal_remove_all_journals(mp,
775 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
777 mountlist_remove(mp);
780 * Remove any installed vnode ops here so the individual VFSs don't
783 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
784 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
785 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
786 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
787 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
789 if (mp->mnt_ncmountpt.ncp != NULL) {
790 nch = mp->mnt_ncmountpt;
791 cache_zero(&mp->mnt_ncmountpt);
792 cache_clrmountpt(&nch);
795 if (mp->mnt_ncmounton.ncp != NULL) {
796 nch = mp->mnt_ncmounton;
797 cache_zero(&mp->mnt_ncmounton);
798 cache_clrmountpt(&nch);
802 mp->mnt_vfc->vfc_refcount--;
803 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist))
804 panic("unmount: dangling vnode");
805 lockmgr(&mp->mnt_lock, LK_RELEASE);
806 if (mp->mnt_kern_flag & MNTK_MWAIT)
815 mount_warning(struct mount *mp, const char *ctl, ...)
822 if (cache_fullpath(NULL, &mp->mnt_ncmounton, &ptr, &buf, 0) == 0) {
823 kprintf("unmount(%s): ", ptr);
828 kprintf("unmount(%p", mp);
829 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
830 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
839 * Shim cache_fullpath() to handle the case where a process is chrooted into
840 * a subdirectory of a mount. In this case if the root mount matches the
841 * process root directory's mount we have to specify the process's root
842 * directory instead of the mount point, because the mount point might
843 * be above the root directory.
847 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
849 struct nchandle *nch;
851 if (p && p->p_fd->fd_nrdir.mount == mp)
852 nch = &p->p_fd->fd_nrdir;
854 nch = &mp->mnt_ncmountpt;
855 return(cache_fullpath(p, nch, rb, fb, 0));
859 * Sync each mounted filesystem.
863 static int syncprt = 0;
864 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
867 static int sync_callback(struct mount *mp, void *data);
870 sys_sync(struct sync_args *uap)
872 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
875 * print out buffer pool stat information on each sync() call.
885 sync_callback(struct mount *mp, void *data __unused)
889 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
890 asyncflag = mp->mnt_flag & MNT_ASYNC;
891 mp->mnt_flag &= ~MNT_ASYNC;
892 vfs_msync(mp, MNT_NOWAIT);
893 VFS_SYNC(mp, MNT_NOWAIT | MNT_LAZY);
894 mp->mnt_flag |= asyncflag;
899 /* XXX PRISON: could be per prison flag */
900 static int prison_quotas;
902 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
906 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
908 * Change filesystem quotas.
913 sys_quotactl(struct quotactl_args *uap)
915 struct nlookupdata nd;
922 if (td->td_ucred->cr_prison && !prison_quotas) {
927 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
929 error = nlookup(&nd);
931 mp = nd.nl_nch.mount;
932 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
933 uap->arg, nd.nl_cred);
942 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
943 * void *buf, int buflen)
945 * This function operates on a mount point and executes the specified
946 * operation using the specified control data, and possibly returns data.
948 * The actual number of bytes stored in the result buffer is returned, 0
949 * if none, otherwise an error is returned.
954 sys_mountctl(struct mountctl_args *uap)
956 struct thread *td = curthread;
957 struct proc *p = td->td_proc;
965 * Sanity and permissions checks. We must be root.
968 if (td->td_ucred->cr_prison != NULL)
970 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
971 (error = priv_check(td, PRIV_ROOT)) != 0)
975 * Argument length checks
977 if (uap->ctllen < 0 || uap->ctllen > 1024)
979 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
981 if (uap->path == NULL)
985 * Allocate the necessary buffers and copyin data
987 path = objcache_get(namei_oc, M_WAITOK);
988 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
993 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
994 error = copyin(uap->ctl, ctl, uap->ctllen);
999 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1002 * Validate the descriptor
1005 fp = holdfp(p->p_fd, uap->fd, -1);
1015 * Execute the internal kernel function and clean up.
1018 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen, buf, uap->buflen, &uap->sysmsg_result);
1022 if (error == 0 && uap->sysmsg_result > 0)
1023 error = copyout(buf, uap->buf, uap->sysmsg_result);
1026 objcache_put(namei_oc, path);
1035 * Execute a mount control operation by resolving the path to a mount point
1036 * and calling vop_mountctl().
1038 * Use the mount point from the nch instead of the vnode so nullfs mounts
1039 * can properly spike the VOP.
1042 kern_mountctl(const char *path, int op, struct file *fp,
1043 const void *ctl, int ctllen,
1044 void *buf, int buflen, int *res)
1048 struct nlookupdata nd;
1053 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1055 error = nlookup(&nd);
1057 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1058 mp = nd.nl_nch.mount;
1065 * Must be the root of the filesystem
1067 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1071 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1078 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1080 struct thread *td = curthread;
1081 struct proc *p = td->td_proc;
1084 char *fullpath, *freepath;
1087 if ((error = nlookup(nd)) != 0)
1089 mp = nd->nl_nch.mount;
1091 if ((error = VFS_STATFS(mp, sp, nd->nl_cred)) != 0)
1094 error = mount_path(p, mp, &fullpath, &freepath);
1097 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1098 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1099 kfree(freepath, M_TEMP);
1101 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1102 bcopy(sp, buf, sizeof(*buf));
1103 /* Only root should have access to the fsid's. */
1104 if (priv_check(td, PRIV_ROOT))
1105 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1110 * statfs_args(char *path, struct statfs *buf)
1112 * Get filesystem statistics.
1115 sys_statfs(struct statfs_args *uap)
1117 struct nlookupdata nd;
1121 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1123 error = kern_statfs(&nd, &buf);
1126 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1131 kern_fstatfs(int fd, struct statfs *buf)
1133 struct thread *td = curthread;
1134 struct proc *p = td->td_proc;
1138 char *fullpath, *freepath;
1142 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1144 mp = ((struct vnode *)fp->f_data)->v_mount;
1149 if (fp->f_cred == NULL) {
1154 if ((error = VFS_STATFS(mp, sp, fp->f_cred)) != 0)
1157 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1159 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1160 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1161 kfree(freepath, M_TEMP);
1163 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1164 bcopy(sp, buf, sizeof(*buf));
1166 /* Only root should have access to the fsid's. */
1167 if (priv_check(td, PRIV_ROOT))
1168 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1176 * fstatfs_args(int fd, struct statfs *buf)
1178 * Get filesystem statistics.
1181 sys_fstatfs(struct fstatfs_args *uap)
1186 error = kern_fstatfs(uap->fd, &buf);
1189 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1194 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1200 if ((error = nlookup(nd)) != 0)
1202 mp = nd->nl_nch.mount;
1203 sp = &mp->mnt_vstat;
1204 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1208 if (mp->mnt_flag & MNT_RDONLY)
1209 sp->f_flag |= ST_RDONLY;
1210 if (mp->mnt_flag & MNT_NOSUID)
1211 sp->f_flag |= ST_NOSUID;
1212 bcopy(sp, buf, sizeof(*buf));
1217 * statfs_args(char *path, struct statfs *buf)
1219 * Get filesystem statistics.
1222 sys_statvfs(struct statvfs_args *uap)
1224 struct nlookupdata nd;
1228 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1230 error = kern_statvfs(&nd, &buf);
1233 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1238 kern_fstatvfs(int fd, struct statvfs *buf)
1240 struct thread *td = curthread;
1241 struct proc *p = td->td_proc;
1248 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1250 mp = ((struct vnode *)fp->f_data)->v_mount;
1255 if (fp->f_cred == NULL) {
1259 sp = &mp->mnt_vstat;
1260 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1264 if (mp->mnt_flag & MNT_RDONLY)
1265 sp->f_flag |= ST_RDONLY;
1266 if (mp->mnt_flag & MNT_NOSUID)
1267 sp->f_flag |= ST_NOSUID;
1269 bcopy(sp, buf, sizeof(*buf));
1277 * fstatfs_args(int fd, struct statfs *buf)
1279 * Get filesystem statistics.
