2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
35 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
38 #include <sys/param.h>
39 #include <sys/systm.h>
42 #include <sys/sysent.h>
43 #include <sys/malloc.h>
44 #include <sys/mount.h>
45 #include <sys/mountctl.h>
46 #include <sys/sysmsg.h>
47 #include <sys/filedesc.h>
48 #include <sys/kernel.h>
49 #include <sys/fcntl.h>
51 #include <sys/linker.h>
53 #include <sys/unistd.h>
54 #include <sys/vnode.h>
58 #include <sys/namei.h>
59 #include <sys/nlookup.h>
60 #include <sys/dirent.h>
61 #include <sys/extattr.h>
62 #include <sys/spinlock.h>
63 #include <sys/kern_syscall.h>
64 #include <sys/objcache.h>
65 #include <sys/sysctl.h>
68 #include <sys/file2.h>
69 #include <sys/spinlock2.h>
72 #include <vm/vm_object.h>
73 #include <vm/vm_page.h>
75 #include <machine/limits.h>
76 #include <machine/stdarg.h>
78 static void mount_warning(struct mount *mp, const char *ctl, ...)
80 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
81 static int checkvp_chdir (struct vnode *vn, struct thread *td);
82 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
83 static int get_fscap(const char *);
84 static int chroot_refuse_vdir_fds (thread_t td, struct filedesc *fdp);
85 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
86 static int getutimes (struct timeval *, struct timespec *);
87 static int getutimens (const struct timespec *, struct timespec *, int *);
88 static int setfown (struct mount *, struct vnode *, uid_t, gid_t);
89 static int setfmode (struct vnode *, int);
90 static int setfflags (struct vnode *, u_long);
91 static int setutimes (struct vnode *, struct vattr *,
92 const struct timespec *, int);
94 static int usermount = 0; /* if 1, non-root can mount fs. */
95 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
96 "Allow non-root users to mount filesystems");
98 static int debug_unmount = 0; /* if 1 loop until unmount success */
99 SYSCTL_INT(_vfs, OID_AUTO, debug_unmount, CTLFLAG_RW, &debug_unmount, 0,
100 "Stall failed unmounts in loop");
102 static struct krate krate_rename = { 1 };
105 * Virtual File System System Calls
109 * Mount a file system.
111 * mount_args(char *type, char *path, int flags, caddr_t data)
116 sys_mount(struct sysmsg *sysmsg, const struct mount_args *uap)
118 struct thread *td = curthread;
121 struct mount *mp, *nullmp;
122 struct vfsconf *vfsp;
123 int error, flag = 0, flag2 = 0;
126 int flags = uap->flags;
128 struct nlookupdata nd;
129 char fstypename[MFSNAMELEN];
134 /* We do not allow user mounts inside a jail for now */
135 if (usermount && jailed(cred)) {
141 * Extract the file system type. We need to know this early, to take
142 * appropriate actions for jails and the filesystems to mount.
144 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0)
148 * Select the correct cap according to the file system type.
150 priv = get_fscap(fstypename);
152 if (usermount == 0 && (error = caps_priv_check_td(td, priv)))
156 * Do not allow NFS export by non-root users.
158 if (flags & MNT_EXPORTED) {
159 error = caps_priv_check_td(td, priv);
164 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
166 if (caps_priv_check_td(td, priv))
167 flags |= MNT_NOSUID | MNT_NODEV;
170 * Lookup the requested path and extract the nch and vnode.
172 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
174 if ((error = nlookup(&nd)) == 0) {
175 if (nd.nl_nch.ncp->nc_vp == NULL)
185 * If the target filesystem is resolved via a nullfs mount, then
186 * nd.nl_nch.mount will be pointing to the nullfs mount structure
187 * instead of the target file system. We need it in case we are
190 nullmp = nd.nl_nch.mount;
193 * Extract the locked+refd ncp and cleanup the nd structure
196 cache_zero(&nd.nl_nch);
199 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
200 (mp = cache_findmount(&nch)) != NULL) {
209 * now we have the locked ref'd nch and unreferenced vnode.
212 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
219 * Now we have an unlocked ref'd nch and a locked ref'd vp
221 if (flags & MNT_UPDATE) {
222 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
229 if (strncmp(fstypename, "null", 5) == 0) {
237 flag2 = mp->mnt_kern_flag;
239 * We only allow the filesystem to be reloaded if it
240 * is currently mounted read-only.
242 if ((flags & MNT_RELOAD) &&
243 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
246 error = EOPNOTSUPP; /* Needs translation */
250 * Only root, or the user that did the original mount is
251 * permitted to update it.
253 if (mp->mnt_stat.f_owner != cred->cr_uid &&
254 (error = caps_priv_check_td(td, priv))) {
259 if (vfs_busy(mp, LK_NOWAIT)) {
272 mp->mnt_flag |= flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
273 lwkt_gettoken(&mp->mnt_token);
280 * If the user is not root, ensure that they own the directory
281 * onto which we are attempting to mount.
283 if ((error = VOP_GETATTR(vp, &va)) ||
284 (va.va_uid != cred->cr_uid &&
285 (error = caps_priv_check_td(td, priv)))) {
290 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
295 if (vp->v_type != VDIR) {
301 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
307 vfsp = vfsconf_find_by_name(fstypename);
311 /* Only load modules for root (very important!) */
312 error = caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT);
318 error = linker_load_file(fstypename, &lf);
319 if (error || lf == NULL) {
327 /* lookup again, see if the VFS was loaded */
328 vfsp = vfsconf_find_by_name(fstypename);
331 linker_file_unload(lf);
346 * Allocate and initialize the filesystem.
348 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
349 mount_init(mp, vfsp->vfc_vfsops);
350 vfs_busy(mp, LK_NOWAIT);
352 mp->mnt_pbuf_count = nswbuf_kva / NSWBUF_SPLIT;
353 vfsp->vfc_refcount++;
354 mp->mnt_stat.f_type = vfsp->vfc_typenum;
355 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
356 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
357 mp->mnt_stat.f_owner = cred->cr_uid;
358 lwkt_gettoken(&mp->mnt_token);
362 * (per-mount token acquired at this point)
364 * Set the mount level flags.
366 if (flags & MNT_RDONLY)
367 mp->mnt_flag |= MNT_RDONLY;
368 else if (mp->mnt_flag & MNT_RDONLY)
369 mp->mnt_kern_flag |= MNTK_WANTRDWR;
370 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
371 MNT_SYNCHRONOUS | MNT_ASYNC | MNT_NOATIME |
372 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
373 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
375 mp->mnt_flag |= flags & (MNT_NOSUID | MNT_NOEXEC |
376 MNT_NODEV | MNT_SYNCHRONOUS | MNT_ASYNC | MNT_FORCE |
377 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
378 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
382 * Pre-set the mount's ALL_MPSAFE flags if specified in the vfsconf.
383 * This way the initial VFS_MOUNT() call will also be MPSAFE.
