2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
40 * $DragonFly: src/sys/kern/vfs_syscalls.c,v 1.120 2007/09/03 17:06:21 dillon Exp $
43 #include <sys/param.h>
44 #include <sys/systm.h>
47 #include <sys/sysent.h>
48 #include <sys/malloc.h>
49 #include <sys/mount.h>
50 #include <sys/mountctl.h>
51 #include <sys/sysproto.h>
52 #include <sys/filedesc.h>
53 #include <sys/kernel.h>
54 #include <sys/fcntl.h>
56 #include <sys/linker.h>
58 #include <sys/unistd.h>
59 #include <sys/vnode.h>
61 #include <sys/namei.h>
62 #include <sys/nlookup.h>
63 #include <sys/dirent.h>
64 #include <sys/extattr.h>
65 #include <sys/spinlock.h>
66 #include <sys/kern_syscall.h>
67 #include <sys/objcache.h>
68 #include <sys/sysctl.h>
69 #include <sys/file2.h>
70 #include <sys/spinlock2.h>
73 #include <vm/vm_object.h>
74 #include <vm/vm_page.h>
76 #include <machine/limits.h>
77 #include <machine/stdarg.h>
79 #include <vfs/union/union.h>
81 static void mount_warning(struct mount *mp, const char *ctl, ...);
82 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
83 static int checkvp_chdir (struct vnode *vn, struct thread *td);
84 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
85 static int chroot_refuse_vdir_fds (struct filedesc *fdp);
86 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
87 static int getutimes (const struct timeval *, struct timespec *);
88 static int setfown (struct vnode *, uid_t, gid_t);
89 static int setfmode (struct vnode *, int);
90 static int setfflags (struct vnode *, int);
91 static int setutimes (struct vnode *, const struct timespec *, int);
92 static int usermount = 0; /* if 1, non-root can mount fs. */
94 int (*union_dircheckp) (struct thread *, struct vnode **, struct file *);
96 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, "");
99 * Virtual File System System Calls
103 * Mount a file system.
106 * mount_args(char *type, char *path, int flags, caddr_t data)
110 sys_mount(struct mount_args *uap)
112 struct thread *td = curthread;
113 struct proc *p = td->td_proc;
117 struct vfsconf *vfsp;
118 int error, flag = 0, flag2 = 0;
121 struct nlookupdata nd;
122 char fstypename[MFSNAMELEN];
123 struct ucred *cred = p->p_ucred;
126 if (cred->cr_prison != NULL)
128 if (usermount == 0 && (error = suser(td)))
131 * Do not allow NFS export by non-root users.
133 if (uap->flags & MNT_EXPORTED) {
139 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
142 uap->flags |= MNT_NOSUID | MNT_NODEV;
145 * Lookup the requested path and extract the nch and vnode.
147 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
149 if ((error = nlookup(&nd)) == 0) {
150 if (nd.nl_nch.ncp->nc_vp == NULL)
160 * Extract the locked+refd ncp and cleanup the nd structure
163 cache_zero(&nd.nl_nch);
166 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) && cache_findmount(&nch))
173 * now we have the locked ref'd nch and unreferenced vnode.
176 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
183 * Now we have an unlocked ref'd nch and a locked ref'd vp
185 if (uap->flags & MNT_UPDATE) {
186 if ((vp->v_flag & VROOT) == 0) {
193 flag2 = mp->mnt_kern_flag;
195 * We only allow the filesystem to be reloaded if it
196 * is currently mounted read-only.
198 if ((uap->flags & MNT_RELOAD) &&
199 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
202 return (EOPNOTSUPP); /* Needs translation */
205 * Only root, or the user that did the original mount is
206 * permitted to update it.
208 if (mp->mnt_stat.f_owner != cred->cr_uid &&
209 (error = suser(td))) {
214 if (vfs_busy(mp, LK_NOWAIT)) {
219 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
225 vp->v_flag |= VMOUNT;
227 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
232 * If the user is not root, ensure that they own the directory
233 * onto which we are attempting to mount.
235 if ((error = VOP_GETATTR(vp, &va)) ||
236 (va.va_uid != cred->cr_uid && (error = suser(td)))) {
241 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
246 if (vp->v_type != VDIR) {
251 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
256 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0) {
261 for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next) {
262 if (!strcmp(vfsp->vfc_name, fstypename))
268 /* Only load modules for root (very important!) */
269 if ((error = suser(td)) != 0) {
274 error = linker_load_file(fstypename, &lf);
275 if (error || lf == NULL) {
283 /* lookup again, see if the VFS was loaded */
284 for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next) {
285 if (!strcmp(vfsp->vfc_name, fstypename))
290 linker_file_unload(lf);
296 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
301 vp->v_flag |= VMOUNT;
304 * Allocate and initialize the filesystem.
306 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
307 TAILQ_INIT(&mp->mnt_nvnodelist);
308 TAILQ_INIT(&mp->mnt_reservedvnlist);
309 TAILQ_INIT(&mp->mnt_jlist);
310 mp->mnt_nvnodelistsize = 0;
311 lockinit(&mp->mnt_lock, "vfslock", 0, 0);
312 vfs_busy(mp, LK_NOWAIT);
313 mp->mnt_op = vfsp->vfc_vfsops;
315 vfsp->vfc_refcount++;
316 mp->mnt_stat.f_type = vfsp->vfc_typenum;
317 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
318 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
319 mp->mnt_stat.f_owner = cred->cr_uid;
320 mp->mnt_iosize_max = DFLTPHYS;
324 * Set the mount level flags.
326 if (uap->flags & MNT_RDONLY)
327 mp->mnt_flag |= MNT_RDONLY;
328 else if (mp->mnt_flag & MNT_RDONLY)
329 mp->mnt_kern_flag |= MNTK_WANTRDWR;
330 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
331 MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
332 MNT_NOSYMFOLLOW | MNT_IGNORE |
333 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
334 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
335 MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
336 MNT_NOSYMFOLLOW | MNT_IGNORE |
337 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
339 * Mount the filesystem.
340 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
343 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
344 if (mp->mnt_flag & MNT_UPDATE) {
345 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
346 mp->mnt_flag &= ~MNT_RDONLY;
347 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
348 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
351 mp->mnt_kern_flag = flag2;
354 vp->v_flag &= ~VMOUNT;
359 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
361 * Put the new filesystem on the mount list after root. The mount
362 * point gets its own mnt_ncmountpt (unless the VFS already set one
363 * up) which represents the root of the mount. The lookup code
364 * detects the mount point going forward and checks the root of
365 * the mount going backwards.
367 * It is not necessary to invalidate or purge the vnode underneath
368 * because elements under the mount will be given their own glue
372 if (mp->mnt_ncmountpt.ncp == NULL) {
374 * allocate, then unlock, but leave the ref intact
376 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
377 cache_unlock(&mp->mnt_ncmountpt);
379 mp->mnt_ncmounton = nch; /* inherits ref */
380 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
382 /* XXX get the root of the fs and cache_setvp(mnt_ncmountpt...) */
383 vp->v_flag &= ~VMOUNT;
384 mountlist_insert(mp, MNTINS_LAST);
385 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
387 error = vfs_allocate_syncvnode(mp);
389 error = VFS_START(mp, 0);
392 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
393 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
394 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
395 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
396 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
397 vp->v_flag &= ~VMOUNT;
398 mp->mnt_vfc->vfc_refcount--;
408 * Scan all active processes to see if any of them have a current
409 * or root directory onto which the new filesystem has just been
410 * mounted. If so, replace them with the new mount point.
412 * The passed ncp is ref'd and locked (from the mount code) and
413 * must be associated with the vnode representing the root of the
416 struct checkdirs_info {
417 struct nchandle old_nch;
418 struct nchandle new_nch;
419 struct vnode *old_vp;
420 struct vnode *new_vp;
423 static int checkdirs_callback(struct proc *p, void *data);
426 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
428 struct checkdirs_info info;
434 * If the old mount point's vnode has a usecount of 1, it is not
435 * being held as a descriptor anywhere.
437 olddp = old_nch->ncp->nc_vp;
438 if (olddp == NULL || olddp->v_sysref.refcnt == 1)
442 * Force the root vnode of the new mount point to be resolved
443 * so we can update any matching processes.
446 if (VFS_ROOT(mp, &newdp))
447 panic("mount: lost mount");
448 cache_setunresolved(new_nch);
449 cache_setvp(new_nch, newdp);
452 * Special handling of the root node
454 if (rootvnode == olddp) {
456 vfs_cache_setroot(newdp, cache_hold(new_nch));
460 * Pass newdp separately so the callback does not have to access
461 * it via new_nch->ncp->nc_vp.
