2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
40 * $DragonFly: src/sys/kern/vfs_syscalls.c,v 1.135 2008/11/11 00:55:49 pavalos Exp $
43 #include <sys/param.h>
44 #include <sys/systm.h>
47 #include <sys/sysent.h>
48 #include <sys/malloc.h>
49 #include <sys/mount.h>
50 #include <sys/mountctl.h>
51 #include <sys/sysproto.h>
52 #include <sys/filedesc.h>
53 #include <sys/kernel.h>
54 #include <sys/fcntl.h>
56 #include <sys/linker.h>
58 #include <sys/unistd.h>
59 #include <sys/vnode.h>
63 #include <sys/namei.h>
64 #include <sys/nlookup.h>
65 #include <sys/dirent.h>
66 #include <sys/extattr.h>
67 #include <sys/spinlock.h>
68 #include <sys/kern_syscall.h>
69 #include <sys/objcache.h>
70 #include <sys/sysctl.h>
73 #include <sys/file2.h>
74 #include <sys/spinlock2.h>
75 #include <sys/mplock2.h>
78 #include <vm/vm_object.h>
79 #include <vm/vm_page.h>
81 #include <machine/limits.h>
82 #include <machine/stdarg.h>
84 #include <vfs/union/union.h>
86 static void mount_warning(struct mount *mp, const char *ctl, ...);
87 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
88 static int checkvp_chdir (struct vnode *vn, struct thread *td);
89 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
90 static int chroot_refuse_vdir_fds (struct filedesc *fdp);
91 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
92 static int getutimes (const struct timeval *, struct timespec *);
93 static int setfown (struct vnode *, uid_t, gid_t);
94 static int setfmode (struct vnode *, int);
95 static int setfflags (struct vnode *, int);
96 static int setutimes (struct vnode *, struct vattr *,
97 const struct timespec *, int);
98 static int usermount = 0; /* if 1, non-root can mount fs. */
100 int (*union_dircheckp) (struct thread *, struct vnode **, struct file *);
102 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, "");
105 * Virtual File System System Calls
109 * Mount a file system.
111 * mount_args(char *type, char *path, int flags, caddr_t data)
116 sys_mount(struct mount_args *uap)
118 struct thread *td = curthread;
121 struct mount *mp, *nullmp;
122 struct vfsconf *vfsp;
123 int error, flag = 0, flag2 = 0;
126 struct nlookupdata nd;
127 char fstypename[MFSNAMELEN];
136 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
140 * Do not allow NFS export by non-root users.
142 if (uap->flags & MNT_EXPORTED) {
143 error = priv_check(td, PRIV_ROOT);
148 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
150 if (priv_check(td, PRIV_ROOT))
151 uap->flags |= MNT_NOSUID | MNT_NODEV;
154 * Lookup the requested path and extract the nch and vnode.
156 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
158 if ((error = nlookup(&nd)) == 0) {
159 if (nd.nl_nch.ncp->nc_vp == NULL)
169 * If the target filesystem is resolved via a nullfs mount, then
170 * nd.nl_nch.mount will be pointing to the nullfs mount structure
171 * instead of the target file system. We need it in case we are
174 nullmp = nd.nl_nch.mount;
177 * Extract the locked+refd ncp and cleanup the nd structure
180 cache_zero(&nd.nl_nch);
183 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) && cache_findmount(&nch))
190 * now we have the locked ref'd nch and unreferenced vnode.
193 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
200 * Extract the file system type. We need to know this early, to take
201 * appropriate actions if we are dealing with a nullfs.
203 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0) {
210 * Now we have an unlocked ref'd nch and a locked ref'd vp
212 if (uap->flags & MNT_UPDATE) {
213 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
220 if (strncmp(fstypename, "null", 5) == 0) {
228 flag2 = mp->mnt_kern_flag;
230 * We only allow the filesystem to be reloaded if it
231 * is currently mounted read-only.
233 if ((uap->flags & MNT_RELOAD) &&
234 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
237 error = EOPNOTSUPP; /* Needs translation */
241 * Only root, or the user that did the original mount is
242 * permitted to update it.
244 if (mp->mnt_stat.f_owner != cred->cr_uid &&
245 (error = priv_check(td, PRIV_ROOT))) {
250 if (vfs_busy(mp, LK_NOWAIT)) {
256 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
263 vsetflags(vp, VMOUNT);
265 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
270 * If the user is not root, ensure that they own the directory
271 * onto which we are attempting to mount.
273 if ((error = VOP_GETATTR(vp, &va)) ||
274 (va.va_uid != cred->cr_uid && (error = priv_check(td, PRIV_ROOT)))) {
279 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
284 if (vp->v_type != VDIR) {
290 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
296 vfsp = vfsconf_find_by_name(fstypename);
300 /* Only load modules for root (very important!) */
301 if ((error = priv_check(td, PRIV_ROOT)) != 0) {
306 error = linker_load_file(fstypename, &lf);
307 if (error || lf == NULL) {
315 /* lookup again, see if the VFS was loaded */
316 vfsp = vfsconf_find_by_name(fstypename);
319 linker_file_unload(lf);
326 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
332 vsetflags(vp, VMOUNT);
335 * Allocate and initialize the filesystem.
337 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
339 vfs_busy(mp, LK_NOWAIT);
340 mp->mnt_op = vfsp->vfc_vfsops;
342 vfsp->vfc_refcount++;
343 mp->mnt_stat.f_type = vfsp->vfc_typenum;
344 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
345 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
346 mp->mnt_stat.f_owner = cred->cr_uid;
350 * Set the mount level flags.
352 if (uap->flags & MNT_RDONLY)
353 mp->mnt_flag |= MNT_RDONLY;
354 else if (mp->mnt_flag & MNT_RDONLY)
355 mp->mnt_kern_flag |= MNTK_WANTRDWR;
356 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
357 MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
358 MNT_NOSYMFOLLOW | MNT_IGNORE |
359 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
360 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
361 MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
362 MNT_NOSYMFOLLOW | MNT_IGNORE |
363 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
365 * Mount the filesystem.
366 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
369 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
370 if (mp->mnt_flag & MNT_UPDATE) {
371 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
372 mp->mnt_flag &= ~MNT_RDONLY;
373 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
374 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
377 mp->mnt_kern_flag = flag2;
380 vclrflags(vp, VMOUNT);
385 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
387 * Put the new filesystem on the mount list after root. The mount
388 * point gets its own mnt_ncmountpt (unless the VFS already set one
389 * up) which represents the root of the mount. The lookup code
390 * detects the mount point going forward and checks the root of
391 * the mount going backwards.
393 * It is not necessary to invalidate or purge the vnode underneath
394 * because elements under the mount will be given their own glue
398 if (mp->mnt_ncmountpt.ncp == NULL) {
400 * allocate, then unlock, but leave the ref intact
402 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
403 cache_unlock(&mp->mnt_ncmountpt);
405 mp->mnt_ncmounton = nch; /* inherits ref */
406 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
408 /* XXX get the root of the fs and cache_setvp(mnt_ncmountpt...) */
409 vclrflags(vp, VMOUNT);
410 mountlist_insert(mp, MNTINS_LAST);
412 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
413 error = vfs_allocate_syncvnode(mp);
415 error = VFS_START(mp, 0);
418 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
419 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
420 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
421 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
422 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
423 vclrflags(vp, VMOUNT);
424 mp->mnt_vfc->vfc_refcount--;
436 * Scan all active processes to see if any of them have a current
437 * or root directory onto which the new filesystem has just been
438 * mounted. If so, replace them with the new mount point.
440 * The passed ncp is ref'd and locked (from the mount code) and
441 * must be associated with the vnode representing the root of the
444 struct checkdirs_info {
445 struct nchandle old_nch;
446 struct nchandle new_nch;
447 struct vnode *old_vp;
448 struct vnode *new_vp;
451 static int checkdirs_callback(struct proc *p, void *data);
454 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
456 struct checkdirs_info info;
462 * If the old mount point's vnode has a usecount of 1, it is not
463 * being held as a descriptor anywhere.
465 olddp = old_nch->ncp->nc_vp;
466 if (olddp == NULL || olddp->v_sysref.refcnt == 1)
470 * Force the root vnode of the new mount point to be resolved
471 * so we can update any matching processes.
474 if (VFS_ROOT(mp, &newdp))
475 panic("mount: lost mount");
476 cache_setunresolved(new_nch);
477 cache_setvp(new_nch, newdp);
480 * Special handling of the root node
482 if (rootvnode == olddp) {
484 vfs_cache_setroot(newdp, cache_hold(new_nch));
488 * Pass newdp separately so the callback does not have to access
489 * it via new_nch->ncp->nc_vp.
491 info.old_nch = *old_nch;
492 info.new_nch = *new_nch;
494 allproc_scan(checkdirs_callback, &info);
499 * NOTE: callback is not MP safe because the scanned process's filedesc
500 * structure can be ripped out from under us, amoung other things.
