2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
35 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
38 #include <sys/param.h>
39 #include <sys/systm.h>
42 #include <sys/sysent.h>
43 #include <sys/malloc.h>
44 #include <sys/mount.h>
45 #include <sys/mountctl.h>
46 #include <sys/sysproto.h>
47 #include <sys/filedesc.h>
48 #include <sys/kernel.h>
49 #include <sys/fcntl.h>
51 #include <sys/linker.h>
53 #include <sys/unistd.h>
54 #include <sys/vnode.h>
58 #include <sys/namei.h>
59 #include <sys/nlookup.h>
60 #include <sys/dirent.h>
61 #include <sys/extattr.h>
62 #include <sys/spinlock.h>
63 #include <sys/kern_syscall.h>
64 #include <sys/objcache.h>
65 #include <sys/sysctl.h>
68 #include <sys/file2.h>
69 #include <sys/spinlock2.h>
72 #include <vm/vm_object.h>
73 #include <vm/vm_page.h>
75 #include <machine/limits.h>
76 #include <machine/stdarg.h>
78 static void mount_warning(struct mount *mp, const char *ctl, ...)
80 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
81 static int checkvp_chdir (struct vnode *vn, struct thread *td);
82 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
83 static int chroot_refuse_vdir_fds (struct filedesc *fdp);
84 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
85 static int getutimes (struct timeval *, struct timespec *);
86 static int getutimens (const struct timespec *, struct timespec *, int *);
87 static int setfown (struct mount *, struct vnode *, uid_t, gid_t);
88 static int setfmode (struct vnode *, int);
89 static int setfflags (struct vnode *, int);
90 static int setutimes (struct vnode *, struct vattr *,
91 const struct timespec *, int);
92 static int usermount = 0; /* if 1, non-root can mount fs. */
94 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
95 "Allow non-root users to mount filesystems");
98 * Virtual File System System Calls
102 * Mount a file system.
104 * mount_args(char *type, char *path, int flags, caddr_t data)
109 sys_mount(struct mount_args *uap)
111 struct thread *td = curthread;
114 struct mount *mp, *nullmp;
115 struct vfsconf *vfsp;
116 int error, flag = 0, flag2 = 0;
119 struct nlookupdata nd;
120 char fstypename[MFSNAMELEN];
128 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
132 * Do not allow NFS export by non-root users.
134 if (uap->flags & MNT_EXPORTED) {
135 error = priv_check(td, PRIV_ROOT);
140 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
142 if (priv_check(td, PRIV_ROOT))
143 uap->flags |= MNT_NOSUID | MNT_NODEV;
146 * Lookup the requested path and extract the nch and vnode.
148 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
150 if ((error = nlookup(&nd)) == 0) {
151 if (nd.nl_nch.ncp->nc_vp == NULL)
161 * If the target filesystem is resolved via a nullfs mount, then
162 * nd.nl_nch.mount will be pointing to the nullfs mount structure
163 * instead of the target file system. We need it in case we are
166 nullmp = nd.nl_nch.mount;
169 * Extract the locked+refd ncp and cleanup the nd structure
172 cache_zero(&nd.nl_nch);
175 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
176 (mp = cache_findmount(&nch)) != NULL) {
185 * now we have the locked ref'd nch and unreferenced vnode.
188 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
195 * Extract the file system type. We need to know this early, to take
196 * appropriate actions if we are dealing with a nullfs.
198 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0) {
205 * Now we have an unlocked ref'd nch and a locked ref'd vp
207 if (uap->flags & MNT_UPDATE) {
208 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
215 if (strncmp(fstypename, "null", 5) == 0) {
223 flag2 = mp->mnt_kern_flag;
225 * We only allow the filesystem to be reloaded if it
226 * is currently mounted read-only.
228 if ((uap->flags & MNT_RELOAD) &&
229 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
232 error = EOPNOTSUPP; /* Needs translation */
236 * Only root, or the user that did the original mount is
237 * permitted to update it.
239 if (mp->mnt_stat.f_owner != cred->cr_uid &&
240 (error = priv_check(td, PRIV_ROOT))) {
245 if (vfs_busy(mp, LK_NOWAIT)) {
259 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
260 lwkt_gettoken(&mp->mnt_token);
267 * If the user is not root, ensure that they own the directory
268 * onto which we are attempting to mount.
270 if ((error = VOP_GETATTR(vp, &va)) ||
271 (va.va_uid != cred->cr_uid &&
272 (error = priv_check(td, PRIV_ROOT)))) {
277 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
282 if (vp->v_type != VDIR) {
288 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
294 vfsp = vfsconf_find_by_name(fstypename);
298 /* Only load modules for root (very important!) */
299 if ((error = priv_check(td, PRIV_ROOT)) != 0) {
304 error = linker_load_file(fstypename, &lf);
305 if (error || lf == NULL) {
313 /* lookup again, see if the VFS was loaded */
314 vfsp = vfsconf_find_by_name(fstypename);
317 linker_file_unload(lf);
332 * Allocate and initialize the filesystem.
334 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
336 vfs_busy(mp, LK_NOWAIT);
337 mp->mnt_op = vfsp->vfc_vfsops;
339 mp->mnt_pbuf_count = nswbuf_kva / NSWBUF_SPLIT;
340 vfsp->vfc_refcount++;
341 mp->mnt_stat.f_type = vfsp->vfc_typenum;
342 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
343 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
344 mp->mnt_stat.f_owner = cred->cr_uid;
345 lwkt_gettoken(&mp->mnt_token);
349 * (per-mount token acquired at this point)
351 * Set the mount level flags.
353 if (uap->flags & MNT_RDONLY)
354 mp->mnt_flag |= MNT_RDONLY;
355 else if (mp->mnt_flag & MNT_RDONLY)
356 mp->mnt_kern_flag |= MNTK_WANTRDWR;
357 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
358 MNT_SYNCHRONOUS | MNT_ASYNC | MNT_NOATIME |
359 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
360 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
362 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
363 MNT_NODEV | MNT_SYNCHRONOUS | MNT_ASYNC | MNT_FORCE |
364 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
365 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
369 * Pre-set the mount's ALL_MPSAFE flags if specified in the vfsconf.
370 * This way the initial VFS_MOUNT() call will also be MPSAFE.
372 if (vfsp->vfc_flags & VFCF_MPSAFE)
373 mp->mnt_kern_flag |= MNTK_ALL_MPSAFE;
376 * Mount the filesystem.
377 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
380 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
381 if (mp->mnt_flag & MNT_UPDATE) {
382 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
383 mp->mnt_flag &= ~MNT_RDONLY;
384 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
385 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
388 mp->mnt_kern_flag = flag2;
390 lwkt_reltoken(&mp->mnt_token);
396 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
399 * Put the new filesystem on the mount list after root. The mount
400 * point gets its own mnt_ncmountpt (unless the VFS already set one
401 * up) which represents the root of the mount. The lookup code
402 * detects the mount point going forward and checks the root of
403 * the mount going backwards.
405 * It is not necessary to invalidate or purge the vnode underneath
406 * because elements under the mount will be given their own glue
410 if (mp->mnt_ncmountpt.ncp == NULL) {
412 * Allocate, then unlock, but leave the ref intact.
413 * This is the mnt_refs (1) that we will retain
414 * through to the unmount.
416 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
417 cache_unlock(&mp->mnt_ncmountpt);
420 mp->mnt_ncmounton = nch; /* inherits ref */
422 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
424 cache_ismounting(mp);
425 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
427 mountlist_insert(mp, MNTINS_LAST);
429 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
430 error = vfs_allocate_syncvnode(mp);
431 lwkt_reltoken(&mp->mnt_token);
433 error = VFS_START(mp, 0);
435 KNOTE(&fs_klist, VQ_MOUNT);
437 vn_syncer_thr_stop(mp);
438 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
439 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
440 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
441 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
442 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
443 mp->mnt_vfc->vfc_refcount--;
444 lwkt_reltoken(&mp->mnt_token);
455 * Scan all active processes to see if any of them have a current
456 * or root directory onto which the new filesystem has just been
457 * mounted. If so, replace them with the new mount point.
459 * Both old_nch and new_nch are ref'd on call but not locked.
460 * new_nch must be temporarily locked so it can be associated with the
461 * vnode representing the root of the mount point.
463 struct checkdirs_info {
464 struct nchandle old_nch;
465 struct nchandle new_nch;
466 struct vnode *old_vp;
467 struct vnode *new_vp;
470 static int checkdirs_callback(struct proc *p, void *data);
473 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
475 struct checkdirs_info info;
481 * If the old mount point's vnode has a usecount of 1, it is not
482 * being held as a descriptor anywhere.
484 olddp = old_nch->ncp->nc_vp;
485 if (olddp == NULL || VREFCNT(olddp) == 1)
489 * Force the root vnode of the new mount point to be resolved
490 * so we can update any matching processes.
493 if (VFS_ROOT(mp, &newdp))
494 panic("mount: lost mount");
497 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY);
498 cache_setunresolved(new_nch);
499 cache_setvp(new_nch, newdp);
500 cache_unlock(new_nch);
503 * Special handling of the root node
505 if (rootvnode == olddp) {
507 vfs_cache_setroot(newdp, cache_hold(new_nch));
511 * Pass newdp separately so the callback does not have to access
512 * it via new_nch->ncp->nc_vp.
514 info.old_nch = *old_nch;
515 info.new_nch = *new_nch;
517 allproc_scan(checkdirs_callback, &info, 0);
522 * NOTE: callback is not MP safe because the scanned process's filedesc
523 * structure can be ripped out from under us, amoung other things.
526 checkdirs_callback(struct proc *p, void *data)
528 struct checkdirs_info *info = data;
529 struct filedesc *fdp;
530 struct nchandle ncdrop1;
531 struct nchandle ncdrop2;
532 struct vnode *vprele1;
533 struct vnode *vprele2;
535 if ((fdp = p->p_fd) != NULL) {
536 cache_zero(&ncdrop1);
537 cache_zero(&ncdrop2);
542 * MPUNSAFE - XXX fdp can be pulled out from under a
545 * A shared filedesc is ok, we don't have to copy it
546 * because we are making this change globally.
548 spin_lock(&fdp->fd_spin);
549 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
550 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
551 vprele1 = fdp->fd_cdir;
553 fdp->fd_cdir = info->new_vp;
554 ncdrop1 = fdp->fd_ncdir;
555 cache_copy(&info->new_nch, &fdp->fd_ncdir);
557 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
558 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
559 vprele2 = fdp->fd_rdir;
561 fdp->fd_rdir = info->new_vp;
562 ncdrop2 = fdp->fd_nrdir;
563 cache_copy(&info->new_nch, &fdp->fd_nrdir);
565 spin_unlock(&fdp->fd_spin);
567 cache_drop(&ncdrop1);
569 cache_drop(&ncdrop2);
579 * Unmount a file system.
581 * Note: unmount takes a path to the vnode mounted on as argument,
582 * not special file (as before).