463 info.old_nch = *old_nch;
464 info.new_nch = *new_nch;
466 allproc_scan(checkdirs_callback, &info);
471 * NOTE: callback is not MP safe because the scanned process's filedesc
472 * structure can be ripped out from under us, amoung other things.
475 checkdirs_callback(struct proc *p, void *data)
477 struct checkdirs_info *info = data;
478 struct filedesc *fdp;
479 struct nchandle ncdrop1;
480 struct nchandle ncdrop2;
481 struct vnode *vprele1;
482 struct vnode *vprele2;
484 if ((fdp = p->p_fd) != NULL) {
485 cache_zero(&ncdrop1);
486 cache_zero(&ncdrop2);
491 * MPUNSAFE - XXX fdp can be pulled out from under a
494 * A shared filedesc is ok, we don't have to copy it
495 * because we are making this change globally.
497 spin_lock_wr(&fdp->fd_spin);
498 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
499 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
500 vprele1 = fdp->fd_cdir;
502 fdp->fd_cdir = info->new_vp;
503 ncdrop1 = fdp->fd_ncdir;
504 cache_copy(&info->new_nch, &fdp->fd_ncdir);
506 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
507 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
508 vprele2 = fdp->fd_rdir;
510 fdp->fd_rdir = info->new_vp;
511 ncdrop2 = fdp->fd_nrdir;
512 cache_copy(&info->new_nch, &fdp->fd_nrdir);
514 spin_unlock_wr(&fdp->fd_spin);
516 cache_drop(&ncdrop1);
518 cache_drop(&ncdrop2);
528 * Unmount a file system.
530 * Note: unmount takes a path to the vnode mounted on as argument,
531 * not special file (as before).
534 * umount_args(char *path, int flags)
538 sys_unmount(struct unmount_args *uap)
540 struct thread *td = curthread;
541 struct proc *p = td->td_proc;
542 struct mount *mp = NULL;
544 struct nlookupdata nd;
547 if (p->p_ucred->cr_prison != NULL)
549 if (usermount == 0 && (error = suser(td)))
552 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
554 error = nlookup(&nd);
558 mp = nd.nl_nch.mount;
561 * Only root, or the user that did the original mount is
562 * permitted to unmount this filesystem.
564 if ((mp->mnt_stat.f_owner != p->p_ucred->cr_uid) &&
569 * Don't allow unmounting the root file system.
571 if (mp->mnt_flag & MNT_ROOTFS) {
577 * Must be the root of the filesystem
579 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
588 return (dounmount(mp, uap->flags));
592 * Do the actual file system unmount.
595 dounmount_interlock(struct mount *mp)
597 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
599 mp->mnt_kern_flag |= MNTK_UNMOUNT;
604 dounmount(struct mount *mp, int flags)
606 struct namecache *ncp;
614 * Exclusive access for unmounting purposes
616 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
620 * Allow filesystems to detect that a forced unmount is in progress.
622 if (flags & MNT_FORCE)
623 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
624 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_NOWAIT);
625 error = lockmgr(&mp->mnt_lock, lflags);
627 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
628 if (mp->mnt_kern_flag & MNTK_MWAIT)
633 if (mp->mnt_flag & MNT_EXPUBLIC)
634 vfs_setpublicfs(NULL, NULL, NULL);
636 vfs_msync(mp, MNT_WAIT);
637 async_flag = mp->mnt_flag & MNT_ASYNC;
638 mp->mnt_flag &=~ MNT_ASYNC;
641 * If this filesystem isn't aliasing other filesystems,
642 * try to invalidate any remaining namecache entries and
643 * check the count afterwords.
645 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
646 cache_lock(&mp->mnt_ncmountpt);
647 cache_inval(&mp->mnt_ncmountpt, CINV_DESTROY|CINV_CHILDREN);
648 cache_unlock(&mp->mnt_ncmountpt);
650 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
651 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
653 if ((flags & MNT_FORCE) == 0) {
655 mount_warning(mp, "Cannot unmount: "
661 mount_warning(mp, "Forced unmount: "
672 * nchandle records ref the mount structure. Expect a count of 1
673 * (our mount->mnt_ncmountpt).
675 if (mp->mnt_refs != 1) {
676 if ((flags & MNT_FORCE) == 0) {
677 mount_warning(mp, "Cannot unmount: "
678 "%d process references still "
679 "present", mp->mnt_refs);
682 mount_warning(mp, "Forced unmount: "
683 "%d process references still "
684 "present", mp->mnt_refs);
690 if (mp->mnt_syncer != NULL)
691 vrele(mp->mnt_syncer);
692 if (((mp->mnt_flag & MNT_RDONLY) ||
693 (error = VFS_SYNC(mp, MNT_WAIT)) == 0) ||
694 (flags & MNT_FORCE)) {
695 error = VFS_UNMOUNT(mp, flags);
699 if (mp->mnt_syncer == NULL)
700 vfs_allocate_syncvnode(mp);
701 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
702 mp->mnt_flag |= async_flag;
703 lockmgr(&mp->mnt_lock, LK_RELEASE);
704 if (mp->mnt_kern_flag & MNTK_MWAIT)
709 * Clean up any journals still associated with the mount after
710 * filesystem activity has ceased.
712 journal_remove_all_journals(mp,
713 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
715 mountlist_remove(mp);
718 * Remove any installed vnode ops here so the individual VFSs don't
721 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
722 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
723 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
724 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
725 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
727 if (mp->mnt_ncmountpt.ncp != NULL) {
728 nch = mp->mnt_ncmountpt;
729 cache_zero(&mp->mnt_ncmountpt);
730 cache_clrmountpt(&nch);
733 if (mp->mnt_ncmounton.ncp != NULL) {
734 nch = mp->mnt_ncmounton;
735 cache_zero(&mp->mnt_ncmounton);
736 cache_clrmountpt(&nch);
740 mp->mnt_vfc->vfc_refcount--;
741 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist))
742 panic("unmount: dangling vnode");
743 lockmgr(&mp->mnt_lock, LK_RELEASE);
744 if (mp->mnt_kern_flag & MNTK_MWAIT)
753 mount_warning(struct mount *mp, const char *ctl, ...)
760 if (cache_fullpath(NULL, &mp->mnt_ncmounton, &ptr, &buf) == 0) {
761 kprintf("unmount(%s): ", ptr);
766 kprintf("unmount(%p", mp);
767 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
768 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
777 * Shim cache_fullpath() to handle the case where a process is chrooted into
778 * a subdirectory of a mount. In this case if the root mount matches the
779 * process root directory's mount we have to specify the process's root
780 * directory instead of the mount point, because the mount point might
781 * be above the root directory.
785 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
787 struct nchandle *nch;
789 if (p && p->p_fd->fd_nrdir.mount == mp)
790 nch = &p->p_fd->fd_nrdir;
792 nch = &mp->mnt_ncmountpt;
793 return(cache_fullpath(p, nch, rb, fb));
797 * Sync each mounted filesystem.
801 static int syncprt = 0;
802 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
805 static int sync_callback(struct mount *mp, void *data);
809 sys_sync(struct sync_args *uap)
811 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
814 * print out buffer pool stat information on each sync() call.
824 sync_callback(struct mount *mp, void *data __unused)
828 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
829 asyncflag = mp->mnt_flag & MNT_ASYNC;
830 mp->mnt_flag &= ~MNT_ASYNC;
831 vfs_msync(mp, MNT_NOWAIT);
832 VFS_SYNC(mp, MNT_NOWAIT);
833 mp->mnt_flag |= asyncflag;
838 /* XXX PRISON: could be per prison flag */
839 static int prison_quotas;
841 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
845 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
847 * Change filesystem quotas.
851 sys_quotactl(struct quotactl_args *uap)
853 struct nlookupdata nd;
861 if (p->p_ucred->cr_prison && !prison_quotas)
864 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
866 error = nlookup(&nd);
868 mp = nd.nl_nch.mount;
869 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
870 uap->arg, nd.nl_cred);
877 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
878 * void *buf, int buflen)
880 * This function operates on a mount point and executes the specified
881 * operation using the specified control data, and possibly returns data.
883 * The actual number of bytes stored in the result buffer is returned, 0
884 * if none, otherwise an error is returned.
888 sys_mountctl(struct mountctl_args *uap)
890 struct thread *td = curthread;
891 struct proc *p = td->td_proc;
899 * Sanity and permissions checks. We must be root.