1282 sys_fstatvfs(struct fstatvfs_args *uap)
1287 error = kern_fstatvfs(uap->fd, &buf);
1290 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1295 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1297 * Get statistics on all filesystems.
1300 struct getfsstat_info {
1301 struct statfs *sfsp;
1309 static int getfsstat_callback(struct mount *, void *);
1312 sys_getfsstat(struct getfsstat_args *uap)
1314 struct thread *td = curthread;
1315 struct getfsstat_info info;
1317 bzero(&info, sizeof(info));
1319 info.maxcount = uap->bufsize / sizeof(struct statfs);
1320 info.sfsp = uap->buf;
1322 info.flags = uap->flags;
1325 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1326 if (info.sfsp && info.count > info.maxcount)
1327 uap->sysmsg_result = info.maxcount;
1329 uap->sysmsg_result = info.count;
1330 return (info.error);
1334 getfsstat_callback(struct mount *mp, void *data)
1336 struct getfsstat_info *info = data;
1342 if (info->sfsp && info->count < info->maxcount) {
1343 if (info->td->td_proc &&
1344 !chroot_visible_mnt(mp, info->td->td_proc)) {
1350 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1351 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1352 * overrides MNT_WAIT.
1354 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1355 (info->flags & MNT_WAIT)) &&
1356 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1359 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1361 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1363 info->error = error;
1366 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1367 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1368 kfree(freepath, M_TEMP);
1370 error = copyout(sp, info->sfsp, sizeof(*sp));
1372 info->error = error;
1382 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1383 long bufsize, int flags)
1385 * Get statistics on all filesystems.
1388 struct getvfsstat_info {
1389 struct statfs *sfsp;
1390 struct statvfs *vsfsp;
1398 static int getvfsstat_callback(struct mount *, void *);
1401 sys_getvfsstat(struct getvfsstat_args *uap)
1403 struct thread *td = curthread;
1404 struct getvfsstat_info info;
1406 bzero(&info, sizeof(info));
1408 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1409 info.sfsp = uap->buf;
1410 info.vsfsp = uap->vbuf;
1412 info.flags = uap->flags;
1415 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1416 if (info.vsfsp && info.count > info.maxcount)
1417 uap->sysmsg_result = info.maxcount;
1419 uap->sysmsg_result = info.count;
1420 return (info.error);
1424 getvfsstat_callback(struct mount *mp, void *data)
1426 struct getvfsstat_info *info = data;
1428 struct statvfs *vsp;
1433 if (info->vsfsp && info->count < info->maxcount) {
1434 if (info->td->td_proc &&
1435 !chroot_visible_mnt(mp, info->td->td_proc)) {
1439 vsp = &mp->mnt_vstat;
1442 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1443 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1444 * overrides MNT_WAIT.
1446 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1447 (info->flags & MNT_WAIT)) &&
1448 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1451 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1453 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1454 (info->flags & MNT_WAIT)) &&
1455 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1459 if (mp->mnt_flag & MNT_RDONLY)
1460 vsp->f_flag |= ST_RDONLY;
1461 if (mp->mnt_flag & MNT_NOSUID)
1462 vsp->f_flag |= ST_NOSUID;
1464 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1466 info->error = error;
1469 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1470 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1471 kfree(freepath, M_TEMP);
1473 error = copyout(sp, info->sfsp, sizeof(*sp));
1475 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1477 info->error = error;
1489 * fchdir_args(int fd)
1491 * Change current working directory to a given file descriptor.
1494 sys_fchdir(struct fchdir_args *uap)
1496 struct thread *td = curthread;
1497 struct proc *p = td->td_proc;
1498 struct filedesc *fdp = p->p_fd;
1499 struct vnode *vp, *ovp;
1502 struct nchandle nch, onch, tnch;
1505 if ((error = holdvnode(fdp, uap->fd, &fp)) != 0)
1507 lwkt_gettoken(&p->p_token);
1508 vp = (struct vnode *)fp->f_data;
1510 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1511 if (fp->f_nchandle.ncp == NULL)
1514 error = checkvp_chdir(vp, td);
1519 cache_copy(&fp->f_nchandle, &nch);
1522 * If the ncp has become a mount point, traverse through
1526 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1527 (mp = cache_findmount(&nch)) != NULL
1529 error = nlookup_mp(mp, &tnch);
1531 cache_unlock(&tnch); /* leave ref intact */
1533 vp = tnch.ncp->nc_vp;
1534 error = vget(vp, LK_SHARED);
1535 KKASSERT(error == 0);
1542 onch = fdp->fd_ncdir;
1543 vn_unlock(vp); /* leave ref intact */
1545 fdp->fd_ncdir = nch;
1554 lwkt_reltoken(&p->p_token);
1559 kern_chdir(struct nlookupdata *nd)
1561 struct thread *td = curthread;
1562 struct proc *p = td->td_proc;
1563 struct filedesc *fdp = p->p_fd;
1564 struct vnode *vp, *ovp;
1565 struct nchandle onch;
1568 if ((error = nlookup(nd)) != 0)
1570 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1572 if ((error = vget(vp, LK_SHARED)) != 0)
1575 lwkt_gettoken(&p->p_token);
1576 error = checkvp_chdir(vp, td);
1580 onch = fdp->fd_ncdir;
1581 cache_unlock(&nd->nl_nch); /* leave reference intact */
1582 fdp->fd_ncdir = nd->nl_nch;
1586 cache_zero(&nd->nl_nch);
1590 lwkt_reltoken(&p->p_token);
1595 * chdir_args(char *path)
1597 * Change current working directory (``.'').
1600 sys_chdir(struct chdir_args *uap)
1602 struct nlookupdata nd;
1605 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1607 error = kern_chdir(&nd);
1613 * Helper function for raised chroot(2) security function: Refuse if
1614 * any filedescriptors are open directories.
1617 chroot_refuse_vdir_fds(struct filedesc *fdp)
1624 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1625 if ((error = holdvnode(fdp, fd, &fp)) != 0)
1627 vp = (struct vnode *)fp->f_data;
1628 if (vp->v_type != VDIR) {
1639 * This sysctl determines if we will allow a process to chroot(2) if it
1640 * has a directory open:
1641 * 0: disallowed for all processes.
1642 * 1: allowed for processes that were not already chroot(2)'ed.
1643 * 2: allowed for all processes.
1646 static int chroot_allow_open_directories = 1;
1648 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1649 &chroot_allow_open_directories, 0, "");
1652 * chroot to the specified namecache entry. We obtain the vp from the
1653 * namecache data. The passed ncp must be locked and referenced and will
1654 * remain locked and referenced on return.
1657 kern_chroot(struct nchandle *nch)
1659 struct thread *td = curthread;
1660 struct proc *p = td->td_proc;
1661 struct filedesc *fdp = p->p_fd;
1666 * Only privileged user can chroot
1668 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1673 * Disallow open directory descriptors (fchdir() breakouts).
1675 if (chroot_allow_open_directories == 0 ||
1676 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1677 if ((error = chroot_refuse_vdir_fds(fdp)) != 0)
1680 if ((vp = nch->ncp->nc_vp) == NULL)
1683 if ((error = vget(vp, LK_SHARED)) != 0)
1687 * Check the validity of vp as a directory to change to and
1688 * associate it with rdir/jdir.