503 checkdirs_callback(struct proc *p, void *data)
505 struct checkdirs_info *info = data;
506 struct filedesc *fdp;
507 struct nchandle ncdrop1;
508 struct nchandle ncdrop2;
509 struct vnode *vprele1;
510 struct vnode *vprele2;
512 if ((fdp = p->p_fd) != NULL) {
513 cache_zero(&ncdrop1);
514 cache_zero(&ncdrop2);
519 * MPUNSAFE - XXX fdp can be pulled out from under a
522 * A shared filedesc is ok, we don't have to copy it
523 * because we are making this change globally.
525 spin_lock_wr(&fdp->fd_spin);
526 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
527 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
528 vprele1 = fdp->fd_cdir;
530 fdp->fd_cdir = info->new_vp;
531 ncdrop1 = fdp->fd_ncdir;
532 cache_copy(&info->new_nch, &fdp->fd_ncdir);
534 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
535 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
536 vprele2 = fdp->fd_rdir;
538 fdp->fd_rdir = info->new_vp;
539 ncdrop2 = fdp->fd_nrdir;
540 cache_copy(&info->new_nch, &fdp->fd_nrdir);
542 spin_unlock_wr(&fdp->fd_spin);
544 cache_drop(&ncdrop1);
546 cache_drop(&ncdrop2);
556 * Unmount a file system.
558 * Note: unmount takes a path to the vnode mounted on as argument,
559 * not special file (as before).
561 * umount_args(char *path, int flags)
566 sys_unmount(struct unmount_args *uap)
568 struct thread *td = curthread;
569 struct proc *p __debugvar = td->td_proc;
570 struct mount *mp = NULL;
571 struct nlookupdata nd;
576 if (td->td_ucred->cr_prison != NULL) {
580 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
583 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
585 error = nlookup(&nd);
589 mp = nd.nl_nch.mount;
592 * Only root, or the user that did the original mount is
593 * permitted to unmount this filesystem.
595 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
596 (error = priv_check(td, PRIV_ROOT)))
600 * Don't allow unmounting the root file system.
602 if (mp->mnt_flag & MNT_ROOTFS) {
608 * Must be the root of the filesystem
610 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
618 error = dounmount(mp, uap->flags);
625 * Do the actual file system unmount.
628 dounmount_interlock(struct mount *mp)
630 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
632 mp->mnt_kern_flag |= MNTK_UNMOUNT;
637 unmount_allproc_cb(struct proc *p, void *arg)
641 if (p->p_textnch.ncp == NULL)
644 mp = (struct mount *)arg;
645 if (p->p_textnch.mount == mp)
646 cache_drop(&p->p_textnch);
652 dounmount(struct mount *mp, int flags)
654 struct namecache *ncp;
663 * Exclusive access for unmounting purposes
665 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
669 * Allow filesystems to detect that a forced unmount is in progress.
671 if (flags & MNT_FORCE)
672 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
673 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_NOWAIT);
674 error = lockmgr(&mp->mnt_lock, lflags);
676 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
677 if (mp->mnt_kern_flag & MNTK_MWAIT)
682 if (mp->mnt_flag & MNT_EXPUBLIC)
683 vfs_setpublicfs(NULL, NULL, NULL);
685 vfs_msync(mp, MNT_WAIT);
686 async_flag = mp->mnt_flag & MNT_ASYNC;
687 mp->mnt_flag &=~ MNT_ASYNC;
690 * If this filesystem isn't aliasing other filesystems,
691 * try to invalidate any remaining namecache entries and
692 * check the count afterwords.
694 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
695 cache_lock(&mp->mnt_ncmountpt);
696 cache_inval(&mp->mnt_ncmountpt, CINV_DESTROY|CINV_CHILDREN);
697 cache_unlock(&mp->mnt_ncmountpt);
699 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
700 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
701 allproc_scan(&unmount_allproc_cb, mp);
704 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
705 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
707 if ((flags & MNT_FORCE) == 0) {
709 mount_warning(mp, "Cannot unmount: "
715 mount_warning(mp, "Forced unmount: "
726 * nchandle records ref the mount structure. Expect a count of 1
727 * (our mount->mnt_ncmountpt).
729 if (mp->mnt_refs != 1) {
730 if ((flags & MNT_FORCE) == 0) {
731 mount_warning(mp, "Cannot unmount: "
732 "%d process references still "
733 "present", mp->mnt_refs);
736 mount_warning(mp, "Forced unmount: "
737 "%d process references still "
738 "present", mp->mnt_refs);
744 * Decomission our special mnt_syncer vnode. This also stops
745 * the vnlru code. If we are unable to unmount we recommission
749 if ((vp = mp->mnt_syncer) != NULL) {
750 mp->mnt_syncer = NULL;
753 if (((mp->mnt_flag & MNT_RDONLY) ||
754 (error = VFS_SYNC(mp, MNT_WAIT)) == 0) ||
755 (flags & MNT_FORCE)) {
756 error = VFS_UNMOUNT(mp, flags);
760 if (mp->mnt_syncer == NULL)
761 vfs_allocate_syncvnode(mp);
762 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
763 mp->mnt_flag |= async_flag;
764 lockmgr(&mp->mnt_lock, LK_RELEASE);
765 if (mp->mnt_kern_flag & MNTK_MWAIT)
770 * Clean up any journals still associated with the mount after
771 * filesystem activity has ceased.
773 journal_remove_all_journals(mp,
774 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
776 mountlist_remove(mp);
779 * Remove any installed vnode ops here so the individual VFSs don't
782 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
783 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
784 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
785 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
786 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
788 if (mp->mnt_ncmountpt.ncp != NULL) {
789 nch = mp->mnt_ncmountpt;
790 cache_zero(&mp->mnt_ncmountpt);
791 cache_clrmountpt(&nch);
794 if (mp->mnt_ncmounton.ncp != NULL) {
795 nch = mp->mnt_ncmounton;
796 cache_zero(&mp->mnt_ncmounton);
797 cache_clrmountpt(&nch);
801 mp->mnt_vfc->vfc_refcount--;
802 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist))
803 panic("unmount: dangling vnode");
804 lockmgr(&mp->mnt_lock, LK_RELEASE);
805 if (mp->mnt_kern_flag & MNTK_MWAIT)
814 mount_warning(struct mount *mp, const char *ctl, ...)
821 if (cache_fullpath(NULL, &mp->mnt_ncmounton, &ptr, &buf, 0) == 0) {
822 kprintf("unmount(%s): ", ptr);
827 kprintf("unmount(%p", mp);
828 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
829 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
838 * Shim cache_fullpath() to handle the case where a process is chrooted into
839 * a subdirectory of a mount. In this case if the root mount matches the
840 * process root directory's mount we have to specify the process's root
841 * directory instead of the mount point, because the mount point might
842 * be above the root directory.
846 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
848 struct nchandle *nch;
850 if (p && p->p_fd->fd_nrdir.mount == mp)
851 nch = &p->p_fd->fd_nrdir;
853 nch = &mp->mnt_ncmountpt;
854 return(cache_fullpath(p, nch, rb, fb, 0));
858 * Sync each mounted filesystem.
862 static int syncprt = 0;
863 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
866 static int sync_callback(struct mount *mp, void *data);
872 sys_sync(struct sync_args *uap)
875 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
878 * print out buffer pool stat information on each sync() call.
889 sync_callback(struct mount *mp, void *data __unused)
893 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
894 asyncflag = mp->mnt_flag & MNT_ASYNC;
895 mp->mnt_flag &= ~MNT_ASYNC;
896 vfs_msync(mp, MNT_NOWAIT);
897 VFS_SYNC(mp, MNT_NOWAIT);
898 mp->mnt_flag |= asyncflag;
903 /* XXX PRISON: could be per prison flag */
904 static int prison_quotas;
906 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
910 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
912 * Change filesystem quotas.
917 sys_quotactl(struct quotactl_args *uap)
919 struct nlookupdata nd;
928 if (td->td_ucred->cr_prison && !prison_quotas) {
933 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
935 error = nlookup(&nd);
937 mp = nd.nl_nch.mount;
938 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
939 uap->arg, nd.nl_cred);
948 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
949 * void *buf, int buflen)
951 * This function operates on a mount point and executes the specified
952 * operation using the specified control data, and possibly returns data.
954 * The actual number of bytes stored in the result buffer is returned, 0
955 * if none, otherwise an error is returned.
960 sys_mountctl(struct mountctl_args *uap)
962 struct thread *td = curthread;
963 struct proc *p = td->td_proc;
971 * Sanity and permissions checks. We must be root.
974 if (td->td_ucred->cr_prison != NULL)
976 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
977 (error = priv_check(td, PRIV_ROOT)) != 0)
981 * Argument length checks
983 if (uap->ctllen < 0 || uap->ctllen > 1024)
985 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
987 if (uap->path == NULL)
991 * Allocate the necessary buffers and copyin data
993 path = objcache_get(namei_oc, M_WAITOK);
994 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
999 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
1000 error = copyin(uap->ctl, ctl, uap->ctllen);
1005 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1008 * Validate the descriptor
1011 fp = holdfp(p->p_fd, uap->fd, -1);
1021 * Execute the internal kernel function and clean up.