902 if (p->p_ucred->cr_prison != NULL)
904 if ((error = suser(td)) != 0)
908 * Argument length checks
910 if (uap->ctllen < 0 || uap->ctllen > 1024)
912 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
914 if (uap->path == NULL)
918 * Allocate the necessary buffers and copyin data
920 path = objcache_get(namei_oc, M_WAITOK);
921 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
926 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
927 error = copyin(uap->ctl, ctl, uap->ctllen);
932 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
935 * Validate the descriptor
938 fp = holdfp(p->p_fd, uap->fd, -1);
948 * Execute the internal kernel function and clean up.
950 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen, buf, uap->buflen, &uap->sysmsg_result);
953 if (error == 0 && uap->sysmsg_result > 0)
954 error = copyout(buf, uap->buf, uap->sysmsg_result);
957 objcache_put(namei_oc, path);
966 * Execute a mount control operation by resolving the path to a mount point
967 * and calling vop_mountctl().
970 kern_mountctl(const char *path, int op, struct file *fp,
971 const void *ctl, int ctllen,
972 void *buf, int buflen, int *res)
976 struct nlookupdata nd;
981 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
983 error = nlookup(&nd);
985 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
993 * Must be the root of the filesystem
995 if ((vp->v_flag & VROOT) == 0) {
999 error = vop_mountctl(mp->mnt_vn_use_ops, op, fp, ctl, ctllen,
1006 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1008 struct thread *td = curthread;
1009 struct proc *p = td->td_proc;
1012 char *fullpath, *freepath;
1015 if ((error = nlookup(nd)) != 0)
1017 mp = nd->nl_nch.mount;
1019 if ((error = VFS_STATFS(mp, sp, nd->nl_cred)) != 0)
1022 error = mount_path(p, mp, &fullpath, &freepath);
1025 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1026 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1027 kfree(freepath, M_TEMP);
1029 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1030 bcopy(sp, buf, sizeof(*buf));
1031 /* Only root should have access to the fsid's. */
1033 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1038 * statfs_args(char *path, struct statfs *buf)
1040 * Get filesystem statistics.
1043 sys_statfs(struct statfs_args *uap)
1045 struct nlookupdata nd;
1049 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1051 error = kern_statfs(&nd, &buf);
1054 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1059 kern_fstatfs(int fd, struct statfs *buf)
1061 struct thread *td = curthread;
1062 struct proc *p = td->td_proc;
1066 char *fullpath, *freepath;
1070 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1072 mp = ((struct vnode *)fp->f_data)->v_mount;
1077 if (fp->f_cred == NULL) {
1082 if ((error = VFS_STATFS(mp, sp, fp->f_cred)) != 0)
1085 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1087 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1088 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1089 kfree(freepath, M_TEMP);
1091 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1092 bcopy(sp, buf, sizeof(*buf));
1094 /* Only root should have access to the fsid's. */
1096 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1104 * fstatfs_args(int fd, struct statfs *buf)
1106 * Get filesystem statistics.
1109 sys_fstatfs(struct fstatfs_args *uap)
1114 error = kern_fstatfs(uap->fd, &buf);
1117 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1122 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1124 * Get statistics on all filesystems.
1127 struct getfsstat_info {
1128 struct statfs *sfsp;
1136 static int getfsstat_callback(struct mount *, void *);
1140 sys_getfsstat(struct getfsstat_args *uap)
1142 struct thread *td = curthread;
1143 struct proc *p = td->td_proc;
1144 struct getfsstat_info info;
1146 bzero(&info, sizeof(info));
1148 info.maxcount = uap->bufsize / sizeof(struct statfs);
1149 info.sfsp = uap->buf;
1151 info.flags = uap->flags;
1154 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1155 if (info.sfsp && info.count > info.maxcount)
1156 uap->sysmsg_result = info.maxcount;
1158 uap->sysmsg_result = info.count;
1159 return (info.error);
1163 getfsstat_callback(struct mount *mp, void *data)
1165 struct getfsstat_info *info = data;
1171 if (info->sfsp && info->count < info->maxcount) {
1172 if (info->p && !chroot_visible_mnt(mp, info->p))
1177 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1178 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1179 * overrides MNT_WAIT.
1181 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1182 (info->flags & MNT_WAIT)) &&
1183 (error = VFS_STATFS(mp, sp, info->p->p_ucred))) {
1186 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1188 error = mount_path(info->p, mp, &fullpath, &freepath);
1190 info->error = error;
1193 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1194 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1195 kfree(freepath, M_TEMP);
1197 error = copyout(sp, info->sfsp, sizeof(*sp));
1199 info->error = error;
1209 * fchdir_args(int fd)
1211 * Change current working directory to a given file descriptor.
1215 sys_fchdir(struct fchdir_args *uap)
1217 struct thread *td = curthread;
1218 struct proc *p = td->td_proc;
1219 struct filedesc *fdp = p->p_fd;
1220 struct vnode *vp, *ovp;
1223 struct nchandle nch, onch, tnch;
1226 if ((error = holdvnode(fdp, uap->fd, &fp)) != 0)
1228 vp = (struct vnode *)fp->f_data;
1230 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1231 if (vp->v_type != VDIR || fp->f_nchandle.ncp == NULL)
1234 error = VOP_ACCESS(vp, VEXEC, p->p_ucred);
1240 cache_copy(&fp->f_nchandle, &nch);
1243 * If the ncp has become a mount point, traverse through
1247 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1248 (mp = cache_findmount(&nch)) != NULL
1250 error = nlookup_mp(mp, &tnch);
1252 cache_unlock(&tnch); /* leave ref intact */
1254 vp = tnch.ncp->nc_vp;
1255 error = vget(vp, LK_SHARED);
1256 KKASSERT(error == 0);
1263 onch = fdp->fd_ncdir;
1264 vn_unlock(vp); /* leave ref intact */
1266 fdp->fd_ncdir = nch;
1278 kern_chdir(struct nlookupdata *nd)
1280 struct thread *td = curthread;
1281 struct proc *p = td->td_proc;
1282 struct filedesc *fdp = p->p_fd;
1283 struct vnode *vp, *ovp;
1284 struct nchandle onch;
1287 if ((error = nlookup(nd)) != 0)
1289 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1291 if ((error = vget(vp, LK_SHARED)) != 0)
1294 error = checkvp_chdir(vp, td);
1298 onch = fdp->fd_ncdir;
1299 cache_unlock(&nd->nl_nch); /* leave reference intact */
1300 fdp->fd_ncdir = nd->nl_nch;
1304 cache_zero(&nd->nl_nch);
1312 * chdir_args(char *path)
1314 * Change current working directory (``.'').
1317 sys_chdir(struct chdir_args *uap)
1319 struct nlookupdata nd;
1322 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1324 error = kern_chdir(&nd);
1330 * Helper function for raised chroot(2) security function: Refuse if
1331 * any filedescriptors are open directories.
1334 chroot_refuse_vdir_fds(struct filedesc *fdp)
1341 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1342 if ((error = holdvnode(fdp, fd, &fp)) != 0)
1344 vp = (struct vnode *)fp->f_data;
1345 if (vp->v_type != VDIR) {
1356 * This sysctl determines if we will allow a process to chroot(2) if it
1357 * has a directory open:
1358 * 0: disallowed for all processes.
1359 * 1: allowed for processes that were not already chroot(2)'ed.
1360 * 2: allowed for all processes.
1363 static int chroot_allow_open_directories = 1;
1365 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1366 &chroot_allow_open_directories, 0, "");
1369 * chroot to the specified namecache entry. We obtain the vp from the
1370 * namecache data. The passed ncp must be locked and referenced and will
1371 * remain locked and referenced on return.
1374 kern_chroot(struct nchandle *nch)
1376 struct thread *td = curthread;
1377 struct proc *p = td->td_proc;
1378 struct filedesc *fdp = p->p_fd;
1383 * Only root can chroot
1385 if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0)
1389 * Disallow open directory descriptors (fchdir() breakouts).
1391 if (chroot_allow_open_directories == 0 ||
1392 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1393 if ((error = chroot_refuse_vdir_fds(fdp)) != 0)
1396 if ((vp = nch->ncp->nc_vp) == NULL)
1399 if ((error = vget(vp, LK_SHARED)) != 0)
1403 * Check the validity of vp as a directory to change to and
1404 * associate it with rdir/jdir.