385 if (vfsp->vfc_flags & VFCF_MPSAFE)
386 mp->mnt_kern_flag |= MNTK_ALL_MPSAFE;
389 * Mount the filesystem.
390 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
393 if (mp->mnt_flag & MNT_UPDATE) {
394 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
395 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
396 mp->mnt_flag &= ~MNT_RDONLY;
397 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
398 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
401 mp->mnt_kern_flag = flag2;
403 lwkt_reltoken(&mp->mnt_token);
409 mp->mnt_ncmounton = nch;
410 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
411 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
414 * Put the new filesystem on the mount list after root. The mount
415 * point gets its own mnt_ncmountpt (unless the VFS already set one
416 * up) which represents the root of the mount. The lookup code
417 * detects the mount point going forward and checks the root of
418 * the mount going backwards.
420 * It is not necessary to invalidate or purge the vnode underneath
421 * because elements under the mount will be given their own glue
425 if (mp->mnt_ncmountpt.ncp == NULL) {
427 * Allocate, then unlock, but leave the ref intact.
428 * This is the mnt_refs (1) that we will retain
429 * through to the unmount.
431 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
432 cache_unlock(&mp->mnt_ncmountpt);
436 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
438 cache_ismounting(mp);
439 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
441 mountlist_insert(mp, MNTINS_LAST);
443 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
444 error = vfs_allocate_syncvnode(mp);
445 lwkt_reltoken(&mp->mnt_token);
447 error = VFS_START(mp, 0);
449 KNOTE(&fs_klist, VQ_MOUNT);
451 bzero(&mp->mnt_ncmounton, sizeof(mp->mnt_ncmounton));
452 vn_syncer_thr_stop(mp);
453 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
454 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
455 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
456 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
457 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
459 crfree(mp->mnt_cred);
462 mp->mnt_vfc->vfc_refcount--;
463 lwkt_reltoken(&mp->mnt_token);
474 * Scan all active processes to see if any of them have a current
475 * or root directory onto which the new filesystem has just been
476 * mounted. If so, replace them with the new mount point.
478 * Both old_nch and new_nch are ref'd on call but not locked.
479 * new_nch must be temporarily locked so it can be associated with the
480 * vnode representing the root of the mount point.
482 struct checkdirs_info {
483 struct nchandle old_nch;
484 struct nchandle new_nch;
485 struct vnode *old_vp;
486 struct vnode *new_vp;
489 static int checkdirs_callback(struct proc *p, void *data);
492 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
494 struct checkdirs_info info;
500 * If the old mount point's vnode has a usecount of 1, it is not
501 * being held as a descriptor anywhere.
503 olddp = old_nch->ncp->nc_vp;
504 if (olddp == NULL || VREFCNT(olddp) == 1)
508 * Force the root vnode of the new mount point to be resolved
509 * so we can update any matching processes.
512 if (VFS_ROOT(mp, &newdp))
513 panic("mount: lost mount");
516 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY);
517 cache_setunresolved(new_nch);
518 cache_setvp(new_nch, newdp);
519 cache_unlock(new_nch);
522 * Special handling of the root node
524 if (rootvnode == olddp) {
526 vfs_cache_setroot(newdp, cache_hold(new_nch));
530 * Pass newdp separately so the callback does not have to access
531 * it via new_nch->ncp->nc_vp.
533 info.old_nch = *old_nch;
534 info.new_nch = *new_nch;
536 allproc_scan(checkdirs_callback, &info, 0);
541 * NOTE: callback is not MP safe because the scanned process's filedesc
542 * structure can be ripped out from under us, amoung other things.
545 checkdirs_callback(struct proc *p, void *data)
547 struct checkdirs_info *info = data;
548 struct filedesc *fdp;
549 struct nchandle ncdrop1;
550 struct nchandle ncdrop2;
551 struct vnode *vprele1;
552 struct vnode *vprele2;
554 if ((fdp = p->p_fd) != NULL) {
555 cache_zero(&ncdrop1);
556 cache_zero(&ncdrop2);
561 * MPUNSAFE - XXX fdp can be pulled out from under a
564 * A shared filedesc is ok, we don't have to copy it
565 * because we are making this change globally.
567 spin_lock(&fdp->fd_spin);
568 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
569 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
570 vprele1 = fdp->fd_cdir;
572 fdp->fd_cdir = info->new_vp;
573 ncdrop1 = fdp->fd_ncdir;
574 cache_copy(&info->new_nch, &fdp->fd_ncdir);
576 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
577 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
578 vprele2 = fdp->fd_rdir;
580 fdp->fd_rdir = info->new_vp;
581 ncdrop2 = fdp->fd_nrdir;
582 cache_copy(&info->new_nch, &fdp->fd_nrdir);
584 spin_unlock(&fdp->fd_spin);
586 cache_drop(&ncdrop1);
588 cache_drop(&ncdrop2);
598 * Unmount a file system.
600 * Note: unmount takes a path to the vnode mounted on as argument,
601 * not special file (as before).
603 * umount_args(char *path, int flags)
608 sys_unmount(struct sysmsg *sysmsg, const struct unmount_args *uap)
610 struct thread *td = curthread;
611 struct proc *p __debugvar = td->td_proc;
612 struct mount *mp = NULL;
613 struct nlookupdata nd;
614 char fstypename[MFSNAMELEN];
623 /* We do not allow user umounts inside a jail for now */
624 if (usermount && jailed(cred)) {
629 error = nlookup_init(&nd, uap->path, UIO_USERSPACE,
630 NLC_FOLLOW | NLC_IGNBADDIR);
632 error = nlookup(&nd);
636 mp = nd.nl_nch.mount;
638 /* Figure out the fsname in order to select proper privs */
639 ksnprintf(fstypename, MFSNAMELEN, "%s", mp->mnt_vfc->vfc_name);
640 priv = get_fscap(fstypename);
642 if (usermount == 0 && (error = caps_priv_check_td(td, priv))) {
648 * Only root, or the user that did the original mount is
649 * permitted to unmount this filesystem.
651 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
652 (error = caps_priv_check_td(td, priv)))
658 * Don't allow unmounting the root file system.
660 if (mp->mnt_flag & MNT_ROOTFS) {
666 * Must be the root of the filesystem
668 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
673 /* Check if this mount belongs to this prison */
674 if (jailed(cred) && mp->mnt_cred && (!mp->mnt_cred->cr_prison ||
675 mp->mnt_cred->cr_prison != cred->cr_prison)) {
676 kprintf("mountpoint %s does not belong to this jail\n",
683 * If no error try to issue the unmount. We lose our cache
684 * ref when we call nlookup_done so we must hold the mount point
685 * to prevent use-after-free races.
691 error = dounmount(mp, uap->flags, 0);
701 * Do the actual file system unmount (interlocked against the mountlist
702 * token and mp->mnt_token).