1024 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen, buf, uap->buflen, &uap->sysmsg_result);
1028 if (error == 0 && uap->sysmsg_result > 0)
1029 error = copyout(buf, uap->buf, uap->sysmsg_result);
1032 objcache_put(namei_oc, path);
1041 * Execute a mount control operation by resolving the path to a mount point
1042 * and calling vop_mountctl().
1044 * Use the mount point from the nch instead of the vnode so nullfs mounts
1045 * can properly spike the VOP.
1048 kern_mountctl(const char *path, int op, struct file *fp,
1049 const void *ctl, int ctllen,
1050 void *buf, int buflen, int *res)
1054 struct nlookupdata nd;
1059 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1061 error = nlookup(&nd);
1063 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1064 mp = nd.nl_nch.mount;
1071 * Must be the root of the filesystem
1073 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1077 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1084 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1086 struct thread *td = curthread;
1087 struct proc *p = td->td_proc;
1090 char *fullpath, *freepath;
1093 if ((error = nlookup(nd)) != 0)
1095 mp = nd->nl_nch.mount;
1097 if ((error = VFS_STATFS(mp, sp, nd->nl_cred)) != 0)
1100 error = mount_path(p, mp, &fullpath, &freepath);
1103 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1104 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1105 kfree(freepath, M_TEMP);
1107 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1108 bcopy(sp, buf, sizeof(*buf));
1109 /* Only root should have access to the fsid's. */
1110 if (priv_check(td, PRIV_ROOT))
1111 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1116 * statfs_args(char *path, struct statfs *buf)
1118 * Get filesystem statistics.
1123 sys_statfs(struct statfs_args *uap)
1125 struct nlookupdata nd;
1130 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1132 error = kern_statfs(&nd, &buf);
1135 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1144 kern_fstatfs(int fd, struct statfs *buf)
1146 struct thread *td = curthread;
1147 struct proc *p = td->td_proc;
1151 char *fullpath, *freepath;
1155 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1158 mp = ((struct vnode *)fp->f_data)->v_mount;
1163 if (fp->f_cred == NULL) {
1168 if ((error = VFS_STATFS(mp, sp, fp->f_cred)) != 0)
1171 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1173 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1174 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1175 kfree(freepath, M_TEMP);
1177 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1178 bcopy(sp, buf, sizeof(*buf));
1180 /* Only root should have access to the fsid's. */
1181 if (priv_check(td, PRIV_ROOT))
1182 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1191 * fstatfs_args(int fd, struct statfs *buf)
1193 * Get filesystem statistics.
1198 sys_fstatfs(struct fstatfs_args *uap)
1203 error = kern_fstatfs(uap->fd, &buf);
1206 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1211 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1217 if ((error = nlookup(nd)) != 0)
1219 mp = nd->nl_nch.mount;
1220 sp = &mp->mnt_vstat;
1221 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1225 if (mp->mnt_flag & MNT_RDONLY)
1226 sp->f_flag |= ST_RDONLY;
1227 if (mp->mnt_flag & MNT_NOSUID)
1228 sp->f_flag |= ST_NOSUID;
1229 bcopy(sp, buf, sizeof(*buf));
1234 * statfs_args(char *path, struct statfs *buf)
1236 * Get filesystem statistics.
1241 sys_statvfs(struct statvfs_args *uap)
1243 struct nlookupdata nd;
1248 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1250 error = kern_statvfs(&nd, &buf);
1253 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1259 kern_fstatvfs(int fd, struct statvfs *buf)
1261 struct thread *td = curthread;
1262 struct proc *p = td->td_proc;
1269 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1271 mp = ((struct vnode *)fp->f_data)->v_mount;
1276 if (fp->f_cred == NULL) {
1280 sp = &mp->mnt_vstat;
1281 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1285 if (mp->mnt_flag & MNT_RDONLY)
1286 sp->f_flag |= ST_RDONLY;
1287 if (mp->mnt_flag & MNT_NOSUID)
1288 sp->f_flag |= ST_NOSUID;
1290 bcopy(sp, buf, sizeof(*buf));
1298 * fstatfs_args(int fd, struct statfs *buf)
1300 * Get filesystem statistics.
1305 sys_fstatvfs(struct fstatvfs_args *uap)
1311 error = kern_fstatvfs(uap->fd, &buf);
1315 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1320 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1322 * Get statistics on all filesystems.
1325 struct getfsstat_info {
1326 struct statfs *sfsp;
1334 static int getfsstat_callback(struct mount *, void *);
1340 sys_getfsstat(struct getfsstat_args *uap)
1342 struct thread *td = curthread;
1343 struct getfsstat_info info;
1345 bzero(&info, sizeof(info));
1347 info.maxcount = uap->bufsize / sizeof(struct statfs);
1348 info.sfsp = uap->buf;
1350 info.flags = uap->flags;
1354 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1356 if (info.sfsp && info.count > info.maxcount)
1357 uap->sysmsg_result = info.maxcount;
1359 uap->sysmsg_result = info.count;
1360 return (info.error);
1364 getfsstat_callback(struct mount *mp, void *data)
1366 struct getfsstat_info *info = data;
1372 if (info->sfsp && info->count < info->maxcount) {
1373 if (info->td->td_proc &&
1374 !chroot_visible_mnt(mp, info->td->td_proc)) {
1380 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1381 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1382 * overrides MNT_WAIT.
1384 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1385 (info->flags & MNT_WAIT)) &&
1386 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1389 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1391 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1393 info->error = error;
1396 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1397 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1398 kfree(freepath, M_TEMP);
1400 error = copyout(sp, info->sfsp, sizeof(*sp));
1402 info->error = error;
1412 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1413 long bufsize, int flags)
1415 * Get statistics on all filesystems.
1418 struct getvfsstat_info {
1419 struct statfs *sfsp;
1420 struct statvfs *vsfsp;
1428 static int getvfsstat_callback(struct mount *, void *);
1434 sys_getvfsstat(struct getvfsstat_args *uap)
1436 struct thread *td = curthread;
1437 struct getvfsstat_info info;
1439 bzero(&info, sizeof(info));
1441 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1442 info.sfsp = uap->buf;
1443 info.vsfsp = uap->vbuf;
1445 info.flags = uap->flags;
1449 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1450 if (info.vsfsp && info.count > info.maxcount)
1451 uap->sysmsg_result = info.maxcount;
1453 uap->sysmsg_result = info.count;
1455 return (info.error);
1459 getvfsstat_callback(struct mount *mp, void *data)
1461 struct getvfsstat_info *info = data;
1463 struct statvfs *vsp;
1468 if (info->vsfsp && info->count < info->maxcount) {
1469 if (info->td->td_proc &&
1470 !chroot_visible_mnt(mp, info->td->td_proc)) {
1474 vsp = &mp->mnt_vstat;
1477 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1478 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1479 * overrides MNT_WAIT.
1481 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1482 (info->flags & MNT_WAIT)) &&
1483 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1486 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1488 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1489 (info->flags & MNT_WAIT)) &&
1490 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1494 if (mp->mnt_flag & MNT_RDONLY)
1495 vsp->f_flag |= ST_RDONLY;
1496 if (mp->mnt_flag & MNT_NOSUID)
1497 vsp->f_flag |= ST_NOSUID;
1499 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1501 info->error = error;
1504 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1505 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1506 kfree(freepath, M_TEMP);
1508 error = copyout(sp, info->sfsp, sizeof(*sp));
1510 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1512 info->error = error;
1524 * fchdir_args(int fd)
1526 * Change current working directory to a given file descriptor.
1531 sys_fchdir(struct fchdir_args *uap)
1533 struct thread *td = curthread;
1534 struct proc *p = td->td_proc;
1535 struct filedesc *fdp = p->p_fd;
1536 struct vnode *vp, *ovp;
1539 struct nchandle nch, onch, tnch;
1542 if ((error = holdvnode(fdp, uap->fd, &fp)) != 0)
1545 vp = (struct vnode *)fp->f_data;
1547 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1548 if (fp->f_nchandle.ncp == NULL)
1551 error = checkvp_chdir(vp, td);
1556 cache_copy(&fp->f_nchandle, &nch);
1559 * If the ncp has become a mount point, traverse through
1563 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1564 (mp = cache_findmount(&nch)) != NULL
1566 error = nlookup_mp(mp, &tnch);
1568 cache_unlock(&tnch); /* leave ref intact */
1570 vp = tnch.ncp->nc_vp;
1571 error = vget(vp, LK_SHARED);
1572 KKASSERT(error == 0);
1579 onch = fdp->fd_ncdir;
1580 vn_unlock(vp); /* leave ref intact */
1582 fdp->fd_ncdir = nch;
1596 kern_chdir(struct nlookupdata *nd)
1598 struct thread *td = curthread;
1599 struct proc *p = td->td_proc;
1600 struct filedesc *fdp = p->p_fd;
1601 struct vnode *vp, *ovp;
1602 struct nchandle onch;
1605 if ((error = nlookup(nd)) != 0)
1607 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1609 if ((error = vget(vp, LK_SHARED)) != 0)
1612 error = checkvp_chdir(vp, td);
1616 onch = fdp->fd_ncdir;
1617 cache_unlock(&nd->nl_nch); /* leave reference intact */
1618 fdp->fd_ncdir = nd->nl_nch;
1622 cache_zero(&nd->nl_nch);
1630 * chdir_args(char *path)
1632 * Change current working directory (``.'').
