2 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * $DragonFly: src/sys/kern/vfs_nlookup.c,v 1.6 2004/10/07 20:18:33 dillon Exp $
37 * nlookup() is the 'new' namei interface. Rather then return directory and
38 * leaf vnodes (in various lock states) the new interface instead deals in
39 * namecache records. Namecache records may represent both a positive or
40 * a negative hit. The namespace is locked via the namecache record instead
41 * of via the vnode, and only the leaf namecache record (representing the
42 * filename) needs to be locked.
44 * This greatly improves filesystem parallelism and is a huge simplification
45 * of the API verses the old vnode locking / namei scheme.
47 * Filesystems must actively control the caching aspects of the namecache,
48 * and since namecache pointers are used as handles they are non-optional
49 * even for filesystems which do not generally wish to cache things. It is
50 * intended that a separate cache coherency API will be constructed to handle
54 #include "opt_ktrace.h"
56 #include <sys/param.h>
57 #include <sys/systm.h>
58 #include <sys/kernel.h>
59 #include <sys/vnode.h>
60 #include <sys/mount.h>
61 #include <sys/filedesc.h>
63 #include <sys/namei.h>
64 #include <sys/nlookup.h>
65 #include <sys/malloc.h>
67 #include <vm/vm_zone.h>
70 #include <sys/ktrace.h>
74 * Initialize a nlookup() structure, early error return for copyin faults
75 * or a degenerate empty string (which is not allowed).
78 nlookup_init(struct nlookupdata *nd,
79 const char *path, enum uio_seg seg, int flags)
90 * note: the pathlen set by copy*str() includes the terminating \0.
92 bzero(nd, sizeof(struct nlookupdata));
93 nd->nl_path = zalloc(namei_zone);
94 nd->nl_flags |= NLC_HASBUF;
95 if (seg == UIO_SYSSPACE)
96 error = copystr(path, nd->nl_path, MAXPATHLEN, &pathlen);
98 error = copyinstr(path, nd->nl_path, MAXPATHLEN, &pathlen);
101 * Don't allow empty pathnames.
102 * POSIX.1 requirement: "" is not a vaild file name.
104 if (error == 0 && pathlen <= 1)
109 nd->nl_ncp = cache_hold(p->p_fd->fd_ncdir);
110 nd->nl_rootncp = cache_hold(p->p_fd->fd_nrdir);
111 if (p->p_fd->fd_njdir)
112 nd->nl_jailncp = cache_hold(p->p_fd->fd_njdir);
113 nd->nl_cred = crhold(p->p_ucred);
115 nd->nl_ncp = cache_hold(rootncp);
116 nd->nl_rootncp = cache_hold(nd->nl_ncp);
117 nd->nl_jailncp = cache_hold(nd->nl_ncp);
118 nd->nl_cred = crhold(proc0.p_ucred);
121 nd->nl_flags |= flags;
129 * Cleanup a nlookupdata structure after we are through with it. This may
130 * be called on any nlookupdata structure initialized with nlookup_init().
131 * Calling nlookup_done() is mandatory in all cases except where nlookup_init()
132 * returns an error, even if as a consumer you believe you have taken all
133 * dynamic elements out of the nlookupdata structure.
136 nlookup_done(struct nlookupdata *nd)
139 if (nd->nl_flags & NLC_NCPISLOCKED) {
140 nd->nl_flags &= ~NLC_NCPISLOCKED;
141 cache_unlock(nd->nl_ncp);
143 cache_drop(nd->nl_ncp);
146 if (nd->nl_rootncp) {
147 cache_drop(nd->nl_rootncp);
148 nd->nl_rootncp = NULL;
150 if (nd->nl_jailncp) {
151 cache_drop(nd->nl_jailncp);
152 nd->nl_jailncp = NULL;
154 if ((nd->nl_flags & NLC_HASBUF) && nd->nl_path) {
155 zfree(namei_zone, nd->nl_path);
166 * Simple all-in-one nlookup. Returns a locked namecache structure or NULL
167 * if an error occured.
169 * Note that the returned ncp is not checked for permissions, though VEXEC
170 * is checked on the directory path leading up to the result. The caller
171 * must call naccess() to check the permissions of the returned leaf.