584 * umount_args(char *path, int flags)
589 sys_unmount(struct unmount_args *uap)
591 struct thread *td = curthread;
592 struct proc *p __debugvar = td->td_proc;
593 struct mount *mp = NULL;
594 struct nlookupdata nd;
598 if (td->td_ucred->cr_prison != NULL) {
602 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
605 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
607 error = nlookup(&nd);
611 mp = nd.nl_nch.mount;
614 * Only root, or the user that did the original mount is
615 * permitted to unmount this filesystem.
617 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
618 (error = priv_check(td, PRIV_ROOT)))
622 * Don't allow unmounting the root file system.
624 if (mp->mnt_flag & MNT_ROOTFS) {
630 * Must be the root of the filesystem
632 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
638 * If no error try to issue the unmount. We lose our cache
639 * ref when we call nlookup_done so we must hold the mount point
640 * to prevent use-after-free races.
646 error = dounmount(mp, uap->flags, 0);
656 * Do the actual file system unmount (interlocked against the mountlist
657 * token and mp->mnt_token).
660 dounmount_interlock(struct mount *mp)
662 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
664 mp->mnt_kern_flag |= MNTK_UNMOUNT;
669 unmount_allproc_cb(struct proc *p, void *arg)
673 if (p->p_textnch.ncp == NULL)
676 mp = (struct mount *)arg;
677 if (p->p_textnch.mount == mp)
678 cache_drop(&p->p_textnch);
684 * The guts of the unmount code. The mount owns one ref and one hold
685 * count. If we successfully interlock the unmount, those refs are ours.
686 * (The ref is from mnt_ncmountpt).
688 * When halting we shortcut certain mount types such as devfs by not actually
689 * issuing the VFS_SYNC() or VFS_UNMOUNT(). They are still disconnected
690 * from the mountlist so higher-level filesytems can unmount cleanly.
692 * The mount types that allow QUICKHALT are: devfs, tmpfs, procfs.
695 dounmount(struct mount *mp, int flags, int halting)
697 struct namecache *ncp;
707 lwkt_gettoken(&mp->mnt_token);
710 * When halting, certain mount points can essentially just
711 * be unhooked and otherwise ignored.
713 if (halting && (mp->mnt_kern_flag & MNTK_QUICKHALT)) {
722 * Exclusive access for unmounting purposes.
724 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
728 * We now 'own' the last mp->mnt_refs
730 * Allow filesystems to detect that a forced unmount is in progress.
732 if (flags & MNT_FORCE)
733 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
734 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_TIMELOCK);
735 error = lockmgr(&mp->mnt_lock, lflags);
737 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
738 if (mp->mnt_kern_flag & MNTK_MWAIT) {
739 mp->mnt_kern_flag &= ~MNTK_MWAIT;
745 if (mp->mnt_flag & MNT_EXPUBLIC)
746 vfs_setpublicfs(NULL, NULL, NULL);
748 vfs_msync(mp, MNT_WAIT);
749 async_flag = mp->mnt_flag & MNT_ASYNC;
750 mp->mnt_flag &=~ MNT_ASYNC;
753 * If this filesystem isn't aliasing other filesystems,
754 * try to invalidate any remaining namecache entries and
755 * check the count afterwords.
757 * We own the last mnt_refs by owning mnt_ncmountpt.
759 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
760 cache_lock(&mp->mnt_ncmountpt);
761 cache_inval(&mp->mnt_ncmountpt, CINV_DESTROY|CINV_CHILDREN);
762 cache_unlock(&mp->mnt_ncmountpt);
764 cache_clearmntcache();
765 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
766 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
767 allproc_scan(&unmount_allproc_cb, mp, 0);
770 cache_clearmntcache();
771 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
772 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
774 if ((flags & MNT_FORCE) == 0) {
776 mount_warning(mp, "Cannot unmount: "
782 mount_warning(mp, "Forced unmount: "
793 * Decomission our special mnt_syncer vnode. This also stops
794 * the vnlru code. If we are unable to unmount we recommission
797 * Then sync the filesystem.
799 if ((vp = mp->mnt_syncer) != NULL) {
800 mp->mnt_syncer = NULL;
801 atomic_set_int(&vp->v_refcnt, VREF_FINALIZE);
805 if (quickhalt == 0) {
806 if ((mp->mnt_flag & MNT_RDONLY) == 0)
807 VFS_SYNC(mp, MNT_WAIT);
811 * nchandle records ref the mount structure. Expect a count of 1
812 * (our mount->mnt_ncmountpt).
814 * Scans can get temporary refs on a mountpoint (thought really
815 * heavy duty stuff like cache_findmount() do not).
817 if (mp->mnt_refs != 1)
818 cache_clearmntcache();
819 for (retry = 0; retry < 10 && mp->mnt_refs != 1; ++retry) {
820 cache_unmounting(mp);
821 tsleep(&mp->mnt_refs, 0, "mntbsy", hz / 10 + 1);
822 cache_clearmntcache();
824 if (mp->mnt_refs != 1) {
825 if ((flags & MNT_FORCE) == 0) {
826 mount_warning(mp, "Cannot unmount: "
827 "%d mount refs still present",
831 mount_warning(mp, "Forced unmount: "
832 "%d mount refs still present",
839 * So far so good, sync the filesystem once more and
840 * call the VFS unmount code if the sync succeeds.
842 if (error == 0 && quickhalt == 0) {
843 if (mp->mnt_flag & MNT_RDONLY) {
844 error = VFS_UNMOUNT(mp, flags);
846 error = VFS_SYNC(mp, MNT_WAIT);
848 (error == EOPNOTSUPP) || /* No sync */
849 (flags & MNT_FORCE)) {
850 error = VFS_UNMOUNT(mp, flags);
856 * If an error occurred we can still recover, restoring the
857 * syncer vnode and misc flags.
860 if (mp->mnt_syncer == NULL)
861 vfs_allocate_syncvnode(mp);
862 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
863 mp->mnt_flag |= async_flag;
864 lockmgr(&mp->mnt_lock, LK_RELEASE);
865 if (mp->mnt_kern_flag & MNTK_MWAIT) {
866 mp->mnt_kern_flag &= ~MNTK_MWAIT;
872 * Clean up any journals still associated with the mount after
873 * filesystem activity has ceased.
875 journal_remove_all_journals(mp,
876 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
878 mountlist_remove(mp);
881 * Remove any installed vnode ops here so the individual VFSs don't
884 * mnt_refs should go to zero when we scrap mnt_ncmountpt.
886 * When quickhalting we have to keep these intact because the
887 * underlying vnodes have not been destroyed, and some might be
890 if (quickhalt == 0) {
891 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
892 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
893 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
894 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
895 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
898 if (mp->mnt_ncmountpt.ncp != NULL) {
899 nch = mp->mnt_ncmountpt;
900 cache_zero(&mp->mnt_ncmountpt);
901 cache_clrmountpt(&nch);
904 if (mp->mnt_ncmounton.ncp != NULL) {
905 cache_unmounting(mp);
906 nch = mp->mnt_ncmounton;
907 cache_zero(&mp->mnt_ncmounton);
908 cache_clrmountpt(&nch);
912 mp->mnt_vfc->vfc_refcount--;
915 * If not quickhalting the mount, we expect there to be no
918 if (quickhalt == 0 && !TAILQ_EMPTY(&mp->mnt_nvnodelist))
919 panic("unmount: dangling vnode");
924 lockmgr(&mp->mnt_lock, LK_RELEASE);
925 if (mp->mnt_kern_flag & MNTK_MWAIT) {
926 mp->mnt_kern_flag &= ~MNTK_MWAIT;
931 * If we reach here and freeok != 0 we must free the mount.
932 * mnt_refs should already have dropped to 0, so if it is not
933 * zero we must cycle the caches and wait.
935 * When we are satisfied that the mount has disconnected we can
936 * drop the hold on the mp that represented the mount (though the
937 * caller might actually have another, so the caller's drop may
938 * do the actual free).
941 if (mp->mnt_refs > 0)
942 cache_clearmntcache();
943 while (mp->mnt_refs > 0) {
944 cache_unmounting(mp);
946 tsleep(&mp->mnt_refs, 0, "umntrwait", hz / 10 + 1);
947 cache_clearmntcache();
949 lwkt_reltoken(&mp->mnt_token);
953 cache_clearmntcache();
956 KNOTE(&fs_klist, VQ_UNMOUNT);
959 lwkt_reltoken(&mp->mnt_token);
965 mount_warning(struct mount *mp, const char *ctl, ...)
972 if (cache_fullpath(NULL, &mp->mnt_ncmounton, NULL,
973 &ptr, &buf, 0) == 0) {
974 kprintf("unmount(%s): ", ptr);
979 kprintf("unmount(%p", mp);
980 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
981 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
990 * Shim cache_fullpath() to handle the case where a process is chrooted into
991 * a subdirectory of a mount. In this case if the root mount matches the
992 * process root directory's mount we have to specify the process's root
993 * directory instead of the mount point, because the mount point might
994 * be above the root directory.
998 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
1000 struct nchandle *nch;
1002 if (p && p->p_fd->fd_nrdir.mount == mp)
1003 nch = &p->p_fd->fd_nrdir;
1005 nch = &mp->mnt_ncmountpt;
1006 return(cache_fullpath(p, nch, NULL, rb, fb, 0));
1010 * Sync each mounted filesystem.
1014 static int syncprt = 0;
1015 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
1018 static int sync_callback(struct mount *mp, void *data);
1021 sys_sync(struct sync_args *uap)
1023 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
1029 sync_callback(struct mount *mp, void *data __unused)
1033 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
1034 lwkt_gettoken(&mp->mnt_token);
1035 asyncflag = mp->mnt_flag & MNT_ASYNC;
1036 mp->mnt_flag &= ~MNT_ASYNC;
1037 lwkt_reltoken(&mp->mnt_token);
1038 vfs_msync(mp, MNT_NOWAIT);
1039 VFS_SYNC(mp, MNT_NOWAIT);
1040 lwkt_gettoken(&mp->mnt_token);
1041 mp->mnt_flag |= asyncflag;
1042 lwkt_reltoken(&mp->mnt_token);
1047 /* XXX PRISON: could be per prison flag */
1048 static int prison_quotas;
1050 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
1054 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
1056 * Change filesystem quotas.
1061 sys_quotactl(struct quotactl_args *uap)
1063 struct nlookupdata nd;
1069 if (td->td_ucred->cr_prison && !prison_quotas) {
1074 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1076 error = nlookup(&nd);
1078 mp = nd.nl_nch.mount;
1079 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
1080 uap->arg, nd.nl_cred);
1088 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
1089 * void *buf, int buflen)
1091 * This function operates on a mount point and executes the specified
1092 * operation using the specified control data, and possibly returns data.
1094 * The actual number of bytes stored in the result buffer is returned, 0
1095 * if none, otherwise an error is returned.
1100 sys_mountctl(struct mountctl_args *uap)
1102 struct thread *td = curthread;
1103 struct proc *p = td->td_proc;
1111 * Sanity and permissions checks. We must be root.