1406 error = checkvp_chdir(vp, td);
1407 vn_unlock(vp); /* leave reference intact */
1409 vrele(fdp->fd_rdir);
1410 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1411 cache_drop(&fdp->fd_nrdir);
1412 cache_copy(nch, &fdp->fd_nrdir);
1413 if (fdp->fd_jdir == NULL) {
1416 cache_copy(nch, &fdp->fd_njdir);
1425 * chroot_args(char *path)
1427 * Change notion of root (``/'') directory.
1431 sys_chroot(struct chroot_args *uap)
1433 struct thread *td = curthread;
1434 struct nlookupdata nd;
1437 KKASSERT(td->td_proc);
1438 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1443 error = nlookup(&nd);
1445 error = kern_chroot(&nd.nl_nch);
1451 * Common routine for chroot and chdir. Given a locked, referenced vnode,
1452 * determine whether it is legal to chdir to the vnode. The vnode's state
1453 * is not changed by this call.
1456 checkvp_chdir(struct vnode *vp, struct thread *td)
1460 if (vp->v_type != VDIR)
1463 error = VOP_ACCESS(vp, VEXEC, td->td_proc->p_ucred);
1468 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
1470 struct thread *td = curthread;
1471 struct proc *p = td->td_proc;
1472 struct lwp *lp = td->td_lwp;
1473 struct filedesc *fdp = p->p_fd;
1478 int type, indx, error;
1481 if ((oflags & O_ACCMODE) == O_ACCMODE)
1483 flags = FFLAGS(oflags);
1484 error = falloc(p, &nfp, NULL);
1488 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT;
1491 * XXX p_dupfd is a real mess. It allows a device to return a
1492 * file descriptor to be duplicated rather then doing the open
1498 * Call vn_open() to do the lookup and assign the vnode to the
1499 * file pointer. vn_open() does not change the ref count on fp
1500 * and the vnode, on success, will be inherited by the file pointer
1503 nd->nl_flags |= NLC_LOCKVP;
1504 error = vn_open(nd, fp, flags, cmode);
1508 * handle special fdopen() case. bleh. dupfdopen() is
1509 * responsible for dropping the old contents of ofiles[indx]
1512 * Note that fsetfd() will add a ref to fp which represents
1513 * the fd_files[] assignment. We must still drop our
1516 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
1517 if (fdalloc(p, 0, &indx) == 0) {
1518 error = dupfdopen(p, indx, lp->lwp_dupfd, flags, error);
1521 fdrop(fp); /* our ref */
1524 fsetfd(p, NULL, indx);
1527 fdrop(fp); /* our ref */
1528 if (error == ERESTART)
1534 * ref the vnode for ourselves so it can't be ripped out from under
1535 * is. XXX need an ND flag to request that the vnode be returned
1538 * Reserve a file descriptor but do not assign it until the open
1541 vp = (struct vnode *)fp->f_data;
1543 if ((error = fdalloc(p, 0, &indx)) != 0) {
1550 * If no error occurs the vp will have been assigned to the file
1555 if (flags & (O_EXLOCK | O_SHLOCK)) {
1556 lf.l_whence = SEEK_SET;
1559 if (flags & O_EXLOCK)
1560 lf.l_type = F_WRLCK;
1562 lf.l_type = F_RDLCK;
1563 if (flags & FNONBLOCK)
1568 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
1570 * lock request failed. Clean up the reserved
1574 fsetfd(p, NULL, indx);
1578 fp->f_flag |= FHASLOCK;
1582 * Assert that all regular file vnodes were created with a object.
1584 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
1585 ("open: regular file has no backing object after vn_open"));
1591 * release our private reference, leaving the one associated with the
1592 * descriptor table intact.
1594 fsetfd(p, fp, indx);
1601 * open_args(char *path, int flags, int mode)
1603 * Check permissions, allocate an open file structure,
1604 * and call the device open routine if any.
1607 sys_open(struct open_args *uap)
1609 struct nlookupdata nd;
1612 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1614 error = kern_open(&nd, uap->flags,
1615 uap->mode, &uap->sysmsg_result);
1622 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
1624 struct thread *td = curthread;
1625 struct proc *p = td->td_proc;
1634 switch (mode & S_IFMT) {
1640 error = suser_cred(p->p_ucred, PRISON_ROOT);
1647 nd->nl_flags |= NLC_CREATE;
1648 if ((error = nlookup(nd)) != 0)
1650 if (nd->nl_nch.ncp->nc_vp)
1652 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
1654 if ((dvp = nd->nl_nch.ncp->nc_parent->nc_vp) == NULL)
1656 /* vhold(dvp); - DVP can't go away */
1659 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
1660 vattr.va_rmajor = rmajor;
1661 vattr.va_rminor = rminor;
1664 switch (mode & S_IFMT) {
1665 case S_IFMT: /* used by badsect to flag bad sectors */
1666 vattr.va_type = VBAD;
1669 vattr.va_type = VCHR;
1672 vattr.va_type = VBLK;
1683 error = VOP_NWHITEOUT(&nd->nl_nch, dvp, nd->nl_cred, NAMEI_CREATE);
1686 error = VOP_NMKNOD(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr);
1696 * mknod_args(char *path, int mode, int dev)
1698 * Create a special file.
1701 sys_mknod(struct mknod_args *uap)
1703 struct nlookupdata nd;
1706 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
1708 error = kern_mknod(&nd, uap->mode,
1709 umajor(uap->dev), uminor(uap->dev));
1716 kern_mkfifo(struct nlookupdata *nd, int mode)
1718 struct thread *td = curthread;
1719 struct proc *p = td->td_proc;
1727 nd->nl_flags |= NLC_CREATE;
1728 if ((error = nlookup(nd)) != 0)
1730 if (nd->nl_nch.ncp->nc_vp)
1732 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
1734 if ((dvp = nd->nl_nch.ncp->nc_parent->nc_vp) == NULL)
1736 /* vhold(dvp); - DVP can't go away */
1739 vattr.va_type = VFIFO;
1740 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
1742 error = VOP_NMKNOD(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr);
1750 * mkfifo_args(char *path, int mode)
1752 * Create a named pipe.
1755 sys_mkfifo(struct mkfifo_args *uap)
1757 struct nlookupdata nd;
1760 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
1762 error = kern_mkfifo(&nd, uap->mode);
1767 static int hardlink_check_uid = 0;
1768 SYSCTL_INT(_kern, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1769 &hardlink_check_uid, 0,
1770 "Unprivileged processes cannot create hard links to files owned by other "
1772 static int hardlink_check_gid = 0;
1773 SYSCTL_INT(_kern, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1774 &hardlink_check_gid, 0,
1775 "Unprivileged processes cannot create hard links to files owned by other "
1779 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
1785 * Shortcut if disabled
1787 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
1791 * root cred can always hardlink
1793 if (suser_cred(cred, PRISON_ROOT) == 0)
1797 * Otherwise only if the originating file is owned by the
1798 * same user or group. Note that any group is allowed if
1799 * the file is owned by the caller.
1801 error = VOP_GETATTR(vp, &va);
1805 if (hardlink_check_uid) {
1806 if (cred->cr_uid != va.va_uid)
1810 if (hardlink_check_gid) {
1811 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
1819 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
1821 struct thread *td = curthread;
1827 * Lookup the source and obtained a locked vnode.
1829 * XXX relookup on vget failure / race ?
1832 if ((error = nlookup(nd)) != 0)
1834 vp = nd->nl_nch.ncp->nc_vp;
1835 KKASSERT(vp != NULL);
1836 if (vp->v_type == VDIR)
1837 return (EPERM); /* POSIX */
1838 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
1840 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
1844 * Unlock the source so we can lookup the target without deadlocking
1845 * (XXX vp is locked already, possible other deadlock?). The target
1848 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
1849 nd->nl_flags &= ~NLC_NCPISLOCKED;
1850 cache_unlock(&nd->nl_nch);
1852 linknd->nl_flags |= NLC_CREATE;
1853 if ((error = nlookup(linknd)) != 0) {
1857 if (linknd->nl_nch.ncp->nc_vp) {
1861 if ((dvp = linknd->nl_nch.ncp->nc_parent->nc_vp) == NULL) {
1865 /* vhold(dvp); - dvp can't go away */
1868 * Finally run the new API VOP.
1870 error = can_hardlink(vp, td, td->td_proc->p_ucred);
1872 error = VOP_NLINK(&linknd->nl_nch, dvp, vp, linknd->nl_cred);
1879 * link_args(char *path, char *link)
1881 * Make a hard file link.