174 nlookup_simple(const char *str, enum uio_seg seg,
175 int niflags, int *error)
177 struct nlookupdata nd;
178 struct namecache *ncp;
180 *error = nlookup_init(&nd, str, seg, niflags);
182 if ((*error = nlookup(&nd)) == 0) {
183 ncp = nd.nl_ncp; /* keep hold ref from structure */
184 nd.nl_ncp = NULL; /* and NULL out */
196 * Do a generic nlookup. Note that the passed nd is not nlookup_done()'d
197 * on return, even if an error occurs. If no error occurs the returned
198 * nl_ncp is always referenced and locked, otherwise it may or may not be.
200 * Intermediate directory elements, including the current directory, require
201 * execute (search) permission. nlookup does not examine the access
202 * permissions on the returned element.
205 nlookup(struct nlookupdata *nd)
207 struct nlcomponent nlc;
208 struct namecache *ncp;
214 if (KTRPOINT(nd->nl_td, KTR_NAMEI))
215 ktrnamei(nd->nl_td->td_proc->p_tracep, nd->nl_path);
217 bzero(&nlc, sizeof(nlc));
220 * Setup for the loop. The current working namecache element must
221 * be in a refd + unlocked state. This typically the case on entry except
222 * when stringing nlookup()'s along in a chain, since nlookup() always
223 * returns nl_ncp in a locked state.
226 if (nd->nl_flags & NLC_NCPISLOCKED) {
227 nd->nl_flags &= ~NLC_NCPISLOCKED;
228 cache_unlock(nd->nl_ncp);
233 * Loop on the path components. At the top of the loop nd->nl_ncp
234 * is ref'd and unlocked and represents our current position.
238 * Check if the root directory should replace the current
239 * directory. This is done at the start of a translation
240 * or after a symbolic link has been found. In other cases
241 * ptr will never be pointing at a '/'.
246 } while (*ptr == '/');
247 ncp = cache_hold(nd->nl_rootncp);
248 cache_drop(nd->nl_ncp);
251 cache_lock(nd->nl_ncp);
252 nd->nl_flags |= NLC_NCPISLOCKED;
260 * Check directory search permissions
262 if ((error = naccess(nd->nl_ncp, VEXEC, nd->nl_cred)) != 0)
266 * Extract the path component
268 nlc.nlc_nameptr = ptr;
269 while (*ptr && *ptr != '/')
271 nlc.nlc_namelen = ptr - nlc.nlc_nameptr;
274 * Lookup the path component in the cache, creating an unresolved
275 * entry if necessary. We have to handle "." and ".." as special
278 * When handling ".." we have to detect a traversal back through a
279 * mount point and skip the mount-under node. If we are at the root
280 * ".." just returns the root.
282 * This subsection returns a locked, refd 'ncp'.
284 if (nlc.nlc_namelen == 1 && nlc.nlc_nameptr[0] == '.') {
285 ncp = cache_get(nd->nl_ncp);
286 } else if (nlc.nlc_namelen == 2 &&
287 nlc.nlc_nameptr[0] == '.' && nlc.nlc_nameptr[1] == '.') {
289 if (ncp == nd->nl_rootncp) {
290 ncp = cache_get(ncp);
292 while ((ncp->nc_flag & NCF_MOUNTPT) && ncp != nd->nl_rootncp) {
293 /* ignore NCF_REVALPARENT on a mount point */
294 ncp = ncp->nc_parent; /* get to underlying node */
295 KKASSERT(ncp != NULL && 1);
297 if (ncp->nc_flag & NCF_REVALPARENT) {
298 printf("[diagnostic] nlookup can't .. past a renamed directory: %*.*s\n", ncp->nc_nlen, ncp->nc_nlen, ncp->nc_name);
302 if (ncp != nd->nl_rootncp)
303 ncp = ncp->nc_parent;
304 KKASSERT(ncp != NULL && 2);
305 ncp = cache_get(ncp);
308 ncp = cache_nlookup(nd->nl_ncp, &nlc);
309 while ((error = cache_resolve(ncp, nd->nl_cred)) == EAGAIN) {
310 printf("[diagnostic] nlookup: relookup %*.*s\n",
311 ncp->nc_nlen, ncp->nc_nlen, ncp->nc_name);
313 ncp = cache_nlookup(nd->nl_ncp, &nlc);
317 * [end of subsection] ncp is locked and ref'd. nd->nl_ncp is ref'd
321 * Resolve the namespace if necessary. The ncp returned by
322 * cache_nlookup() is referenced and locked.