1114 if (td->td_ucred->cr_prison != NULL)
1116 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
1117 (error = priv_check(td, PRIV_ROOT)) != 0)
1121 * Argument length checks
1123 if (uap->ctllen < 0 || uap->ctllen > 1024)
1125 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
1127 if (uap->path == NULL)
1131 * Allocate the necessary buffers and copyin data
1133 path = objcache_get(namei_oc, M_WAITOK);
1134 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
1139 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
1140 error = copyin(uap->ctl, ctl, uap->ctllen);
1145 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1148 * Validate the descriptor
1151 fp = holdfp(p->p_fd, uap->fd, -1);
1161 * Execute the internal kernel function and clean up.
1163 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen, buf, uap->buflen, &uap->sysmsg_result);
1166 if (error == 0 && uap->sysmsg_result > 0)
1167 error = copyout(buf, uap->buf, uap->sysmsg_result);
1170 objcache_put(namei_oc, path);
1179 * Execute a mount control operation by resolving the path to a mount point
1180 * and calling vop_mountctl().
1182 * Use the mount point from the nch instead of the vnode so nullfs mounts
1183 * can properly spike the VOP.
1186 kern_mountctl(const char *path, int op, struct file *fp,
1187 const void *ctl, int ctllen,
1188 void *buf, int buflen, int *res)
1191 struct nlookupdata nd;
1192 struct nchandle nch;
1198 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1201 error = nlookup(&nd);
1206 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1213 * Yes, all this is needed to use the nch.mount below, because
1214 * we must maintain a ref on the mount to avoid ripouts (e.g.
1215 * due to heavy mount/unmount use by synth or poudriere).
1218 cache_zero(&nd.nl_nch);
1226 * Must be the root of the filesystem
1228 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1233 if (mp == NULL || mp->mnt_kern_flag & MNTK_UNMOUNT) {
1234 kprintf("kern_mountctl: Warning, \"%s\" racing unmount\n",
1240 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1249 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1251 struct thread *td = curthread;
1252 struct proc *p = td->td_proc;
1255 char *fullpath, *freepath;
1258 if ((error = nlookup(nd)) != 0)
1260 mp = nd->nl_nch.mount;
1262 if ((error = VFS_STATFS(mp, sp, nd->nl_cred)) != 0)
1265 error = mount_path(p, mp, &fullpath, &freepath);
1268 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1269 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1270 kfree(freepath, M_TEMP);
1272 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1273 bcopy(sp, buf, sizeof(*buf));
1274 /* Only root should have access to the fsid's. */
1275 if (priv_check(td, PRIV_ROOT))
1276 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1281 * statfs_args(char *path, struct statfs *buf)
1283 * Get filesystem statistics.
1286 sys_statfs(struct statfs_args *uap)
1288 struct nlookupdata nd;
1292 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1294 error = kern_statfs(&nd, &buf);
1297 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1302 kern_fstatfs(int fd, struct statfs *buf)
1304 struct thread *td = curthread;
1305 struct proc *p = td->td_proc;
1309 char *fullpath, *freepath;
1313 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1317 * Try to use mount info from any overlays rather than the
1318 * mount info for the underlying vnode, otherwise we will
1319 * fail when operating on null-mounted paths inside a chroot.
1321 if ((mp = fp->f_nchandle.mount) == NULL)
1322 mp = ((struct vnode *)fp->f_data)->v_mount;
1327 if (fp->f_cred == NULL) {
1332 if ((error = VFS_STATFS(mp, sp, fp->f_cred)) != 0)
1335 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1337 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1338 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1339 kfree(freepath, M_TEMP);
1341 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1342 bcopy(sp, buf, sizeof(*buf));
1344 /* Only root should have access to the fsid's. */
1345 if (priv_check(td, PRIV_ROOT))
1346 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1354 * fstatfs_args(int fd, struct statfs *buf)
1356 * Get filesystem statistics.
1359 sys_fstatfs(struct fstatfs_args *uap)
1364 error = kern_fstatfs(uap->fd, &buf);
1367 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1372 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1378 if ((error = nlookup(nd)) != 0)
1380 mp = nd->nl_nch.mount;
1381 sp = &mp->mnt_vstat;
1382 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1386 if (mp->mnt_flag & MNT_RDONLY)
1387 sp->f_flag |= ST_RDONLY;
1388 if (mp->mnt_flag & MNT_NOSUID)
1389 sp->f_flag |= ST_NOSUID;
1390 bcopy(sp, buf, sizeof(*buf));
1395 * statfs_args(char *path, struct statfs *buf)
1397 * Get filesystem statistics.
1400 sys_statvfs(struct statvfs_args *uap)
1402 struct nlookupdata nd;
1406 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1408 error = kern_statvfs(&nd, &buf);
1411 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1416 kern_fstatvfs(int fd, struct statvfs *buf)
1418 struct thread *td = curthread;
1419 struct proc *p = td->td_proc;
1426 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1428 if ((mp = fp->f_nchandle.mount) == NULL)
1429 mp = ((struct vnode *)fp->f_data)->v_mount;
1434 if (fp->f_cred == NULL) {
1438 sp = &mp->mnt_vstat;
1439 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1443 if (mp->mnt_flag & MNT_RDONLY)
1444 sp->f_flag |= ST_RDONLY;
1445 if (mp->mnt_flag & MNT_NOSUID)
1446 sp->f_flag |= ST_NOSUID;
1448 bcopy(sp, buf, sizeof(*buf));
1456 * fstatfs_args(int fd, struct statfs *buf)
1458 * Get filesystem statistics.
1461 sys_fstatvfs(struct fstatvfs_args *uap)
1466 error = kern_fstatvfs(uap->fd, &buf);
1469 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1474 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1476 * Get statistics on all filesystems.
1479 struct getfsstat_info {
1480 struct statfs *sfsp;
1488 static int getfsstat_callback(struct mount *, void *);
1491 sys_getfsstat(struct getfsstat_args *uap)
1493 struct thread *td = curthread;
1494 struct getfsstat_info info;
1496 bzero(&info, sizeof(info));
1498 info.maxcount = uap->bufsize / sizeof(struct statfs);
1499 info.sfsp = uap->buf;
1501 info.flags = uap->flags;
1504 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1505 if (info.sfsp && info.count > info.maxcount)
1506 uap->sysmsg_result = info.maxcount;
1508 uap->sysmsg_result = info.count;
1509 return (info.error);
1513 getfsstat_callback(struct mount *mp, void *data)
1515 struct getfsstat_info *info = data;
1521 if (info->sfsp && info->count < info->maxcount) {
1522 if (info->td->td_proc &&
1523 !chroot_visible_mnt(mp, info->td->td_proc)) {
1529 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1530 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1531 * overrides MNT_WAIT.
1533 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1534 (info->flags & MNT_WAIT)) &&
1535 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1538 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1540 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1542 info->error = error;
1545 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1546 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1547 kfree(freepath, M_TEMP);
1549 error = copyout(sp, info->sfsp, sizeof(*sp));
1551 info->error = error;
1561 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1562 long bufsize, int flags)
1564 * Get statistics on all filesystems.
1567 struct getvfsstat_info {
1568 struct statfs *sfsp;
1569 struct statvfs *vsfsp;
1577 static int getvfsstat_callback(struct mount *, void *);
1580 sys_getvfsstat(struct getvfsstat_args *uap)
1582 struct thread *td = curthread;
1583 struct getvfsstat_info info;
1585 bzero(&info, sizeof(info));
1587 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1588 info.sfsp = uap->buf;
1589 info.vsfsp = uap->vbuf;
1591 info.flags = uap->flags;
1594 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1595 if (info.vsfsp && info.count > info.maxcount)
1596 uap->sysmsg_result = info.maxcount;
1598 uap->sysmsg_result = info.count;
1599 return (info.error);
1603 getvfsstat_callback(struct mount *mp, void *data)
1605 struct getvfsstat_info *info = data;
1607 struct statvfs *vsp;
1612 if (info->vsfsp && info->count < info->maxcount) {
1613 if (info->td->td_proc &&
1614 !chroot_visible_mnt(mp, info->td->td_proc)) {
1618 vsp = &mp->mnt_vstat;
1621 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1622 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1623 * overrides MNT_WAIT.
1625 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1626 (info->flags & MNT_WAIT)) &&
1627 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1630 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1632 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1633 (info->flags & MNT_WAIT)) &&
1634 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1638 if (mp->mnt_flag & MNT_RDONLY)
1639 vsp->f_flag |= ST_RDONLY;
1640 if (mp->mnt_flag & MNT_NOSUID)
1641 vsp->f_flag |= ST_NOSUID;
1643 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1645 info->error = error;
1648 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1649 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1650 kfree(freepath, M_TEMP);
1652 error = copyout(sp, info->sfsp, sizeof(*sp));
1654 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1656 info->error = error;
1668 * fchdir_args(int fd)
1670 * Change current working directory to a given file descriptor.
1673 sys_fchdir(struct fchdir_args *uap)
1675 struct thread *td = curthread;
1676 struct proc *p = td->td_proc;
1677 struct filedesc *fdp = p->p_fd;
1678 struct vnode *vp, *ovp;
1681 struct nchandle nch, onch, tnch;
1684 if ((error = holdvnode(fdp, uap->fd, &fp)) != 0)
1686 lwkt_gettoken(&p->p_token);
1687 vp = (struct vnode *)fp->f_data;
1689 vn_lock(vp, LK_SHARED | LK_RETRY);
1690 if (fp->f_nchandle.ncp == NULL)
1693 error = checkvp_chdir(vp, td);
1698 cache_copy(&fp->f_nchandle, &nch);
1701 * If the ncp has become a mount point, traverse through
1705 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1706 (mp = cache_findmount(&nch)) != NULL
1708 error = nlookup_mp(mp, &tnch);
1710 cache_unlock(&tnch); /* leave ref intact */
1712 vp = tnch.ncp->nc_vp;
1713 error = vget(vp, LK_SHARED);
1714 KKASSERT(error == 0);
1718 cache_dropmount(mp);
1721 spin_lock(&fdp->fd_spin);
1723 onch = fdp->fd_ncdir;
1725 fdp->fd_ncdir = nch;
1726 spin_unlock(&fdp->fd_spin);
1727 vn_unlock(vp); /* leave ref intact */
1736 lwkt_reltoken(&p->p_token);
1741 kern_chdir(struct nlookupdata *nd)
1743 struct thread *td = curthread;
1744 struct proc *p = td->td_proc;
1745 struct filedesc *fdp = p->p_fd;
1746 struct vnode *vp, *ovp;
1747 struct nchandle onch;
1750 nd->nl_flags |= NLC_SHAREDLOCK;
1751 if ((error = nlookup(nd)) != 0)
1753 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1755 if ((error = vget(vp, LK_SHARED)) != 0)
1758 lwkt_gettoken(&p->p_token);
1759 error = checkvp_chdir(vp, td);
1762 spin_lock(&fdp->fd_spin);
1764 onch = fdp->fd_ncdir;
1765 fdp->fd_ncdir = nd->nl_nch;
1767 spin_unlock(&fdp->fd_spin);
1768 cache_unlock(&nd->nl_nch); /* leave reference intact */
1771 cache_zero(&nd->nl_nch);
1775 lwkt_reltoken(&p->p_token);
1780 * chdir_args(char *path)
1782 * Change current working directory (``.'').