1690 error = checkvp_chdir(vp, td);
1691 vn_unlock(vp); /* leave reference intact */
1693 vrele(fdp->fd_rdir);
1694 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1695 cache_drop(&fdp->fd_nrdir);
1696 cache_copy(nch, &fdp->fd_nrdir);
1697 if (fdp->fd_jdir == NULL) {
1700 cache_copy(nch, &fdp->fd_njdir);
1709 * chroot_args(char *path)
1711 * Change notion of root (``/'') directory.
1714 sys_chroot(struct chroot_args *uap)
1716 struct thread *td __debugvar = curthread;
1717 struct nlookupdata nd;
1720 KKASSERT(td->td_proc);
1721 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1723 nd.nl_flags |= NLC_EXEC;
1724 error = nlookup(&nd);
1726 error = kern_chroot(&nd.nl_nch);
1733 sys_chroot_kernel(struct chroot_kernel_args *uap)
1735 struct thread *td = curthread;
1736 struct nlookupdata nd;
1737 struct nchandle *nch;
1741 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1745 error = nlookup(&nd);
1751 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1755 if ((vp = nch->ncp->nc_vp) == NULL) {
1760 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
1763 kprintf("chroot_kernel: set new rootnch/rootvnode to %s\n", uap->path);
1765 vfs_cache_setroot(vp, cache_hold(nch));
1775 * Common routine for chroot and chdir. Given a locked, referenced vnode,
1776 * determine whether it is legal to chdir to the vnode. The vnode's state
1777 * is not changed by this call.
1780 checkvp_chdir(struct vnode *vp, struct thread *td)
1784 if (vp->v_type != VDIR)
1787 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
1792 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
1794 struct thread *td = curthread;
1795 struct proc *p = td->td_proc;
1796 struct lwp *lp = td->td_lwp;
1797 struct filedesc *fdp = p->p_fd;
1802 int type, indx, error;
1805 if ((oflags & O_ACCMODE) == O_ACCMODE)
1807 flags = FFLAGS(oflags);
1808 error = falloc(lp, &nfp, NULL);
1812 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
1815 * XXX p_dupfd is a real mess. It allows a device to return a
1816 * file descriptor to be duplicated rather then doing the open
1822 * Call vn_open() to do the lookup and assign the vnode to the
1823 * file pointer. vn_open() does not change the ref count on fp
1824 * and the vnode, on success, will be inherited by the file pointer
1827 nd->nl_flags |= NLC_LOCKVP;
1828 error = vn_open(nd, fp, flags, cmode);
1832 * handle special fdopen() case. bleh. dupfdopen() is
1833 * responsible for dropping the old contents of ofiles[indx]
1836 * Note that fsetfd() will add a ref to fp which represents
1837 * the fd_files[] assignment. We must still drop our
1840 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
1841 if (fdalloc(p, 0, &indx) == 0) {
1842 error = dupfdopen(fdp, indx, lp->lwp_dupfd, flags, error);
1845 fdrop(fp); /* our ref */
1848 fsetfd(fdp, NULL, indx);
1851 fdrop(fp); /* our ref */
1852 if (error == ERESTART)
1858 * ref the vnode for ourselves so it can't be ripped out from under
1859 * is. XXX need an ND flag to request that the vnode be returned
1862 * Reserve a file descriptor but do not assign it until the open
1865 vp = (struct vnode *)fp->f_data;
1867 if ((error = fdalloc(p, 0, &indx)) != 0) {
1874 * If no error occurs the vp will have been assigned to the file
1879 if (flags & (O_EXLOCK | O_SHLOCK)) {
1880 lf.l_whence = SEEK_SET;
1883 if (flags & O_EXLOCK)
1884 lf.l_type = F_WRLCK;
1886 lf.l_type = F_RDLCK;
1887 if (flags & FNONBLOCK)
1892 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
1894 * lock request failed. Clean up the reserved
1898 fsetfd(fdp, NULL, indx);
1902 fp->f_flag |= FHASLOCK;
1906 * Assert that all regular file vnodes were created with a object.
1908 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
1909 ("open: regular file has no backing object after vn_open"));
1915 * release our private reference, leaving the one associated with the
1916 * descriptor table intact.
1918 fsetfd(fdp, fp, indx);
1925 * open_args(char *path, int flags, int mode)
1927 * Check permissions, allocate an open file structure,
1928 * and call the device open routine if any.
1931 sys_open(struct open_args *uap)
1933 struct nlookupdata nd;
1936 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
1938 error = kern_open(&nd, uap->flags,
1939 uap->mode, &uap->sysmsg_result);
1946 * openat_args(int fd, char *path, int flags, int mode)
1949 sys_openat(struct openat_args *uap)
1951 struct nlookupdata nd;
1955 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
1957 error = kern_open(&nd, uap->flags, uap->mode,
1958 &uap->sysmsg_result);
1960 nlookup_done_at(&nd, fp);
1965 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
1967 struct thread *td = curthread;
1968 struct proc *p = td->td_proc;
1977 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
1978 vattr.va_rmajor = rmajor;
1979 vattr.va_rminor = rminor;
1981 switch (mode & S_IFMT) {
1982 case S_IFMT: /* used by badsect to flag bad sectors */
1983 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_BAD, 0);
1984 vattr.va_type = VBAD;
1987 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1988 vattr.va_type = VCHR;
1991 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1992 vattr.va_type = VBLK;
1995 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_WHT, 0);
1998 case S_IFDIR: /* special directories support for HAMMER */
1999 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_DIR, 0);
2000 vattr.va_type = VDIR;
2011 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2012 if ((error = nlookup(nd)) != 0)
2014 if (nd->nl_nch.ncp->nc_vp)
2016 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2020 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2021 nd->nl_cred, NAMEI_CREATE);
2024 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2025 &vp, nd->nl_cred, &vattr);
2033 * mknod_args(char *path, int mode, int dev)
2035 * Create a special file.
2038 sys_mknod(struct mknod_args *uap)
2040 struct nlookupdata nd;
2043 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2045 error = kern_mknod(&nd, uap->mode,
2046 umajor(uap->dev), uminor(uap->dev));
2053 * mknodat_args(int fd, char *path, mode_t mode, dev_t dev)
2055 * Create a special file. The path is relative to the directory associated
2059 sys_mknodat(struct mknodat_args *uap)
2061 struct nlookupdata nd;
2065 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2067 error = kern_mknod(&nd, uap->mode,
2068 umajor(uap->dev), uminor(uap->dev));
2070 nlookup_done_at(&nd, fp);
2075 kern_mkfifo(struct nlookupdata *nd, int mode)
2077 struct thread *td = curthread;
2078 struct proc *p = td->td_proc;
2085 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2086 if ((error = nlookup(nd)) != 0)
2088 if (nd->nl_nch.ncp->nc_vp)
2090 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2094 vattr.va_type = VFIFO;
2095 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2097 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2104 * mkfifo_args(char *path, int mode)
2106 * Create a named pipe.