1637 sys_chdir(struct chdir_args *uap)
1639 struct nlookupdata nd;
1643 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1645 error = kern_chdir(&nd);
1652 * Helper function for raised chroot(2) security function: Refuse if
1653 * any filedescriptors are open directories.
1656 chroot_refuse_vdir_fds(struct filedesc *fdp)
1663 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1664 if ((error = holdvnode(fdp, fd, &fp)) != 0)
1666 vp = (struct vnode *)fp->f_data;
1667 if (vp->v_type != VDIR) {
1678 * This sysctl determines if we will allow a process to chroot(2) if it
1679 * has a directory open:
1680 * 0: disallowed for all processes.
1681 * 1: allowed for processes that were not already chroot(2)'ed.
1682 * 2: allowed for all processes.
1685 static int chroot_allow_open_directories = 1;
1687 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1688 &chroot_allow_open_directories, 0, "");
1691 * chroot to the specified namecache entry. We obtain the vp from the
1692 * namecache data. The passed ncp must be locked and referenced and will
1693 * remain locked and referenced on return.
1696 kern_chroot(struct nchandle *nch)
1698 struct thread *td = curthread;
1699 struct proc *p = td->td_proc;
1700 struct filedesc *fdp = p->p_fd;
1705 * Only privileged user can chroot
1707 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1712 * Disallow open directory descriptors (fchdir() breakouts).
1714 if (chroot_allow_open_directories == 0 ||
1715 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1716 if ((error = chroot_refuse_vdir_fds(fdp)) != 0)
1719 if ((vp = nch->ncp->nc_vp) == NULL)
1722 if ((error = vget(vp, LK_SHARED)) != 0)
1726 * Check the validity of vp as a directory to change to and
1727 * associate it with rdir/jdir.
1729 error = checkvp_chdir(vp, td);
1730 vn_unlock(vp); /* leave reference intact */
1732 vrele(fdp->fd_rdir);
1733 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1734 cache_drop(&fdp->fd_nrdir);
1735 cache_copy(nch, &fdp->fd_nrdir);
1736 if (fdp->fd_jdir == NULL) {
1739 cache_copy(nch, &fdp->fd_njdir);
1748 * chroot_args(char *path)
1750 * Change notion of root (``/'') directory.
1755 sys_chroot(struct chroot_args *uap)
1757 struct thread *td __debugvar = curthread;
1758 struct nlookupdata nd;
1761 KKASSERT(td->td_proc);
1763 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1765 nd.nl_flags |= NLC_EXEC;
1766 error = nlookup(&nd);
1768 error = kern_chroot(&nd.nl_nch);
1776 sys_chroot_kernel(struct chroot_kernel_args *uap)
1778 struct thread *td = curthread;
1779 struct nlookupdata nd;
1780 struct nchandle *nch;
1785 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1789 error = nlookup(&nd);
1795 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1799 if ((vp = nch->ncp->nc_vp) == NULL) {
1804 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
1807 kprintf("chroot_kernel: set new rootnch/rootvnode to %s\n", uap->path);
1808 vfs_cache_setroot(vp, cache_hold(nch));
1818 * Common routine for chroot and chdir. Given a locked, referenced vnode,
1819 * determine whether it is legal to chdir to the vnode. The vnode's state
1820 * is not changed by this call.
1823 checkvp_chdir(struct vnode *vp, struct thread *td)
1827 if (vp->v_type != VDIR)
1830 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
1838 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
1840 struct thread *td = curthread;
1841 struct proc *p = td->td_proc;
1842 struct lwp *lp = td->td_lwp;
1843 struct filedesc *fdp = p->p_fd;
1848 int type, indx, error;
1851 if ((oflags & O_ACCMODE) == O_ACCMODE)
1853 flags = FFLAGS(oflags);
1854 error = falloc(lp, &nfp, NULL);
1858 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
1861 * XXX p_dupfd is a real mess. It allows a device to return a
1862 * file descriptor to be duplicated rather then doing the open
1868 * Call vn_open() to do the lookup and assign the vnode to the
1869 * file pointer. vn_open() does not change the ref count on fp
1870 * and the vnode, on success, will be inherited by the file pointer
1873 nd->nl_flags |= NLC_LOCKVP;
1874 error = vn_open(nd, fp, flags, cmode);
1878 * handle special fdopen() case. bleh. dupfdopen() is
1879 * responsible for dropping the old contents of ofiles[indx]
1882 * Note that fsetfd() will add a ref to fp which represents
1883 * the fd_files[] assignment. We must still drop our
1886 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
1887 if (fdalloc(p, 0, &indx) == 0) {
1888 error = dupfdopen(fdp, indx, lp->lwp_dupfd, flags, error);
1891 fdrop(fp); /* our ref */
1894 fsetfd(fdp, NULL, indx);
1897 fdrop(fp); /* our ref */
1898 if (error == ERESTART)
1904 * ref the vnode for ourselves so it can't be ripped out from under
1905 * is. XXX need an ND flag to request that the vnode be returned
1908 * Reserve a file descriptor but do not assign it until the open
1911 vp = (struct vnode *)fp->f_data;
1913 if ((error = fdalloc(p, 0, &indx)) != 0) {
1920 * If no error occurs the vp will have been assigned to the file
1925 if (flags & (O_EXLOCK | O_SHLOCK)) {
1926 lf.l_whence = SEEK_SET;
1929 if (flags & O_EXLOCK)
1930 lf.l_type = F_WRLCK;
1932 lf.l_type = F_RDLCK;
1933 if (flags & FNONBLOCK)
1938 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
1940 * lock request failed. Clean up the reserved
1944 fsetfd(fdp, NULL, indx);
1948 fp->f_flag |= FHASLOCK;
1952 * Assert that all regular file vnodes were created with a object.
1954 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
1955 ("open: regular file has no backing object after vn_open"));
1961 * release our private reference, leaving the one associated with the
1962 * descriptor table intact.
1964 fsetfd(fdp, fp, indx);
1971 * open_args(char *path, int flags, int mode)
1973 * Check permissions, allocate an open file structure,
1974 * and call the device open routine if any.
1979 sys_open(struct open_args *uap)
1981 CACHE_MPLOCK_DECLARE;
1982 struct nlookupdata nd;
1986 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
1988 error = kern_open(&nd, uap->flags,
1989 uap->mode, &uap->sysmsg_result);
1997 * openat_args(int fd, char *path, int flags, int mode)
2002 sys_openat(struct openat_args *uap)
2004 CACHE_MPLOCK_DECLARE;
2005 struct nlookupdata nd;
2010 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2012 error = kern_open(&nd, uap->flags, uap->mode,
2013 &uap->sysmsg_result);
2015 nlookup_done_at(&nd, fp);
2021 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
2023 struct thread *td = curthread;
2024 struct proc *p = td->td_proc;
2033 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2034 vattr.va_rmajor = rmajor;
2035 vattr.va_rminor = rminor;
2037 switch (mode & S_IFMT) {
2038 case S_IFMT: /* used by badsect to flag bad sectors */
2039 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_BAD, 0);
2040 vattr.va_type = VBAD;
2043 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2044 vattr.va_type = VCHR;
2047 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2048 vattr.va_type = VBLK;
2051 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_WHT, 0);
2054 case S_IFDIR: /* special directories support for HAMMER */
2055 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_DIR, 0);
2056 vattr.va_type = VDIR;
2067 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2068 if ((error = nlookup(nd)) != 0)
2070 if (nd->nl_nch.ncp->nc_vp)
2072 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2076 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2077 nd->nl_cred, NAMEI_CREATE);
2080 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2081 &vp, nd->nl_cred, &vattr);
2089 * mknod_args(char *path, int mode, int dev)
2091 * Create a special file.
2096 sys_mknod(struct mknod_args *uap)
2098 struct nlookupdata nd;
2102 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2104 error = kern_mknod(&nd, uap->mode,
2105 umajor(uap->dev), uminor(uap->dev));
2113 kern_mkfifo(struct nlookupdata *nd, int mode)
2115 struct thread *td = curthread;
2116 struct proc *p = td->td_proc;
2123 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2124 if ((error = nlookup(nd)) != 0)
2126 if (nd->nl_nch.ncp->nc_vp)
2128 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2132 vattr.va_type = VFIFO;
2133 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2135 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2142 * mkfifo_args(char *path, int mode)
2144 * Create a named pipe.