1785 sys_chdir(struct chdir_args *uap)
1787 struct nlookupdata nd;
1790 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1792 error = kern_chdir(&nd);
1798 * Helper function for raised chroot(2) security function: Refuse if
1799 * any filedescriptors are open directories.
1802 chroot_refuse_vdir_fds(struct filedesc *fdp)
1809 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1810 if ((error = holdvnode(fdp, fd, &fp)) != 0)
1812 vp = (struct vnode *)fp->f_data;
1813 if (vp->v_type != VDIR) {
1824 * This sysctl determines if we will allow a process to chroot(2) if it
1825 * has a directory open:
1826 * 0: disallowed for all processes.
1827 * 1: allowed for processes that were not already chroot(2)'ed.
1828 * 2: allowed for all processes.
1831 static int chroot_allow_open_directories = 1;
1833 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1834 &chroot_allow_open_directories, 0, "");
1837 * chroot to the specified namecache entry. We obtain the vp from the
1838 * namecache data. The passed ncp must be locked and referenced and will
1839 * remain locked and referenced on return.
1842 kern_chroot(struct nchandle *nch)
1844 struct thread *td = curthread;
1845 struct proc *p = td->td_proc;
1846 struct filedesc *fdp = p->p_fd;
1851 * Only privileged user can chroot
1853 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1858 * Disallow open directory descriptors (fchdir() breakouts).
1860 if (chroot_allow_open_directories == 0 ||
1861 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1862 if ((error = chroot_refuse_vdir_fds(fdp)) != 0)
1865 if ((vp = nch->ncp->nc_vp) == NULL)
1868 if ((error = vget(vp, LK_SHARED)) != 0)
1872 * Check the validity of vp as a directory to change to and
1873 * associate it with rdir/jdir.
1875 error = checkvp_chdir(vp, td);
1876 vn_unlock(vp); /* leave reference intact */
1878 lwkt_gettoken(&p->p_token);
1879 vrele(fdp->fd_rdir);
1880 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1881 cache_drop(&fdp->fd_nrdir);
1882 cache_copy(nch, &fdp->fd_nrdir);
1883 if (fdp->fd_jdir == NULL) {
1886 cache_copy(nch, &fdp->fd_njdir);
1888 if ((p->p_flags & P_DIDCHROOT) == 0) {
1889 p->p_flags |= P_DIDCHROOT;
1890 if (p->p_depth <= 65535 - 32)
1893 lwkt_reltoken(&p->p_token);
1901 * chroot_args(char *path)
1903 * Change notion of root (``/'') directory.
1906 sys_chroot(struct chroot_args *uap)
1908 struct thread *td __debugvar = curthread;
1909 struct nlookupdata nd;
1912 KKASSERT(td->td_proc);
1913 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1915 nd.nl_flags |= NLC_EXEC;
1916 error = nlookup(&nd);
1918 error = kern_chroot(&nd.nl_nch);
1925 sys_chroot_kernel(struct chroot_kernel_args *uap)
1927 struct thread *td = curthread;
1928 struct nlookupdata nd;
1929 struct nchandle *nch;
1933 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1937 error = nlookup(&nd);
1943 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1947 if ((vp = nch->ncp->nc_vp) == NULL) {
1952 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
1955 kprintf("chroot_kernel: set new rootnch/rootvnode to %s\n", uap->path);
1956 vfs_cache_setroot(vp, cache_hold(nch));
1965 * Common routine for chroot and chdir. Given a locked, referenced vnode,
1966 * determine whether it is legal to chdir to the vnode. The vnode's state
1967 * is not changed by this call.
1970 checkvp_chdir(struct vnode *vp, struct thread *td)
1974 if (vp->v_type != VDIR)
1977 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
1982 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
1984 struct thread *td = curthread;
1985 struct proc *p = td->td_proc;
1986 struct lwp *lp = td->td_lwp;
1987 struct filedesc *fdp = p->p_fd;
1992 int type, indx, error = 0;
1995 if ((oflags & O_ACCMODE) == O_ACCMODE)
1997 flags = FFLAGS(oflags);
1998 error = falloc(lp, &nfp, NULL);
2002 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
2005 * XXX p_dupfd is a real mess. It allows a device to return a
2006 * file descriptor to be duplicated rather then doing the open
2012 * Call vn_open() to do the lookup and assign the vnode to the
2013 * file pointer. vn_open() does not change the ref count on fp
2014 * and the vnode, on success, will be inherited by the file pointer
2017 * Request a shared lock on the vnode if possible.
2019 * Executable binaries can race VTEXT against O_RDWR opens, so
2020 * use an exclusive lock for O_RDWR opens as well.
2022 * NOTE: We need a flag to separate terminal vnode locking from
2023 * parent locking. O_CREAT needs parent locking, but O_TRUNC
2024 * and O_RDWR only need to lock the terminal vnode exclusively.
2026 nd->nl_flags |= NLC_LOCKVP;
2027 if ((flags & (O_CREAT|O_TRUNC|O_RDWR)) == 0)
2028 nd->nl_flags |= NLC_SHAREDLOCK;
2030 error = vn_open(nd, fp, flags, cmode);
2035 * handle special fdopen() case. bleh. dupfdopen() is
2036 * responsible for dropping the old contents of ofiles[indx]
2039 * Note that fsetfd() will add a ref to fp which represents
2040 * the fd_files[] assignment. We must still drop our
2043 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
2044 if (fdalloc(p, 0, &indx) == 0) {
2045 error = dupfdopen(fdp, indx, lp->lwp_dupfd, flags, error);
2048 fdrop(fp); /* our ref */
2051 fsetfd(fdp, NULL, indx);
2054 fdrop(fp); /* our ref */
2055 if (error == ERESTART)
2061 * ref the vnode for ourselves so it can't be ripped out from under
2062 * is. XXX need an ND flag to request that the vnode be returned
2065 * Reserve a file descriptor but do not assign it until the open
2068 vp = (struct vnode *)fp->f_data;
2070 if ((error = fdalloc(p, 0, &indx)) != 0) {
2077 * If no error occurs the vp will have been assigned to the file
2082 if (flags & (O_EXLOCK | O_SHLOCK)) {
2083 lf.l_whence = SEEK_SET;
2086 if (flags & O_EXLOCK)
2087 lf.l_type = F_WRLCK;
2089 lf.l_type = F_RDLCK;
2090 if (flags & FNONBLOCK)
2095 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
2097 * lock request failed. Clean up the reserved
2101 fsetfd(fdp, NULL, indx);
2105 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
2109 * Assert that all regular file vnodes were created with a object.
2111 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
2112 ("open: regular file has no backing object after vn_open"));
2118 * release our private reference, leaving the one associated with the
2119 * descriptor table intact.
2121 if (oflags & O_CLOEXEC)
2122 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
2123 fsetfd(fdp, fp, indx);
2130 * open_args(char *path, int flags, int mode)
2132 * Check permissions, allocate an open file structure,
2133 * and call the device open routine if any.
2136 sys_open(struct open_args *uap)
2138 struct nlookupdata nd;
2141 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2143 error = kern_open(&nd, uap->flags,
2144 uap->mode, &uap->sysmsg_result);
2151 * openat_args(int fd, char *path, int flags, int mode)
2154 sys_openat(struct openat_args *uap)
2156 struct nlookupdata nd;
2160 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2162 error = kern_open(&nd, uap->flags, uap->mode,
2163 &uap->sysmsg_result);
2165 nlookup_done_at(&nd, fp);
2170 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
2172 struct thread *td = curthread;
2173 struct proc *p = td->td_proc;
2182 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2183 vattr.va_rmajor = rmajor;
2184 vattr.va_rminor = rminor;
2186 switch (mode & S_IFMT) {
2187 case S_IFMT: /* used by badsect to flag bad sectors */
2188 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_BAD, 0);
2189 vattr.va_type = VBAD;
2192 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2193 vattr.va_type = VCHR;
2196 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2197 vattr.va_type = VBLK;
2200 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_WHT, 0);
2203 case S_IFDIR: /* special directories support for HAMMER */
2204 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_DIR, 0);
2205 vattr.va_type = VDIR;
2216 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2217 if ((error = nlookup(nd)) != 0)
2219 if (nd->nl_nch.ncp->nc_vp)
2221 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2225 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2226 nd->nl_cred, NAMEI_CREATE);
2229 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2230 &vp, nd->nl_cred, &vattr);
2238 * mknod_args(char *path, int mode, int dev)
2240 * Create a special file.
2243 sys_mknod(struct mknod_args *uap)
2245 struct nlookupdata nd;
2248 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2250 error = kern_mknod(&nd, uap->mode,
2251 umajor(uap->dev), uminor(uap->dev));
2258 * mknodat_args(int fd, char *path, mode_t mode, dev_t dev)
2260 * Create a special file. The path is relative to the directory associated
2264 sys_mknodat(struct mknodat_args *uap)
2266 struct nlookupdata nd;
2270 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2272 error = kern_mknod(&nd, uap->mode,
2273 umajor(uap->dev), uminor(uap->dev));
2275 nlookup_done_at(&nd, fp);
2280 kern_mkfifo(struct nlookupdata *nd, int mode)
2282 struct thread *td = curthread;
2283 struct proc *p = td->td_proc;
2290 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2291 if ((error = nlookup(nd)) != 0)
2293 if (nd->nl_nch.ncp->nc_vp)
2295 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2299 vattr.va_type = VFIFO;
2300 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2302 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2309 * mkfifo_args(char *path, int mode)
2311 * Create a named pipe.
2314 sys_mkfifo(struct mkfifo_args *uap)
2316 struct nlookupdata nd;
2319 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2321 error = kern_mkfifo(&nd, uap->mode);
2327 * mkfifoat_args(int fd, char *path, mode_t mode)
2329 * Create a named pipe. The path is relative to the directory associated
2333 sys_mkfifoat(struct mkfifoat_args *uap)
2335 struct nlookupdata nd;
2339 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2341 error = kern_mkfifo(&nd, uap->mode);
2342 nlookup_done_at(&nd, fp);
2346 static int hardlink_check_uid = 0;
2347 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2348 &hardlink_check_uid, 0,
2349 "Unprivileged processes cannot create hard links to files owned by other "
2351 static int hardlink_check_gid = 0;
2352 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2353 &hardlink_check_gid, 0,
2354 "Unprivileged processes cannot create hard links to files owned by other "
2358 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2364 * Shortcut if disabled
2366 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2370 * Privileged user can always hardlink
2372 if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
2376 * Otherwise only if the originating file is owned by the
2377 * same user or group. Note that any group is allowed if
2378 * the file is owned by the caller.
2380 error = VOP_GETATTR(vp, &va);
2384 if (hardlink_check_uid) {
2385 if (cred->cr_uid != va.va_uid)
2389 if (hardlink_check_gid) {
2390 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2398 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2400 struct thread *td = curthread;
2405 * Lookup the source and obtained a locked vnode.