705 dounmount_interlock(struct mount *mp)
707 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
709 mp->mnt_kern_flag |= MNTK_UNMOUNT;
714 unmount_allproc_cb(struct proc *p, void *arg)
718 if (p->p_textnch.ncp == NULL)
721 mp = (struct mount *)arg;
722 if (p->p_textnch.mount == mp)
723 cache_drop(&p->p_textnch);
729 * The guts of the unmount code. The mount owns one ref and one hold
730 * count. If we successfully interlock the unmount, those refs are ours.
731 * (The ref is from mnt_ncmountpt).
733 * When halting we shortcut certain mount types such as devfs by not actually
734 * issuing the VFS_SYNC() or VFS_UNMOUNT(). They are still disconnected
735 * from the mountlist so higher-level filesytems can unmount cleanly.
737 * The mount types that allow QUICKHALT are: devfs, tmpfs, procfs.
740 dounmount(struct mount *mp, int flags, int halting)
742 struct namecache *ncp;
753 lwkt_gettoken(&mp->mnt_token);
756 * When halting, certain mount points can essentially just
757 * be unhooked and otherwise ignored.
759 if (halting && (mp->mnt_kern_flag & MNTK_QUICKHALT)) {
768 * Exclusive access for unmounting purposes.
770 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
774 * We now 'own' the last mp->mnt_refs
776 * Allow filesystems to detect that a forced unmount is in progress.
778 if (flags & MNT_FORCE)
779 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
780 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_TIMELOCK);
781 error = lockmgr(&mp->mnt_lock, lflags);
783 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
784 if (mp->mnt_kern_flag & MNTK_MWAIT) {
785 mp->mnt_kern_flag &= ~MNTK_MWAIT;
791 if (mp->mnt_flag & MNT_EXPUBLIC)
792 vfs_setpublicfs(NULL, NULL, NULL);
794 vfs_msync(mp, MNT_WAIT);
795 async_flag = mp->mnt_flag & MNT_ASYNC;
796 mp->mnt_flag &=~ MNT_ASYNC;
799 * Decomission our special mnt_syncer vnode. This also stops
800 * the vnlru code. If we are unable to unmount we recommission
803 * Then sync the filesystem.
805 if ((vp = mp->mnt_syncer) != NULL) {
806 mp->mnt_syncer = NULL;
807 atomic_set_int(&vp->v_refcnt, VREF_FINALIZE);
813 * Sync normally-mounted filesystem.
815 if (quickhalt == 0) {
816 if ((mp->mnt_flag & MNT_RDONLY) == 0)
817 VFS_SYNC(mp, MNT_WAIT);
821 * nchandle records ref the mount structure. Expect a count of 1
822 * (our mount->mnt_ncmountpt).
824 * Scans can get temporary refs on a mountpoint (thought really
825 * heavy duty stuff like cache_findmount() do not).
827 for (retry = 0; (retry < 10 || debug_unmount); ++retry) {
829 * Invalidate the namecache topology under the mount.
830 * nullfs mounts alias a real mount's namecache topology
831 * and it should not be invalidated in that case.
833 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
834 cache_lock(&mp->mnt_ncmountpt);
835 cache_inval(&mp->mnt_ncmountpt,
836 CINV_DESTROY|CINV_CHILDREN);
837 cache_unlock(&mp->mnt_ncmountpt);
843 cache_unmounting(mp);
844 if (mp->mnt_refs != 1)
845 cache_clearmntcache(mp);
848 * Break out if we are good. Don't count ncp refs if the
851 ncp = (mp->mnt_kern_flag & MNTK_NCALIASED) ?
852 NULL : mp->mnt_ncmountpt.ncp;
853 if (mp->mnt_refs == 1 &&
854 (ncp == NULL || (ncp->nc_refs == 1 &&
855 TAILQ_FIRST(&ncp->nc_list) == NULL))) {
860 * If forcing the unmount, clean out any p->p_textnch
861 * nchandles that match this mount.
863 if (flags & MNT_FORCE)
864 allproc_scan(&unmount_allproc_cb, mp, 0);
869 tsleep(&mp->mnt_refs, 0, "mntbsy", hz / 10 + 1);
870 if ((retry & 15) == 15) {
872 "(%p) debug - retry %d, "
873 "%d namecache refs, %d mount refs",
875 (ncp ? ncp->nc_refs - 1 : 0),
881 ncp = (mp->mnt_kern_flag & MNTK_NCALIASED) ?
882 NULL : mp->mnt_ncmountpt.ncp;
883 if (mp->mnt_refs != 1 ||
884 (ncp != NULL && (ncp->nc_refs != 1 ||
885 TAILQ_FIRST(&ncp->nc_list)))) {
887 "(%p): %d namecache refs, %d mount refs "
890 (ncp ? ncp->nc_refs - 1 : 0),
892 if (flags & MNT_FORCE) {
894 mount_warning(mp, "forcing unmount\n");
901 * So far so good, sync the filesystem once more and
902 * call the VFS unmount code if the sync succeeds.
904 if (error == 0 && quickhalt == 0) {
905 if (mp->mnt_flag & MNT_RDONLY) {
906 error = VFS_UNMOUNT(mp, flags);
908 error = VFS_SYNC(mp, MNT_WAIT);
909 if (error == 0 || /* no error */
910 error == EOPNOTSUPP || /* no sync avail */
911 (flags & MNT_FORCE)) { /* force anyway */
912 error = VFS_UNMOUNT(mp, flags);
917 "(%p) unmount: vfs refused to unmount, "
924 * If an error occurred we can still recover, restoring the
925 * syncer vnode and misc flags.
928 if (mp->mnt_syncer == NULL && hadsyncer)
929 vfs_allocate_syncvnode(mp);
930 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
931 mp->mnt_flag |= async_flag;
932 lockmgr(&mp->mnt_lock, LK_RELEASE);
933 if (mp->mnt_kern_flag & MNTK_MWAIT) {
934 mp->mnt_kern_flag &= ~MNTK_MWAIT;
940 * Clean up any journals still associated with the mount after
941 * filesystem activity has ceased.
943 journal_remove_all_journals(mp,
944 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
946 mountlist_remove(mp);
949 * Remove any installed vnode ops here so the individual VFSs don't
952 * mnt_refs should go to zero when we scrap mnt_ncmountpt.
954 * When quickhalting we have to keep these intact because the
955 * underlying vnodes have not been destroyed, and some might be
958 if (quickhalt == 0) {
959 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
960 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
961 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
962 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
963 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
966 if (mp->mnt_ncmountpt.ncp != NULL) {
967 nch = mp->mnt_ncmountpt;
968 cache_zero(&mp->mnt_ncmountpt);
969 cache_clrmountpt(&nch);
972 if (mp->mnt_ncmounton.ncp != NULL) {
973 cache_unmounting(mp);
974 nch = mp->mnt_ncmounton;
975 cache_zero(&mp->mnt_ncmounton);
976 cache_clrmountpt(&nch);
981 crfree(mp->mnt_cred);
985 mp->mnt_vfc->vfc_refcount--;
988 * If not quickhalting the mount, we expect there to be no
991 if (quickhalt == 0 && !TAILQ_EMPTY(&mp->mnt_nvnodelist))
992 panic("unmount: dangling vnode");
997 lockmgr(&mp->mnt_lock, LK_RELEASE);
998 if (mp->mnt_kern_flag & MNTK_MWAIT) {
999 mp->mnt_kern_flag &= ~MNTK_MWAIT;
1004 * If we reach here and freeok != 0 we must free the mount.