2149 sys_mkfifo(struct mkfifo_args *uap)
2151 struct nlookupdata nd;
2155 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2157 error = kern_mkfifo(&nd, uap->mode);
2163 static int hardlink_check_uid = 0;
2164 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2165 &hardlink_check_uid, 0,
2166 "Unprivileged processes cannot create hard links to files owned by other "
2168 static int hardlink_check_gid = 0;
2169 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2170 &hardlink_check_gid, 0,
2171 "Unprivileged processes cannot create hard links to files owned by other "
2175 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2181 * Shortcut if disabled
2183 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2187 * Privileged user can always hardlink
2189 if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
2193 * Otherwise only if the originating file is owned by the
2194 * same user or group. Note that any group is allowed if
2195 * the file is owned by the caller.
2197 error = VOP_GETATTR(vp, &va);
2201 if (hardlink_check_uid) {
2202 if (cred->cr_uid != va.va_uid)
2206 if (hardlink_check_gid) {
2207 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2215 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2217 struct thread *td = curthread;
2222 * Lookup the source and obtained a locked vnode.
2224 * You may only hardlink a file which you have write permission
2225 * on or which you own.
2227 * XXX relookup on vget failure / race ?
2230 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2231 if ((error = nlookup(nd)) != 0)
2233 vp = nd->nl_nch.ncp->nc_vp;
2234 KKASSERT(vp != NULL);
2235 if (vp->v_type == VDIR)
2236 return (EPERM); /* POSIX */
2237 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2239 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2243 * Unlock the source so we can lookup the target without deadlocking
2244 * (XXX vp is locked already, possible other deadlock?). The target
2247 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2248 nd->nl_flags &= ~NLC_NCPISLOCKED;
2249 cache_unlock(&nd->nl_nch);
2252 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2253 if ((error = nlookup(linknd)) != 0) {
2257 if (linknd->nl_nch.ncp->nc_vp) {
2261 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
2267 * Finally run the new API VOP.
2269 error = can_hardlink(vp, td, td->td_ucred);
2271 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2272 vp, linknd->nl_cred);
2279 * link_args(char *path, char *link)
2281 * Make a hard file link.
2286 sys_link(struct link_args *uap)
2288 struct nlookupdata nd, linknd;
2292 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2294 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2296 error = kern_link(&nd, &linknd);
2297 nlookup_done(&linknd);
2305 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2313 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2314 if ((error = nlookup(nd)) != 0)
2316 if (nd->nl_nch.ncp->nc_vp)
2318 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2322 vattr.va_mode = mode;
2323 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2330 * symlink(char *path, char *link)
2332 * Make a symbolic link.
2337 sys_symlink(struct symlink_args *uap)
2339 struct thread *td = curthread;
2340 struct nlookupdata nd;
2345 path = objcache_get(namei_oc, M_WAITOK);
2346 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2349 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2351 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2352 error = kern_symlink(&nd, path, mode);
2357 objcache_put(namei_oc, path);
2362 * undelete_args(char *path)
2364 * Delete a whiteout from the filesystem.
2369 sys_undelete(struct undelete_args *uap)
2371 struct nlookupdata nd;
2375 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2377 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2379 error = nlookup(&nd);
2381 error = ncp_writechk(&nd.nl_nch);
2383 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2392 kern_unlink(struct nlookupdata *nd)
2397 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2398 if ((error = nlookup(nd)) != 0)
2400 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2402 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2407 * unlink_args(char *path)
2409 * Delete a name from the filesystem.
2414 sys_unlink(struct unlink_args *uap)
2416 struct nlookupdata nd;
2420 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2422 error = kern_unlink(&nd);
2430 * unlinkat_args(int fd, char *path, int flags)
2432 * Delete the file or directory entry pointed to by fd/path.
2437 sys_unlinkat(struct unlinkat_args *uap)
2439 struct nlookupdata nd;
2443 if (uap->flags & ~AT_REMOVEDIR)
2447 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2449 if (uap->flags & AT_REMOVEDIR)
2450 error = kern_rmdir(&nd);
2452 error = kern_unlink(&nd);
2454 nlookup_done_at(&nd, fp);
2463 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2465 struct thread *td = curthread;
2466 struct proc *p = td->td_proc;
2473 fp = holdfp(p->p_fd, fd, -1);
2476 if (fp->f_type != DTYPE_VNODE) {
2480 vp = (struct vnode *)fp->f_data;
2484 spin_lock_wr(&fp->f_spin);
2485 new_offset = fp->f_offset + offset;
2490 error = VOP_GETATTR(vp, &vattr);
2492 spin_lock_wr(&fp->f_spin);
2493 new_offset = offset + vattr.va_size;
2496 new_offset = offset;
2498 spin_lock_wr(&fp->f_spin);
2503 spin_lock_wr(&fp->f_spin);
2508 * Validate the seek position. Negative offsets are not allowed
2509 * for regular files or directories.
2511 * Normally we would also not want to allow negative offsets for
2512 * character and block-special devices. However kvm addresses
2513 * on 64 bit architectures might appear to be negative and must
2517 if (new_offset < 0 &&
2518 (vp->v_type == VREG || vp->v_type == VDIR)) {
2521 fp->f_offset = new_offset;
2524 *res = fp->f_offset;
2525 spin_unlock_wr(&fp->f_spin);
2532 * lseek_args(int fd, int pad, off_t offset, int whence)
2534 * Reposition read/write file offset.
2539 sys_lseek(struct lseek_args *uap)
2543 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2544 &uap->sysmsg_offset);
2550 * Check if current process can access given file. amode is a bitmask of *_OK
2551 * access bits. flags is a bitmask of AT_* flags.
2554 kern_access(struct nlookupdata *nd, int amode, int flags)
2559 if (flags & ~AT_EACCESS)
2561 if ((error = nlookup(nd)) != 0)
2564 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2568 /* Flags == 0 means only check for existence. */
2577 if ((mode & VWRITE) == 0 ||
2578 (error = vn_writechk(vp, &nd->nl_nch)) == 0)
2579 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2582 * If the file handle is stale we have to re-resolve the
2583 * entry. This is a hack at the moment.
2585 if (error == ESTALE) {
2587 cache_setunresolved(&nd->nl_nch);
2588 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2601 * access_args(char *path, int flags)
2603 * Check access permissions.
2608 sys_access(struct access_args *uap)
2610 struct nlookupdata nd;
2614 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2616 error = kern_access(&nd, uap->flags, 0);
2624 * faccessat_args(int fd, char *path, int amode, int flags)
2626 * Check access permissions.
2631 sys_faccessat(struct faccessat_args *uap)
2633 struct nlookupdata nd;
2638 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2641 error = kern_access(&nd, uap->amode, uap->flags);
2642 nlookup_done_at(&nd, fp);
2652 kern_stat(struct nlookupdata *nd, struct stat *st)
2658 if ((error = nlookup(nd)) != 0)
2661 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2665 if ((error = vget(vp, LK_SHARED)) != 0)
2667 error = vn_stat(vp, st, nd->nl_cred);
2670 * If the file handle is stale we have to re-resolve the entry. This
2671 * is a hack at the moment.
2673 if (error == ESTALE) {
2675 cache_setunresolved(&nd->nl_nch);
2676 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2686 * stat_args(char *path, struct stat *ub)
2688 * Get file status; this version follows links.
2693 sys_stat(struct stat_args *uap)
2695 CACHE_MPLOCK_DECLARE;
2696 struct nlookupdata nd;
2701 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2703 error = kern_stat(&nd, &st);
2705 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2713 * lstat_args(char *path, struct stat *ub)
2715 * Get file status; this version does not follow links.
2720 sys_lstat(struct lstat_args *uap)
2722 CACHE_MPLOCK_DECLARE;
2723 struct nlookupdata nd;
2728 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2730 error = kern_stat(&nd, &st);
2732 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2740 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
2742 * Get status of file pointed to by fd/path.
2747 sys_fstatat(struct fstatat_args *uap)
2749 CACHE_MPLOCK_DECLARE;
2750 struct nlookupdata nd;
2756 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
2759 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
2762 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
2763 UIO_USERSPACE, flags);
2765 error = kern_stat(&nd, &st);
2767 error = copyout(&st, uap->sb, sizeof(*uap->sb));
2769 nlookup_done_at(&nd, fp);
2775 * pathconf_Args(char *path, int name)
2777 * Get configurable pathname variables.
2782 sys_pathconf(struct pathconf_args *uap)
2784 struct nlookupdata nd;
2790 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2792 error = nlookup(&nd);
2794 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
2797 error = VOP_PATHCONF(vp, uap->name, &uap->sysmsg_reg);
2806 * kern_readlink isn't properly split yet. There is a copyin burried
2807 * in VOP_READLINK().