2407 * You may only hardlink a file which you have write permission
2408 * on or which you own.
2410 * XXX relookup on vget failure / race ?
2413 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2414 if ((error = nlookup(nd)) != 0)
2416 vp = nd->nl_nch.ncp->nc_vp;
2417 KKASSERT(vp != NULL);
2418 if (vp->v_type == VDIR)
2419 return (EPERM); /* POSIX */
2420 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2422 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2426 * Unlock the source so we can lookup the target without deadlocking
2427 * (XXX vp is locked already, possible other deadlock?). The target
2430 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2431 nd->nl_flags &= ~NLC_NCPISLOCKED;
2432 cache_unlock(&nd->nl_nch);
2435 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2436 if ((error = nlookup(linknd)) != 0) {
2440 if (linknd->nl_nch.ncp->nc_vp) {
2444 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
2451 * Finally run the new API VOP.
2453 error = can_hardlink(vp, td, td->td_ucred);
2455 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2456 vp, linknd->nl_cred);
2463 * link_args(char *path, char *link)
2465 * Make a hard file link.
2468 sys_link(struct link_args *uap)
2470 struct nlookupdata nd, linknd;
2473 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2475 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2477 error = kern_link(&nd, &linknd);
2478 nlookup_done(&linknd);
2485 * linkat_args(int fd1, char *path1, int fd2, char *path2, int flags)
2487 * Make a hard file link. The path1 argument is relative to the directory
2488 * associated with fd1, and similarly the path2 argument is relative to
2489 * the directory associated with fd2.
2492 sys_linkat(struct linkat_args *uap)
2494 struct nlookupdata nd, linknd;
2495 struct file *fp1, *fp2;
2498 error = nlookup_init_at(&nd, &fp1, uap->fd1, uap->path1, UIO_USERSPACE,
2499 (uap->flags & AT_SYMLINK_FOLLOW) ? NLC_FOLLOW : 0);
2501 error = nlookup_init_at(&linknd, &fp2, uap->fd2,
2502 uap->path2, UIO_USERSPACE, 0);
2504 error = kern_link(&nd, &linknd);
2505 nlookup_done_at(&linknd, fp2);
2507 nlookup_done_at(&nd, fp1);
2512 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2520 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2521 if ((error = nlookup(nd)) != 0)
2523 if (nd->nl_nch.ncp->nc_vp)
2525 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2529 vattr.va_mode = mode;
2530 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2537 * symlink(char *path, char *link)
2539 * Make a symbolic link.
2542 sys_symlink(struct symlink_args *uap)
2544 struct thread *td = curthread;
2545 struct nlookupdata nd;
2550 path = objcache_get(namei_oc, M_WAITOK);
2551 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2553 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2555 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2556 error = kern_symlink(&nd, path, mode);
2560 objcache_put(namei_oc, path);
2565 * symlinkat_args(char *path1, int fd, char *path2)
2567 * Make a symbolic link. The path2 argument is relative to the directory
2568 * associated with fd.
2571 sys_symlinkat(struct symlinkat_args *uap)
2573 struct thread *td = curthread;
2574 struct nlookupdata nd;
2580 path1 = objcache_get(namei_oc, M_WAITOK);
2581 error = copyinstr(uap->path1, path1, MAXPATHLEN, NULL);
2583 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path2,
2586 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2587 error = kern_symlink(&nd, path1, mode);
2589 nlookup_done_at(&nd, fp);
2591 objcache_put(namei_oc, path1);
2596 * undelete_args(char *path)
2598 * Delete a whiteout from the filesystem.
2601 sys_undelete(struct undelete_args *uap)
2603 struct nlookupdata nd;
2606 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2608 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2610 error = nlookup(&nd);
2612 error = ncp_writechk(&nd.nl_nch);
2614 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2622 kern_unlink(struct nlookupdata *nd)
2627 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2628 if ((error = nlookup(nd)) != 0)
2630 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2632 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2637 * unlink_args(char *path)
2639 * Delete a name from the filesystem.
2642 sys_unlink(struct unlink_args *uap)
2644 struct nlookupdata nd;
2647 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2649 error = kern_unlink(&nd);
2656 * unlinkat_args(int fd, char *path, int flags)
2658 * Delete the file or directory entry pointed to by fd/path.
2661 sys_unlinkat(struct unlinkat_args *uap)
2663 struct nlookupdata nd;
2667 if (uap->flags & ~AT_REMOVEDIR)
2670 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2672 if (uap->flags & AT_REMOVEDIR)
2673 error = kern_rmdir(&nd);
2675 error = kern_unlink(&nd);
2677 nlookup_done_at(&nd, fp);
2682 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2684 struct thread *td = curthread;
2685 struct proc *p = td->td_proc;
2692 fp = holdfp(p->p_fd, fd, -1);
2695 if (fp->f_type != DTYPE_VNODE) {
2699 vp = (struct vnode *)fp->f_data;
2703 spin_lock(&fp->f_spin);
2704 new_offset = fp->f_offset + offset;
2708 error = VOP_GETATTR(vp, &vattr);
2709 spin_lock(&fp->f_spin);
2710 new_offset = offset + vattr.va_size;
2713 new_offset = offset;
2715 spin_lock(&fp->f_spin);
2720 spin_lock(&fp->f_spin);
2725 * Validate the seek position. Negative offsets are not allowed
2726 * for regular files or directories.
2728 * Normally we would also not want to allow negative offsets for
2729 * character and block-special devices. However kvm addresses
2730 * on 64 bit architectures might appear to be negative and must
2734 if (new_offset < 0 &&
2735 (vp->v_type == VREG || vp->v_type == VDIR)) {
2738 fp->f_offset = new_offset;
2741 *res = fp->f_offset;
2742 spin_unlock(&fp->f_spin);
2749 * lseek_args(int fd, int pad, off_t offset, int whence)
2751 * Reposition read/write file offset.
2754 sys_lseek(struct lseek_args *uap)
2758 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2759 &uap->sysmsg_offset);
2765 * Check if current process can access given file. amode is a bitmask of *_OK
2766 * access bits. flags is a bitmask of AT_* flags.
2769 kern_access(struct nlookupdata *nd, int amode, int flags)
2774 if (flags & ~AT_EACCESS)
2776 nd->nl_flags |= NLC_SHAREDLOCK;
2777 if ((error = nlookup(nd)) != 0)
2780 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
2784 /* Flags == 0 means only check for existence. */
2793 if ((mode & VWRITE) == 0 ||
2794 (error = vn_writechk(vp, &nd->nl_nch)) == 0)
2795 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2798 * If the file handle is stale we have to re-resolve the
2799 * entry with the ncp held exclusively. This is a hack
2802 if (error == ESTALE) {
2804 cache_unlock(&nd->nl_nch);
2805 cache_lock(&nd->nl_nch);
2806 cache_setunresolved(&nd->nl_nch);
2807 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2820 * access_args(char *path, int flags)
2822 * Check access permissions.
2825 sys_access(struct access_args *uap)
2827 struct nlookupdata nd;
2830 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2832 error = kern_access(&nd, uap->flags, 0);
2839 * eaccess_args(char *path, int flags)
2841 * Check access permissions.
2844 sys_eaccess(struct eaccess_args *uap)
2846 struct nlookupdata nd;
2849 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2851 error = kern_access(&nd, uap->flags, AT_EACCESS);
2858 * faccessat_args(int fd, char *path, int amode, int flags)
2860 * Check access permissions.
2863 sys_faccessat(struct faccessat_args *uap)
2865 struct nlookupdata nd;
2869 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2872 error = kern_access(&nd, uap->amode, uap->flags);
2873 nlookup_done_at(&nd, fp);
2878 kern_stat(struct nlookupdata *nd, struct stat *st)
2883 nd->nl_flags |= NLC_SHAREDLOCK;
2884 if ((error = nlookup(nd)) != 0)
2887 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2890 if ((error = vget(vp, LK_SHARED)) != 0)
2892 error = vn_stat(vp, st, nd->nl_cred);
2895 * If the file handle is stale we have to re-resolve the
2896 * entry with the ncp held exclusively. This is a hack
2899 if (error == ESTALE) {
2901 cache_unlock(&nd->nl_nch);
2902 cache_lock(&nd->nl_nch);
2903 cache_setunresolved(&nd->nl_nch);
2904 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2914 * stat_args(char *path, struct stat *ub)
2916 * Get file status; this version follows links.
2919 sys_stat(struct stat_args *uap)
2921 struct nlookupdata nd;
2925 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2927 error = kern_stat(&nd, &st);
2929 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2936 * lstat_args(char *path, struct stat *ub)
2938 * Get file status; this version does not follow links.
2941 sys_lstat(struct lstat_args *uap)
2943 struct nlookupdata nd;
2947 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2949 error = kern_stat(&nd, &st);
2951 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2958 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
2960 * Get status of file pointed to by fd/path.
2963 sys_fstatat(struct fstatat_args *uap)
2965 struct nlookupdata nd;
2971 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
2974 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
2976 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
2977 UIO_USERSPACE, flags);
2979 error = kern_stat(&nd, &st);
2981 error = copyout(&st, uap->sb, sizeof(*uap->sb));
2983 nlookup_done_at(&nd, fp);
2988 kern_pathconf(char *path, int name, int flags, register_t *sysmsg_regp)
2990 struct nlookupdata nd;
2995 error = nlookup_init(&nd, path, UIO_USERSPACE, flags);
2997 error = nlookup(&nd);
2999 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3002 error = VOP_PATHCONF(vp, name, sysmsg_regp);
3009 * pathconf_Args(char *path, int name)
3011 * Get configurable pathname variables.
3014 sys_pathconf(struct pathconf_args *uap)
3016 return (kern_pathconf(uap->path, uap->name, NLC_FOLLOW,
3021 * lpathconf_Args(char *path, int name)
3023 * Get configurable pathname variables, but don't follow symlinks.
3026 sys_lpathconf(struct lpathconf_args *uap)
3028 return (kern_pathconf(uap->path, uap->name, 0, &uap->sysmsg_reg));
3033 * kern_readlink isn't properly split yet. There is a copyin burried
3034 * in VOP_READLINK().
3037 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
3039 struct thread *td = curthread;
3045 nd->nl_flags |= NLC_SHAREDLOCK;
3046 if ((error = nlookup(nd)) != 0)
3048 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
3051 if (vp->v_type != VLNK) {
3054 aiov.iov_base = buf;
3055 aiov.iov_len = count;
3056 auio.uio_iov = &aiov;
3057 auio.uio_iovcnt = 1;
3058 auio.uio_offset = 0;
3059 auio.uio_rw = UIO_READ;
3060 auio.uio_segflg = UIO_USERSPACE;
3062 auio.uio_resid = count;
3063 error = VOP_READLINK(vp, &auio, td->td_ucred);
3066 *res = count - auio.uio_resid;
3071 * readlink_args(char *path, char *buf, int count)
3073 * Return target name of a symbolic link.
