Kernel - fix access checks
[dragonfly.git] / sys / vfs / gnu / ext2fs / ext2_lookup.c
CommitLineData
984263bc
MD
1/*
2 * modified for Lites 1.1
3 *
4 * Aug 1995, Godmar Back (gback@cs.utah.edu)
5 * University of Utah, Department of Computer Science
6 *
7 * $FreeBSD: src/sys/gnu/ext2fs/ext2_lookup.c,v 1.21.2.3 2002/11/17 02:02:42 bde Exp $
84009d92 8 * $DragonFly: src/sys/vfs/gnu/ext2fs/ext2_lookup.c,v 1.27 2007/11/20 21:03:50 dillon Exp $
984263bc
MD
9 */
10/*
11 * Copyright (c) 1989, 1993
12 * The Regents of the University of California. All rights reserved.
13 * (c) UNIX System Laboratories, Inc.
14 * All or some portions of this file are derived from material licensed
15 * to the University of California by American Telephone and Telegraph
16 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
17 * the permission of UNIX System Laboratories, Inc.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 * 3. All advertising materials mentioning features or use of this software
28 * must display the following acknowledgement:
29 * This product includes software developed by the University of
30 * California, Berkeley and its contributors.
31 * 4. Neither the name of the University nor the names of its contributors
32 * may be used to endorse or promote products derived from this software
33 * without specific prior written permission.
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
36 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
38 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
39 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
40 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
41 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
42 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
43 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
44 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
45 * SUCH DAMAGE.
46 *
47 * @(#)ufs_lookup.c 8.6 (Berkeley) 4/1/94
48 */
49
50#include <sys/param.h>
51#include <sys/systm.h>
52#include <sys/namei.h>
53#include <sys/buf.h>
54#include <sys/mount.h>
55#include <sys/vnode.h>
56#include <sys/malloc.h>
57#include <sys/dirent.h>
58
1f1db49f
MD
59#include "quota.h"
60#include "inode.h"
61#include "dir.h"
62#include "ext2mount.h"
1f2de5d4
MD
63#include "ext2_extern.h"
64#include "ext2_fs.h"
65#include "ext2_fs_sb.h"
984263bc
MD
66
67/*
68 DIRBLKSIZE in ffs is DEV_BSIZE (in most cases 512)
69 while it is the native blocksize in ext2fs - thus, a #define
70 is no longer appropriate
71*/
72#undef DIRBLKSIZ
73
74extern int dirchk;
75
76static u_char ext2_ft_to_dt[] = {
77 DT_UNKNOWN, /* EXT2_FT_UNKNOWN */
78 DT_REG, /* EXT2_FT_REG_FILE */
79 DT_DIR, /* EXT2_FT_DIR */
80 DT_CHR, /* EXT2_FT_CHRDEV */
81 DT_BLK, /* EXT2_FT_BLKDEV */
82 DT_FIFO, /* EXT2_FT_FIFO */
83 DT_SOCK, /* EXT2_FT_SOCK */
84 DT_LNK, /* EXT2_FT_SYMLINK */
85};
86#define FTTODT(ft) \
87 ((ft) > sizeof(ext2_ft_to_dt) / sizeof(ext2_ft_to_dt[0]) ? \
88 DT_UNKNOWN : ext2_ft_to_dt[(ft)])
89
90static u_char dt_to_ext2_ft[] = {
91 EXT2_FT_UNKNOWN, /* DT_UNKNOWN */
92 EXT2_FT_FIFO, /* DT_FIFO */
93 EXT2_FT_CHRDEV, /* DT_CHR */
94 EXT2_FT_UNKNOWN, /* unused */
95 EXT2_FT_DIR, /* DT_DIR */
96 EXT2_FT_UNKNOWN, /* unused */
97 EXT2_FT_BLKDEV, /* DT_BLK */
98 EXT2_FT_UNKNOWN, /* unused */
99 EXT2_FT_REG_FILE, /* DT_REG */
100 EXT2_FT_UNKNOWN, /* unused */
101 EXT2_FT_SYMLINK, /* DT_LNK */
102 EXT2_FT_UNKNOWN, /* unused */
103 EXT2_FT_SOCK, /* DT_SOCK */
104 EXT2_FT_UNKNOWN, /* unused */
105 EXT2_FT_UNKNOWN, /* DT_WHT */
106};
107#define DTTOFT(dt) \
108 ((dt) > sizeof(dt_to_ext2_ft) / sizeof(dt_to_ext2_ft[0]) ? \
109 EXT2_FT_UNKNOWN : dt_to_ext2_ft[(dt)])
110
a6ee311a 111static int ext2_dirbadentry (struct vnode *dp,
984263bc 112 struct ext2_dir_entry_2 *de,
a6ee311a 113 int entryoffsetinblock);
984263bc
MD
114
115/*
116 * Vnode op for reading directories.
117 *
118 * The routine below assumes that the on-disk format of a directory
119 * is the same as that defined by <sys/dirent.h>. If the on-disk
120 * format changes, then it will be necessary to do a conversion
121 * from the on-disk format that read returns to the format defined
122 * by <sys/dirent.h>.
123 */
124/*
125 * this is exactly what we do here - the problem is that the conversion
126 * will blow up some entries by four bytes, so it can't be done in place.
127 * This is too bad. Right now the conversion is done entry by entry, the
128 * converted entry is sent via uiomove.