1884 sys_link(struct link_args *uap)
1886 struct nlookupdata nd, linknd;
1889 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1891 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
1893 error = kern_link(&nd, &linknd);
1894 nlookup_done(&linknd);
1901 kern_symlink(struct nlookupdata *nd, char *path, int mode)
1909 nd->nl_flags |= NLC_CREATE;
1910 if ((error = nlookup(nd)) != 0)
1912 if (nd->nl_nch.ncp->nc_vp)
1914 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
1916 if ((dvp = nd->nl_nch.ncp->nc_parent->nc_vp) == NULL)
1918 /* vhold(dvp); - dvp can't go away */
1920 vattr.va_mode = mode;
1921 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
1929 * symlink(char *path, char *link)
1931 * Make a symbolic link.
1934 sys_symlink(struct symlink_args *uap)
1936 struct thread *td = curthread;
1937 struct nlookupdata nd;
1942 path = objcache_get(namei_oc, M_WAITOK);
1943 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
1945 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
1947 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
1948 error = kern_symlink(&nd, path, mode);
1952 objcache_put(namei_oc, path);
1957 * undelete_args(char *path)
1959 * Delete a whiteout from the filesystem.
1963 sys_undelete(struct undelete_args *uap)
1965 struct nlookupdata nd;
1969 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
1971 nd.nl_flags |= NLC_DELETE;
1973 error = nlookup(&nd);
1975 error = ncp_writechk(&nd.nl_nch);
1978 if ((dvp = nd.nl_nch.ncp->nc_parent->nc_vp) == NULL)
1982 /* vhold(dvp); - dvp can't go away */
1983 error = VOP_NWHITEOUT(&nd.nl_nch, dvp, nd.nl_cred, NAMEI_DELETE);
1991 kern_unlink(struct nlookupdata *nd)
1997 nd->nl_flags |= NLC_DELETE;
1998 if ((error = nlookup(nd)) != 0)
2000 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2002 if ((dvp = nd->nl_nch.ncp->nc_parent->nc_vp) == NULL)
2004 /* vhold(dvp); - dvp can't go away */
2005 error = VOP_NREMOVE(&nd->nl_nch, dvp, nd->nl_cred);
2011 * unlink_args(char *path)
2013 * Delete a name from the filesystem.
2016 sys_unlink(struct unlink_args *uap)
2018 struct nlookupdata nd;
2021 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2023 error = kern_unlink(&nd);
2029 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2031 struct thread *td = curthread;
2032 struct proc *p = td->td_proc;
2037 fp = holdfp(p->p_fd, fd, -1);
2040 if (fp->f_type != DTYPE_VNODE) {
2047 fp->f_offset += offset;
2051 error = VOP_GETATTR((struct vnode *)fp->f_data, &vattr);
2053 fp->f_offset = offset + vattr.va_size;
2056 fp->f_offset = offset;
2063 *res = fp->f_offset;
2070 * lseek_args(int fd, int pad, off_t offset, int whence)
2072 * Reposition read/write file offset.
2075 sys_lseek(struct lseek_args *uap)
2079 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2080 &uap->sysmsg_offset);
2086 kern_access(struct nlookupdata *nd, int aflags)
2091 if ((error = nlookup(nd)) != 0)
2094 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2098 /* Flags == 0 means only check for existence. */
2107 if ((flags & VWRITE) == 0 ||
2108 (error = vn_writechk(vp, &nd->nl_nch)) == 0)
2109 error = VOP_ACCESS(vp, flags, nd->nl_cred);
2112 * If the file handle is stale we have to re-resolve the
2113 * entry. This is a hack at the moment.
2115 if (error == ESTALE) {
2116 cache_setunresolved(&nd->nl_nch);
2117 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2130 * access_args(char *path, int flags)
2132 * Check access permissions.
2135 sys_access(struct access_args *uap)
2137 struct nlookupdata nd;
2140 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2142 error = kern_access(&nd, uap->flags);
2148 kern_stat(struct nlookupdata *nd, struct stat *st)
2154 if ((error = nlookup(nd)) != 0)
2157 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2161 if ((error = vget(vp, LK_SHARED)) != 0)
2163 error = vn_stat(vp, st, nd->nl_cred);
2166 * If the file handle is stale we have to re-resolve the entry. This
2167 * is a hack at the moment.
2169 if (error == ESTALE) {
2171 cache_setunresolved(&nd->nl_nch);
2172 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2182 * stat_args(char *path, struct stat *ub)
2184 * Get file status; this version follows links.
2187 sys_stat(struct stat_args *uap)
2189 struct nlookupdata nd;
2193 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2195 error = kern_stat(&nd, &st);
2197 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2204 * lstat_args(char *path, struct stat *ub)
2206 * Get file status; this version does not follow links.
2209 sys_lstat(struct lstat_args *uap)
2211 struct nlookupdata nd;
2215 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2217 error = kern_stat(&nd, &st);
2219 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2226 * pathconf_Args(char *path, int name)
2228 * Get configurable pathname variables.
2232 sys_pathconf(struct pathconf_args *uap)
2234 struct nlookupdata nd;
2239 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2241 error = nlookup(&nd);
2243 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
2246 error = VOP_PATHCONF(vp, uap->name, uap->sysmsg_fds);
2254 * kern_readlink isn't properly split yet. There is a copyin burried
2255 * in VOP_READLINK().
2258 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
2260 struct thread *td = curthread;
2261 struct proc *p = td->td_proc;
2267 if ((error = nlookup(nd)) != 0)
2269 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2272 if (vp->v_type != VLNK) {
2275 aiov.iov_base = buf;
2276 aiov.iov_len = count;
2277 auio.uio_iov = &aiov;
2278 auio.uio_iovcnt = 1;
2279 auio.uio_offset = 0;
2280 auio.uio_rw = UIO_READ;
2281 auio.uio_segflg = UIO_USERSPACE;
2283 auio.uio_resid = count;
2284 error = VOP_READLINK(vp, &auio, p->p_ucred);
2287 *res = count - auio.uio_resid;
2292 * readlink_args(char *path, char *buf, int count)
2294 * Return target name of a symbolic link.
2297 sys_readlink(struct readlink_args *uap)
2299 struct nlookupdata nd;
2302 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2304 error = kern_readlink(&nd, uap->buf, uap->count,
2305 &uap->sysmsg_result);
2312 setfflags(struct vnode *vp, int flags)
2314 struct thread *td = curthread;
2315 struct proc *p = td->td_proc;
2320 * Prevent non-root users from setting flags on devices. When
2321 * a device is reused, users can retain ownership of the device
2322 * if they are allowed to set flags and programs assume that
2323 * chown can't fail when done as root.
2325 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
2326 ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0))
2330 * note: vget is required for any operation that might mod the vnode
2331 * so VINACTIVE is properly cleared.
2333 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2335 vattr.va_flags = flags;
2336 error = VOP_SETATTR(vp, &vattr, p->p_ucred);
2343 * chflags(char *path, int flags)
2345 * Change flags of a file given a path name.
2349 sys_chflags(struct chflags_args *uap)
2351 struct nlookupdata nd;
2356 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2357 /* XXX Add NLC flag indicating modifying operation? */
2359 error = nlookup(&nd);
2361 error = ncp_writechk(&nd.nl_nch);
2363 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
2366 error = setfflags(vp, uap->flags);
2373 * fchflags_args(int fd, int flags)
2375 * Change flags of a file given a file descriptor.
2379 sys_fchflags(struct fchflags_args *uap)
2381 struct thread *td = curthread;
2382 struct proc *p = td->td_proc;
2386 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
2388 if (fp->f_nchandle.ncp)
2389 error = ncp_writechk(&fp->f_nchandle);
2391 error = setfflags((struct vnode *) fp->f_data, uap->flags);
2397 setfmode(struct vnode *vp, int mode)
2399 struct thread *td = curthread;
2400 struct proc *p = td->td_proc;
2405 * note: vget is required for any operation that might mod the vnode
2406 * so VINACTIVE is properly cleared.
2408 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2410 vattr.va_mode = mode & ALLPERMS;
2411 error = VOP_SETATTR(vp, &vattr, p->p_ucred);
2418 kern_chmod(struct nlookupdata *nd, int mode)
2423 /* XXX Add NLC flag indicating modifying operation? */
2424 if ((error = nlookup(nd)) != 0)
2426 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
2428 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
2429 error = setfmode(vp, mode);
2435 * chmod_args(char *path, int mode)
2437 * Change mode of a file given path name.