2109 sys_mkfifo(struct mkfifo_args *uap)
2111 struct nlookupdata nd;
2114 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2116 error = kern_mkfifo(&nd, uap->mode);
2122 * mkfifoat_args(int fd, char *path, mode_t mode)
2124 * Create a named pipe. The path is relative to the directory associated
2128 sys_mkfifoat(struct mkfifoat_args *uap)
2130 struct nlookupdata nd;
2134 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2136 error = kern_mkfifo(&nd, uap->mode);
2137 nlookup_done_at(&nd, fp);
2141 static int hardlink_check_uid = 0;
2142 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2143 &hardlink_check_uid, 0,
2144 "Unprivileged processes cannot create hard links to files owned by other "
2146 static int hardlink_check_gid = 0;
2147 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2148 &hardlink_check_gid, 0,
2149 "Unprivileged processes cannot create hard links to files owned by other "
2153 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2159 * Shortcut if disabled
2161 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2165 * Privileged user can always hardlink
2167 if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
2171 * Otherwise only if the originating file is owned by the
2172 * same user or group. Note that any group is allowed if
2173 * the file is owned by the caller.
2175 error = VOP_GETATTR(vp, &va);
2179 if (hardlink_check_uid) {
2180 if (cred->cr_uid != va.va_uid)
2184 if (hardlink_check_gid) {
2185 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2193 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2195 struct thread *td = curthread;
2200 * Lookup the source and obtained a locked vnode.
2202 * You may only hardlink a file which you have write permission
2203 * on or which you own.
2205 * XXX relookup on vget failure / race ?
2208 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2209 if ((error = nlookup(nd)) != 0)
2211 vp = nd->nl_nch.ncp->nc_vp;
2212 KKASSERT(vp != NULL);
2213 if (vp->v_type == VDIR)
2214 return (EPERM); /* POSIX */
2215 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2217 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2221 * Unlock the source so we can lookup the target without deadlocking
2222 * (XXX vp is locked already, possible other deadlock?). The target
2225 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2226 nd->nl_flags &= ~NLC_NCPISLOCKED;
2227 cache_unlock(&nd->nl_nch);
2230 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2231 if ((error = nlookup(linknd)) != 0) {
2235 if (linknd->nl_nch.ncp->nc_vp) {
2239 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
2245 * Finally run the new API VOP.
2247 error = can_hardlink(vp, td, td->td_ucred);
2249 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2250 vp, linknd->nl_cred);
2257 * link_args(char *path, char *link)
2259 * Make a hard file link.
2262 sys_link(struct link_args *uap)
2264 struct nlookupdata nd, linknd;
2267 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2269 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2271 error = kern_link(&nd, &linknd);
2272 nlookup_done(&linknd);
2279 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2287 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2288 if ((error = nlookup(nd)) != 0)
2290 if (nd->nl_nch.ncp->nc_vp)
2292 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2296 vattr.va_mode = mode;
2297 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2304 * symlink(char *path, char *link)
2306 * Make a symbolic link.
2309 sys_symlink(struct symlink_args *uap)
2311 struct thread *td = curthread;
2312 struct nlookupdata nd;
2317 path = objcache_get(namei_oc, M_WAITOK);
2318 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2320 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2322 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2323 error = kern_symlink(&nd, path, mode);
2327 objcache_put(namei_oc, path);
2332 * symlinkat_args(char *path1, int fd, char *path2)
2334 * Make a symbolic link. The path2 argument is relative to the directory
2335 * associated with fd.
2338 sys_symlinkat(struct symlinkat_args *uap)
2340 struct thread *td = curthread;
2341 struct nlookupdata nd;
2347 path1 = objcache_get(namei_oc, M_WAITOK);
2348 error = copyinstr(uap->path1, path1, MAXPATHLEN, NULL);
2350 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path2,
2353 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2354 error = kern_symlink(&nd, path1, mode);
2356 nlookup_done_at(&nd, fp);
2358 objcache_put(namei_oc, path1);
2363 * undelete_args(char *path)
2365 * Delete a whiteout from the filesystem.
2368 sys_undelete(struct undelete_args *uap)
2370 struct nlookupdata nd;
2373 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2375 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2377 error = nlookup(&nd);
2379 error = ncp_writechk(&nd.nl_nch);
2381 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2389 kern_unlink(struct nlookupdata *nd)
2394 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2395 if ((error = nlookup(nd)) != 0)
2397 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2399 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2404 * unlink_args(char *path)
2406 * Delete a name from the filesystem.
2409 sys_unlink(struct unlink_args *uap)
2411 struct nlookupdata nd;
2414 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2416 error = kern_unlink(&nd);
2423 * unlinkat_args(int fd, char *path, int flags)
2425 * Delete the file or directory entry pointed to by fd/path.
2428 sys_unlinkat(struct unlinkat_args *uap)
2430 struct nlookupdata nd;
2434 if (uap->flags & ~AT_REMOVEDIR)
2437 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2439 if (uap->flags & AT_REMOVEDIR)
2440 error = kern_rmdir(&nd);
2442 error = kern_unlink(&nd);
2444 nlookup_done_at(&nd, fp);
2449 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2451 struct thread *td = curthread;
2452 struct proc *p = td->td_proc;
2459 fp = holdfp(p->p_fd, fd, -1);
2462 if (fp->f_type != DTYPE_VNODE) {
2466 vp = (struct vnode *)fp->f_data;
2470 spin_lock(&fp->f_spin);
2471 new_offset = fp->f_offset + offset;
2475 error = VOP_GETATTR(vp, &vattr);
2476 spin_lock(&fp->f_spin);
2477 new_offset = offset + vattr.va_size;
2480 new_offset = offset;
2482 spin_lock(&fp->f_spin);
2487 spin_lock(&fp->f_spin);
2492 * Validate the seek position. Negative offsets are not allowed
2493 * for regular files or directories.
2495 * Normally we would also not want to allow negative offsets for
2496 * character and block-special devices. However kvm addresses
2497 * on 64 bit architectures might appear to be negative and must
2501 if (new_offset < 0 &&
2502 (vp->v_type == VREG || vp->v_type == VDIR)) {
2505 fp->f_offset = new_offset;
2508 *res = fp->f_offset;
2509 spin_unlock(&fp->f_spin);
2516 * lseek_args(int fd, int pad, off_t offset, int whence)
2518 * Reposition read/write file offset.
2521 sys_lseek(struct lseek_args *uap)
2525 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2526 &uap->sysmsg_offset);
2532 * Check if current process can access given file. amode is a bitmask of *_OK
2533 * access bits. flags is a bitmask of AT_* flags.
2536 kern_access(struct nlookupdata *nd, int amode, int flags)
2541 if (flags & ~AT_EACCESS)
2543 if ((error = nlookup(nd)) != 0)
2546 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2550 /* Flags == 0 means only check for existence. */
2559 if ((mode & VWRITE) == 0 ||
2560 (error = vn_writechk(vp, &nd->nl_nch)) == 0)
2561 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2564 * If the file handle is stale we have to re-resolve the
2565 * entry. This is a hack at the moment.
2567 if (error == ESTALE) {
2569 cache_setunresolved(&nd->nl_nch);
2570 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2583 * access_args(char *path, int flags)
2585 * Check access permissions.
2588 sys_access(struct access_args *uap)
2590 struct nlookupdata nd;
2593 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2595 error = kern_access(&nd, uap->flags, 0);
2602 * faccessat_args(int fd, char *path, int amode, int flags)
2604 * Check access permissions.
2607 sys_faccessat(struct faccessat_args *uap)
2609 struct nlookupdata nd;
2613 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2616 error = kern_access(&nd, uap->amode, uap->flags);
2617 nlookup_done_at(&nd, fp);
2623 kern_stat(struct nlookupdata *nd, struct stat *st)
2628 if ((error = nlookup(nd)) != 0)
2631 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2634 if ((error = vget(vp, LK_SHARED)) != 0)
2636 error = vn_stat(vp, st, nd->nl_cred);
2639 * If the file handle is stale we have to re-resolve the entry. This
2640 * is a hack at the moment.