129 *
130 * XXX allocate a buffer, convert as many entries as possible, then send
131 * the whole buffer to uiomove
0f7f7a49
CP
132 *
133 * ext2_readdir(struct vnode *a_vp, struct uio *a_uio, struct ucred *a_cred)
984263bc
MD
134 */
135int
0f7f7a49 136ext2_readdir(struct vop_readdir_args *ap)
984263bc 137{
f7aae92f 138 struct uio *uio = ap->a_uio;
984263bc 139 int count, error;
984263bc
MD
140 struct ext2_dir_entry_2 *edp, *dp;
141 int ncookies;
984263bc
MD
142 struct uio auio;
143 struct iovec aiov;
144 caddr_t dirbuf;
145 int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->s_blocksize;
a1435edc 146 int readcnt, retval;
984263bc
MD
147 off_t startoffset = uio->uio_offset;
148
885ecb13
MD
149 if ((error = vn_lock(ap->a_vp, LK_EXCLUSIVE | LK_RETRY)) != 0)
150 return(error);
151
984263bc
MD
152 count = uio->uio_resid;
153 /*
154 * Avoid complications for partial directory entries by adjusting
155 * the i/o to end at a block boundary. Don't give up (like ufs
156 * does) if the initial adjustment gives a negative count, since
157 * many callers don't supply a large enough buffer. The correct
158 * size is a little larger than DIRBLKSIZ to allow for expansion
159 * of directory entries, but some callers just use 512.
160 */
161 count -= (uio->uio_offset + count) & (DIRBLKSIZ -1);
162 if (count <= 0)
163 count += DIRBLKSIZ;
fb0466c9
MD
164 if (count > MAXBSIZE) /* limit to a reasonable size */
165 count = MAXBSIZE;
984263bc
MD
166
167#ifdef EXT2FS_DEBUG
086c1d7e 168 kprintf("ext2_readdir: uio_offset = %lld, uio_resid = %d, count = %d\n",
984263bc
MD
169 uio->uio_offset, uio->uio_resid, count);
170#endif
171
172 auio = *uio;
173 auio.uio_iov = &aiov;
174 auio.uio_iovcnt = 1;
175 auio.uio_resid = count;
176 auio.uio_segflg = UIO_SYSSPACE;
177 aiov.iov_len = count;
178 MALLOC(dirbuf, caddr_t, count, M_TEMP, M_WAITOK);
179 aiov.iov_base = dirbuf;
180 error = VOP_READ(ap->a_vp, &auio, 0, ap->a_cred);
181 if (error == 0) {
182 readcnt = count - auio.uio_resid;
183 edp = (struct ext2_dir_entry_2 *)&dirbuf[readcnt];
184 ncookies = 0;
984263bc
MD
185 for (dp = (struct ext2_dir_entry_2 *)dirbuf;
186 !error && uio->uio_resid > 0 && dp < edp; ) {
187 /*-
188 * "New" ext2fs directory entries differ in 3 ways
189 * from ufs on-disk ones:
190 * - the name is not necessarily NUL-terminated.
191 * - the file type field always exists and always
192 * follows the name length field.
193 * - the file type is encoded in a different way.
194 *
195 * "Old" ext2fs directory entries need no special
196 * conversions, since they binary compatible with
197 * "new" entries having a file type of 0 (i.e.,
198 * EXT2_FT_UNKNOWN). Splitting the old name length
199 * field didn't make a mess like it did in ufs,
200 * because ext2fs uses a machine-dependent disk
201 * layout.
202 */
a1435edc 203 if (dp->rec_len <= 0) {
984263bc
MD
204 error = EIO;
205 break;
206 }
a1435edc
JS
207 retval = vop_write_dirent(&error, uio, dp->inode,
208 FTTODT(dp->file_type), dp->name_len, dp->name);
209
210 if (retval)
211 break;
212 /* advance dp */
213 dp = (struct ext2_dir_entry_2 *)((char *)dp + dp->rec_len);
214 if (!error)
215 ncookies++;
984263bc
MD
216 }
217 /* we need to correct uio_offset */
218 uio->uio_offset = startoffset + (caddr_t)dp - dirbuf;
219
220 if (!error && ap->a_ncookies != NULL) {
84009d92 221 off_t *cookiep, *cookies, *ecookies;
984263bc
MD
222 off_t off;
223
224 if (uio->uio_segflg != UIO_SYSSPACE || uio->uio_iovcnt != 1)
225 panic("ext2fs_readdir: unexpected uio from NFS server");
fb0466c9 226 if (ncookies) {
84009d92
MD
227 MALLOC(cookies, off_t *,
228 ncookies * sizeof(off_t),
fb0466c9
MD
229 M_TEMP, M_WAITOK);
230 } else {
84009d92
MD
231 MALLOC(cookies, off_t *,
232 sizeof(off_t), M_TEMP, M_WAITOK);
fb0466c9 233 }
984263bc
MD
234 off = startoffset;
235 for (dp = (struct ext2_dir_entry_2 *)dirbuf,
236 cookiep = cookies, ecookies = cookies + ncookies;
237 cookiep < ecookies;
238 dp = (struct ext2_dir_entry_2 *)((caddr_t) dp + dp->rec_len)) {
239 off += dp->rec_len;
84009d92 240 *cookiep++ = off;
984263bc
MD
241 }
242 *ap->a_ncookies = ncookies;
243 *ap->a_cookies = cookies;
244 }
245 }
246 FREE(dirbuf, M_TEMP);
247 if (ap->a_eofflag)
248 *ap->a_eofflag = VTOI(ap->a_vp)->i_size <= uio->uio_offset;
885ecb13 249 vn_unlock(ap->a_vp);
984263bc
MD
250 return (error);
251}
252
253/*
254 * Convert a component of a pathname into a pointer to a locked inode.