324 * XXX neither '.' nor '..' should return EAGAIN since they were
325 * previously resolved and thus cannot be newly created ncp's.
327 if (ncp->nc_flag & NCF_UNRESOLVED) {
328 error = cache_resolve(ncp, nd->nl_cred);
329 KKASSERT(error != EAGAIN);
331 error = ncp->nc_error;
343 * If the element is a symlink and it is either not the last
344 * element or it is the last element and we are allowed to
345 * follow symlinks, resolve the symlink.
347 if ((ncp->nc_flag & NCF_ISSYMLINK) &&
348 (*ptr || (nd->nl_flags & NLC_FOLLOW))
350 if (nd->nl_loopcnt++ >= MAXSYMLINKS) {
355 error = nreadsymlink(nd, ncp, &nlc);
361 * Concatenate trailing path elements onto the returned symlink.
362 * Note that if the path component (ptr) is not exhausted, it
363 * will being with a '/', so we do not have to add another one.
365 * The symlink may not be empty.
368 if (nlc.nlc_namelen == 0 || nlc.nlc_namelen + len >= MAXPATHLEN) {
369 error = nlc.nlc_namelen ? ENAMETOOLONG : ENOENT;
370 zfree(namei_zone, nlc.nlc_nameptr);
373 bcopy(ptr, nlc.nlc_nameptr + nlc.nlc_namelen, len + 1);
374 if (nd->nl_flags & NLC_HASBUF)
375 zfree(namei_zone, nd->nl_path);
376 nd->nl_path = nlc.nlc_nameptr;
377 nd->nl_flags |= NLC_HASBUF;
381 * Go back up to the top to resolve any initial '/'s in the
388 * If the element is a directory and we are crossing a mount point,
389 * retrieve the root of the mounted filesystem from mnt_ncp and
390 * resolve it if necessary.
392 * XXX mnt_ncp should really be resolved in the mount code.
393 * NOTE! the normal nresolve() code cannot resolve mount point ncp's!
397 while ((ncp->nc_flag & NCF_ISDIR) && ncp->nc_vp->v_mountedhere &&
398 (nd->nl_flags & NLC_NOCROSSMOUNT) == 0
403 mp = ncp->nc_vp->v_mountedhere;
405 ncp = cache_get(mp->mnt_ncp);
407 if (ncp->nc_flag & NCF_UNRESOLVED) {
408 while (vfs_busy(mp, 0, NULL, nd->nl_td))
410 error = VFS_ROOT(mp, &tdp);
411 vfs_unbusy(mp, nd->nl_td);
414 cache_setvp(ncp, tdp);
424 * Skip any slashes to get to the next element. If there
425 * are any slashes at all the current element must be a
426 * directory. If it isn't we break without incrementing
427 * ptr and fall through to the failure case below.
429 while (*ptr == '/') {
430 if ((ncp->nc_flag & NCF_ISDIR) == 0)
436 * Continuation case: additional elements and the current
437 * element is a directory.
439 if (*ptr && (ncp->nc_flag & NCF_ISDIR)) {
440 cache_drop(nd->nl_ncp);
447 * Failure case: additional elements and the current element
457 * XXX vnode canvmio (test in mmap(), read(), and write())
461 * Termination: no more elements.
463 cache_drop(nd->nl_ncp);
465 nd->nl_flags |= NLC_NCPISLOCKED;
473 * Resolve a mount point's glue ncp. This ncp connects creates the illusion
474 * of continuity in the namecache tree by connecting the ncp related to the
475 * vnode under the mount to the ncp related to the mount's root vnode.
477 * If no error occured a locked, ref'd ncp is stored in *ncpp.
480 nlookup_mp(struct mount *mp, struct namecache **ncpp)
482 struct namecache *ncp;
489 if (ncp->nc_flag & NCF_UNRESOLVED) {
490 while (vfs_busy(mp, 0, NULL, curthread))
492 error = VFS_ROOT(mp, &vp);
493 vfs_unbusy(mp, curthread);
498 cache_setvp(ncp, vp);
507 * Read the contents of a symlink, allocate a path buffer out of the
508 * namei_zone and initialize the supplied nlcomponent with the result.