2441 sys_chmod(struct chmod_args *uap)
2443 struct nlookupdata nd;
2446 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2448 error = kern_chmod(&nd, uap->mode);
2454 * lchmod_args(char *path, int mode)
2456 * Change mode of a file given path name (don't follow links.)
2460 sys_lchmod(struct lchmod_args *uap)
2462 struct nlookupdata nd;
2465 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2467 error = kern_chmod(&nd, uap->mode);
2473 * fchmod_args(int fd, int mode)
2475 * Change mode of a file given a file descriptor.
2479 sys_fchmod(struct fchmod_args *uap)
2481 struct thread *td = curthread;
2482 struct proc *p = td->td_proc;
2486 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
2488 if (fp->f_nchandle.ncp)
2489 error = ncp_writechk(&fp->f_nchandle);
2491 error = setfmode((struct vnode *)fp->f_data, uap->mode);
2497 setfown(struct vnode *vp, uid_t uid, gid_t gid)
2499 struct thread *td = curthread;
2500 struct proc *p = td->td_proc;
2505 * note: vget is required for any operation that might mod the vnode
2506 * so VINACTIVE is properly cleared.
2508 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2512 error = VOP_SETATTR(vp, &vattr, p->p_ucred);
2519 kern_chown(struct nlookupdata *nd, int uid, int gid)
2524 /* XXX Add NLC flag indicating modifying operation? */
2525 if ((error = nlookup(nd)) != 0)
2527 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
2529 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
2530 error = setfown(vp, uid, gid);
2536 * chown(char *path, int uid, int gid)
2538 * Set ownership given a path name.
2541 sys_chown(struct chown_args *uap)
2543 struct nlookupdata nd;
2546 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2548 error = kern_chown(&nd, uap->uid, uap->gid);
2554 * lchown_args(char *path, int uid, int gid)
2556 * Set ownership given a path name, do not cross symlinks.
2559 sys_lchown(struct lchown_args *uap)
2561 struct nlookupdata nd;
2564 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2566 error = kern_chown(&nd, uap->uid, uap->gid);
2572 * fchown_args(int fd, int uid, int gid)
2574 * Set ownership given a file descriptor.
2578 sys_fchown(struct fchown_args *uap)
2580 struct thread *td = curthread;
2581 struct proc *p = td->td_proc;
2585 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
2587 if (fp->f_nchandle.ncp)
2588 error = ncp_writechk(&fp->f_nchandle);
2590 error = setfown((struct vnode *)fp->f_data, uap->uid, uap->gid);
2596 getutimes(const struct timeval *tvp, struct timespec *tsp)
2598 struct timeval tv[2];
2602 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
2605 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
2606 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
2612 setutimes(struct vnode *vp, const struct timespec *ts, int nullflag)
2614 struct thread *td = curthread;
2615 struct proc *p = td->td_proc;
2620 * note: vget is required for any operation that might mod the vnode
2621 * so VINACTIVE is properly cleared.
2623 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2625 vattr.va_atime = ts[0];
2626 vattr.va_mtime = ts[1];
2628 vattr.va_vaflags |= VA_UTIMES_NULL;
2629 error = VOP_SETATTR(vp, &vattr, p->p_ucred);
2636 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
2638 struct timespec ts[2];
2642 if ((error = getutimes(tptr, ts)) != 0)
2644 /* XXX Add NLC flag indicating modifying operation? */
2645 if ((error = nlookup(nd)) != 0)
2647 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2649 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
2651 error = setutimes(vp, ts, tptr == NULL);
2657 * utimes_args(char *path, struct timeval *tptr)
2659 * Set the access and modification times of a file.
2662 sys_utimes(struct utimes_args *uap)
2664 struct timeval tv[2];
2665 struct nlookupdata nd;
2669 error = copyin(uap->tptr, tv, sizeof(tv));
2673 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2675 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
2681 * lutimes_args(char *path, struct timeval *tptr)
2683 * Set the access and modification times of a file.
2686 sys_lutimes(struct lutimes_args *uap)
2688 struct timeval tv[2];
2689 struct nlookupdata nd;
2693 error = copyin(uap->tptr, tv, sizeof(tv));
2697 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2699 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
2705 kern_futimes(int fd, struct timeval *tptr)
2707 struct thread *td = curthread;
2708 struct proc *p = td->td_proc;
2709 struct timespec ts[2];
2713 error = getutimes(tptr, ts);
2716 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
2718 if (fp->f_nchandle.ncp)
2719 error = ncp_writechk(&fp->f_nchandle);
2721 error = setutimes((struct vnode *)fp->f_data, ts, tptr == NULL);
2727 * futimes_args(int fd, struct timeval *tptr)
2729 * Set the access and modification times of a file.
2732 sys_futimes(struct futimes_args *uap)
2734 struct timeval tv[2];
2738 error = copyin(uap->tptr, tv, sizeof(tv));
2743 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
2749 kern_truncate(struct nlookupdata *nd, off_t length)
2757 /* XXX Add NLC flag indicating modifying operation? */
2758 if ((error = nlookup(nd)) != 0)
2760 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2762 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
2764 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
2768 if (vp->v_type == VDIR) {
2770 } else if ((error = vn_writechk(vp, &nd->nl_nch)) == 0 &&
2771 (error = VOP_ACCESS(vp, VWRITE, nd->nl_cred)) == 0) {
2773 vattr.va_size = length;
2774 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
2781 * truncate(char *path, int pad, off_t length)
2783 * Truncate a file given its path name.
2786 sys_truncate(struct truncate_args *uap)
2788 struct nlookupdata nd;
2791 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2793 error = kern_truncate(&nd, uap->length);
2799 kern_ftruncate(int fd, off_t length)
2801 struct thread *td = curthread;
2802 struct proc *p = td->td_proc;
2810 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
2812 if (fp->f_nchandle.ncp) {
2813 error = ncp_writechk(&fp->f_nchandle);
2817 if ((fp->f_flag & FWRITE) == 0) {
2821 vp = (struct vnode *)fp->f_data;
2822 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2823 if (vp->v_type == VDIR) {
2825 } else if ((error = vn_writechk(vp, NULL)) == 0) {
2827 vattr.va_size = length;
2828 error = VOP_SETATTR(vp, &vattr, fp->f_cred);
2837 * ftruncate_args(int fd, int pad, off_t length)
2839 * Truncate a file given a file descriptor.
2842 sys_ftruncate(struct ftruncate_args *uap)
2846 error = kern_ftruncate(uap->fd, uap->length);
2854 * Sync an open file.
2858 sys_fsync(struct fsync_args *uap)
2860 struct thread *td = curthread;
2861 struct proc *p = td->td_proc;
2867 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
2869 vp = (struct vnode *)fp->f_data;
2870 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2871 if ((obj = vp->v_object) != NULL)
2872 vm_object_page_clean(obj, 0, 0, 0);
2873 if ((error = VOP_FSYNC(vp, MNT_WAIT)) == 0 &&
2874 vp->v_mount && (vp->v_mount->mnt_flag & MNT_SOFTDEP) &&
2876 error = (*bioops.io_fsync)(vp);
2884 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
2886 struct nchandle fnchd;
2887 struct nchandle tnchd;
2888 struct namecache *ncp;
2895 if ((error = nlookup(fromnd)) != 0)
2897 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
2899 fnchd.mount = fromnd->nl_nch.mount;
2903 * unlock the source nch so we can lookup the target nch without
2904 * deadlocking. The target may or may not exist so we do not check
2905 * for a target vp like kern_mkdir() and other creation functions do.
2907 * The source and target directories are ref'd and rechecked after
2908 * everything is relocked to determine if the source or target file
2911 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
2912 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
2913 cache_unlock(&fromnd->nl_nch);
2915 tond->nl_flags |= NLC_CREATE;
2916 if ((error = nlookup(tond)) != 0) {
2920 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
2924 tnchd.mount = tond->nl_nch.mount;
2928 * If the source and target are the same there is nothing to do
2930 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
2937 * Mount points cannot be renamed or overwritten
2939 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
2948 * relock the source ncp. NOTE AFTER RELOCKING: the source ncp
2949 * may have become invalid while it was unlocked, nc_vp and nc_mount
2952 if (cache_lock_nonblock(&fromnd->nl_nch) == 0) {
2953 cache_resolve(&fromnd->nl_nch, fromnd->nl_cred);
2954 } else if (fromnd->nl_nch.ncp > tond->nl_nch.ncp) {
2955 cache_lock(&fromnd->nl_nch);
2956 cache_resolve(&fromnd->nl_nch, fromnd->nl_cred);
2958 cache_unlock(&tond->nl_nch);
2959 cache_lock(&fromnd->nl_nch);
2960 cache_resolve(&fromnd->nl_nch, fromnd->nl_cred);
2961 cache_lock(&tond->nl_nch);
2962 cache_resolve(&tond->nl_nch, tond->nl_cred);
2964 fromnd->nl_flags |= NLC_NCPISLOCKED;
2967 * make sure the parent directories linkages are the same
2969 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
2970 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
2977 * Both the source and target must be within the same filesystem and
2978 * in the same filesystem as their parent directories within the
2979 * namecache topology.