255 * This is a very central and rather complicated routine.
256 * If the file system is not maintained in a strict tree hierarchy,
257 * this can result in a deadlock situation (see comments in code below).
258 *
259 * The cnp->cn_nameiop argument is LOOKUP, CREATE, RENAME, or DELETE depending
260 * on whether the name is to be looked up, created, renamed, or deleted.
261 * When CREATE, RENAME, or DELETE is specified, information usable in
262 * creating, renaming, or deleting a directory entry may be calculated.
263 * If flag has LOCKPARENT or'ed into it and the target of the pathname
264 * exists, lookup returns both the target and its parent directory locked.
265 * When creating or renaming and LOCKPARENT is specified, the target may
266 * not be ".". When deleting and LOCKPARENT is specified, the target may
267 * be "."., but the caller must check to ensure it does an vrele and vput
268 * instead of two vputs.
269 *
270 * Overall outline of ufs_lookup:
271 *
272 * search for name in directory, to found or notfound
273 * notfound:
274 * if creating, return locked directory, leaving info on available slots
275 * else return error
276 * found:
277 * if at end of path and deleting, return information to allow delete
278 * if at end of path and rewriting (RENAME and LOCKPARENT), lock target
279 * inode and return info to allow rewrite
280 * if not at end, add name to cache; if at end and neither creating
281 * nor deleting, add name to cache
0f7f7a49
CP
282 *
283 * ext2_lookup(struct vnode *a_dvp, struct vnode **a_vpp,
284 * struct componentname *a_cnp)
984263bc
MD
285 */
286int
e62afb5f 287ext2_lookup(struct vop_old_lookup_args *ap)
984263bc 288{
f7aae92f
RG
289 struct vnode *vdp; /* vnode for directory being searched */
290 struct inode *dp; /* inode for directory being searched */
984263bc 291 struct buf *bp; /* a buffer of directory entries */
f7aae92f 292 struct ext2_dir_entry_2 *ep; /* the current directory entry */
984263bc
MD
293 int entryoffsetinblock; /* offset of ep in bp's buffer */
294 enum {NONE, COMPACT, FOUND} slotstatus;
295 doff_t slotoffset; /* offset of area with free space */
296 int slotsize; /* size of area at slotoffset */
297 int slotfreespace; /* amount of space free in slot */
298 int slotneeded; /* size of the entry we're seeking */
299 int numdirpasses; /* strategy for directory search */
300 doff_t endsearch; /* offset to end directory search */
301 doff_t prevoff; /* prev entry dp->i_offset */
302 struct vnode *pdp; /* saved dp during symlink work */
303 struct vnode *tdp; /* returned by VFS_VGET */
304 doff_t enduseful; /* pointer past last used dir slot */
305 u_long bmask; /* block offset mask */
306 int lockparent; /* 1 => lockparent flag is set */
307 int wantparent; /* 1 => wantparent or lockparent flag */
308 int namlen, error;
309 struct vnode **vpp = ap->a_vpp;
310 struct componentname *cnp = ap->a_cnp;
311 struct ucred *cred = cnp->cn_cred;
312 int flags = cnp->cn_flags;
313 int nameiop = cnp->cn_nameiop;
24e51f36 314 globaldata_t gd = mycpu;
984263bc
MD
315
316 int DIRBLKSIZ = VTOI(ap->a_dvp)->i_e2fs->s_blocksize;
317
318 bp = NULL;
319 slotoffset = -1;
320 *vpp = NULL;
321 vdp = ap->a_dvp;
322 dp = VTOI(vdp);
2b69e610
MD
323 lockparent = flags & CNP_LOCKPARENT;
324 wantparent = flags & (CNP_LOCKPARENT|CNP_WANTPARENT);
984263bc
MD
325
326 /*
327 * We now have a segment name to search for, and a directory to search.
328 */
329
330 /*
331 * Suppress search for slots unless creating
332 * file and at end of pathname, in which case
333 * we watch for a place to put the new file in
334 * case it doesn't already exist.
335 */
336 slotstatus = FOUND;
337 slotfreespace = slotsize = slotneeded = 0;
fad57d0e 338 if (nameiop == NAMEI_CREATE || nameiop == NAMEI_RENAME) {
984263bc
MD
339 slotstatus = NONE;
340 slotneeded = EXT2_DIR_REC_LEN(cnp->cn_namelen);
341 /* was
342 slotneeded = (sizeof(struct direct) - MAXNAMLEN +
343 cnp->cn_namelen + 3) &~ 3; */
344 }
345
346 /*
347 * If there is cached information on a previous search of
348 * this directory, pick up where we last left off.
349 * We cache only lookups as these are the most common
350 * and have the greatest payoff. Caching CREATE has little
351 * benefit as it usually must search the entire directory
352 * to determine that the entry does not exist. Caching the
353 * location of the last DELETE or RENAME has not reduced
354 * profiling time and hence has been removed in the interest
355 * of simplicity.
356 */
1f1db49f 357 bmask = VFSTOEXT2(vdp->v_mount)->um_mountp->mnt_stat.f_iosize - 1;
2b69e610 358 if (nameiop != NAMEI_LOOKUP || dp->i_diroff == 0 ||
984263bc
MD
359 dp->i_diroff > dp->i_size) {
360 entryoffsetinblock = 0;
361 dp->i_offset = 0;
362 numdirpasses = 1;
363 } else {
364 dp->i_offset = dp->i_diroff;
365 if ((entryoffsetinblock = dp->i_offset & bmask) &&
1f1db49f 366 (error = EXT2_BLKATOFF(vdp, (off_t)dp->i_offset, NULL, &bp)))
984263bc
MD
367 return (error);
368 numdirpasses = 2;
a0c73177 369 gd->gd_nchstats->ncs_2passes++;
984263bc
MD
370 }
371 prevoff = dp->i_offset;
372 endsearch = roundup(dp->i_size, DIRBLKSIZ);
373 enduseful = 0;
374
375searchloop:
376 while (dp->i_offset < endsearch) {
377 /*
378 * If necessary, get the next directory block.