3076 sys_readlink(struct readlink_args *uap)
3078 struct nlookupdata nd;
3081 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3083 error = kern_readlink(&nd, uap->buf, uap->count,
3084 &uap->sysmsg_result);
3091 * readlinkat_args(int fd, char *path, char *buf, size_t bufsize)
3093 * Return target name of a symbolic link. The path is relative to the
3094 * directory associated with fd.
3097 sys_readlinkat(struct readlinkat_args *uap)
3099 struct nlookupdata nd;
3103 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
3105 error = kern_readlink(&nd, uap->buf, uap->bufsize,
3106 &uap->sysmsg_result);
3108 nlookup_done_at(&nd, fp);
3113 setfflags(struct vnode *vp, int flags)
3115 struct thread *td = curthread;
3120 * Prevent non-root users from setting flags on devices. When
3121 * a device is reused, users can retain ownership of the device
3122 * if they are allowed to set flags and programs assume that
3123 * chown can't fail when done as root.
3125 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
3126 ((error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
3130 * note: vget is required for any operation that might mod the vnode
3131 * so VINACTIVE is properly cleared.
3133 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3135 vattr.va_flags = flags;
3136 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3143 * chflags(char *path, int flags)
3145 * Change flags of a file given a path name.
3148 sys_chflags(struct chflags_args *uap)
3150 struct nlookupdata nd;
3155 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3157 error = nlookup(&nd);
3159 error = ncp_writechk(&nd.nl_nch);
3161 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3164 error = setfflags(vp, uap->flags);
3171 * lchflags(char *path, int flags)
3173 * Change flags of a file given a path name, but don't follow symlinks.
3176 sys_lchflags(struct lchflags_args *uap)
3178 struct nlookupdata nd;
3183 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3185 error = nlookup(&nd);
3187 error = ncp_writechk(&nd.nl_nch);
3189 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3192 error = setfflags(vp, uap->flags);
3199 * fchflags_args(int fd, int flags)
3201 * Change flags of a file given a file descriptor.
3204 sys_fchflags(struct fchflags_args *uap)
3206 struct thread *td = curthread;
3207 struct proc *p = td->td_proc;
3211 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3213 if (fp->f_nchandle.ncp)
3214 error = ncp_writechk(&fp->f_nchandle);
3216 error = setfflags((struct vnode *) fp->f_data, uap->flags);
3222 * chflagsat_args(int fd, const char *path, int flags, int atflags)
3223 * change flags given a pathname relative to a filedescriptor
3225 int sys_chflagsat(struct chflagsat_args *uap)
3227 struct nlookupdata nd;
3233 if (uap->atflags & ~AT_SYMLINK_NOFOLLOW)
3236 lookupflags = (uap->atflags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3239 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, lookupflags);
3241 error = nlookup(&nd);
3243 error = ncp_writechk(&nd.nl_nch);
3245 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3246 nlookup_done_at(&nd, fp);
3248 error = setfflags(vp, uap->flags);
3256 setfmode(struct vnode *vp, int mode)
3258 struct thread *td = curthread;
3263 * note: vget is required for any operation that might mod the vnode
3264 * so VINACTIVE is properly cleared.
3266 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3268 vattr.va_mode = mode & ALLPERMS;
3269 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3270 cache_inval_wxok(vp);
3277 kern_chmod(struct nlookupdata *nd, int mode)
3282 if ((error = nlookup(nd)) != 0)
3284 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3286 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3287 error = setfmode(vp, mode);
3293 * chmod_args(char *path, int mode)
3295 * Change mode of a file given path name.
3298 sys_chmod(struct chmod_args *uap)
3300 struct nlookupdata nd;
3303 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3305 error = kern_chmod(&nd, uap->mode);
3311 * lchmod_args(char *path, int mode)
3313 * Change mode of a file given path name (don't follow links.)
3316 sys_lchmod(struct lchmod_args *uap)
3318 struct nlookupdata nd;
3321 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3323 error = kern_chmod(&nd, uap->mode);
3329 * fchmod_args(int fd, int mode)
3331 * Change mode of a file given a file descriptor.
3334 sys_fchmod(struct fchmod_args *uap)
3336 struct thread *td = curthread;
3337 struct proc *p = td->td_proc;
3341 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3343 if (fp->f_nchandle.ncp)
3344 error = ncp_writechk(&fp->f_nchandle);
3346 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3352 * fchmodat_args(char *path, int mode)
3354 * Change mode of a file pointed to by fd/path.
3357 sys_fchmodat(struct fchmodat_args *uap)
3359 struct nlookupdata nd;
3364 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3366 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3368 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3369 UIO_USERSPACE, flags);
3371 error = kern_chmod(&nd, uap->mode);
3372 nlookup_done_at(&nd, fp);
3377 setfown(struct mount *mp, struct vnode *vp, uid_t uid, gid_t gid)
3379 struct thread *td = curthread;
3387 * note: vget is required for any operation that might mod the vnode
3388 * so VINACTIVE is properly cleared.
3390 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3391 if ((error = VOP_GETATTR(vp, &vattr)) != 0)
3393 o_uid = vattr.va_uid;
3394 o_gid = vattr.va_gid;
3395 size = vattr.va_size;
3400 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3409 VFS_ACCOUNT(mp, o_uid, o_gid, -size);
3410 VFS_ACCOUNT(mp, uid, gid, size);
3417 kern_chown(struct nlookupdata *nd, int uid, int gid)
3422 if ((error = nlookup(nd)) != 0)
3424 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3426 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3427 error = setfown(nd->nl_nch.mount, vp, uid, gid);
3433 * chown(char *path, int uid, int gid)
3435 * Set ownership given a path name.
3438 sys_chown(struct chown_args *uap)
3440 struct nlookupdata nd;
3443 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3445 error = kern_chown(&nd, uap->uid, uap->gid);
3451 * lchown_args(char *path, int uid, int gid)
3453 * Set ownership given a path name, do not cross symlinks.
3456 sys_lchown(struct lchown_args *uap)
3458 struct nlookupdata nd;
3461 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3463 error = kern_chown(&nd, uap->uid, uap->gid);
3469 * fchown_args(int fd, int uid, int gid)
3471 * Set ownership given a file descriptor.
3474 sys_fchown(struct fchown_args *uap)
3476 struct thread *td = curthread;
3477 struct proc *p = td->td_proc;
3481 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3483 if (fp->f_nchandle.ncp)
3484 error = ncp_writechk(&fp->f_nchandle);
3486 error = setfown(p->p_fd->fd_ncdir.mount,
3487 (struct vnode *)fp->f_data, uap->uid, uap->gid);
3493 * fchownat(int fd, char *path, int uid, int gid, int flags)
3495 * Set ownership of file pointed to by fd/path.
3498 sys_fchownat(struct fchownat_args *uap)
3500 struct nlookupdata nd;
3505 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3507 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3509 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3510 UIO_USERSPACE, flags);
3512 error = kern_chown(&nd, uap->uid, uap->gid);
3513 nlookup_done_at(&nd, fp);
3519 getutimes(struct timeval *tvp, struct timespec *tsp)
3521 struct timeval tv[2];
3526 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3529 if ((error = itimerfix(tvp)) != 0)
3531 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3532 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3538 getutimens(const struct timespec *ts, struct timespec *newts, int *nullflag)
3540 struct timespec tsnow;
3554 if (newts[0].tv_nsec == UTIME_OMIT && newts[1].tv_nsec == UTIME_OMIT)
3556 if (newts[0].tv_nsec == UTIME_NOW && newts[1].tv_nsec == UTIME_NOW)
3559 if (newts[0].tv_nsec == UTIME_OMIT)
3560 newts[0].tv_sec = VNOVAL;
3561 else if (newts[0].tv_nsec == UTIME_NOW)
3563 else if ((error = itimespecfix(&newts[0])) != 0)
3566 if (newts[1].tv_nsec == UTIME_OMIT)
3567 newts[1].tv_sec = VNOVAL;
3568 else if (newts[1].tv_nsec == UTIME_NOW)
3570 else if ((error = itimespecfix(&newts[1])) != 0)
3577 setutimes(struct vnode *vp, struct vattr *vattr,
3578 const struct timespec *ts, int nullflag)
3580 struct thread *td = curthread;
3584 vattr->va_atime = ts[0];
3585 vattr->va_mtime = ts[1];
3587 vattr->va_vaflags |= VA_UTIMES_NULL;
3588 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3594 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3596 struct timespec ts[2];
3600 if ((error = getutimes(tptr, ts)) != 0)
3603 error = kern_utimensat(nd, tptr ? ts : NULL, 0);
3608 * utimes_args(char *path, struct timeval *tptr)
3610 * Set the access and modification times of a file.
3613 sys_utimes(struct utimes_args *uap)
3615 struct timeval tv[2];
3616 struct nlookupdata nd;
3620 error = copyin(uap->tptr, tv, sizeof(tv));
3624 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3626 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3632 * lutimes_args(char *path, struct timeval *tptr)
3634 * Set the access and modification times of a file.
3637 sys_lutimes(struct lutimes_args *uap)
3639 struct timeval tv[2];
3640 struct nlookupdata nd;
3644 error = copyin(uap->tptr, tv, sizeof(tv));
3648 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3650 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3656 * Set utimes on a file descriptor. The creds used to open the
3657 * file are used to determine whether the operation is allowed
3661 kern_futimens(int fd, struct timespec *ts)
3663 struct thread *td = curthread;
3664 struct proc *p = td->td_proc;
3665 struct timespec newts[2];
3672 error = getutimens(ts, newts, &nullflag);
3675 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3677 if (fp->f_nchandle.ncp)
3678 error = ncp_writechk(&fp->f_nchandle);
3681 error = vget(vp, LK_EXCLUSIVE);
3683 error = VOP_GETATTR(vp, &vattr);
3685 error = naccess_va(&vattr, NLC_OWN | NLC_WRITE,
3689 error = setutimes(vp, &vattr, newts, nullflag);
3699 * futimens_args(int fd, struct timespec *ts)
3701 * Set the access and modification times of a file.
3704 sys_futimens(struct futimens_args *uap)
3706 struct timespec ts[2];
3710 error = copyin(uap->ts, ts, sizeof(ts));
3714 error = kern_futimens(uap->fd, uap->ts ? ts : NULL);
3719 kern_futimes(int fd, struct timeval *tptr)
3721 struct timespec ts[2];
3725 if ((error = getutimes(tptr, ts)) != 0)
3728 error = kern_futimens(fd, tptr ? ts : NULL);
3733 * futimes_args(int fd, struct timeval *tptr)
3735 * Set the access and modification times of a file.
3738 sys_futimes(struct futimes_args *uap)
3740 struct timeval tv[2];
3744 error = copyin(uap->tptr, tv, sizeof(tv));
3748 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3753 kern_utimensat(struct nlookupdata *nd, const struct timespec *ts, int flags)
3755 struct timespec newts[2];
3761 if (flags & ~AT_SYMLINK_NOFOLLOW)
3764 error = getutimens(ts, newts, &nullflag);
3768 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3769 if ((error = nlookup(nd)) != 0)
3771 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3773 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3775 if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3776 error = vget(vp, LK_EXCLUSIVE);
3778 error = setutimes(vp, &vattr, newts, nullflag);
3787 * utimensat_args(int fd, const char *path, const struct timespec *ts, int flags);
3789 * Set file access and modification times of a file.