1005 * mnt_refs should already have dropped to 0, so if it is not
1006 * zero we must cycle the caches and wait.
1008 * When we are satisfied that the mount has disconnected we can
1009 * drop the hold on the mp that represented the mount (though the
1010 * caller might actually have another, so the caller's drop may
1011 * do the actual free).
1014 if (mp->mnt_refs > 0)
1015 cache_clearmntcache(mp);
1016 while (mp->mnt_refs > 0) {
1017 cache_unmounting(mp);
1019 tsleep(&mp->mnt_refs, 0, "umntrwait", hz / 10 + 1);
1020 cache_clearmntcache(mp);
1022 lwkt_reltoken(&mp->mnt_token);
1026 cache_clearmntcache(mp);
1029 KNOTE(&fs_klist, VQ_UNMOUNT);
1032 lwkt_reltoken(&mp->mnt_token);
1038 mount_warning(struct mount *mp, const char *ctl, ...)
1044 __va_start(va, ctl);
1045 if (cache_fullpath(NULL, &mp->mnt_ncmounton, NULL,
1046 &ptr, &buf, 0) == 0) {
1047 kprintf("unmount(%s): ", ptr);
1052 kprintf("unmount(%p", mp);
1053 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
1054 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
1063 * Shim cache_fullpath() to handle the case where a process is chrooted into
1064 * a subdirectory of a mount. In this case if the root mount matches the
1065 * process root directory's mount we have to specify the process's root
1066 * directory instead of the mount point, because the mount point might
1067 * be above the root directory.
1071 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
1073 struct nchandle *nch;
1075 if (p && p->p_fd->fd_nrdir.mount == mp)
1076 nch = &p->p_fd->fd_nrdir;
1078 nch = &mp->mnt_ncmountpt;
1079 return(cache_fullpath(p, nch, NULL, rb, fb, 0));
1083 * Sync each mounted filesystem.
1087 static int syncprt = 0;
1088 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
1091 static int sync_callback(struct mount *mp, void *data);
1094 sys_sync(struct sysmsg *sysmsg, const struct sync_args *uap)
1096 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
1102 sync_callback(struct mount *mp, void *data __unused)
1106 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
1107 lwkt_gettoken(&mp->mnt_token);
1108 asyncflag = mp->mnt_flag & MNT_ASYNC;
1109 mp->mnt_flag &= ~MNT_ASYNC;
1110 lwkt_reltoken(&mp->mnt_token);
1111 vfs_msync(mp, MNT_NOWAIT);
1112 VFS_SYNC(mp, MNT_NOWAIT);
1113 lwkt_gettoken(&mp->mnt_token);
1114 mp->mnt_flag |= asyncflag;
1115 lwkt_reltoken(&mp->mnt_token);
1120 /* XXX PRISON: could be per prison flag */
1121 static int prison_quotas;
1123 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
1127 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
1129 * Change filesystem quotas.
1134 sys_quotactl(struct sysmsg *sysmsg, const struct quotactl_args *uap)
1136 struct nlookupdata nd;
1142 if (td->td_ucred->cr_prison && !prison_quotas) {
1147 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1149 error = nlookup(&nd);
1151 mp = nd.nl_nch.mount;
1152 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
1153 uap->arg, nd.nl_cred);
1161 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
1162 * void *buf, int buflen)
1164 * This function operates on a mount point and executes the specified
1165 * operation using the specified control data, and possibly returns data.
1167 * The actual number of bytes stored in the result buffer is returned, 0
1168 * if none, otherwise an error is returned.
1173 sys_mountctl(struct sysmsg *sysmsg, const struct mountctl_args *uap)
1175 struct thread *td = curthread;
1183 * Sanity and permissions checks. We must be root.
1185 if (td->td_ucred->cr_prison != NULL)
1187 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
1188 (error = caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT)) != 0)
1194 * Argument length checks
1196 if (uap->ctllen < 0 || uap->ctllen > 1024)
1198 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
1200 if (uap->path == NULL)
1204 * Allocate the necessary buffers and copyin data
1206 path = objcache_get(namei_oc, M_WAITOK);
1207 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
1212 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
1213 error = copyin(uap->ctl, ctl, uap->ctllen);
1218 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1221 * Validate the descriptor
1224 fp = holdfp(td, uap->fd, -1);
1234 * Execute the internal kernel function and clean up.
1236 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen,
1237 buf, uap->buflen, &sysmsg->sysmsg_result);
1239 dropfp(td, uap->fd, fp);
1240 if (error == 0 && sysmsg->sysmsg_result > 0)
1241 error = copyout(buf, uap->buf, sysmsg->sysmsg_result);
1244 objcache_put(namei_oc, path);
1253 * Execute a mount control operation by resolving the path to a mount point
1254 * and calling vop_mountctl().
1256 * Use the mount point from the nch instead of the vnode so nullfs mounts
1257 * can properly spike the VOP.
1260 kern_mountctl(const char *path, int op, struct file *fp,
1261 const void *ctl, int ctllen,
1262 void *buf, int buflen, int *res)
1265 struct nlookupdata nd;
1266 struct nchandle nch;
1272 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1275 error = nlookup(&nd);
1280 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1287 * Yes, all this is needed to use the nch.mount below, because
1288 * we must maintain a ref on the mount to avoid ripouts (e.g.
1289 * due to heavy mount/unmount use by synth or poudriere).
1292 cache_zero(&nd.nl_nch);
1300 * Must be the root of the filesystem
1302 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1307 if (mp == NULL || mp->mnt_kern_flag & MNTK_UNMOUNT) {
1308 kprintf("kern_mountctl: Warning, \"%s\" racing unmount\n",
1314 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1323 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1325 struct thread *td = curthread;
1326 struct proc *p = td->td_proc;
1329 char *fullpath, *freepath;
1332 if ((error = nlookup(nd)) != 0)
1334 mp = nd->nl_nch.mount;
1338 * Ignore refresh error, user should have visibility.
1339 * This can happen if a NFS mount goes bad (e.g. server
1340 * revokes perms or goes down).
1342 error = VFS_STATFS(mp, sp, nd->nl_cred);
1345 error = mount_path(p, mp, &fullpath, &freepath);
1348 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1349 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1350 kfree(freepath, M_TEMP);
1352 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1353 bcopy(sp, buf, sizeof(*buf));
1354 /* Only root should have access to the fsid's. */
1355 if (caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT))
1356 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1361 * statfs_args(char *path, struct statfs *buf)
1363 * Get filesystem statistics.