379 */
380 if ((dp->i_offset & bmask) == 0) {
381 if (bp != NULL)
382 brelse(bp);
383 if ((error =
1f1db49f 384 EXT2_BLKATOFF(vdp, (off_t)dp->i_offset, NULL, &bp)) != 0)
984263bc
MD
385 return (error);
386 entryoffsetinblock = 0;
387 }
388 /*
389 * If still looking for a slot, and at a DIRBLKSIZE
390 * boundary, have to start looking for free space again.
391 */
392 if (slotstatus == NONE &&
393 (entryoffsetinblock & (DIRBLKSIZ - 1)) == 0) {
394 slotoffset = -1;
395 slotfreespace = 0;
396 }
397 /*
398 * Get pointer to next entry.
399 * Full validation checks are slow, so we only check
400 * enough to insure forward progress through the
401 * directory. Complete checks can be run by patching
402 * "dirchk" to be true.
403 */
404 ep = (struct ext2_dir_entry_2 *)
405 ((char *)bp->b_data + entryoffsetinblock);
406 if (ep->rec_len == 0 ||
407 (dirchk && ext2_dirbadentry(vdp, ep, entryoffsetinblock))) {
408 int i;
1f1db49f 409 ext2_dirbad(dp, dp->i_offset, "mangled entry");
984263bc
MD
410 i = DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1));
411 dp->i_offset += i;
412 entryoffsetinblock += i;
413 continue;
414 }
415
416 /*
417 * If an appropriate sized slot has not yet been found,
418 * check to see if one is available. Also accumulate space
419 * in the current block so that we can determine if
420 * compaction is viable.
421 */
422 if (slotstatus != FOUND) {
423 int size = ep->rec_len;
424
425 if (ep->inode != 0)
426 size -= EXT2_DIR_REC_LEN(ep->name_len);
427 if (size > 0) {
428 if (size >= slotneeded) {
429 slotstatus = FOUND;
430 slotoffset = dp->i_offset;
431 slotsize = ep->rec_len;
432 } else if (slotstatus == NONE) {
433 slotfreespace += size;
434 if (slotoffset == -1)
435 slotoffset = dp->i_offset;
436 if (slotfreespace >= slotneeded) {
437 slotstatus = COMPACT;
438 slotsize = dp->i_offset +
439 ep->rec_len - slotoffset;
440 }
441 }
442 }
443 }
444
445 /*
446 * Check for a name match.
447 */
448 if (ep->inode) {
449 namlen = ep->name_len;
450 if (namlen == cnp->cn_namelen &&
451 !bcmp(cnp->cn_nameptr, ep->name,
452 (unsigned)namlen)) {
453 /*
454 * Save directory entry's inode number and
455 * reclen in ndp->ni_ufs area, and release
456 * directory buffer.
457 */
458 dp->i_ino = ep->inode;
459 dp->i_reclen = ep->rec_len;
460 goto found;
461 }
462 }
463 prevoff = dp->i_offset;
464 dp->i_offset += ep->rec_len;
465 entryoffsetinblock += ep->rec_len;
466 if (ep->inode)
467 enduseful = dp->i_offset;
468 }
469/* notfound: */
470 /*
471 * If we started in the middle of the directory and failed
472 * to find our target, we must check the beginning as well.
473 */
474 if (numdirpasses == 2) {
475 numdirpasses--;
476 dp->i_offset = 0;
477 endsearch = dp->i_diroff;
478 goto searchloop;
479 }
480 if (bp != NULL)
481 brelse(bp);
482 /*
483 * If creating, and at end of pathname and current
484 * directory has not been removed, then can consider
485 * allowing file to be created.
486 */
2b69e610 487 if ((nameiop == NAMEI_CREATE || nameiop == NAMEI_RENAME) &&
fad57d0e 488 dp->i_nlink != 0) {
984263bc
MD
489 /*
490 * Access for write is interpreted as allowing
491 * creation of files in the directory.
492 */
cb66845a 493 if ((error = VOP_EACCESS(vdp, VWRITE, cred)) != 0)
984263bc
MD
494 return (error);
495 /*
496 * Return an indication of where the new directory
497 * entry should be put. If we didn't find a slot,
498 * then set dp->i_count to 0 indicating
499 * that the new slot belongs at the end of the
500 * directory. If we found a slot, then the new entry
501 * can be put in the range from dp->i_offset to
502 * dp->i_offset + dp->i_count.
503 */
504 if (slotstatus == NONE) {
505 dp->i_offset = roundup(dp->i_size, DIRBLKSIZ);
506 dp->i_count = 0;
507 enduseful = dp->i_offset;
508 } else {
509 dp->i_offset = slotoffset;
510 dp->i_count = slotsize;
511 if (enduseful < slotoffset + slotsize)
512 enduseful = slotoffset + slotsize;
513 }
514 dp->i_endoff = roundup(enduseful, DIRBLKSIZ);
515 dp->i_flag |= IN_CHANGE | IN_UPDATE;
516 /*
517 * We return with the directory locked, so that
518 * the parameters we set up above will still be
519 * valid if we actually decide to do a direnter().