510 * If an error occurs no buffer will be allocated or returned in the nlc.
513 nreadsymlink(struct nlookupdata *nd, struct namecache *ncp,
514 struct nlcomponent *nlc)
523 nlc->nlc_nameptr = NULL;
524 nlc->nlc_namelen = 0;
525 if (ncp->nc_vp == NULL)
527 if ((error = cache_vget(ncp, nd->nl_cred, LK_SHARED, &vp)) != 0)
529 cp = zalloc(namei_zone);
531 aiov.iov_len = MAXPATHLEN;
532 auio.uio_iov = &aiov;
535 auio.uio_rw = UIO_READ;
536 auio.uio_segflg = UIO_SYSSPACE;
537 auio.uio_td = nd->nl_td;
538 auio.uio_resid = MAXPATHLEN - 1;
539 error = VOP_READLINK(vp, &auio, nd->nl_cred);
542 linklen = MAXPATHLEN - 1 - auio.uio_resid;
544 linklen = varsymreplace(cp, linklen, MAXPATHLEN - 1);
546 error = ENAMETOOLONG;
551 nlc->nlc_nameptr = cp;
552 nlc->nlc_namelen = linklen;
556 zfree(namei_zone, cp);
562 * Check access [XXX cache vattr!] [XXX quota]
564 * Generally check the V* access bits from sys/vnode.h. All specified bits
565 * must pass for this function to return 0.
567 * If VCREATE is specified and the target ncp represents a non-existant
568 * file or dir, or if VDELETE is specified and the target exists, the parent
569 * directory is checked for VWRITE. If VEXCL is specified and the target
570 * ncp represents a positive hit, an error is returned.
572 * If VCREATE is not specified and the target does not exist (negative hit),
573 * ENOENT is returned. Note that nlookup() does not (and should not) return
574 * ENOENT for non-existant leafs.
576 * The passed ncp may or may not be locked. The caller should use a
577 * locked ncp on leaf lookups, especially for VCREATE, VDELETE, and VEXCL
581 naccess(struct namecache *ncp, int vmode, struct ucred *cred)
583 struct namecache *par;
588 if (ncp->nc_flag & NCF_UNRESOLVED) {
590 cache_resolve(ncp, cred);
593 error = ncp->nc_error;
594 if (vmode & (VDELETE|VCREATE|VEXCL)) {
595 if (((vmode & VCREATE) && ncp->nc_vp == NULL) ||
596 ((vmode & VDELETE) && ncp->nc_vp != NULL)
598 if ((par = ncp->nc_parent) == NULL) {
603 error = naccess(par, VWRITE, cred);
607 if ((vmode & VEXCL) && ncp->nc_vp != NULL)
611 error = cache_vget(ncp, cred, LK_SHARED, &vp);
612 if (error == ENOENT) {
615 } else if (error == 0) {
616 /* XXX cache the va in the namecache or in the vnode */
617 if ((error = VOP_GETATTR(vp, &va, curthread)) == 0) {
618 if ((vmode & VWRITE) && vp->v_mount) {
619 if (vp->v_mount->mnt_flag & MNT_RDONLY)
625 error = naccess_va(&va, vmode, cred);
632 * Check the requested access against the given vattr using cred.
635 naccess_va(struct vattr *va, int vmode, struct ucred *cred)
640 * Test the immutable bit for files, directories, and softlinks.
642 if (vmode & (VWRITE|VDELETE)) {
643 if (va->va_type == VDIR || va->va_type == VLNK || va->va_type == VREG) {
644 if (va->va_flags & IMMUTABLE)
650 * root gets universal access
652 if (cred->cr_uid == 0)
656 * Check owner perms, group perms, and world perms
659 if (cred->cr_uid == va->va_uid) {
660 if ((vmode & va->va_mode) != vmode)
666 for (i = 0; i < cred->cr_ngroups; ++i) {
667 if (va->va_gid == cred->cr_groups[i]) {
668 if ((vmode & va->va_mode) != vmode)
675 if ((vmode & va->va_mode) != vmode)
projects / dragonfly.git / blob