1366 sys_statfs(struct sysmsg *sysmsg, const struct statfs_args *uap)
1368 struct nlookupdata nd;
1372 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1374 error = kern_statfs(&nd, &buf);
1377 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1382 kern_fstatfs(int fd, struct statfs *buf)
1384 struct thread *td = curthread;
1385 struct proc *p = td->td_proc;
1389 char *fullpath, *freepath;
1393 if ((error = holdvnode(td, fd, &fp)) != 0)
1397 * Try to use mount info from any overlays rather than the
1398 * mount info for the underlying vnode, otherwise we will
1399 * fail when operating on null-mounted paths inside a chroot.
1401 if ((mp = fp->f_nchandle.mount) == NULL)
1402 mp = ((struct vnode *)fp->f_data)->v_mount;
1407 if (fp->f_cred == NULL) {
1413 * Ignore refresh error, user should have visibility.
1414 * This can happen if a NFS mount goes bad (e.g. server
1415 * revokes perms or goes down).
1418 error = VFS_STATFS(mp, sp, fp->f_cred);
1420 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1422 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1423 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1424 kfree(freepath, M_TEMP);
1426 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1427 bcopy(sp, buf, sizeof(*buf));
1429 /* Only root should have access to the fsid's. */
1430 if (caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT))
1431 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1439 * fstatfs_args(int fd, struct statfs *buf)
1441 * Get filesystem statistics.
1444 sys_fstatfs(struct sysmsg *sysmsg, const struct fstatfs_args *uap)
1449 error = kern_fstatfs(uap->fd, &buf);
1452 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1457 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1463 if ((error = nlookup(nd)) != 0)
1465 mp = nd->nl_nch.mount;
1466 sp = &mp->mnt_vstat;
1467 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1471 if (mp->mnt_flag & MNT_RDONLY)
1472 sp->f_flag |= ST_RDONLY;
1473 if (mp->mnt_flag & MNT_NOSUID)
1474 sp->f_flag |= ST_NOSUID;
1475 bcopy(sp, buf, sizeof(*buf));
1480 * statfs_args(char *path, struct statfs *buf)
1482 * Get filesystem statistics.
1485 sys_statvfs(struct sysmsg *sysmsg, const struct statvfs_args *uap)
1487 struct nlookupdata nd;
1491 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1493 error = kern_statvfs(&nd, &buf);
1496 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1501 kern_fstatvfs(int fd, struct statvfs *buf)
1503 struct thread *td = curthread;
1509 if ((error = holdvnode(td, fd, &fp)) != 0)
1511 if ((mp = fp->f_nchandle.mount) == NULL)
1512 mp = ((struct vnode *)fp->f_data)->v_mount;
1517 if (fp->f_cred == NULL) {
1521 sp = &mp->mnt_vstat;
1522 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1526 if (mp->mnt_flag & MNT_RDONLY)
1527 sp->f_flag |= ST_RDONLY;
1528 if (mp->mnt_flag & MNT_NOSUID)
1529 sp->f_flag |= ST_NOSUID;
1531 bcopy(sp, buf, sizeof(*buf));
1539 * fstatfs_args(int fd, struct statfs *buf)
1541 * Get filesystem statistics.
1544 sys_fstatvfs(struct sysmsg *sysmsg, const struct fstatvfs_args *uap)
1549 error = kern_fstatvfs(uap->fd, &buf);
1552 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1557 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1559 * Get statistics on all filesystems.
1562 struct getfsstat_info {
1563 struct statfs *sfsp;
1571 static int getfsstat_callback(struct mount *, void *);
1574 sys_getfsstat(struct sysmsg *sysmsg, const struct getfsstat_args *uap)
1576 struct thread *td = curthread;
1577 struct getfsstat_info info;
1579 bzero(&info, sizeof(info));
1581 info.maxcount = uap->bufsize / sizeof(struct statfs);
1582 info.sfsp = uap->buf;
1584 info.flags = uap->flags;
1587 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1588 if (info.sfsp && info.count > info.maxcount)
1589 sysmsg->sysmsg_result = info.maxcount;
1591 sysmsg->sysmsg_result = info.count;
1592 return (info.error);
1596 getfsstat_callback(struct mount *mp, void *data)
1598 struct getfsstat_info *info = data;
1604 if (info->td->td_proc && !chroot_visible_mnt(mp, info->td->td_proc))
1607 if (info->sfsp && info->count < info->maxcount) {
1611 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1612 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1613 * overrides MNT_WAIT.
1615 * Ignore refresh error, user should have visibility.
1616 * This can happen if a NFS mount goes bad (e.g. server
1617 * revokes perms or goes down).
1619 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1620 (info->flags & MNT_WAIT)) &&
1621 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1624 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1626 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1628 info->error = error;
1631 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1632 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1633 kfree(freepath, M_TEMP);
1635 error = copyout(sp, info->sfsp, sizeof(*sp));
1637 info->error = error;
1647 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1648 long bufsize, int flags)
1650 * Get statistics on all filesystems.
1653 struct getvfsstat_info {
1654 struct statfs *sfsp;
1655 struct statvfs *vsfsp;
1663 static int getvfsstat_callback(struct mount *, void *);
1666 sys_getvfsstat(struct sysmsg *sysmsg, const struct getvfsstat_args *uap)
1668 struct thread *td = curthread;
1669 struct getvfsstat_info info;
1671 bzero(&info, sizeof(info));
1673 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1674 info.sfsp = uap->buf;
1675 info.vsfsp = uap->vbuf;
1677 info.flags = uap->flags;
1680 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1681 if (info.vsfsp && info.count > info.maxcount)
1682 sysmsg->sysmsg_result = info.maxcount;
1684 sysmsg->sysmsg_result = info.count;
1685 return (info.error);
1689 getvfsstat_callback(struct mount *mp, void *data)
1691 struct getvfsstat_info *info = data;
1693 struct statvfs *vsp;
1698 if (info->td->td_proc && !chroot_visible_mnt(mp, info->td->td_proc))
1701 if (info->vsfsp && info->count < info->maxcount) {
1703 vsp = &mp->mnt_vstat;
1706 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1707 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1708 * overrides MNT_WAIT.
1710 * Ignore refresh error, user should have visibility.
1711 * This can happen if a NFS mount goes bad (e.g. server
1712 * revokes perms or goes down).
1714 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1715 (info->flags & MNT_WAIT)) &&
1716 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1719 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1721 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1722 (info->flags & MNT_WAIT)) &&
1723 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1727 if (mp->mnt_flag & MNT_RDONLY)
1728 vsp->f_flag |= ST_RDONLY;
1729 if (mp->mnt_flag & MNT_NOSUID)
1730 vsp->f_flag |= ST_NOSUID;
1732 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1734 info->error = error;
1737 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1738 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1739 kfree(freepath, M_TEMP);
1741 error = copyout(sp, info->sfsp, sizeof(*sp));
1743 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1745 info->error = error;
1757 * fchdir_args(int fd)
1759 * Change current working directory to a given file descriptor.