520 * We return ni_vp == NULL to indicate that the entry
521 * does not currently exist; we leave a pointer to
522 * the (locked) directory inode in ndp->ni_dvp.
523 * The pathname buffer is saved so that the name
524 * can be obtained later.
525 *
526 * NB - if the directory is unlocked, then this
527 * information cannot be used.
528 */
984263bc 529 if (!lockparent)
a11aaa81 530 vn_unlock(vdp);
984263bc
MD
531 return (EJUSTRETURN);
532 }
984263bc
MD
533 return (ENOENT);
534
535found:
536 if (numdirpasses == 2)
a0c73177 537 gd->gd_nchstats->ncs_pass2++;
984263bc
MD
538 /*
539 * Check that directory length properly reflects presence
540 * of this entry.
541 */
542 if (entryoffsetinblock + EXT2_DIR_REC_LEN(ep->name_len)
543 > dp->i_size) {
1f1db49f 544 ext2_dirbad(dp, dp->i_offset, "i_size too small");
984263bc
MD
545 dp->i_size = entryoffsetinblock+EXT2_DIR_REC_LEN(ep->name_len);
546 dp->i_flag |= IN_CHANGE | IN_UPDATE;
547 }
548 brelse(bp);
549
550 /*
551 * Found component in pathname.
552 * If the final component of path name, save information
553 * in the cache as to where the entry was found.
554 */
fad57d0e 555 if (nameiop == NAMEI_LOOKUP)
984263bc
MD
556 dp->i_diroff = dp->i_offset &~ (DIRBLKSIZ - 1);
557
558 /*
559 * If deleting, and at end of pathname, return
560 * parameters which can be used to remove file.
561 * If the wantparent flag isn't set, we return only
562 * the directory (in ndp->ni_dvp), otherwise we go
563 * on and lock the inode, being careful with ".".
564 */
fad57d0e 565 if (nameiop == NAMEI_DELETE) {
984263bc
MD
566 /*
567 * Write access to directory required to delete files.
568 */
cb66845a 569 if ((error = VOP_EACCESS(vdp, VWRITE, cred)) != 0)
984263bc
MD
570 return (error);
571 /*
572 * Return pointer to current entry in dp->i_offset,
573 * and distance past previous entry (if there
574 * is a previous entry in this block) in dp->i_count.
575 * Save directory inode pointer in ndp->ni_dvp for dirremove().
576 */
577 if ((dp->i_offset & (DIRBLKSIZ - 1)) == 0)
578 dp->i_count = 0;
579 else
580 dp->i_count = dp->i_offset - prevoff;
581 if (dp->i_number == dp->i_ino) {
597aea93 582 vref(vdp);
984263bc
MD
583 *vpp = vdp;
584 return (0);
585 }
b9b0a6d0 586 if ((error = VFS_VGET(vdp->v_mount, NULL, dp->i_ino, &tdp)) != 0)
984263bc
MD
587 return (error);
588 /*
589 * If directory is "sticky", then user must own
590 * the directory, or the file in it, else she
591 * may not delete it (unless she's root). This
592 * implements append-only directories.
593 */
594 if ((dp->i_mode & ISVTX) &&
595 cred->cr_uid != 0 &&
596 cred->cr_uid != dp->i_uid &&
597 VTOI(tdp)->i_uid != cred->cr_uid) {
598 vput(tdp);
599 return (EPERM);
600 }
601 *vpp = tdp;
602 if (!lockparent)
a11aaa81 603 vn_unlock(vdp);
984263bc
MD
604 return (0);
605 }
606
607 /*
608 * If rewriting (RENAME), return the inode and the
609 * information required to rewrite the present directory
610 * Must get inode of directory entry to verify it's a
611 * regular file, or empty directory.
612 */
fad57d0e 613 if (nameiop == NAMEI_RENAME && wantparent) {
cb66845a 614 if ((error = VOP_EACCESS(vdp, VWRITE, cred)) != 0)
984263bc
MD
615 return (error);
616 /*
617 * Careful about locking second inode.
618 * This can only occur if the target is ".".
619 */
620 if (dp->i_number == dp->i_ino)
621 return (EISDIR);
b9b0a6d0 622 if ((error = VFS_VGET(vdp->v_mount, NULL, dp->i_ino, &tdp)) != 0)
984263bc
MD
623 return (error);
624 *vpp = tdp;
984263bc 625 if (!lockparent)
a11aaa81 626 vn_unlock(vdp);
984263bc
MD
627 return (0);
628 }
629
630 /*
631 * Step through the translation in the name. We do not `vput' the
632 * directory because we may need it again if a symbolic link
633 * is relative to the current directory. Instead we save it
634 * unlocked as "pdp". We must get the target inode before unlocking
635 * the directory to insure that the inode will not be removed
636 * before we get it. We prevent deadlock by always fetching
637 * inodes from the root, moving down the directory tree. Thus
638 * when following backward pointers ".." we must unlock the
639 * parent directory before getting the requested directory.
640 * There is a potential race condition here if both the current
641 * and parent directories are removed before the VFS_VGET for the
642 * inode associated with ".." returns. We hope that this occurs
643 * infrequently since we cannot avoid this race condition without
644 * implementing a sophisticated deadlock detection algorithm.
645 * Note also that this simple deadlock detection scheme will not
646 * work if the file system has any hard links other than ".."
647 * that point backwards in the directory structure.