2642 if (error == ESTALE) {
2644 cache_setunresolved(&nd->nl_nch);
2645 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2655 * stat_args(char *path, struct stat *ub)
2657 * Get file status; this version follows links.
2660 sys_stat(struct stat_args *uap)
2662 struct nlookupdata nd;
2666 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2668 error = kern_stat(&nd, &st);
2670 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2677 * lstat_args(char *path, struct stat *ub)
2679 * Get file status; this version does not follow links.
2682 sys_lstat(struct lstat_args *uap)
2684 struct nlookupdata nd;
2688 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2690 error = kern_stat(&nd, &st);
2692 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2699 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
2701 * Get status of file pointed to by fd/path.
2704 sys_fstatat(struct fstatat_args *uap)
2706 struct nlookupdata nd;
2712 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
2715 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
2717 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
2718 UIO_USERSPACE, flags);
2720 error = kern_stat(&nd, &st);
2722 error = copyout(&st, uap->sb, sizeof(*uap->sb));
2724 nlookup_done_at(&nd, fp);
2729 * pathconf_Args(char *path, int name)
2731 * Get configurable pathname variables.
2734 sys_pathconf(struct pathconf_args *uap)
2736 struct nlookupdata nd;
2741 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2743 error = nlookup(&nd);
2745 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
2748 error = VOP_PATHCONF(vp, uap->name, &uap->sysmsg_reg);
2756 * kern_readlink isn't properly split yet. There is a copyin burried
2757 * in VOP_READLINK().
2760 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
2762 struct thread *td = curthread;
2768 if ((error = nlookup(nd)) != 0)
2770 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2773 if (vp->v_type != VLNK) {
2776 aiov.iov_base = buf;
2777 aiov.iov_len = count;
2778 auio.uio_iov = &aiov;
2779 auio.uio_iovcnt = 1;
2780 auio.uio_offset = 0;
2781 auio.uio_rw = UIO_READ;
2782 auio.uio_segflg = UIO_USERSPACE;
2784 auio.uio_resid = count;
2785 error = VOP_READLINK(vp, &auio, td->td_ucred);
2788 *res = count - auio.uio_resid;
2793 * readlink_args(char *path, char *buf, int count)
2795 * Return target name of a symbolic link.
2798 sys_readlink(struct readlink_args *uap)
2800 struct nlookupdata nd;
2803 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2805 error = kern_readlink(&nd, uap->buf, uap->count,
2806 &uap->sysmsg_result);
2813 * readlinkat_args(int fd, char *path, char *buf, size_t bufsize)
2815 * Return target name of a symbolic link. The path is relative to the
2816 * directory associated with fd.
2819 sys_readlinkat(struct readlinkat_args *uap)
2821 struct nlookupdata nd;
2825 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2827 error = kern_readlink(&nd, uap->buf, uap->bufsize,
2828 &uap->sysmsg_result);
2830 nlookup_done_at(&nd, fp);
2835 setfflags(struct vnode *vp, int flags)
2837 struct thread *td = curthread;
2842 * Prevent non-root users from setting flags on devices. When
2843 * a device is reused, users can retain ownership of the device
2844 * if they are allowed to set flags and programs assume that
2845 * chown can't fail when done as root.
2847 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
2848 ((error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
2852 * note: vget is required for any operation that might mod the vnode
2853 * so VINACTIVE is properly cleared.
2855 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2857 vattr.va_flags = flags;
2858 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2865 * chflags(char *path, int flags)
2867 * Change flags of a file given a path name.
2870 sys_chflags(struct chflags_args *uap)
2872 struct nlookupdata nd;
2877 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2879 error = nlookup(&nd);
2881 error = ncp_writechk(&nd.nl_nch);
2883 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
2886 error = setfflags(vp, uap->flags);
2893 * lchflags(char *path, int flags)
2895 * Change flags of a file given a path name, but don't follow symlinks.
2898 sys_lchflags(struct lchflags_args *uap)
2900 struct nlookupdata nd;
2905 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2907 error = nlookup(&nd);
2909 error = ncp_writechk(&nd.nl_nch);
2911 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
2914 error = setfflags(vp, uap->flags);
2921 * fchflags_args(int fd, int flags)
2923 * Change flags of a file given a file descriptor.
2926 sys_fchflags(struct fchflags_args *uap)
2928 struct thread *td = curthread;
2929 struct proc *p = td->td_proc;
2933 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
2935 if (fp->f_nchandle.ncp)
2936 error = ncp_writechk(&fp->f_nchandle);
2938 error = setfflags((struct vnode *) fp->f_data, uap->flags);
2944 setfmode(struct vnode *vp, int mode)
2946 struct thread *td = curthread;
2951 * note: vget is required for any operation that might mod the vnode
2952 * so VINACTIVE is properly cleared.
2954 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2956 vattr.va_mode = mode & ALLPERMS;
2957 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2964 kern_chmod(struct nlookupdata *nd, int mode)
2969 if ((error = nlookup(nd)) != 0)
2971 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
2973 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
2974 error = setfmode(vp, mode);
2980 * chmod_args(char *path, int mode)
2982 * Change mode of a file given path name.
2985 sys_chmod(struct chmod_args *uap)
2987 struct nlookupdata nd;
2990 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2992 error = kern_chmod(&nd, uap->mode);
2998 * lchmod_args(char *path, int mode)
3000 * Change mode of a file given path name (don't follow links.)
3003 sys_lchmod(struct lchmod_args *uap)
3005 struct nlookupdata nd;
3008 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3010 error = kern_chmod(&nd, uap->mode);
3016 * fchmod_args(int fd, int mode)
3018 * Change mode of a file given a file descriptor.
3021 sys_fchmod(struct fchmod_args *uap)
3023 struct thread *td = curthread;
3024 struct proc *p = td->td_proc;
3028 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3030 if (fp->f_nchandle.ncp)
3031 error = ncp_writechk(&fp->f_nchandle);
3033 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3039 * fchmodat_args(char *path, int mode)
3041 * Change mode of a file pointed to by fd/path.
3044 sys_fchmodat(struct fchmodat_args *uap)
3046 struct nlookupdata nd;
3051 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3053 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3055 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3056 UIO_USERSPACE, flags);
3058 error = kern_chmod(&nd, uap->mode);
3059 nlookup_done_at(&nd, fp);
3064 setfown(struct vnode *vp, uid_t uid, gid_t gid)
3066 struct thread *td = curthread;
3071 * note: vget is required for any operation that might mod the vnode
3072 * so VINACTIVE is properly cleared.
3074 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3078 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3085 kern_chown(struct nlookupdata *nd, int uid, int gid)
3090 if ((error = nlookup(nd)) != 0)
3092 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3094 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3095 error = setfown(vp, uid, gid);
3101 * chown(char *path, int uid, int gid)
3103 * Set ownership given a path name.
3106 sys_chown(struct chown_args *uap)
3108 struct nlookupdata nd;
3111 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3113 error = kern_chown(&nd, uap->uid, uap->gid);
3119 * lchown_args(char *path, int uid, int gid)
3121 * Set ownership given a path name, do not cross symlinks.
3124 sys_lchown(struct lchown_args *uap)
3126 struct nlookupdata nd;
3129 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3131 error = kern_chown(&nd, uap->uid, uap->gid);
3137 * fchown_args(int fd, int uid, int gid)
3139 * Set ownership given a file descriptor.
3142 sys_fchown(struct fchown_args *uap)
3144 struct thread *td = curthread;
3145 struct proc *p = td->td_proc;
3149 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3151 if (fp->f_nchandle.ncp)
3152 error = ncp_writechk(&fp->f_nchandle);
3154 error = setfown((struct vnode *)fp->f_data, uap->uid, uap->gid);
3160 * fchownat(int fd, char *path, int uid, int gid, int flags)
3162 * Set ownership of file pointed to by fd/path.