1762 sys_fchdir(struct sysmsg *sysmsg, const struct fchdir_args *uap)
1764 struct thread *td = curthread;
1765 struct proc *p = td->td_proc;
1766 struct filedesc *fdp = p->p_fd;
1767 struct vnode *vp, *ovp;
1770 struct nchandle nch, onch, tnch;
1773 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
1775 lwkt_gettoken(&p->p_token);
1776 vp = (struct vnode *)fp->f_data;
1778 vn_lock(vp, LK_SHARED | LK_RETRY);
1779 if (fp->f_nchandle.ncp == NULL)
1782 error = checkvp_chdir(vp, td);
1787 cache_copy(&fp->f_nchandle, &nch);
1790 * If the ncp has become a mount point, traverse through
1794 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1795 (mp = cache_findmount(&nch)) != NULL
1797 error = nlookup_mp(mp, &tnch);
1799 cache_unlock(&tnch); /* leave ref intact */
1801 vp = tnch.ncp->nc_vp;
1802 error = vget(vp, LK_SHARED);
1803 KKASSERT(error == 0);
1807 cache_dropmount(mp);
1810 spin_lock(&fdp->fd_spin);
1812 onch = fdp->fd_ncdir;
1814 fdp->fd_ncdir = nch;
1815 spin_unlock(&fdp->fd_spin);
1816 vn_unlock(vp); /* leave ref intact */
1825 lwkt_reltoken(&p->p_token);
1830 kern_chdir(struct nlookupdata *nd)
1832 struct thread *td = curthread;
1833 struct proc *p = td->td_proc;
1834 struct filedesc *fdp = p->p_fd;
1835 struct vnode *vp, *ovp;
1836 struct nchandle onch;
1839 nd->nl_flags |= NLC_SHAREDLOCK;
1840 if ((error = nlookup(nd)) != 0)
1842 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1844 if ((error = vget(vp, LK_SHARED)) != 0)
1847 lwkt_gettoken(&p->p_token);
1848 error = checkvp_chdir(vp, td);
1851 spin_lock(&fdp->fd_spin);
1853 onch = fdp->fd_ncdir;
1854 fdp->fd_ncdir = nd->nl_nch;
1856 spin_unlock(&fdp->fd_spin);
1857 cache_unlock(&nd->nl_nch); /* leave reference intact */
1860 cache_zero(&nd->nl_nch);
1864 lwkt_reltoken(&p->p_token);
1869 * chdir_args(char *path)
1871 * Change current working directory (``.'').
1874 sys_chdir(struct sysmsg *sysmsg, const struct chdir_args *uap)
1876 struct nlookupdata nd;
1879 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1881 error = kern_chdir(&nd);
1887 * Helper function for raised chroot(2) security function: Refuse if
1888 * any filedescriptors are open directories.
1891 chroot_refuse_vdir_fds(thread_t td, struct filedesc *fdp)
1898 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1899 if ((error = holdvnode(td, fd, &fp)) != 0)
1901 vp = (struct vnode *)fp->f_data;
1902 if (vp->v_type != VDIR) {
1913 * This sysctl determines if we will allow a process to chroot(2) if it
1914 * has a directory open:
1915 * 0: disallowed for all processes.
1916 * 1: allowed for processes that were not already chroot(2)'ed.
1917 * 2: allowed for all processes.
1920 static int chroot_allow_open_directories = 1;
1922 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1923 &chroot_allow_open_directories, 0, "");
1926 * chroot to the specified namecache entry. We obtain the vp from the
1927 * namecache data. The passed ncp must be locked and referenced and will
1928 * remain locked and referenced on return.
1931 kern_chroot(struct nchandle *nch)
1933 struct thread *td = curthread;
1934 struct proc *p = td->td_proc;
1935 struct filedesc *fdp = p->p_fd;
1940 * Only privileged user can chroot
1942 error = caps_priv_check(td->td_ucred, SYSCAP_NOVFS_CHROOT);
1947 * Disallow open directory descriptors (fchdir() breakouts).
1949 if (chroot_allow_open_directories == 0 ||
1950 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1951 if ((error = chroot_refuse_vdir_fds(td, fdp)) != 0)
1954 if ((vp = nch->ncp->nc_vp) == NULL)
1957 if ((error = vget(vp, LK_SHARED)) != 0)
1961 * Check the validity of vp as a directory to change to and
1962 * associate it with rdir/jdir.
1964 error = checkvp_chdir(vp, td);
1965 vn_unlock(vp); /* leave reference intact */
1967 lwkt_gettoken(&p->p_token);
1968 vrele(fdp->fd_rdir);
1969 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1970 cache_drop(&fdp->fd_nrdir);
1971 cache_copy(nch, &fdp->fd_nrdir);
1972 if (fdp->fd_jdir == NULL) {
1975 cache_copy(nch, &fdp->fd_njdir);
1977 if ((p->p_flags & P_DIDCHROOT) == 0) {
1978 p->p_flags |= P_DIDCHROOT;
1979 if (p->p_depth <= 65535 - 32)
1982 lwkt_reltoken(&p->p_token);
1990 * chroot_args(char *path)
1992 * Change notion of root (``/'') directory.
1995 sys_chroot(struct sysmsg *sysmsg, const struct chroot_args *uap)
1997 struct thread *td __debugvar = curthread;
1998 struct nlookupdata nd;
2001 KKASSERT(td->td_proc);
2002 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2004 nd.nl_flags |= NLC_EXEC;
2005 error = nlookup(&nd);
2007 error = kern_chroot(&nd.nl_nch);
2014 sys_chroot_kernel(struct sysmsg *sysmsg, const struct chroot_kernel_args *uap)
2016 struct thread *td = curthread;
2017 struct nlookupdata nd;
2018 struct nchandle *nch;
2022 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2026 error = nlookup(&nd);
2032 error = caps_priv_check(td->td_ucred, SYSCAP_NOVFS_CHROOT);
2036 if ((vp = nch->ncp->nc_vp) == NULL) {
2041 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
2044 vfs_cache_setroot(vp, cache_hold(nch));
2053 * Common routine for chroot and chdir. Given a locked, referenced vnode,
2054 * determine whether it is legal to chdir to the vnode. The vnode's state
2055 * is not changed by this call.
2058 checkvp_chdir(struct vnode *vp, struct thread *td)
2062 if (vp->v_type != VDIR)
2065 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
2070 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
2072 struct thread *td = curthread;
2073 struct proc *p = td->td_proc;
2074 struct lwp *lp = td->td_lwp;
2075 struct filedesc *fdp = p->p_fd;
2079 int type, indx, error = 0;
2082 if ((oflags & O_ACCMODE) == O_ACCMODE)
2084 flags = FFLAGS(oflags);
2085 error = falloc(lp, &nfp, NULL);
2089 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
2092 * Call vn_open() to do the lookup and assign the vnode to the
2093 * file pointer. vn_open() does not change the ref count on fp
2094 * and the vnode, on success, will be inherited by the file pointer
2097 * Request a shared lock on the vnode if possible.