648 */
649 pdp = vdp;
2b69e610 650 if (flags & CNP_ISDOTDOT) {
a11aaa81 651 vn_unlock(pdp); /* race to get the inode */
b9b0a6d0 652 if ((error = VFS_VGET(vdp->v_mount, NULL, dp->i_ino, &tdp)) != 0) {
ca466bae 653 vn_lock(pdp, LK_EXCLUSIVE | LK_RETRY);
984263bc
MD
654 return (error);
655 }
ca466bae 656 if (lockparent && (error = vn_lock(pdp, LK_EXCLUSIVE))) {
984263bc
MD
657 vput(tdp);
658 return (error);
659 }
660 *vpp = tdp;
661 } else if (dp->i_number == dp->i_ino) {
597aea93 662 vref(vdp); /* we want ourself, ie "." */
984263bc
MD
663 *vpp = vdp;
664 } else {
b9b0a6d0 665 if ((error = VFS_VGET(vdp->v_mount, NULL, dp->i_ino, &tdp)) != 0)
984263bc 666 return (error);
fad57d0e 667 if (!lockparent)
a11aaa81 668 vn_unlock(pdp);
984263bc
MD
669 *vpp = tdp;
670 }
984263bc
MD
671 return (0);
672}
673
1f1db49f
MD
674void
675ext2_dirbad(struct inode *ip, doff_t offset, char *how)
676{
677 struct mount *mp;
678
679 mp = ITOV(ip)->v_mount;
086c1d7e 680 kprintf("%s: bad dir ino %lu at offset %ld: %s\n",
1f1db49f
MD
681 mp->mnt_stat.f_mntfromname, (u_long)ip->i_number,
682 (long)offset, how);
683 if ((mp->mnt_flag & MNT_RDONLY) == 0)
684 panic("ufs_dirbad: bad dir");
685}
686
984263bc
MD
687/*
688 * Do consistency checking on a directory entry:
689 * record length must be multiple of 4
690 * entry must fit in rest of its DIRBLKSIZ block
691 * record must be large enough to contain entry
692 * name is not longer than MAXNAMLEN
693 * name must be as long as advertised, and null terminated
694 */
695/*
696 * changed so that it confirms to ext2_check_dir_entry
697 */
698static int
0f7f7a49
CP
699ext2_dirbadentry(struct vnode *dp, struct ext2_dir_entry_2 *de,
700 int entryoffsetinblock)
984263bc
MD
701{
702 int DIRBLKSIZ = VTOI(dp)->i_e2fs->s_blocksize;
703
704 char * error_msg = NULL;
705
706 if (de->rec_len < EXT2_DIR_REC_LEN(1))
707 error_msg = "rec_len is smaller than minimal";
708 else if (de->rec_len % 4 != 0)
709 error_msg = "rec_len % 4 != 0";
710 else if (de->rec_len < EXT2_DIR_REC_LEN(de->name_len))
711 error_msg = "reclen is too small for name_len";
712 else if (entryoffsetinblock + de->rec_len > DIRBLKSIZ)
713 error_msg = "directory entry across blocks";
714 /* else LATER
715 if (de->inode > dir->i_sb->u.ext2_sb.s_es->s_inodes_count)
716 error_msg = "inode out of bounds";
717 */
718
719 if (error_msg != NULL) {
086c1d7e
SW
720 kprintf("bad directory entry: %s\n", error_msg);
721 kprintf("offset=%d, inode=%lu, rec_len=%u, name_len=%u\n",
984263bc
MD
722 entryoffsetinblock, (unsigned long)de->inode,
723 de->rec_len, de->name_len);
724 }
725 return error_msg == NULL ? 0 : 1;
726}
727
728/*
729 * Write a directory entry after a call to namei, using the parameters
fad57d0e
MD
730 * that it left in the directory inode. The argument ip is the inode which
731 * the new directory entry will refer to. Dvp is a pointer to the directory
732 * to be written, which was left locked by namei. Remaining parameters
984263bc
MD
733 * (dp->i_offset, dp->i_count) indicate how the space for the new
734 * entry is to be obtained.
735 */
736int
0f7f7a49 737ext2_direnter(struct inode *ip, struct vnode *dvp, struct componentname *cnp)
984263bc 738{
f7aae92f
RG
739 struct ext2_dir_entry_2 *ep, *nep;
740 struct inode *dp;
984263bc
MD
741 struct buf *bp;
742 struct ext2_dir_entry_2 newdir;
743 struct iovec aiov;
744 struct uio auio;
745 u_int dsize;
746 int error, loc, newentrysize, spacefree;
747 char *dirbuf;
748 int DIRBLKSIZ = ip->i_e2fs->s_blocksize;
749
750
984263bc
MD
751 dp = VTOI(dvp);
752 newdir.inode = ip->i_number;
753 newdir.name_len = cnp->cn_namelen;
754 if (EXT2_HAS_INCOMPAT_FEATURE(ip->i_e2fs->s_es,
755 EXT2_FEATURE_INCOMPAT_FILETYPE))
756 newdir.file_type = DTTOFT(IFTODT(ip->i_mode));
757 else
758 newdir.file_type = EXT2_FT_UNKNOWN;
759 bcopy(cnp->cn_nameptr, newdir.name, (unsigned)cnp->cn_namelen + 1);
760 newentrysize = EXT2_DIR_REC_LEN(newdir.name_len);
761 if (dp->i_count == 0) {
762 /*
763 * If dp->i_count is 0, then namei could find no
764 * space in the directory. Here, dp->i_offset will
765 * be on a directory block boundary and we will write the
766 * new entry into a fresh block.