3165 sys_fchownat(struct fchownat_args *uap)
3167 struct nlookupdata nd;
3172 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3174 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3176 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3177 UIO_USERSPACE, flags);
3179 error = kern_chown(&nd, uap->uid, uap->gid);
3180 nlookup_done_at(&nd, fp);
3186 getutimes(const struct timeval *tvp, struct timespec *tsp)
3188 struct timeval tv[2];
3192 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3195 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3196 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3202 setutimes(struct vnode *vp, struct vattr *vattr,
3203 const struct timespec *ts, int nullflag)
3205 struct thread *td = curthread;
3209 vattr->va_atime = ts[0];
3210 vattr->va_mtime = ts[1];
3212 vattr->va_vaflags |= VA_UTIMES_NULL;
3213 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3219 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3221 struct timespec ts[2];
3226 if ((error = getutimes(tptr, ts)) != 0)
3230 * NOTE: utimes() succeeds for the owner even if the file
3231 * is not user-writable.
3233 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3235 if ((error = nlookup(nd)) != 0)
3237 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3239 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3243 * note: vget is required for any operation that might mod the vnode
3244 * so VINACTIVE is properly cleared.
3246 if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3247 error = vget(vp, LK_EXCLUSIVE);
3249 error = setutimes(vp, &vattr, ts, (tptr == NULL));
3258 * utimes_args(char *path, struct timeval *tptr)
3260 * Set the access and modification times of a file.
3263 sys_utimes(struct utimes_args *uap)
3265 struct timeval tv[2];
3266 struct nlookupdata nd;
3270 error = copyin(uap->tptr, tv, sizeof(tv));
3274 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3276 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3282 * lutimes_args(char *path, struct timeval *tptr)
3284 * Set the access and modification times of a file.
3287 sys_lutimes(struct lutimes_args *uap)
3289 struct timeval tv[2];
3290 struct nlookupdata nd;
3294 error = copyin(uap->tptr, tv, sizeof(tv));
3298 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3300 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3306 * Set utimes on a file descriptor. The creds used to open the
3307 * file are used to determine whether the operation is allowed
3311 kern_futimes(int fd, struct timeval *tptr)
3313 struct thread *td = curthread;
3314 struct proc *p = td->td_proc;
3315 struct timespec ts[2];
3321 error = getutimes(tptr, ts);
3324 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3326 if (fp->f_nchandle.ncp)
3327 error = ncp_writechk(&fp->f_nchandle);
3330 error = vget(vp, LK_EXCLUSIVE);
3332 error = VOP_GETATTR(vp, &vattr);
3334 error = naccess_va(&vattr, NLC_OWN | NLC_WRITE,
3338 error = setutimes(vp, &vattr, ts,
3349 * futimes_args(int fd, struct timeval *tptr)
3351 * Set the access and modification times of a file.
3354 sys_futimes(struct futimes_args *uap)
3356 struct timeval tv[2];
3360 error = copyin(uap->tptr, tv, sizeof(tv));
3364 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3370 kern_truncate(struct nlookupdata *nd, off_t length)
3378 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3379 if ((error = nlookup(nd)) != 0)
3381 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3383 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3385 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
3389 if (vp->v_type == VDIR) {
3391 } else if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3393 vattr.va_size = length;
3394 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3401 * truncate(char *path, int pad, off_t length)
3403 * Truncate a file given its path name.
3406 sys_truncate(struct truncate_args *uap)
3408 struct nlookupdata nd;
3411 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3413 error = kern_truncate(&nd, uap->length);
3419 kern_ftruncate(int fd, off_t length)
3421 struct thread *td = curthread;
3422 struct proc *p = td->td_proc;
3430 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3432 if (fp->f_nchandle.ncp) {
3433 error = ncp_writechk(&fp->f_nchandle);
3437 if ((fp->f_flag & FWRITE) == 0) {
3441 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
3445 vp = (struct vnode *)fp->f_data;
3446 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3447 if (vp->v_type == VDIR) {
3449 } else if ((error = vn_writechk(vp, NULL)) == 0) {
3451 vattr.va_size = length;
3452 error = VOP_SETATTR(vp, &vattr, fp->f_cred);
3461 * ftruncate_args(int fd, int pad, off_t length)
3463 * Truncate a file given a file descriptor.
3466 sys_ftruncate(struct ftruncate_args *uap)
3470 error = kern_ftruncate(uap->fd, uap->length);
3478 * Sync an open file.
3481 sys_fsync(struct fsync_args *uap)
3483 struct thread *td = curthread;
3484 struct proc *p = td->td_proc;
3490 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3492 vp = (struct vnode *)fp->f_data;
3493 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3494 if ((obj = vp->v_object) != NULL)
3495 vm_object_page_clean(obj, 0, 0, 0);
3496 error = VOP_FSYNC(vp, MNT_WAIT, VOP_FSYNC_SYSCALL);
3497 if (error == 0 && vp->v_mount)
3498 error = buf_fsync(vp);
3506 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
3508 struct nchandle fnchd;
3509 struct nchandle tnchd;
3510 struct namecache *ncp;
3517 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
3518 if ((error = nlookup(fromnd)) != 0)
3520 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
3522 fnchd.mount = fromnd->nl_nch.mount;
3526 * unlock the source nch so we can lookup the target nch without
3527 * deadlocking. The target may or may not exist so we do not check
3528 * for a target vp like kern_mkdir() and other creation functions do.
3530 * The source and target directories are ref'd and rechecked after
3531 * everything is relocked to determine if the source or target file
3534 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
3535 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
3536 cache_unlock(&fromnd->nl_nch);
3538 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
3539 if ((error = nlookup(tond)) != 0) {
3543 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
3547 tnchd.mount = tond->nl_nch.mount;
3551 * If the source and target are the same there is nothing to do
3553 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
3560 * Mount points cannot be renamed or overwritten
3562 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
3571 * Relock the source ncp. cache_relock() will deal with any
3572 * deadlocks against the already-locked tond and will also
3573 * make sure both are resolved.
3575 * NOTE AFTER RELOCKING: The source or target ncp may have become
3576 * invalid while they were unlocked, nc_vp and nc_mount could
3579 cache_relock(&fromnd->nl_nch, fromnd->nl_cred,
3580 &tond->nl_nch, tond->nl_cred);
3581 fromnd->nl_flags |= NLC_NCPISLOCKED;
3584 * make sure the parent directories linkages are the same
3586 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
3587 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
3594 * Both the source and target must be within the same filesystem and
3595 * in the same filesystem as their parent directories within the
3596 * namecache topology.
3598 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
3601 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
3602 mp != tond->nl_nch.mount) {
3609 * Make sure the mount point is writable
3611 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
3618 * If the target exists and either the source or target is a directory,
3619 * then both must be directories.
3621 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
3624 if (tond->nl_nch.ncp->nc_vp) {
3625 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
3627 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
3628 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
3630 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
3636 * You cannot rename a source into itself or a subdirectory of itself.
3637 * We check this by travsersing the target directory upwards looking
3638 * for a match against the source.
3643 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
3644 if (fromnd->nl_nch.ncp == ncp) {
3655 * Even though the namespaces are different, they may still represent
3656 * hardlinks to the same file. The filesystem might have a hard time
3657 * with this so we issue a NREMOVE of the source instead of a NRENAME
3658 * when we detect the situation.