2810 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
2812 struct thread *td = curthread;
2818 if ((error = nlookup(nd)) != 0)
2820 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2823 if (vp->v_type != VLNK) {
2826 aiov.iov_base = buf;
2827 aiov.iov_len = count;
2828 auio.uio_iov = &aiov;
2829 auio.uio_iovcnt = 1;
2830 auio.uio_offset = 0;
2831 auio.uio_rw = UIO_READ;
2832 auio.uio_segflg = UIO_USERSPACE;
2834 auio.uio_resid = count;
2835 error = VOP_READLINK(vp, &auio, td->td_ucred);
2838 *res = count - auio.uio_resid;
2843 * readlink_args(char *path, char *buf, int count)
2845 * Return target name of a symbolic link.
2850 sys_readlink(struct readlink_args *uap)
2852 struct nlookupdata nd;
2856 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2858 error = kern_readlink(&nd, uap->buf, uap->count,
2859 &uap->sysmsg_result);
2867 setfflags(struct vnode *vp, int flags)
2869 struct thread *td = curthread;
2874 * Prevent non-root users from setting flags on devices. When
2875 * a device is reused, users can retain ownership of the device
2876 * if they are allowed to set flags and programs assume that
2877 * chown can't fail when done as root.
2879 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
2880 ((error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
2884 * note: vget is required for any operation that might mod the vnode
2885 * so VINACTIVE is properly cleared.
2887 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2889 vattr.va_flags = flags;
2890 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2897 * chflags(char *path, int flags)
2899 * Change flags of a file given a path name.
2904 sys_chflags(struct chflags_args *uap)
2906 struct nlookupdata nd;
2912 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2914 error = nlookup(&nd);
2916 error = ncp_writechk(&nd.nl_nch);
2918 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
2921 error = setfflags(vp, uap->flags);
2929 * lchflags(char *path, int flags)
2931 * Change flags of a file given a path name, but don't follow symlinks.
2936 sys_lchflags(struct lchflags_args *uap)
2938 struct nlookupdata nd;
2944 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2946 error = nlookup(&nd);
2948 error = ncp_writechk(&nd.nl_nch);
2950 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
2953 error = setfflags(vp, uap->flags);
2961 * fchflags_args(int fd, int flags)
2963 * Change flags of a file given a file descriptor.
2968 sys_fchflags(struct fchflags_args *uap)
2970 struct thread *td = curthread;
2971 struct proc *p = td->td_proc;
2975 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
2978 if (fp->f_nchandle.ncp)
2979 error = ncp_writechk(&fp->f_nchandle);
2981 error = setfflags((struct vnode *) fp->f_data, uap->flags);
2988 setfmode(struct vnode *vp, int mode)
2990 struct thread *td = curthread;
2995 * note: vget is required for any operation that might mod the vnode
2996 * so VINACTIVE is properly cleared.
2998 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3000 vattr.va_mode = mode & ALLPERMS;
3001 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3008 kern_chmod(struct nlookupdata *nd, int mode)
3013 if ((error = nlookup(nd)) != 0)
3015 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3017 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3018 error = setfmode(vp, mode);
3024 * chmod_args(char *path, int mode)
3026 * Change mode of a file given path name.
3031 sys_chmod(struct chmod_args *uap)
3033 struct nlookupdata nd;
3037 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3039 error = kern_chmod(&nd, uap->mode);
3046 * lchmod_args(char *path, int mode)
3048 * Change mode of a file given path name (don't follow links.)
3053 sys_lchmod(struct lchmod_args *uap)
3055 struct nlookupdata nd;
3059 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3061 error = kern_chmod(&nd, uap->mode);
3068 * fchmod_args(int fd, int mode)
3070 * Change mode of a file given a file descriptor.
3075 sys_fchmod(struct fchmod_args *uap)
3077 struct thread *td = curthread;
3078 struct proc *p = td->td_proc;
3082 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3085 if (fp->f_nchandle.ncp)
3086 error = ncp_writechk(&fp->f_nchandle);
3088 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3095 * fchmodat_args(char *path, int mode)
3097 * Change mode of a file pointed to by fd/path.
3102 sys_fchmodat(struct fchmodat_args *uap)
3104 struct nlookupdata nd;
3109 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3111 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3114 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3115 UIO_USERSPACE, flags);
3117 error = kern_chmod(&nd, uap->mode);
3118 nlookup_done_at(&nd, fp);
3124 setfown(struct vnode *vp, uid_t uid, gid_t gid)
3126 struct thread *td = curthread;
3131 * note: vget is required for any operation that might mod the vnode
3132 * so VINACTIVE is properly cleared.
3134 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3138 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3145 kern_chown(struct nlookupdata *nd, int uid, int gid)
3150 if ((error = nlookup(nd)) != 0)
3152 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3154 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3155 error = setfown(vp, uid, gid);
3161 * chown(char *path, int uid, int gid)
3163 * Set ownership given a path name.
3168 sys_chown(struct chown_args *uap)
3170 struct nlookupdata nd;
3174 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3176 error = kern_chown(&nd, uap->uid, uap->gid);
3183 * lchown_args(char *path, int uid, int gid)
3185 * Set ownership given a path name, do not cross symlinks.
3190 sys_lchown(struct lchown_args *uap)
3192 struct nlookupdata nd;
3196 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3198 error = kern_chown(&nd, uap->uid, uap->gid);
3205 * fchown_args(int fd, int uid, int gid)
3207 * Set ownership given a file descriptor.
3212 sys_fchown(struct fchown_args *uap)
3214 struct thread *td = curthread;
3215 struct proc *p = td->td_proc;
3219 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3222 if (fp->f_nchandle.ncp)
3223 error = ncp_writechk(&fp->f_nchandle);
3225 error = setfown((struct vnode *)fp->f_data, uap->uid, uap->gid);
3232 * fchownat(int fd, char *path, int uid, int gid, int flags)
3234 * Set ownership of file pointed to by fd/path.
3239 sys_fchownat(struct fchownat_args *uap)
3241 struct nlookupdata nd;
3246 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3248 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3251 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3252 UIO_USERSPACE, flags);
3254 error = kern_chown(&nd, uap->uid, uap->gid);
3255 nlookup_done_at(&nd, fp);
3262 getutimes(const struct timeval *tvp, struct timespec *tsp)
3264 struct timeval tv[2];
3268 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3271 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3272 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3278 setutimes(struct vnode *vp, struct vattr *vattr,
3279 const struct timespec *ts, int nullflag)
3281 struct thread *td = curthread;
3285 vattr->va_atime = ts[0];
3286 vattr->va_mtime = ts[1];
3288 vattr->va_vaflags |= VA_UTIMES_NULL;
3289 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3295 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3297 struct timespec ts[2];
3302 if ((error = getutimes(tptr, ts)) != 0)
3306 * NOTE: utimes() succeeds for the owner even if the file
3307 * is not user-writable.
3309 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3311 if ((error = nlookup(nd)) != 0)
3313 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3315 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3319 * note: vget is required for any operation that might mod the vnode
3320 * so VINACTIVE is properly cleared.
3322 if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3323 error = vget(vp, LK_EXCLUSIVE);
3325 error = setutimes(vp, &vattr, ts, (tptr == NULL));
3334 * utimes_args(char *path, struct timeval *tptr)
3336 * Set the access and modification times of a file.
3341 sys_utimes(struct utimes_args *uap)
3343 struct timeval tv[2];
3344 struct nlookupdata nd;
3348 error = copyin(uap->tptr, tv, sizeof(tv));
3353 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3355 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3362 * lutimes_args(char *path, struct timeval *tptr)
3364 * Set the access and modification times of a file.
3369 sys_lutimes(struct lutimes_args *uap)
3371 struct timeval tv[2];
3372 struct nlookupdata nd;
3376 error = copyin(uap->tptr, tv, sizeof(tv));
3381 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3383 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3390 * Set utimes on a file descriptor. The creds used to open the
3391 * file are used to determine whether the operation is allowed
3395 kern_futimes(int fd, struct timeval *tptr)
3397 struct thread *td = curthread;
3398 struct proc *p = td->td_proc;
3399 struct timespec ts[2];
3405 error = getutimes(tptr, ts);
3408 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3410 if (fp->f_nchandle.ncp)
3411 error = ncp_writechk(&fp->f_nchandle);
3414 error = vget(vp, LK_EXCLUSIVE);
3416 error = VOP_GETATTR(vp, &vattr);
3418 error = naccess_va(&vattr, NLC_OWN | NLC_WRITE,
3422 error = setutimes(vp, &vattr, ts,
3433 * futimes_args(int fd, struct timeval *tptr)
3435 * Set the access and modification times of a file.
3440 sys_futimes(struct futimes_args *uap)
3442 struct timeval tv[2];
3446 error = copyin(uap->tptr, tv, sizeof(tv));
3451 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3458 kern_truncate(struct nlookupdata *nd, off_t length)
3466 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3467 if ((error = nlookup(nd)) != 0)
3469 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3471 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3473 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
3477 if (vp->v_type == VDIR) {
3479 } else if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3481 vattr.va_size = length;
3482 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3489 * truncate(char *path, int pad, off_t length)
3491 * Truncate a file given its path name.