767 */
768 if (dp->i_offset & (DIRBLKSIZ - 1))
769 panic("ext2_direnter: newblk");
770 auio.uio_offset = dp->i_offset;
771 newdir.rec_len = DIRBLKSIZ;
772 auio.uio_resid = newentrysize;
773 aiov.iov_len = newentrysize;
774 aiov.iov_base = (caddr_t)&newdir;
775 auio.uio_iov = &aiov;
776 auio.uio_iovcnt = 1;
777 auio.uio_rw = UIO_WRITE;
778 auio.uio_segflg = UIO_SYSSPACE;
7b95be2a 779 auio.uio_td = NULL;
984263bc
MD
780 error = VOP_WRITE(dvp, &auio, IO_SYNC, cnp->cn_cred);
781 if (DIRBLKSIZ >
1f1db49f 782 VFSTOEXT2(dvp->v_mount)->um_mountp->mnt_stat.f_bsize)
984263bc
MD
783 /* XXX should grow with balloc() */
784 panic("ext2_direnter: frag size");
785 else if (!error) {
786 dp->i_size = roundup(dp->i_size, DIRBLKSIZ);
787 dp->i_flag |= IN_CHANGE;
788 }
789 return (error);
790 }
791
792 /*
793 * If dp->i_count is non-zero, then namei found space
794 * for the new entry in the range dp->i_offset to
795 * dp->i_offset + dp->i_count in the directory.
796 * To use this space, we may have to compact the entries located
797 * there, by copying them together towards the beginning of the
798 * block, leaving the free space in one usable chunk at the end.
799 */
800
801 /*
802 * Increase size of directory if entry eats into new space.
803 * This should never push the size past a new multiple of
804 * DIRBLKSIZE.
805 *
806 * N.B. - THIS IS AN ARTIFACT OF 4.2 AND SHOULD NEVER HAPPEN.
807 */
808 if (dp->i_offset + dp->i_count > dp->i_size)
809 dp->i_size = dp->i_offset + dp->i_count;
810 /*
811 * Get the block containing the space for the new directory entry.
812 */
1f1db49f 813 if ((error = EXT2_BLKATOFF(dvp, (off_t)dp->i_offset, &dirbuf, &bp)) != 0)
984263bc
MD
814 return (error);
815 /*
816 * Find space for the new entry. In the simple case, the entry at
817 * offset base will have the space. If it does not, then namei
818 * arranged that compacting the region dp->i_offset to
819 * dp->i_offset + dp->i_count would yield the
820 * space.
821 */
822 ep = (struct ext2_dir_entry_2 *)dirbuf;
823 dsize = EXT2_DIR_REC_LEN(ep->name_len);
824 spacefree = ep->rec_len - dsize;
825 for (loc = ep->rec_len; loc < dp->i_count; ) {
826 nep = (struct ext2_dir_entry_2 *)(dirbuf + loc);
827 if (ep->inode) {
828 /* trim the existing slot */
829 ep->rec_len = dsize;
830 ep = (struct ext2_dir_entry_2 *)((char *)ep + dsize);
831 } else {
832 /* overwrite; nothing there; header is ours */
833 spacefree += dsize;
834 }
835 dsize = EXT2_DIR_REC_LEN(nep->name_len);
836 spacefree += nep->rec_len - dsize;
837 loc += nep->rec_len;
838 bcopy((caddr_t)nep, (caddr_t)ep, dsize);
839 }
840 /*
841 * Update the pointer fields in the previous entry (if any),
842 * copy in the new entry, and write out the block.
843 */
844 if (ep->inode == 0) {
845 if (spacefree + dsize < newentrysize)
846 panic("ext2_direnter: compact1");
847 newdir.rec_len = spacefree + dsize;
848 } else {
849 if (spacefree < newentrysize)
850 panic("ext2_direnter: compact2");
851 newdir.rec_len = spacefree;
852 ep->rec_len = dsize;
853 ep = (struct ext2_dir_entry_2 *)((char *)ep + dsize);
854 }
855 bcopy((caddr_t)&newdir, (caddr_t)ep, (u_int)newentrysize);
62cfda27 856 error = bwrite(bp);
984263bc
MD
857 dp->i_flag |= IN_CHANGE | IN_UPDATE;
858 if (!error && dp->i_endoff && dp->i_endoff < dp->i_size)
1f1db49f 859 error = EXT2_TRUNCATE(dvp, (off_t)dp->i_endoff, IO_SYNC,
87de5057 860 cnp->cn_cred);
984263bc
MD
861 return (error);
862}
863
864/*
865 * Remove a directory entry after a call to namei, using
fad57d0e 866 * the parameters which it left in the directory inode. The entry
984263bc
MD
867 * dp->i_offset contains the offset into the directory of the
868 * entry to be eliminated. The dp->i_count field contains the
869 * size of the previous record in the directory. If this
870 * is 0, the first entry is being deleted, so we need only
871 * zero the inode number to mark the entry as free. If the
872 * entry is not the first in the directory, we must reclaim
873 * the space of the now empty record by adding the record size
874 * to the size of the previous entry.
875 */
876int
0f7f7a49 877ext2_dirremove(struct vnode *dvp, struct componentname *cnp)
984263bc 878{
f7aae92f 879 struct inode *dp;
984263bc
MD
880 struct ext2_dir_entry_2 *ep;
881 struct buf *bp;
882 int error;
883
884 dp = VTOI(dvp);
885 if (dp->i_count == 0) {
886 /*
887 * First entry in block: set d_ino to zero.
888 */
889 if ((error =
1f1db49f 890 EXT2_BLKATOFF(dvp, (off_t)dp->i_offset, (char **)&ep, &bp)) != 0)
984263bc
MD
891 return (error);
892 ep->inode = 0;
62cfda27 893 error = bwrite(bp);
984263bc
MD
894 dp->i_flag |= IN_CHANGE | IN_UPDATE;
895 return (error);
896 }
897 /*
898 * Collapse new free space into previous entry.