3661 fdvp = fromnd->nl_dvp;
3662 tdvp = tond->nl_dvp;
3663 if (fdvp == NULL || tdvp == NULL) {
3665 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
3666 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
3669 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
3670 fdvp, tdvp, tond->nl_cred);
3677 * rename_args(char *from, char *to)
3679 * Rename files. Source and destination must either both be directories,
3680 * or both not be directories. If target is a directory, it must be empty.
3683 sys_rename(struct rename_args *uap)
3685 struct nlookupdata fromnd, tond;
3688 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
3690 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
3692 error = kern_rename(&fromnd, &tond);
3693 nlookup_done(&tond);
3695 nlookup_done(&fromnd);
3700 * renameat_args(int oldfd, char *old, int newfd, char *new)
3702 * Rename files using paths relative to the directories associated with
3703 * oldfd and newfd. Source and destination must either both be directories,
3704 * or both not be directories. If target is a directory, it must be empty.
3707 sys_renameat(struct renameat_args *uap)
3709 struct nlookupdata oldnd, newnd;
3710 struct file *oldfp, *newfp;
3713 error = nlookup_init_at(&oldnd, &oldfp, uap->oldfd, uap->old,
3716 error = nlookup_init_at(&newnd, &newfp, uap->newfd, uap->new,
3719 error = kern_rename(&oldnd, &newnd);
3720 nlookup_done_at(&newnd, newfp);
3722 nlookup_done_at(&oldnd, oldfp);
3727 kern_mkdir(struct nlookupdata *nd, int mode)
3729 struct thread *td = curthread;
3730 struct proc *p = td->td_proc;
3736 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
3737 if ((error = nlookup(nd)) != 0)
3740 if (nd->nl_nch.ncp->nc_vp)
3742 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3745 vattr.va_type = VDIR;
3746 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
3749 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
3756 * mkdir_args(char *path, int mode)
3758 * Make a directory file.
3761 sys_mkdir(struct mkdir_args *uap)
3763 struct nlookupdata nd;
3766 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3768 error = kern_mkdir(&nd, uap->mode);
3774 * mkdirat_args(int fd, char *path, mode_t mode)
3776 * Make a directory file. The path is relative to the directory associated
3780 sys_mkdirat(struct mkdirat_args *uap)
3782 struct nlookupdata nd;
3786 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
3788 error = kern_mkdir(&nd, uap->mode);
3789 nlookup_done_at(&nd, fp);
3794 kern_rmdir(struct nlookupdata *nd)
3799 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
3800 if ((error = nlookup(nd)) != 0)
3804 * Do not allow directories representing mount points to be
3805 * deleted, even if empty. Check write perms on mount point
3806 * in case the vnode is aliased (aka nullfs).
3808 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
3810 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3812 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
3817 * rmdir_args(char *path)
3819 * Remove a directory file.
3822 sys_rmdir(struct rmdir_args *uap)
3824 struct nlookupdata nd;
3827 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3829 error = kern_rmdir(&nd);
3835 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
3836 enum uio_seg direction)
3838 struct thread *td = curthread;
3839 struct proc *p = td->td_proc;
3847 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3849 if ((fp->f_flag & FREAD) == 0) {
3853 vp = (struct vnode *)fp->f_data;
3855 if (vp->v_type != VDIR) {
3859 aiov.iov_base = buf;
3860 aiov.iov_len = count;
3861 auio.uio_iov = &aiov;
3862 auio.uio_iovcnt = 1;
3863 auio.uio_rw = UIO_READ;
3864 auio.uio_segflg = direction;
3866 auio.uio_resid = count;
3867 loff = auio.uio_offset = fp->f_offset;
3868 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
3869 fp->f_offset = auio.uio_offset;
3872 if (count == auio.uio_resid) {
3873 if (union_dircheckp) {
3874 error = union_dircheckp(td, &vp, fp);
3881 if ((vp->v_flag & VROOT) &&
3882 (vp->v_mount->mnt_flag & MNT_UNION)) {
3883 struct vnode *tvp = vp;
3884 vp = vp->v_mount->mnt_vnodecovered;
3895 * WARNING! *basep may not be wide enough to accomodate the
3896 * seek offset. XXX should we hack this to return the upper 32 bits
3897 * for offsets greater then 4G?
3900 *basep = (long)loff;
3902 *res = count - auio.uio_resid;
3909 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
3911 * Read a block of directory entries in a file system independent format.
3914 sys_getdirentries(struct getdirentries_args *uap)
3919 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
3920 &uap->sysmsg_result, UIO_USERSPACE);
3922 if (error == 0 && uap->basep)
3923 error = copyout(&base, uap->basep, sizeof(*uap->basep));
3928 * getdents_args(int fd, char *buf, size_t count)
3931 sys_getdents(struct getdents_args *uap)
3935 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
3936 &uap->sysmsg_result, UIO_USERSPACE);
3942 * Set the mode mask for creation of filesystem nodes.
3944 * umask(int newmask)
3947 sys_umask(struct umask_args *uap)
3949 struct thread *td = curthread;
3950 struct proc *p = td->td_proc;
3951 struct filedesc *fdp;
3954 uap->sysmsg_result = fdp->fd_cmask;
3955 fdp->fd_cmask = uap->newmask & ALLPERMS;
3960 * revoke(char *path)
3962 * Void all references to file by ripping underlying filesystem
3966 sys_revoke(struct revoke_args *uap)
3968 struct nlookupdata nd;
3975 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3977 error = nlookup(&nd);
3979 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3980 cred = crhold(nd.nl_cred);
3984 error = VOP_GETATTR(vp, &vattr);
3985 if (error == 0 && cred->cr_uid != vattr.va_uid)
3986 error = priv_check_cred(cred, PRIV_VFS_REVOKE, 0);
3987 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
3989 error = vrevoke(vp, cred);
3990 } else if (error == 0) {
3991 error = vrevoke(vp, cred);
4001 * getfh_args(char *fname, fhandle_t *fhp)
4003 * Get (NFS) file handle
4005 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4006 * mount. This allows nullfs mounts to be explicitly exported.
4008 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4010 * nullfs mounts of subdirectories are not safe. That is, it will
4011 * work, but you do not really have protection against access to
4012 * the related parent directories.
4015 sys_getfh(struct getfh_args *uap)
4017 struct thread *td = curthread;
4018 struct nlookupdata nd;
4025 * Must be super user
4027 if ((error = priv_check(td, PRIV_ROOT)) != 0)
4031 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4033 error = nlookup(&nd);
4035 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4036 mp = nd.nl_nch.mount;
4039 bzero(&fh, sizeof(fh));
4040 fh.fh_fsid = mp->mnt_stat.f_fsid;
4041 error = VFS_VPTOFH(vp, &fh.fh_fid);
4044 error = copyout(&fh, uap->fhp, sizeof(fh));
4050 * fhopen_args(const struct fhandle *u_fhp, int flags)
4052 * syscall for the rpc.lockd to use to translate a NFS file handle into
4053 * an open descriptor.
4055 * warning: do not remove the priv_check() call or this becomes one giant
4059 sys_fhopen(struct fhopen_args *uap)
4061 struct thread *td = curthread;
4062 struct filedesc *fdp = td->td_proc->p_fd;
4067 struct vattr *vap = &vat;
4069 int fmode, mode, error, type;
4075 * Must be super user
4077 error = priv_check(td, PRIV_ROOT);
4081 fmode = FFLAGS(uap->flags);
4084 * Why not allow a non-read/write open for our lockd?