2099 * When NLC_SHAREDLOCK is set we may still need an exclusive vnode
2100 * lock for O_RDWR opens on executables in order to avoid a VTEXT
2101 * detection race. The NLC_EXCLLOCK_IFEXEC handles this case.
2103 * NOTE: We need a flag to separate terminal vnode locking from
2104 * parent locking. O_CREAT needs parent locking, but O_TRUNC
2105 * and O_RDWR only need to lock the terminal vnode exclusively.
2107 nd->nl_flags |= NLC_LOCKVP;
2108 if ((flags & (O_CREAT|O_TRUNC)) == 0) {
2109 nd->nl_flags |= NLC_SHAREDLOCK;
2111 nd->nl_flags |= NLC_EXCLLOCK_IFEXEC;
2115 * Issue the vn_open, passing in the referenced fp. the vn_open()
2116 * is allowed to replace fp by fdrop()ing it and returning its own
2120 error = vn_open(nd, &nfp, flags, cmode);
2125 * Deal with any error condition
2128 fdrop(fp); /* our ref */
2129 if (error == ERESTART)
2135 * Reserve a file descriptor.
2137 if ((error = fdalloc(p, 0, &indx)) != 0) {
2143 * Handle advisory lock flags. This is only supported with vnodes.
2144 * For things like /dev/fd/N we might not actually get a vnode.
2146 if ((flags & (O_EXLOCK | O_SHLOCK)) && fp->f_type == DTYPE_VNODE) {
2149 vp = (struct vnode *)fp->f_data;
2152 lf.l_whence = SEEK_SET;
2155 if (flags & O_EXLOCK)
2156 lf.l_type = F_WRLCK;
2158 lf.l_type = F_RDLCK;
2159 if (flags & FNONBLOCK)
2164 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type);
2167 * lock request failed. Clean up the reserved
2171 fsetfd(fdp, NULL, indx);
2175 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
2180 * release our private reference, leaving the one associated with the
2181 * descriptor table intact.
2183 if (oflags & O_CLOEXEC)
2184 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
2185 fsetfd(fdp, fp, indx);
2193 * open_args(char *path, int flags, int mode)
2195 * Check permissions, allocate an open file structure,
2196 * and call the device open routine if any.
2199 sys_open(struct sysmsg *sysmsg, const struct open_args *uap)
2201 struct nlookupdata nd;
2204 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2206 error = kern_open(&nd, uap->flags,
2207 uap->mode, &sysmsg->sysmsg_result);
2214 * openat_args(int fd, char *path, int flags, int mode)
2217 sys_openat(struct sysmsg *sysmsg, const struct openat_args *uap)
2219 struct nlookupdata nd;
2223 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2225 error = kern_open(&nd, uap->flags, uap->mode,
2226 &sysmsg->sysmsg_result);
2228 nlookup_done_at(&nd, fp);
2233 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
2235 struct thread *td = curthread;
2236 struct proc *p = td->td_proc;
2245 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2246 vattr.va_rmajor = rmajor;
2247 vattr.va_rminor = rminor;
2249 switch (mode & S_IFMT) {
2250 case S_IFMT: /* used by badsect to flag bad sectors */
2251 error = caps_priv_check(td->td_ucred, SYSCAP_NOVFS_MKNOD_BAD);
2252 vattr.va_type = VBAD;
2255 error = caps_priv_check_td(td, SYSCAP_NOVFS_MKNOD_DEV);
2256 vattr.va_type = VCHR;
2259 error = caps_priv_check_td(td, SYSCAP_NOVFS_MKNOD_DEV);
2260 vattr.va_type = VBLK;
2263 error = caps_priv_check(td->td_ucred, SYSCAP_NOVFS_MKNOD_WHT);
2266 case S_IFDIR: /* special directories support for HAMMER */
2267 error = caps_priv_check(td->td_ucred, SYSCAP_NOVFS_MKNOD_DIR);
2268 vattr.va_type = VDIR;
2271 return (kern_mkfifo(nd, mode));
2282 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2283 if ((error = nlookup(nd)) != 0)
2285 if (nd->nl_nch.ncp->nc_vp)
2287 if (nd->nl_dvp == NULL)
2289 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2293 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2294 nd->nl_cred, NAMEI_CREATE);
2297 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2298 &vp, nd->nl_cred, &vattr);
2306 * mknod_args(char *path, int mode, int dev)
2308 * Create a special file.
2311 sys_mknod(struct sysmsg *sysmsg, const struct mknod_args *uap)
2313 struct nlookupdata nd;
2316 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2318 error = kern_mknod(&nd, uap->mode,
2319 umajor(uap->dev), uminor(uap->dev));
2326 * mknodat_args(int fd, char *path, mode_t mode, dev_t dev)
2328 * Create a special file. The path is relative to the directory associated
2332 sys_mknodat(struct sysmsg *sysmsg, const struct mknodat_args *uap)
2334 struct nlookupdata nd;
2338 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2340 error = kern_mknod(&nd, uap->mode,
2341 umajor(uap->dev), uminor(uap->dev));
2343 nlookup_done_at(&nd, fp);
2348 kern_mkfifo(struct nlookupdata *nd, int mode)
2350 struct thread *td = curthread;
2351 struct proc *p = td->td_proc;
2358 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2359 if ((error = nlookup(nd)) != 0)
2361 if (nd->nl_nch.ncp->nc_vp)
2363 if (nd->nl_dvp == NULL)
2365 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2369 vattr.va_type = VFIFO;
2370 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2372 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2379 * mkfifo_args(char *path, int mode)
2381 * Create a named pipe.
2384 sys_mkfifo(struct sysmsg *sysmsg, const struct mkfifo_args *uap)
2386 struct nlookupdata nd;
2389 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2391 error = kern_mkfifo(&nd, uap->mode);
2397 * mkfifoat_args(int fd, char *path, mode_t mode)
2399 * Create a named pipe. The path is relative to the directory associated
2403 sys_mkfifoat(struct sysmsg *sysmsg, const struct mkfifoat_args *uap)
2405 struct nlookupdata nd;
2409 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2411 error = kern_mkfifo(&nd, uap->mode);
2412 nlookup_done_at(&nd, fp);
2416 static int hardlink_check_uid = 0;
2417 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2418 &hardlink_check_uid, 0,
2419 "Unprivileged processes cannot create hard links to files owned by other "
2421 static int hardlink_check_gid = 0;
2422 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2423 &hardlink_check_gid, 0,
2424 "Unprivileged processes cannot create hard links to files owned by other "
2428 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2434 * Shortcut if disabled
2436 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2440 * Privileged user can always hardlink
2442 if (caps_priv_check(cred, SYSCAP_NOVFS_LINK) == 0)
2446 * Otherwise only if the originating file is owned by the
2447 * same user or group. Note that any group is allowed if
2448 * the file is owned by the caller.