899 */
1f1db49f 900 if ((error = EXT2_BLKATOFF(dvp, (off_t)(dp->i_offset - dp->i_count),
984263bc
MD
901 (char **)&ep, &bp)) != 0)
902 return (error);
903 ep->rec_len += dp->i_reclen;
62cfda27 904 error = bwrite(bp);
984263bc
MD
905 dp->i_flag |= IN_CHANGE | IN_UPDATE;
906 return (error);
907}
908
909/*
910 * Rewrite an existing directory entry to point at the inode
911 * supplied. The parameters describing the directory entry are
912 * set up by a call to namei.
913 */
914int
0f7f7a49 915ext2_dirrewrite(struct inode *dp, struct inode *ip, struct componentname *cnp)
984263bc
MD
916{
917 struct buf *bp;
918 struct ext2_dir_entry_2 *ep;
919 struct vnode *vdp = ITOV(dp);
920 int error;
921
1f1db49f 922 if ((error = EXT2_BLKATOFF(vdp, (off_t)dp->i_offset, (char **)&ep, &bp)) != 0)
984263bc
MD
923 return (error);
924 ep->inode = ip->i_number;
925 if (EXT2_HAS_INCOMPAT_FEATURE(ip->i_e2fs->s_es,
926 EXT2_FEATURE_INCOMPAT_FILETYPE))
927 ep->file_type = DTTOFT(IFTODT(ip->i_mode));
928 else
929 ep->file_type = EXT2_FT_UNKNOWN;
62cfda27 930 error = bwrite(bp);
984263bc
MD
931 dp->i_flag |= IN_CHANGE | IN_UPDATE;
932 return (error);
933}
934
935/*
936 * Check if a directory is empty or not.
937 * Inode supplied must be locked.
938 *
939 * Using a struct dirtemplate here is not precisely
940 * what we want, but better than using a struct direct.
941 *
942 * NB: does not handle corrupted directories.
943 */
944int
0f7f7a49 945ext2_dirempty(struct inode *ip, ino_t parentino, struct ucred *cred)
984263bc 946{
f7aae92f 947 off_t off;
984263bc 948 struct dirtemplate dbuf;
f7aae92f 949 struct ext2_dir_entry_2 *dp = (struct ext2_dir_entry_2 *)&dbuf;
984263bc
MD
950 int error, count, namlen;
951
952#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
953
954 for (off = 0; off < ip->i_size; off += dp->rec_len) {
955 error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
87de5057 956 UIO_SYSSPACE, IO_NODELOCKED, cred, &count);
984263bc
MD
957 /*
958 * Since we read MINDIRSIZ, residual must
959 * be 0 unless we're at end of file.
960 */
961 if (error || count != 0)
962 return (0);
963 /* avoid infinite loops */
964 if (dp->rec_len == 0)
965 return (0);
966 /* skip empty entries */
967 if (dp->inode == 0)
968 continue;
969 /* accept only "." and ".." */
970 namlen = dp->name_len;
971 if (namlen > 2)
972 return (0);
973 if (dp->name[0] != '.')
974 return (0);
975 /*
976 * At this point namlen must be 1 or 2.
977 * 1 implies ".", 2 implies ".." if second
978 * char is also "."
979 */
980 if (namlen == 1)
981 continue;
982 if (dp->name[1] == '.' && dp->inode == parentino)
983 continue;
984 return (0);
985 }
986 return (1);
987}
988
989/*
990 * Check if source directory is in the path of the target directory.
991 * Target is supplied locked, source is unlocked.
992 * The target is always vput before returning.
993 */
994int
0f7f7a49 995ext2_checkpath(struct inode *source, struct inode *target, struct ucred *cred)
984263bc
MD
996{
997 struct vnode *vp;
998 int error, rootino, namlen;
999 struct dirtemplate dirbuf;
1000
1001 vp = ITOV(target);
1002 if (target->i_number == source->i_number) {
1003 error = EEXIST;
1004 goto out;
1005 }
1006 rootino = ROOTINO;
1007 error = 0;
1008 if (target->i_number == rootino)
1009 goto out;
1010
1011 for (;;) {
1012 if (vp->v_type != VDIR) {
1013 error = ENOTDIR;
1014 break;
1015 }
1016 error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
87de5057 1017 sizeof (struct dirtemplate), (off_t)0,
60233e58 1018 UIO_SYSSPACE, IO_NODELOCKED, cred, NULL);
984263bc
MD
1019 if (error != 0)
1020 break;
1021 namlen = dirbuf.dotdot_type; /* like ufs little-endian */
1022 if (namlen != 2 ||
1023 dirbuf.dotdot_name[0] != '.' ||
1024 dirbuf.dotdot_name[1] != '.') {
1025 error = ENOTDIR;
1026 break;
1027 }
1028 if (dirbuf.dotdot_ino == source->i_number) {
1029 error = EINVAL;
1030 break;
1031 }
1032 if (dirbuf.dotdot_ino == rootino)
1033 break;
1034 vput(vp);
b9b0a6d0 1035 if ((error = VFS_VGET(vp->v_mount, NULL, dirbuf.dotdot_ino, &vp)) != 0) {
984263bc
MD
1036 vp = NULL;
1037 break;
1038 }
1039 }
1040
1041out:
1042 if (error == ENOTDIR)
086c1d7e 1043 kprintf("checkpath: .. not a directory\n");
984263bc
MD
1044 if (vp != NULL)
1045 vput(vp);
1046 return (error);
1047}