2981 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
2984 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
2985 mp != tond->nl_nch.mount) {
2992 * Make sure the mount point is writable
2994 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
3001 * If the target exists and either the source or target is a directory,
3002 * then both must be directories.
3004 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
3007 if (tond->nl_nch.ncp->nc_vp) {
3008 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
3010 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
3011 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
3013 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
3019 * You cannot rename a source into itself or a subdirectory of itself.
3020 * We check this by travsersing the target directory upwards looking
3021 * for a match against the source.
3024 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
3025 if (fromnd->nl_nch.ncp == ncp) {
3036 * Even though the namespaces are different, they may still represent
3037 * hardlinks to the same file. The filesystem might have a hard time
3038 * with this so we issue a NREMOVE of the source instead of a NRENAME
3039 * when we detect the situation.
3042 fdvp = fromnd->nl_nch.ncp->nc_parent->nc_vp;
3043 tdvp = tond->nl_nch.ncp->nc_parent->nc_vp;
3044 if (fdvp == NULL || tdvp == NULL) {
3046 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
3047 /* vhold(fdvp); - dvp can't go away */
3048 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
3052 /* vhold(fdvp); - dvp can't go away */
3053 /* vhold(tdvp); - dvp can't go away */
3054 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
3055 fdvp, tdvp, tond->nl_cred);
3064 * rename_args(char *from, char *to)
3066 * Rename files. Source and destination must either both be directories,
3067 * or both not be directories. If target is a directory, it must be empty.
3070 sys_rename(struct rename_args *uap)
3072 struct nlookupdata fromnd, tond;
3075 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
3077 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
3079 error = kern_rename(&fromnd, &tond);
3080 nlookup_done(&tond);
3082 nlookup_done(&fromnd);
3087 kern_mkdir(struct nlookupdata *nd, int mode)
3089 struct thread *td = curthread;
3090 struct proc *p = td->td_proc;
3097 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE;
3098 if ((error = nlookup(nd)) != 0)
3101 if (nd->nl_nch.ncp->nc_vp)
3103 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3105 if ((dvp = nd->nl_nch.ncp->nc_parent->nc_vp) == NULL)
3107 /* vhold(dvp); - dvp can't go away */
3109 vattr.va_type = VDIR;
3110 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
3113 error = VOP_NMKDIR(&nd->nl_nch, dvp, &vp, p->p_ucred, &vattr);
3121 * mkdir_args(char *path, int mode)
3123 * Make a directory file.
3127 sys_mkdir(struct mkdir_args *uap)
3129 struct nlookupdata nd;
3132 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3134 error = kern_mkdir(&nd, uap->mode);
3140 kern_rmdir(struct nlookupdata *nd)
3146 nd->nl_flags |= NLC_DELETE;
3147 if ((error = nlookup(nd)) != 0)
3151 * Do not allow directories representing mount points to be
3152 * deleted, even if empty. Check write perms on mount point
3153 * in case the vnode is aliased (aka nullfs).
3155 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
3157 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3159 if ((dvp = nd->nl_nch.ncp->nc_parent->nc_vp) == NULL)
3161 /* vhold(dvp); - dvp can't go away */
3162 error = VOP_NRMDIR(&nd->nl_nch, dvp, nd->nl_cred);
3168 * rmdir_args(char *path)
3170 * Remove a directory file.
3174 sys_rmdir(struct rmdir_args *uap)
3176 struct nlookupdata nd;
3179 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3181 error = kern_rmdir(&nd);
3187 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
3188 enum uio_seg direction)
3190 struct thread *td = curthread;
3191 struct proc *p = td->td_proc;
3199 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3201 if ((fp->f_flag & FREAD) == 0) {
3205 vp = (struct vnode *)fp->f_data;
3207 if (vp->v_type != VDIR) {
3211 aiov.iov_base = buf;
3212 aiov.iov_len = count;
3213 auio.uio_iov = &aiov;
3214 auio.uio_iovcnt = 1;
3215 auio.uio_rw = UIO_READ;
3216 auio.uio_segflg = direction;
3218 auio.uio_resid = count;
3219 loff = auio.uio_offset = fp->f_offset;
3220 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
3221 fp->f_offset = auio.uio_offset;
3224 if (count == auio.uio_resid) {
3225 if (union_dircheckp) {
3226 error = union_dircheckp(td, &vp, fp);
3233 if ((vp->v_flag & VROOT) &&
3234 (vp->v_mount->mnt_flag & MNT_UNION)) {
3235 struct vnode *tvp = vp;
3236 vp = vp->v_mount->mnt_vnodecovered;
3248 *res = count - auio.uio_resid;
3255 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
3257 * Read a block of directory entries in a file system independent format.
3260 sys_getdirentries(struct getdirentries_args *uap)
3265 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
3266 &uap->sysmsg_result, UIO_USERSPACE);
3269 error = copyout(&base, uap->basep, sizeof(*uap->basep));
3274 * getdents_args(int fd, char *buf, size_t count)
3277 sys_getdents(struct getdents_args *uap)
3281 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
3282 &uap->sysmsg_result, UIO_USERSPACE);
3288 * umask(int newmask)
3290 * Set the mode mask for creation of filesystem nodes.
3295 sys_umask(struct umask_args *uap)
3297 struct thread *td = curthread;
3298 struct proc *p = td->td_proc;
3299 struct filedesc *fdp;
3302 uap->sysmsg_result = fdp->fd_cmask;
3303 fdp->fd_cmask = uap->newmask & ALLPERMS;
3308 * revoke(char *path)
3310 * Void all references to file by ripping underlying filesystem
3315 sys_revoke(struct revoke_args *uap)
3317 struct nlookupdata nd;
3324 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3326 error = nlookup(&nd);
3328 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3329 cred = crhold(nd.nl_cred);
3332 if (vp->v_type != VCHR && vp->v_type != VBLK)
3335 error = VOP_GETATTR(vp, &vattr);
3336 if (error == 0 && cred->cr_uid != vattr.va_uid)
3337 error = suser_cred(cred, PRISON_ROOT);
3338 if (error == 0 && count_udev(vp->v_umajor, vp->v_uminor) > 0) {
3341 VOP_REVOKE(vp, REVOKEALL);
3352 * getfh_args(char *fname, fhandle_t *fhp)
3354 * Get (NFS) file handle
3357 sys_getfh(struct getfh_args *uap)
3359 struct thread *td = curthread;
3360 struct nlookupdata nd;
3366 * Must be super user
3368 if ((error = suser(td)) != 0)
3372 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
3374 error = nlookup(&nd);
3376 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3379 bzero(&fh, sizeof(fh));
3380 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
3381 error = VFS_VPTOFH(vp, &fh.fh_fid);
3384 error = copyout(&fh, uap->fhp, sizeof(fh));
3390 * fhopen_args(const struct fhandle *u_fhp, int flags)
3392 * syscall for the rpc.lockd to use to translate a NFS file handle into
3393 * an open descriptor.
3395 * warning: do not remove the suser() call or this becomes one giant
3399 sys_fhopen(struct fhopen_args *uap)
3401 struct thread *td = curthread;
3402 struct proc *p = td->td_proc;
3407 struct vattr *vap = &vat;
3409 int fmode, mode, error, type;
3415 * Must be super user
3421 fmode = FFLAGS(uap->flags);
3422 /* why not allow a non-read/write open for our lockd? */
3423 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
3425 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
3428 /* find the mount point */
3429 mp = vfs_getvfs(&fhp.fh_fsid);
3432 /* now give me my vnode, it gets returned to me locked */
3433 error = VFS_FHTOVP(mp, &fhp.fh_fid, &vp);
3437 * from now on we have to make sure not
3438 * to forget about the vnode
3439 * any error that causes an abort must vput(vp)
3440 * just set error = err and 'goto bad;'.