3792 sys_utimensat(struct utimensat_args *uap)
3794 struct timespec ts[2];
3795 struct nlookupdata nd;
3801 error = copyin(uap->ts, ts, sizeof(ts));
3806 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3807 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3808 UIO_USERSPACE, flags);
3810 error = kern_utimensat(&nd, uap->ts ? ts : NULL, uap->flags);
3811 nlookup_done_at(&nd, fp);
3816 kern_truncate(struct nlookupdata *nd, off_t length)
3823 uint64_t old_size = 0;
3827 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3828 if ((error = nlookup(nd)) != 0)
3830 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3832 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3834 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
3839 if (vp->v_type == VDIR) {
3843 if (vfs_quota_enabled) {
3844 error = VOP_GETATTR(vp, &vattr);
3845 KASSERT(error == 0, ("kern_truncate(): VOP_GETATTR didn't return 0"));
3848 old_size = vattr.va_size;
3851 if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3853 vattr.va_size = length;
3854 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3855 VFS_ACCOUNT(nd->nl_nch.mount, uid, gid, length - old_size);
3863 * truncate(char *path, int pad, off_t length)
3865 * Truncate a file given its path name.
3868 sys_truncate(struct truncate_args *uap)
3870 struct nlookupdata nd;
3873 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3875 error = kern_truncate(&nd, uap->length);
3881 kern_ftruncate(int fd, off_t length)
3883 struct thread *td = curthread;
3884 struct proc *p = td->td_proc;
3891 uint64_t old_size = 0;
3896 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3898 if (fp->f_nchandle.ncp) {
3899 error = ncp_writechk(&fp->f_nchandle);
3903 if ((fp->f_flag & FWRITE) == 0) {
3907 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
3911 vp = (struct vnode *)fp->f_data;
3912 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3913 if (vp->v_type == VDIR) {
3919 if (vfs_quota_enabled) {
3920 error = VOP_GETATTR(vp, &vattr);
3921 KASSERT(error == 0, ("kern_ftruncate(): VOP_GETATTR didn't return 0"));
3924 old_size = vattr.va_size;
3927 if ((error = vn_writechk(vp, NULL)) == 0) {
3929 vattr.va_size = length;
3930 error = VOP_SETATTR(vp, &vattr, fp->f_cred);
3932 VFS_ACCOUNT(mp, uid, gid, length - old_size);
3941 * ftruncate_args(int fd, int pad, off_t length)
3943 * Truncate a file given a file descriptor.
3946 sys_ftruncate(struct ftruncate_args *uap)
3950 error = kern_ftruncate(uap->fd, uap->length);
3958 * Sync an open file.
3961 sys_fsync(struct fsync_args *uap)
3963 struct thread *td = curthread;
3964 struct proc *p = td->td_proc;
3970 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3972 vp = (struct vnode *)fp->f_data;
3973 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3974 if ((obj = vp->v_object) != NULL) {
3975 if (vp->v_mount == NULL ||
3976 (vp->v_mount->mnt_kern_flag & MNTK_NOMSYNC) == 0) {
3977 vm_object_page_clean(obj, 0, 0, 0);
3980 error = VOP_FSYNC(vp, MNT_WAIT, VOP_FSYNC_SYSCALL);
3981 if (error == 0 && vp->v_mount)
3982 error = buf_fsync(vp);
3990 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
3992 struct nchandle fnchd;
3993 struct nchandle tnchd;
3994 struct namecache *ncp;
4003 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
4004 if ((error = nlookup(fromnd)) != 0)
4006 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
4008 fnchd.mount = fromnd->nl_nch.mount;
4012 * unlock the source nch so we can lookup the target nch without
4013 * deadlocking. The target may or may not exist so we do not check
4014 * for a target vp like kern_mkdir() and other creation functions do.
4016 * The source and target directories are ref'd and rechecked after
4017 * everything is relocked to determine if the source or target file
4020 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
4021 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
4023 fncp_gen = fromnd->nl_nch.ncp->nc_generation;
4025 cache_unlock(&fromnd->nl_nch);
4027 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
4028 if ((error = nlookup(tond)) != 0) {
4032 tncp_gen = tond->nl_nch.ncp->nc_generation;
4034 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
4038 tnchd.mount = tond->nl_nch.mount;
4042 * If the source and target are the same there is nothing to do
4044 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
4051 * Mount points cannot be renamed or overwritten
4053 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
4062 * Relock the source ncp. cache_relock() will deal with any
4063 * deadlocks against the already-locked tond and will also
4064 * make sure both are resolved.
4066 * NOTE AFTER RELOCKING: The source or target ncp may have become
4067 * invalid while they were unlocked, nc_vp and nc_mount could
4070 cache_relock(&fromnd->nl_nch, fromnd->nl_cred,
4071 &tond->nl_nch, tond->nl_cred);
4072 fromnd->nl_flags |= NLC_NCPISLOCKED;
4075 * If the namecache generation changed for either fromnd or tond,
4078 if (fromnd->nl_nch.ncp->nc_generation != fncp_gen ||
4079 tond->nl_nch.ncp->nc_generation != tncp_gen) {
4080 kprintf("kern_rename: retry due to gen on: "
4081 "\"%s\" -> \"%s\"\n",
4082 fromnd->nl_nch.ncp->nc_name,
4083 tond->nl_nch.ncp->nc_name);
4090 * If either fromnd or tond are marked destroyed a ripout occured
4091 * out from under us and we must retry.
4093 if ((fromnd->nl_nch.ncp->nc_flag & (NCF_DESTROYED | NCF_UNRESOLVED)) ||
4094 fromnd->nl_nch.ncp->nc_vp == NULL ||
4095 (tond->nl_nch.ncp->nc_flag & NCF_DESTROYED)) {
4096 kprintf("kern_rename: retry due to ripout on: "
4097 "\"%s\" -> \"%s\"\n",
4098 fromnd->nl_nch.ncp->nc_name,
4099 tond->nl_nch.ncp->nc_name);
4106 * Make sure the parent directories linkages are the same.
4107 * XXX shouldn't be needed any more w/ generation check above.
4109 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
4110 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
4117 * Both the source and target must be within the same filesystem and
4118 * in the same filesystem as their parent directories within the
4119 * namecache topology.
4121 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
4124 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
4125 mp != tond->nl_nch.mount) {
4132 * Make sure the mount point is writable
4134 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
4141 * If the target exists and either the source or target is a directory,
4142 * then both must be directories.
4144 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
4147 if (tond->nl_nch.ncp->nc_vp) {
4148 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
4150 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
4151 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
4153 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
4159 * You cannot rename a source into itself or a subdirectory of itself.
4160 * We check this by travsersing the target directory upwards looking
4161 * for a match against the source.
4166 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
4167 if (fromnd->nl_nch.ncp == ncp) {
4178 * Even though the namespaces are different, they may still represent
4179 * hardlinks to the same file. The filesystem might have a hard time
4180 * with this so we issue a NREMOVE of the source instead of a NRENAME
4181 * when we detect the situation.
4184 fdvp = fromnd->nl_dvp;
4185 tdvp = tond->nl_dvp;
4186 if (fdvp == NULL || tdvp == NULL) {
4188 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
4189 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
4192 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
4193 fdvp, tdvp, tond->nl_cred);
4200 * rename_args(char *from, char *to)
4202 * Rename files. Source and destination must either both be directories,
4203 * or both not be directories. If target is a directory, it must be empty.
4206 sys_rename(struct rename_args *uap)
4208 struct nlookupdata fromnd, tond;
4212 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
4214 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
4216 error = kern_rename(&fromnd, &tond);
4217 nlookup_done(&tond);
4219 nlookup_done(&fromnd);
4220 } while (error == EAGAIN);
4225 * renameat_args(int oldfd, char *old, int newfd, char *new)
4227 * Rename files using paths relative to the directories associated with
4228 * oldfd and newfd. Source and destination must either both be directories,
4229 * or both not be directories. If target is a directory, it must be empty.
4232 sys_renameat(struct renameat_args *uap)
4234 struct nlookupdata oldnd, newnd;
4235 struct file *oldfp, *newfp;
4239 error = nlookup_init_at(&oldnd, &oldfp,
4240 uap->oldfd, uap->old,
4243 error = nlookup_init_at(&newnd, &newfp,
4244 uap->newfd, uap->new,
4247 error = kern_rename(&oldnd, &newnd);
4248 nlookup_done_at(&newnd, newfp);
4250 nlookup_done_at(&oldnd, oldfp);
4251 } while (error == EAGAIN);
4256 kern_mkdir(struct nlookupdata *nd, int mode)
4258 struct thread *td = curthread;
4259 struct proc *p = td->td_proc;
4265 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
4266 if ((error = nlookup(nd)) != 0)
4269 if (nd->nl_nch.ncp->nc_vp)
4271 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4274 vattr.va_type = VDIR;
4275 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
4278 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
4285 * mkdir_args(char *path, int mode)
4287 * Make a directory file.
4290 sys_mkdir(struct mkdir_args *uap)
4292 struct nlookupdata nd;
4295 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4297 error = kern_mkdir(&nd, uap->mode);
4303 * mkdirat_args(int fd, char *path, mode_t mode)
4305 * Make a directory file. The path is relative to the directory associated
4309 sys_mkdirat(struct mkdirat_args *uap)
4311 struct nlookupdata nd;
4315 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
4317 error = kern_mkdir(&nd, uap->mode);
4318 nlookup_done_at(&nd, fp);
4323 kern_rmdir(struct nlookupdata *nd)
4328 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
4329 if ((error = nlookup(nd)) != 0)
4333 * Do not allow directories representing mount points to be
4334 * deleted, even if empty. Check write perms on mount point
4335 * in case the vnode is aliased (aka nullfs).
4337 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
4339 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4341 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
4346 * rmdir_args(char *path)
4348 * Remove a directory file.
4351 sys_rmdir(struct rmdir_args *uap)
4353 struct nlookupdata nd;
4356 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4358 error = kern_rmdir(&nd);
4364 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
4365 enum uio_seg direction)
4367 struct thread *td = curthread;
4368 struct proc *p = td->td_proc;
4376 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
4378 if ((fp->f_flag & FREAD) == 0) {
4382 vp = (struct vnode *)fp->f_data;
4383 if (vp->v_type != VDIR) {
4387 aiov.iov_base = buf;
4388 aiov.iov_len = count;
4389 auio.uio_iov = &aiov;
4390 auio.uio_iovcnt = 1;
4391 auio.uio_rw = UIO_READ;
4392 auio.uio_segflg = direction;
4394 auio.uio_resid = count;
4395 loff = auio.uio_offset = fp->f_offset;
4396 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
4397 fp->f_offset = auio.uio_offset;
4402 * WARNING! *basep may not be wide enough to accomodate the
4403 * seek offset. XXX should we hack this to return the upper 32 bits
4404 * for offsets greater then 4G?