3496 sys_truncate(struct truncate_args *uap)
3498 struct nlookupdata nd;
3502 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3504 error = kern_truncate(&nd, uap->length);
3511 kern_ftruncate(int fd, off_t length)
3513 struct thread *td = curthread;
3514 struct proc *p = td->td_proc;
3522 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3524 if (fp->f_nchandle.ncp) {
3525 error = ncp_writechk(&fp->f_nchandle);
3529 if ((fp->f_flag & FWRITE) == 0) {
3533 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
3537 vp = (struct vnode *)fp->f_data;
3538 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3539 if (vp->v_type == VDIR) {
3541 } else if ((error = vn_writechk(vp, NULL)) == 0) {
3543 vattr.va_size = length;
3544 error = VOP_SETATTR(vp, &vattr, fp->f_cred);
3553 * ftruncate_args(int fd, int pad, off_t length)
3555 * Truncate a file given a file descriptor.
3560 sys_ftruncate(struct ftruncate_args *uap)
3565 error = kern_ftruncate(uap->fd, uap->length);
3574 * Sync an open file.
3579 sys_fsync(struct fsync_args *uap)
3581 struct thread *td = curthread;
3582 struct proc *p = td->td_proc;
3588 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3591 vp = (struct vnode *)fp->f_data;
3592 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3593 if ((obj = vp->v_object) != NULL)
3594 vm_object_page_clean(obj, 0, 0, 0);
3595 error = VOP_FSYNC(vp, MNT_WAIT, VOP_FSYNC_SYSCALL);
3596 if (error == 0 && vp->v_mount)
3597 error = buf_fsync(vp);
3606 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
3608 struct nchandle fnchd;
3609 struct nchandle tnchd;
3610 struct namecache *ncp;
3617 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
3618 if ((error = nlookup(fromnd)) != 0)
3620 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
3622 fnchd.mount = fromnd->nl_nch.mount;
3626 * unlock the source nch so we can lookup the target nch without
3627 * deadlocking. The target may or may not exist so we do not check
3628 * for a target vp like kern_mkdir() and other creation functions do.
3630 * The source and target directories are ref'd and rechecked after
3631 * everything is relocked to determine if the source or target file
3634 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
3635 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
3636 cache_unlock(&fromnd->nl_nch);
3638 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
3639 if ((error = nlookup(tond)) != 0) {
3643 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
3647 tnchd.mount = tond->nl_nch.mount;
3651 * If the source and target are the same there is nothing to do
3653 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
3660 * Mount points cannot be renamed or overwritten
3662 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
3671 * Relock the source ncp. cache_relock() will deal with any
3672 * deadlocks against the already-locked tond and will also
3673 * make sure both are resolved.
3675 * NOTE AFTER RELOCKING: The source or target ncp may have become
3676 * invalid while they were unlocked, nc_vp and nc_mount could
3679 cache_relock(&fromnd->nl_nch, fromnd->nl_cred,
3680 &tond->nl_nch, tond->nl_cred);
3681 fromnd->nl_flags |= NLC_NCPISLOCKED;
3684 * make sure the parent directories linkages are the same
3686 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
3687 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
3694 * Both the source and target must be within the same filesystem and
3695 * in the same filesystem as their parent directories within the
3696 * namecache topology.
3698 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
3701 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
3702 mp != tond->nl_nch.mount) {
3709 * Make sure the mount point is writable
3711 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
3718 * If the target exists and either the source or target is a directory,
3719 * then both must be directories.
3721 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
3724 if (tond->nl_nch.ncp->nc_vp) {
3725 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
3727 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
3728 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
3730 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
3736 * You cannot rename a source into itself or a subdirectory of itself.
3737 * We check this by travsersing the target directory upwards looking
3738 * for a match against the source.
3743 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
3744 if (fromnd->nl_nch.ncp == ncp) {
3755 * Even though the namespaces are different, they may still represent
3756 * hardlinks to the same file. The filesystem might have a hard time
3757 * with this so we issue a NREMOVE of the source instead of a NRENAME
3758 * when we detect the situation.
3761 fdvp = fromnd->nl_dvp;
3762 tdvp = tond->nl_dvp;
3763 if (fdvp == NULL || tdvp == NULL) {
3765 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
3766 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
3769 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
3770 fdvp, tdvp, tond->nl_cred);
3777 * rename_args(char *from, char *to)
3779 * Rename files. Source and destination must either both be directories,
3780 * or both not be directories. If target is a directory, it must be empty.
3785 sys_rename(struct rename_args *uap)
3787 struct nlookupdata fromnd, tond;
3791 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
3793 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
3795 error = kern_rename(&fromnd, &tond);
3796 nlookup_done(&tond);
3798 nlookup_done(&fromnd);
3804 kern_mkdir(struct nlookupdata *nd, int mode)
3806 struct thread *td = curthread;
3807 struct proc *p = td->td_proc;
3813 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
3814 if ((error = nlookup(nd)) != 0)
3817 if (nd->nl_nch.ncp->nc_vp)
3819 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3822 vattr.va_type = VDIR;
3823 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
3826 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
3833 * mkdir_args(char *path, int mode)
3835 * Make a directory file.
3840 sys_mkdir(struct mkdir_args *uap)
3842 struct nlookupdata nd;
3846 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3848 error = kern_mkdir(&nd, uap->mode);
3855 kern_rmdir(struct nlookupdata *nd)
3860 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
3861 if ((error = nlookup(nd)) != 0)
3865 * Do not allow directories representing mount points to be
3866 * deleted, even if empty. Check write perms on mount point
3867 * in case the vnode is aliased (aka nullfs).
3869 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
3871 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3873 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
3878 * rmdir_args(char *path)
3880 * Remove a directory file.
3885 sys_rmdir(struct rmdir_args *uap)
3887 struct nlookupdata nd;
3891 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3893 error = kern_rmdir(&nd);
3900 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
3901 enum uio_seg direction)
3903 struct thread *td = curthread;
3904 struct proc *p = td->td_proc;
3912 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3914 if ((fp->f_flag & FREAD) == 0) {
3918 vp = (struct vnode *)fp->f_data;
3920 if (vp->v_type != VDIR) {
3924 aiov.iov_base = buf;
3925 aiov.iov_len = count;
3926 auio.uio_iov = &aiov;
3927 auio.uio_iovcnt = 1;
3928 auio.uio_rw = UIO_READ;
3929 auio.uio_segflg = direction;
3931 auio.uio_resid = count;
3932 loff = auio.uio_offset = fp->f_offset;
3933 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
3934 fp->f_offset = auio.uio_offset;
3937 if (count == auio.uio_resid) {
3938 if (union_dircheckp) {
3939 error = union_dircheckp(td, &vp, fp);
3946 if ((vp->v_flag & VROOT) &&
3947 (vp->v_mount->mnt_flag & MNT_UNION)) {
3948 struct vnode *tvp = vp;
3949 vp = vp->v_mount->mnt_vnodecovered;
3960 * WARNING! *basep may not be wide enough to accomodate the
3961 * seek offset. XXX should we hack this to return the upper 32 bits
3962 * for offsets greater then 4G?
3965 *basep = (long)loff;
3967 *res = count - auio.uio_resid;
3974 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
3976 * Read a block of directory entries in a file system independent format.
3981 sys_getdirentries(struct getdirentries_args *uap)
3987 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
3988 &uap->sysmsg_result, UIO_USERSPACE);
3991 if (error == 0 && uap->basep)
3992 error = copyout(&base, uap->basep, sizeof(*uap->basep));
3997 * getdents_args(int fd, char *buf, size_t count)
4002 sys_getdents(struct getdents_args *uap)
4007 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
4008 &uap->sysmsg_result, UIO_USERSPACE);
4015 * Set the mode mask for creation of filesystem nodes.
4017 * umask(int newmask)
4022 sys_umask(struct umask_args *uap)
4024 struct thread *td = curthread;
4025 struct proc *p = td->td_proc;
4026 struct filedesc *fdp;
4029 uap->sysmsg_result = fdp->fd_cmask;
4030 fdp->fd_cmask = uap->newmask & ALLPERMS;
4035 * revoke(char *path)
4037 * Void all references to file by ripping underlying filesystem
4043 sys_revoke(struct revoke_args *uap)
4045 struct nlookupdata nd;
4053 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4055 error = nlookup(&nd);
4057 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4058 cred = crhold(nd.nl_cred);
4062 error = VOP_GETATTR(vp, &vattr);
4063 if (error == 0 && cred->cr_uid != vattr.va_uid)
4064 error = priv_check_cred(cred, PRIV_VFS_REVOKE, 0);
4065 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
4067 error = vrevoke(vp, cred);
4068 } else if (error == 0) {
4069 error = vrevoke(vp, cred);
4080 * getfh_args(char *fname, fhandle_t *fhp)
4082 * Get (NFS) file handle
4084 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4085 * mount. This allows nullfs mounts to be explicitly exported.
4087 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4089 * nullfs mounts of subdirectories are not safe. That is, it will
4090 * work, but you do not really have protection against access to
4091 * the related parent directories.