3446 if (vp->v_type == VLNK) {
3450 if (vp->v_type == VSOCK) {
3455 if (fmode & (FWRITE | O_TRUNC)) {
3456 if (vp->v_type == VDIR) {
3460 error = vn_writechk(vp, NULL);
3468 error = VOP_ACCESS(vp, mode, p->p_ucred);
3472 if (fmode & O_TRUNC) {
3473 vn_unlock(vp); /* XXX */
3474 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
3477 error = VOP_SETATTR(vp, vap, p->p_ucred);
3483 * VOP_OPEN needs the file pointer so it can potentially override
3486 * WARNING! no f_nchandle will be associated when fhopen()ing a
3489 if ((error = falloc(p, &nfp, &indx)) != 0)
3493 error = VOP_OPEN(vp, fmode, p->p_ucred, fp);
3496 * setting f_ops this way prevents VOP_CLOSE from being
3497 * called or fdrop() releasing the vp from v_data. Since
3498 * the VOP_OPEN failed we don't want to VOP_CLOSE.
3500 fp->f_ops = &badfileops;
3506 * The fp is given its own reference, we still have our ref and lock.
3508 * Assert that all regular files must be created with a VM object.
3510 if (vp->v_type == VREG && vp->v_object == NULL) {
3511 kprintf("fhopen: regular file did not have VM object: %p\n", vp);
3516 * The open was successful. Handle any locking requirements.
3518 if (fmode & (O_EXLOCK | O_SHLOCK)) {
3519 lf.l_whence = SEEK_SET;
3522 if (fmode & O_EXLOCK)
3523 lf.l_type = F_WRLCK;
3525 lf.l_type = F_RDLCK;
3526 if (fmode & FNONBLOCK)
3531 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
3533 * release our private reference.
3535 fsetfd(p, NULL, indx);
3540 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3541 fp->f_flag |= FHASLOCK;
3545 * Clean up. Associate the file pointer with the previously
3546 * reserved descriptor and return it.
3549 fsetfd(p, fp, indx);
3551 uap->sysmsg_result = indx;
3555 fsetfd(p, NULL, indx);
3563 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
3566 sys_fhstat(struct fhstat_args *uap)
3568 struct thread *td = curthread;
3576 * Must be super user
3582 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
3586 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
3588 if ((error = VFS_FHTOVP(mp, &fh.fh_fid, &vp)))
3590 error = vn_stat(vp, &sb, td->td_proc->p_ucred);
3594 error = copyout(&sb, uap->sb, sizeof(sb));
3599 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
3602 sys_fhstatfs(struct fhstatfs_args *uap)
3604 struct thread *td = curthread;
3605 struct proc *p = td->td_proc;
3610 char *fullpath, *freepath;
3615 * Must be super user
3617 if ((error = suser(td)))
3620 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
3623 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
3626 if (p != NULL && !chroot_visible_mnt(mp, p))
3629 if ((error = VFS_FHTOVP(mp, &fh.fh_fid, &vp)))
3634 if ((error = VFS_STATFS(mp, sp, p->p_ucred)) != 0)
3637 error = mount_path(p, mp, &fullpath, &freepath);
3640 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
3641 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
3642 kfree(freepath, M_TEMP);
3644 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
3646 bcopy(sp, &sb, sizeof(sb));
3647 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
3650 return (copyout(sp, uap->buf, sizeof(*sp)));
3654 * Syscall to push extended attribute configuration information into the
3655 * VFS. Accepts a path, which it converts to a mountpoint, as well as
3656 * a command (int cmd), and attribute name and misc data. For now, the
3657 * attribute name is left in userspace for consumption by the VFS_op.
3658 * It will probably be changed to be copied into sysspace by the
3659 * syscall in the future, once issues with various consumers of the
3660 * attribute code have raised their hands.
3662 * Currently this is used only by UFS Extended Attributes.
3665 sys_extattrctl(struct extattrctl_args *uap)
3667 struct nlookupdata nd;
3673 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3675 error = nlookup(&nd);
3677 mp = nd.nl_nch.mount;
3678 error = VFS_EXTATTRCTL(mp, uap->cmd,
3679 uap->attrname, uap->arg,
3687 * Syscall to set a named extended attribute on a file or directory.
3688 * Accepts attribute name, and a uio structure pointing to the data to set.
3689 * The uio is consumed in the style of writev(). The real work happens
3690 * in VOP_SETEXTATTR().
3693 sys_extattr_set_file(struct extattr_set_file_args *uap)
3695 char attrname[EXTATTR_MAXNAMELEN];
3696 struct iovec aiov[UIO_SMALLIOV];
3697 struct iovec *needfree;
3698 struct nlookupdata nd;
3707 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
3712 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3714 error = nlookup(&nd);
3716 error = ncp_writechk(&nd.nl_nch);
3718 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3725 iovlen = uap->iovcnt * sizeof(struct iovec);
3726 if (uap->iovcnt > UIO_SMALLIOV) {
3727 if (uap->iovcnt > UIO_MAXIOV) {
3731 MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
3737 auio.uio_iovcnt = uap->iovcnt;
3738 auio.uio_rw = UIO_WRITE;
3739 auio.uio_segflg = UIO_USERSPACE;
3740 auio.uio_td = nd.nl_td;
3741 auio.uio_offset = 0;
3742 if ((error = copyin(uap->iovp, iov, iovlen)))
3745 for (i = 0; i < uap->iovcnt; i++) {
3746 if (iov->iov_len > INT_MAX - auio.uio_resid) {
3750 auio.uio_resid += iov->iov_len;
3753 cnt = auio.uio_resid;
3754 error = VOP_SETEXTATTR(vp, attrname, &auio, nd.nl_cred);
3755 cnt -= auio.uio_resid;
3756 uap->sysmsg_result = cnt;
3761 FREE(needfree, M_IOV);
3766 * Syscall to get a named extended attribute on a file or directory.
3767 * Accepts attribute name, and a uio structure pointing to a buffer for the
3768 * data. The uio is consumed in the style of readv(). The real work
3769 * happens in VOP_GETEXTATTR();
3772 sys_extattr_get_file(struct extattr_get_file_args *uap)
3774 char attrname[EXTATTR_MAXNAMELEN];
3775 struct iovec aiov[UIO_SMALLIOV];
3776 struct iovec *needfree;
3777 struct nlookupdata nd;
3786 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
3791 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3793 error = nlookup(&nd);
3795 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3801 iovlen = uap->iovcnt * sizeof (struct iovec);
3803 if (uap->iovcnt > UIO_SMALLIOV) {
3804 if (uap->iovcnt > UIO_MAXIOV) {
3808 MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
3814 auio.uio_iovcnt = uap->iovcnt;
3815 auio.uio_rw = UIO_READ;
3816 auio.uio_segflg = UIO_USERSPACE;
3817 auio.uio_td = nd.nl_td;
3818 auio.uio_offset = 0;
3819 if ((error = copyin(uap->iovp, iov, iovlen)))
3822 for (i = 0; i < uap->iovcnt; i++) {
3823 if (iov->iov_len > INT_MAX - auio.uio_resid) {
3827 auio.uio_resid += iov->iov_len;
3830 cnt = auio.uio_resid;
3831 error = VOP_GETEXTATTR(vp, attrname, &auio, nd.nl_cred);
3832 cnt -= auio.uio_resid;
3833 uap->sysmsg_result = cnt;
3838 FREE(needfree, M_IOV);
3843 * Syscall to delete a named extended attribute from a file or directory.
3844 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
3847 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
3849 char attrname[EXTATTR_MAXNAMELEN];
3850 struct nlookupdata nd;
3854 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
3859 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3861 error = nlookup(&nd);
3863 error = ncp_writechk(&nd.nl_nch);
3865 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3871 error = VOP_SETEXTATTR(vp, attrname, NULL, nd.nl_cred);
3878 * Determine if the mount is visible to the process.
3881 chroot_visible_mnt(struct mount *mp, struct proc *p)
3883 struct nchandle nch;
3886 * Traverse from the mount point upwards. If we hit the process
3887 * root then the mount point is visible to the process.
3889 nch = mp->mnt_ncmountpt;
3891 if (nch.mount == p->p_fd->fd_nrdir.mount &&
3892 nch.ncp == p->p_fd->fd_nrdir.ncp) {
3895 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
3896 nch = nch.mount->mnt_ncmounton;
3898 nch.ncp = nch.ncp->nc_parent;
3903 * If the mount point is not visible to the process, but the
3904 * process root is in a subdirectory of the mount, return
3907 if (p->p_fd->fd_nrdir.mount == mp)
projects / dragonfly.git / blob