4407 *basep = (long)loff;
4409 *res = count - auio.uio_resid;
4416 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
4418 * Read a block of directory entries in a file system independent format.
4421 sys_getdirentries(struct getdirentries_args *uap)
4426 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
4427 &uap->sysmsg_result, UIO_USERSPACE);
4429 if (error == 0 && uap->basep)
4430 error = copyout(&base, uap->basep, sizeof(*uap->basep));
4435 * getdents_args(int fd, char *buf, size_t count)
4438 sys_getdents(struct getdents_args *uap)
4442 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
4443 &uap->sysmsg_result, UIO_USERSPACE);
4449 * Set the mode mask for creation of filesystem nodes.
4451 * umask(int newmask)
4454 sys_umask(struct umask_args *uap)
4456 struct thread *td = curthread;
4457 struct proc *p = td->td_proc;
4458 struct filedesc *fdp;
4461 uap->sysmsg_result = fdp->fd_cmask;
4462 fdp->fd_cmask = uap->newmask & ALLPERMS;
4467 * revoke(char *path)
4469 * Void all references to file by ripping underlying filesystem
4473 sys_revoke(struct revoke_args *uap)
4475 struct nlookupdata nd;
4482 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4484 error = nlookup(&nd);
4486 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4487 cred = crhold(nd.nl_cred);
4491 error = VOP_GETATTR(vp, &vattr);
4492 if (error == 0 && cred->cr_uid != vattr.va_uid)
4493 error = priv_check_cred(cred, PRIV_VFS_REVOKE, 0);
4494 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
4496 error = vrevoke(vp, cred);
4497 } else if (error == 0) {
4498 error = vrevoke(vp, cred);
4508 * getfh_args(char *fname, fhandle_t *fhp)
4510 * Get (NFS) file handle
4512 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4513 * mount. This allows nullfs mounts to be explicitly exported.
4515 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4517 * nullfs mounts of subdirectories are not safe. That is, it will
4518 * work, but you do not really have protection against access to
4519 * the related parent directories.
4522 sys_getfh(struct getfh_args *uap)
4524 struct thread *td = curthread;
4525 struct nlookupdata nd;
4532 * Must be super user
4534 if ((error = priv_check(td, PRIV_ROOT)) != 0)
4538 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4540 error = nlookup(&nd);
4542 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4543 mp = nd.nl_nch.mount;
4546 bzero(&fh, sizeof(fh));
4547 fh.fh_fsid = mp->mnt_stat.f_fsid;
4548 error = VFS_VPTOFH(vp, &fh.fh_fid);
4551 error = copyout(&fh, uap->fhp, sizeof(fh));
4557 * fhopen_args(const struct fhandle *u_fhp, int flags)
4559 * syscall for the rpc.lockd to use to translate a NFS file handle into
4560 * an open descriptor.
4562 * warning: do not remove the priv_check() call or this becomes one giant
4566 sys_fhopen(struct fhopen_args *uap)
4568 struct thread *td = curthread;
4569 struct filedesc *fdp = td->td_proc->p_fd;
4574 struct vattr *vap = &vat;
4576 int fmode, mode, error = 0, type;
4582 * Must be super user
4584 error = priv_check(td, PRIV_ROOT);
4588 fmode = FFLAGS(uap->flags);
4591 * Why not allow a non-read/write open for our lockd?
4593 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4595 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4600 * Find the mount point
4602 mp = vfs_getvfs(&fhp.fh_fsid);
4607 /* now give me my vnode, it gets returned to me locked */
4608 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4612 * from now on we have to make sure not
4613 * to forget about the vnode
4614 * any error that causes an abort must vput(vp)
4615 * just set error = err and 'goto bad;'.
4621 if (vp->v_type == VLNK) {
4625 if (vp->v_type == VSOCK) {
4630 if (fmode & (FWRITE | O_TRUNC)) {
4631 if (vp->v_type == VDIR) {
4635 error = vn_writechk(vp, NULL);
4643 error = VOP_ACCESS(vp, mode, td->td_ucred);
4647 if (fmode & O_TRUNC) {
4648 vn_unlock(vp); /* XXX */
4649 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4652 error = VOP_SETATTR(vp, vap, td->td_ucred);
4658 * VOP_OPEN needs the file pointer so it can potentially override
4661 * WARNING! no f_nchandle will be associated when fhopen()ing a
4664 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4668 error = VOP_OPEN(vp, fmode, td->td_ucred, fp);
4671 * setting f_ops this way prevents VOP_CLOSE from being
4672 * called or fdrop() releasing the vp from v_data. Since
4673 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4675 fp->f_ops = &badfileops;
4681 * The fp is given its own reference, we still have our ref and lock.
4683 * Assert that all regular files must be created with a VM object.
4685 if (vp->v_type == VREG && vp->v_object == NULL) {
4686 kprintf("fhopen: regular file did not "
4687 "have VM object: %p\n",
4693 * The open was successful. Handle any locking requirements.
4695 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4696 lf.l_whence = SEEK_SET;
4699 if (fmode & O_EXLOCK)
4700 lf.l_type = F_WRLCK;
4702 lf.l_type = F_RDLCK;
4703 if (fmode & FNONBLOCK)
4708 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK,
4711 * release our private reference.
4713 fsetfd(fdp, NULL, indx);
4718 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4719 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
4723 * Clean up. Associate the file pointer with the previously
4724 * reserved descriptor and return it.
4727 if (uap->flags & O_CLOEXEC)
4728 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
4729 fsetfd(fdp, fp, indx);
4731 uap->sysmsg_result = indx;
4737 fsetfd(fdp, NULL, indx);
4748 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4751 sys_fhstat(struct fhstat_args *uap)
4753 struct thread *td = curthread;
4761 * Must be super user
4763 error = priv_check(td, PRIV_ROOT);
4767 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4771 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4774 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4775 error = vn_stat(vp, &sb, td->td_ucred);
4780 error = copyout(&sb, uap->sb, sizeof(sb));
4788 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4791 sys_fhstatfs(struct fhstatfs_args *uap)
4793 struct thread *td = curthread;
4794 struct proc *p = td->td_proc;
4799 char *fullpath, *freepath;
4804 * Must be super user
4806 if ((error = priv_check(td, PRIV_ROOT)))
4809 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4812 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4816 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4821 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4826 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4829 error = mount_path(p, mp, &fullpath, &freepath);
4832 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
4833 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
4834 kfree(freepath, M_TEMP);
4836 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4837 if (priv_check(td, PRIV_ROOT)) {
4838 bcopy(sp, &sb, sizeof(sb));
4839 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
4842 error = copyout(sp, uap->buf, sizeof(*sp));
4851 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
4854 sys_fhstatvfs(struct fhstatvfs_args *uap)
4856 struct thread *td = curthread;
4857 struct proc *p = td->td_proc;
4865 * Must be super user
4867 if ((error = priv_check(td, PRIV_ROOT)))
4870 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4873 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4877 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4882 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
4885 sp = &mp->mnt_vstat;
4887 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
4891 if (mp->mnt_flag & MNT_RDONLY)
4892 sp->f_flag |= ST_RDONLY;
4893 if (mp->mnt_flag & MNT_NOSUID)
4894 sp->f_flag |= ST_NOSUID;
4895 error = copyout(sp, uap->buf, sizeof(*sp));
4904 * Syscall to push extended attribute configuration information into the
4905 * VFS. Accepts a path, which it converts to a mountpoint, as well as
4906 * a command (int cmd), and attribute name and misc data. For now, the
4907 * attribute name is left in userspace for consumption by the VFS_op.
4908 * It will probably be changed to be copied into sysspace by the
4909 * syscall in the future, once issues with various consumers of the
4910 * attribute code have raised their hands.
4912 * Currently this is used only by UFS Extended Attributes.
4915 sys_extattrctl(struct extattrctl_args *uap)
4917 struct nlookupdata nd;
4919 char attrname[EXTATTR_MAXNAMELEN];
4927 if (error == 0 && uap->filename) {
4928 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
4931 error = nlookup(&nd);
4933 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4937 if (error == 0 && uap->attrname) {
4938 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
4943 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4945 error = nlookup(&nd);
4947 error = ncp_writechk(&nd.nl_nch);
4949 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
4951 uap->attrname, nd.nl_cred);
4960 * Syscall to get a named extended attribute on a file or directory.
4963 sys_extattr_set_file(struct extattr_set_file_args *uap)
4965 char attrname[EXTATTR_MAXNAMELEN];
4966 struct nlookupdata nd;
4972 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4978 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4980 error = nlookup(&nd);
4982 error = ncp_writechk(&nd.nl_nch);
4984 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4990 bzero(&auio, sizeof(auio));
4991 aiov.iov_base = uap->data;
4992 aiov.iov_len = uap->nbytes;
4993 auio.uio_iov = &aiov;
4994 auio.uio_iovcnt = 1;
4995 auio.uio_offset = 0;
4996 auio.uio_resid = uap->nbytes;
4997 auio.uio_rw = UIO_WRITE;
4998 auio.uio_td = curthread;
5000 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
5009 * Syscall to get a named extended attribute on a file or directory.
5012 sys_extattr_get_file(struct extattr_get_file_args *uap)
5014 char attrname[EXTATTR_MAXNAMELEN];
5015 struct nlookupdata nd;
5021 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5027 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5029 error = nlookup(&nd);
5031 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_SHARED, &vp);
5037 bzero(&auio, sizeof(auio));
5038 aiov.iov_base = uap->data;
5039 aiov.iov_len = uap->nbytes;
5040 auio.uio_iov = &aiov;
5041 auio.uio_iovcnt = 1;
5042 auio.uio_offset = 0;
5043 auio.uio_resid = uap->nbytes;
5044 auio.uio_rw = UIO_READ;
5045 auio.uio_td = curthread;
5047 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
5049 uap->sysmsg_result = uap->nbytes - auio.uio_resid;
5057 * Syscall to delete a named extended attribute from a file or directory.
5058 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
5061 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
5063 char attrname[EXTATTR_MAXNAMELEN];
5064 struct nlookupdata nd;
5068 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5072 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5074 error = nlookup(&nd);
5076 error = ncp_writechk(&nd.nl_nch);
5078 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5080 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
5081 attrname, NULL, nd.nl_cred);
5090 * Determine if the mount is visible to the process.
5093 chroot_visible_mnt(struct mount *mp, struct proc *p)
5095 struct nchandle nch;
5098 * Traverse from the mount point upwards. If we hit the process
5099 * root then the mount point is visible to the process.
5101 nch = mp->mnt_ncmountpt;
5103 if (nch.mount == p->p_fd->fd_nrdir.mount &&
5104 nch.ncp == p->p_fd->fd_nrdir.ncp) {
5107 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
5108 nch = nch.mount->mnt_ncmounton;
5110 nch.ncp = nch.ncp->nc_parent;
5115 * If the mount point is not visible to the process, but the
5116 * process root is in a subdirectory of the mount, return
5119 if (p->p_fd->fd_nrdir.mount == mp)
projects / dragonfly.git / blob