4096 sys_getfh(struct getfh_args *uap)
4098 struct thread *td = curthread;
4099 struct nlookupdata nd;
4106 * Must be super user
4108 if ((error = priv_check(td, PRIV_ROOT)) != 0)
4113 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4115 error = nlookup(&nd);
4117 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4118 mp = nd.nl_nch.mount;
4121 bzero(&fh, sizeof(fh));
4122 fh.fh_fsid = mp->mnt_stat.f_fsid;
4123 error = VFS_VPTOFH(vp, &fh.fh_fid);
4126 error = copyout(&fh, uap->fhp, sizeof(fh));
4133 * fhopen_args(const struct fhandle *u_fhp, int flags)
4135 * syscall for the rpc.lockd to use to translate a NFS file handle into
4136 * an open descriptor.
4138 * warning: do not remove the priv_check() call or this becomes one giant
4144 sys_fhopen(struct fhopen_args *uap)
4146 struct thread *td = curthread;
4147 struct filedesc *fdp = td->td_proc->p_fd;
4152 struct vattr *vap = &vat;
4154 int fmode, mode, error, type;
4160 * Must be super user
4162 error = priv_check(td, PRIV_ROOT);
4166 fmode = FFLAGS(uap->flags);
4169 * Why not allow a non-read/write open for our lockd?
4171 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4173 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4178 * Find the mount point
4181 mp = vfs_getvfs(&fhp.fh_fsid);
4186 /* now give me my vnode, it gets returned to me locked */
4187 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4191 * from now on we have to make sure not
4192 * to forget about the vnode
4193 * any error that causes an abort must vput(vp)
4194 * just set error = err and 'goto bad;'.
4200 if (vp->v_type == VLNK) {
4204 if (vp->v_type == VSOCK) {
4209 if (fmode & (FWRITE | O_TRUNC)) {
4210 if (vp->v_type == VDIR) {
4214 error = vn_writechk(vp, NULL);
4222 error = VOP_ACCESS(vp, mode, td->td_ucred);
4226 if (fmode & O_TRUNC) {
4227 vn_unlock(vp); /* XXX */
4228 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4231 error = VOP_SETATTR(vp, vap, td->td_ucred);
4237 * VOP_OPEN needs the file pointer so it can potentially override
4240 * WARNING! no f_nchandle will be associated when fhopen()ing a
4243 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4247 error = VOP_OPEN(vp, fmode, td->td_ucred, fp);
4250 * setting f_ops this way prevents VOP_CLOSE from being
4251 * called or fdrop() releasing the vp from v_data. Since
4252 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4254 fp->f_ops = &badfileops;
4260 * The fp is given its own reference, we still have our ref and lock.
4262 * Assert that all regular files must be created with a VM object.
4264 if (vp->v_type == VREG && vp->v_object == NULL) {
4265 kprintf("fhopen: regular file did not have VM object: %p\n", vp);
4270 * The open was successful. Handle any locking requirements.
4272 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4273 lf.l_whence = SEEK_SET;
4276 if (fmode & O_EXLOCK)
4277 lf.l_type = F_WRLCK;
4279 lf.l_type = F_RDLCK;
4280 if (fmode & FNONBLOCK)
4285 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
4287 * release our private reference.
4289 fsetfd(fdp, NULL, indx);
4294 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4295 fp->f_flag |= FHASLOCK;
4299 * Clean up. Associate the file pointer with the previously
4300 * reserved descriptor and return it.
4304 fsetfd(fdp, fp, indx);
4306 uap->sysmsg_result = indx;
4310 fsetfd(fdp, NULL, indx);
4320 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4325 sys_fhstat(struct fhstat_args *uap)
4327 struct thread *td = curthread;
4335 * Must be super user
4337 error = priv_check(td, PRIV_ROOT);
4341 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4346 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4349 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4350 error = vn_stat(vp, &sb, td->td_ucred);
4356 error = copyout(&sb, uap->sb, sizeof(sb));
4361 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4366 sys_fhstatfs(struct fhstatfs_args *uap)
4368 struct thread *td = curthread;
4369 struct proc *p = td->td_proc;
4374 char *fullpath, *freepath;
4379 * Must be super user
4381 if ((error = priv_check(td, PRIV_ROOT)))
4384 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4389 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4393 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4398 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4403 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4406 error = mount_path(p, mp, &fullpath, &freepath);
4409 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
4410 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
4411 kfree(freepath, M_TEMP);
4413 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4414 if (priv_check(td, PRIV_ROOT)) {
4415 bcopy(sp, &sb, sizeof(sb));
4416 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
4419 error = copyout(sp, uap->buf, sizeof(*sp));
4426 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
4431 sys_fhstatvfs(struct fhstatvfs_args *uap)
4433 struct thread *td = curthread;
4434 struct proc *p = td->td_proc;
4442 * Must be super user
4444 if ((error = priv_check(td, PRIV_ROOT)))
4447 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4452 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4456 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4461 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
4464 sp = &mp->mnt_vstat;
4466 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
4470 if (mp->mnt_flag & MNT_RDONLY)
4471 sp->f_flag |= ST_RDONLY;
4472 if (mp->mnt_flag & MNT_NOSUID)
4473 sp->f_flag |= ST_NOSUID;
4474 error = copyout(sp, uap->buf, sizeof(*sp));
4482 * Syscall to push extended attribute configuration information into the
4483 * VFS. Accepts a path, which it converts to a mountpoint, as well as
4484 * a command (int cmd), and attribute name and misc data. For now, the
4485 * attribute name is left in userspace for consumption by the VFS_op.
4486 * It will probably be changed to be copied into sysspace by the
4487 * syscall in the future, once issues with various consumers of the
4488 * attribute code have raised their hands.
4490 * Currently this is used only by UFS Extended Attributes.
4495 sys_extattrctl(struct extattrctl_args *uap)
4497 struct nlookupdata nd;
4499 char attrname[EXTATTR_MAXNAMELEN];
4509 if (error == 0 && uap->filename) {
4510 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
4513 error = nlookup(&nd);
4515 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4519 if (error == 0 && uap->attrname) {
4520 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
4525 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4527 error = nlookup(&nd);
4529 error = ncp_writechk(&nd.nl_nch);
4531 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
4533 uap->attrname, nd.nl_cred);
4544 * Syscall to get a named extended attribute on a file or directory.
4549 sys_extattr_set_file(struct extattr_set_file_args *uap)
4551 char attrname[EXTATTR_MAXNAMELEN];
4552 struct nlookupdata nd;
4558 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4565 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4567 error = nlookup(&nd);
4569 error = ncp_writechk(&nd.nl_nch);
4571 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4578 bzero(&auio, sizeof(auio));
4579 aiov.iov_base = uap->data;
4580 aiov.iov_len = uap->nbytes;
4581 auio.uio_iov = &aiov;
4582 auio.uio_iovcnt = 1;
4583 auio.uio_offset = 0;
4584 auio.uio_resid = uap->nbytes;
4585 auio.uio_rw = UIO_WRITE;
4586 auio.uio_td = curthread;
4588 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
4598 * Syscall to get a named extended attribute on a file or directory.
4603 sys_extattr_get_file(struct extattr_get_file_args *uap)
4605 char attrname[EXTATTR_MAXNAMELEN];
4606 struct nlookupdata nd;
4612 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4619 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4621 error = nlookup(&nd);
4623 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4630 bzero(&auio, sizeof(auio));
4631 aiov.iov_base = uap->data;
4632 aiov.iov_len = uap->nbytes;
4633 auio.uio_iov = &aiov;
4634 auio.uio_iovcnt = 1;
4635 auio.uio_offset = 0;
4636 auio.uio_resid = uap->nbytes;
4637 auio.uio_rw = UIO_READ;
4638 auio.uio_td = curthread;
4640 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
4642 uap->sysmsg_result = uap->nbytes - auio.uio_resid;
4651 * Syscall to delete a named extended attribute from a file or directory.
4652 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
4657 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
4659 char attrname[EXTATTR_MAXNAMELEN];
4660 struct nlookupdata nd;
4664 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4669 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4671 error = nlookup(&nd);
4673 error = ncp_writechk(&nd.nl_nch);
4675 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4677 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
4678 attrname, NULL, nd.nl_cred);
4688 * Determine if the mount is visible to the process.
4691 chroot_visible_mnt(struct mount *mp, struct proc *p)
4693 struct nchandle nch;
4696 * Traverse from the mount point upwards. If we hit the process
4697 * root then the mount point is visible to the process.
4699 nch = mp->mnt_ncmountpt;
4701 if (nch.mount == p->p_fd->fd_nrdir.mount &&
4702 nch.ncp == p->p_fd->fd_nrdir.ncp) {
4705 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
4706 nch = nch.mount->mnt_ncmounton;
4708 nch.ncp = nch.ncp->nc_parent;
4713 * If the mount point is not visible to the process, but the
4714 * process root is in a subdirectory of the mount, return
4717 if (p->p_fd->fd_nrdir.mount == mp)
projects / dragonfly.git / blob