4086 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4088 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4093 * Find the mount point
4095 mp = vfs_getvfs(&fhp.fh_fsid);
4100 /* now give me my vnode, it gets returned to me locked */
4101 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4105 * from now on we have to make sure not
4106 * to forget about the vnode
4107 * any error that causes an abort must vput(vp)
4108 * just set error = err and 'goto bad;'.
4114 if (vp->v_type == VLNK) {
4118 if (vp->v_type == VSOCK) {
4123 if (fmode & (FWRITE | O_TRUNC)) {
4124 if (vp->v_type == VDIR) {
4128 error = vn_writechk(vp, NULL);
4136 error = VOP_ACCESS(vp, mode, td->td_ucred);
4140 if (fmode & O_TRUNC) {
4141 vn_unlock(vp); /* XXX */
4142 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4145 error = VOP_SETATTR(vp, vap, td->td_ucred);
4151 * VOP_OPEN needs the file pointer so it can potentially override
4154 * WARNING! no f_nchandle will be associated when fhopen()ing a
4157 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4161 error = VOP_OPEN(vp, fmode, td->td_ucred, fp);
4164 * setting f_ops this way prevents VOP_CLOSE from being
4165 * called or fdrop() releasing the vp from v_data. Since
4166 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4168 fp->f_ops = &badfileops;
4174 * The fp is given its own reference, we still have our ref and lock.
4176 * Assert that all regular files must be created with a VM object.
4178 if (vp->v_type == VREG && vp->v_object == NULL) {
4179 kprintf("fhopen: regular file did not have VM object: %p\n", vp);
4184 * The open was successful. Handle any locking requirements.
4186 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4187 lf.l_whence = SEEK_SET;
4190 if (fmode & O_EXLOCK)
4191 lf.l_type = F_WRLCK;
4193 lf.l_type = F_RDLCK;
4194 if (fmode & FNONBLOCK)
4199 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
4201 * release our private reference.
4203 fsetfd(fdp, NULL, indx);
4208 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4209 fp->f_flag |= FHASLOCK;
4213 * Clean up. Associate the file pointer with the previously
4214 * reserved descriptor and return it.
4217 fsetfd(fdp, fp, indx);
4219 uap->sysmsg_result = indx;
4223 fsetfd(fdp, NULL, indx);
4232 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4235 sys_fhstat(struct fhstat_args *uap)
4237 struct thread *td = curthread;
4245 * Must be super user
4247 error = priv_check(td, PRIV_ROOT);
4251 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4255 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4258 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4259 error = vn_stat(vp, &sb, td->td_ucred);
4264 error = copyout(&sb, uap->sb, sizeof(sb));
4269 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4272 sys_fhstatfs(struct fhstatfs_args *uap)
4274 struct thread *td = curthread;
4275 struct proc *p = td->td_proc;
4280 char *fullpath, *freepath;
4285 * Must be super user
4287 if ((error = priv_check(td, PRIV_ROOT)))
4290 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4293 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4297 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4302 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4307 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4310 error = mount_path(p, mp, &fullpath, &freepath);
4313 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
4314 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
4315 kfree(freepath, M_TEMP);
4317 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4318 if (priv_check(td, PRIV_ROOT)) {
4319 bcopy(sp, &sb, sizeof(sb));
4320 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
4323 error = copyout(sp, uap->buf, sizeof(*sp));
4329 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
4332 sys_fhstatvfs(struct fhstatvfs_args *uap)
4334 struct thread *td = curthread;
4335 struct proc *p = td->td_proc;
4343 * Must be super user
4345 if ((error = priv_check(td, PRIV_ROOT)))
4348 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4351 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4355 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4360 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
4363 sp = &mp->mnt_vstat;
4365 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
4369 if (mp->mnt_flag & MNT_RDONLY)
4370 sp->f_flag |= ST_RDONLY;
4371 if (mp->mnt_flag & MNT_NOSUID)
4372 sp->f_flag |= ST_NOSUID;
4373 error = copyout(sp, uap->buf, sizeof(*sp));
4380 * Syscall to push extended attribute configuration information into the
4381 * VFS. Accepts a path, which it converts to a mountpoint, as well as
4382 * a command (int cmd), and attribute name and misc data. For now, the
4383 * attribute name is left in userspace for consumption by the VFS_op.
4384 * It will probably be changed to be copied into sysspace by the
4385 * syscall in the future, once issues with various consumers of the
4386 * attribute code have raised their hands.
4388 * Currently this is used only by UFS Extended Attributes.
4391 sys_extattrctl(struct extattrctl_args *uap)
4393 struct nlookupdata nd;
4395 char attrname[EXTATTR_MAXNAMELEN];
4403 if (error == 0 && uap->filename) {
4404 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
4407 error = nlookup(&nd);
4409 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4413 if (error == 0 && uap->attrname) {
4414 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
4419 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4421 error = nlookup(&nd);
4423 error = ncp_writechk(&nd.nl_nch);
4425 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
4427 uap->attrname, nd.nl_cred);
4436 * Syscall to get a named extended attribute on a file or directory.
4439 sys_extattr_set_file(struct extattr_set_file_args *uap)
4441 char attrname[EXTATTR_MAXNAMELEN];
4442 struct nlookupdata nd;
4448 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4454 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4456 error = nlookup(&nd);
4458 error = ncp_writechk(&nd.nl_nch);
4460 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4466 bzero(&auio, sizeof(auio));
4467 aiov.iov_base = uap->data;
4468 aiov.iov_len = uap->nbytes;
4469 auio.uio_iov = &aiov;
4470 auio.uio_iovcnt = 1;
4471 auio.uio_offset = 0;
4472 auio.uio_resid = uap->nbytes;
4473 auio.uio_rw = UIO_WRITE;
4474 auio.uio_td = curthread;
4476 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
4485 * Syscall to get a named extended attribute on a file or directory.
4488 sys_extattr_get_file(struct extattr_get_file_args *uap)
4490 char attrname[EXTATTR_MAXNAMELEN];
4491 struct nlookupdata nd;
4497 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4503 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4505 error = nlookup(&nd);
4507 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4513 bzero(&auio, sizeof(auio));
4514 aiov.iov_base = uap->data;
4515 aiov.iov_len = uap->nbytes;
4516 auio.uio_iov = &aiov;
4517 auio.uio_iovcnt = 1;
4518 auio.uio_offset = 0;
4519 auio.uio_resid = uap->nbytes;
4520 auio.uio_rw = UIO_READ;
4521 auio.uio_td = curthread;
4523 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
4525 uap->sysmsg_result = uap->nbytes - auio.uio_resid;
4533 * Syscall to delete a named extended attribute from a file or directory.
4534 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
4537 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
4539 char attrname[EXTATTR_MAXNAMELEN];
4540 struct nlookupdata nd;
4544 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4548 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4550 error = nlookup(&nd);
4552 error = ncp_writechk(&nd.nl_nch);
4554 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4556 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
4557 attrname, NULL, nd.nl_cred);
4566 * Determine if the mount is visible to the process.
4569 chroot_visible_mnt(struct mount *mp, struct proc *p)
4571 struct nchandle nch;
4574 * Traverse from the mount point upwards. If we hit the process
4575 * root then the mount point is visible to the process.
4577 nch = mp->mnt_ncmountpt;
4579 if (nch.mount == p->p_fd->fd_nrdir.mount &&
4580 nch.ncp == p->p_fd->fd_nrdir.ncp) {
4583 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
4584 nch = nch.mount->mnt_ncmounton;
4586 nch.ncp = nch.ncp->nc_parent;
4591 * If the mount point is not visible to the process, but the
4592 * process root is in a subdirectory of the mount, return
4595 if (p->p_fd->fd_nrdir.mount == mp)
projects / dragonfly.git / blob