2450 error = VOP_GETATTR(vp, &va);
2454 if (hardlink_check_uid) {
2455 if (cred->cr_uid != va.va_uid)
2459 if (hardlink_check_gid) {
2460 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2468 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2470 struct thread *td = curthread;
2475 * Lookup the source and obtained a locked vnode.
2477 * You may only hardlink a file which you have write permission
2478 * on or which you own.
2480 * XXX relookup on vget failure / race ?
2483 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2484 if ((error = nlookup(nd)) != 0)
2486 vp = nd->nl_nch.ncp->nc_vp;
2487 KKASSERT(vp != NULL);
2488 if (vp->v_type == VDIR)
2489 return (EPERM); /* POSIX */
2490 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2492 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2496 * Unlock the source so we can lookup the target without deadlocking
2497 * (XXX vp is locked already, possible other deadlock?). The target
2500 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2501 nd->nl_flags &= ~NLC_NCPISLOCKED;
2502 cache_unlock(&nd->nl_nch);
2505 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2506 if ((error = nlookup(linknd)) != 0) {
2510 if (linknd->nl_nch.ncp->nc_vp) {
2514 if (linknd->nl_dvp == NULL) {
2518 VFS_MODIFYING(vp->v_mount);
2519 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
2526 * Finally run the new API VOP.
2528 error = can_hardlink(vp, td, td->td_ucred);
2530 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2531 vp, linknd->nl_cred);
2538 * link_args(char *path, char *link)
2540 * Make a hard file link.
2543 sys_link(struct sysmsg *sysmsg, const struct link_args *uap)
2545 struct nlookupdata nd, linknd;
2548 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2550 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2552 error = kern_link(&nd, &linknd);
2553 nlookup_done(&linknd);
2560 * linkat_args(int fd1, char *path1, int fd2, char *path2, int flags)
2562 * Make a hard file link. The path1 argument is relative to the directory
2563 * associated with fd1, and similarly the path2 argument is relative to
2564 * the directory associated with fd2.
2567 sys_linkat(struct sysmsg *sysmsg, const struct linkat_args *uap)
2569 struct nlookupdata nd, linknd;
2570 struct file *fp1, *fp2;
2573 error = nlookup_init_at(&nd, &fp1, uap->fd1, uap->path1, UIO_USERSPACE,
2574 (uap->flags & AT_SYMLINK_FOLLOW) ? NLC_FOLLOW : 0);
2576 error = nlookup_init_at(&linknd, &fp2, uap->fd2,
2577 uap->path2, UIO_USERSPACE, 0);
2579 error = kern_link(&nd, &linknd);
2580 nlookup_done_at(&linknd, fp2);
2582 nlookup_done_at(&nd, fp1);
2587 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2595 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2596 if ((error = nlookup(nd)) != 0)
2598 if (nd->nl_nch.ncp->nc_vp)
2600 if (nd->nl_dvp == NULL)
2602 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2606 vattr.va_mode = mode;
2607 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2614 * symlink(char *path, char *link)
2616 * Make a symbolic link.
2619 sys_symlink(struct sysmsg *sysmsg, const struct symlink_args *uap)
2621 struct thread *td = curthread;
2622 struct nlookupdata nd;
2627 path = objcache_get(namei_oc, M_WAITOK);
2628 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2630 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2632 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2633 error = kern_symlink(&nd, path, mode);
2637 objcache_put(namei_oc, path);
2642 * symlinkat_args(char *path1, int fd, char *path2)
2644 * Make a symbolic link. The path2 argument is relative to the directory
2645 * associated with fd.
2648 sys_symlinkat(struct sysmsg *sysmsg, const struct symlinkat_args *uap)
2650 struct thread *td = curthread;
2651 struct nlookupdata nd;
2657 path1 = objcache_get(namei_oc, M_WAITOK);
2658 error = copyinstr(uap->path1, path1, MAXPATHLEN, NULL);
2660 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path2,
2663 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2664 error = kern_symlink(&nd, path1, mode);
2666 nlookup_done_at(&nd, fp);
2668 objcache_put(namei_oc, path1);
2673 * undelete_args(char *path)
2675 * Delete a whiteout from the filesystem.
2678 sys_undelete(struct sysmsg *sysmsg, const struct undelete_args *uap)
2680 struct nlookupdata nd;
2683 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2685 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2687 error = nlookup(&nd);
2688 if (error == 0 && nd.nl_dvp == NULL)
2691 error = ncp_writechk(&nd.nl_nch);
2693 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2701 kern_unlink(struct nlookupdata *nd)
2706 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2707 if ((error = nlookup(nd)) != 0)
2709 if (nd->nl_dvp == NULL)
2711 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2713 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2718 * unlink_args(char *path)
2720 * Delete a name from the filesystem.
2723 sys_unlink(struct sysmsg *sysmsg, const struct unlink_args *uap)
2725 struct nlookupdata nd;
2728 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2730 error = kern_unlink(&nd);
2737 * unlinkat_args(int fd, char *path, int flags)
2739 * Delete the file or directory entry pointed to by fd/path.
2742 sys_unlinkat(struct sysmsg *sysmsg, const struct unlinkat_args *uap)
2744 struct nlookupdata nd;
2748 if (uap->flags & ~AT_REMOVEDIR)
2751 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2753 if (uap->flags & AT_REMOVEDIR)
2754 error = kern_rmdir(&nd);
2756 error = kern_unlink(&nd);
2758 nlookup_done_at(&nd, fp);
2763 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2765 struct thread *td = curthread;
2768 struct vattr_lite lva;
2772 fp = holdfp(td, fd, -1);
2775 if (fp->f_type != DTYPE_VNODE) {
2779 vp = (struct vnode *)fp->f_data;
2783 spin_lock(&fp->f_spin);
2784 new_offset = fp->f_offset + offset;
2788 error = VOP_GETATTR_LITE(vp, &lva);
2789 spin_lock(&fp->f_spin);
2790 new_offset = offset + lva.va_size;
2793 new_offset = offset;
2795 spin_lock(&fp->f_spin);
2800 spin_lock(&fp->f_spin);
2805 * Validate the seek position. Negative offsets are not allowed
2806 * for regular files or directories.
2808 * Normally we would also not want to allow negative offsets for
2809 * character and block-special devices. However kvm addresses
2810 * on 64 bit architectures might appear to be negative and must
2814 if (new_offset < 0 &&
2815 (vp->v_type == VREG || vp->v_type == VDIR)) {
2818 fp->f_offset = new_offset;
2821 *res = fp->f_offset;
2822 spin_unlock(&fp->f_spin);
2830 * lseek_args(int fd, int pad, off_t offset, int whence)
2832 * Reposition read/write file offset.
2835 sys_lseek(struct sysmsg *sysmsg, const struct lseek_args *uap)
2839 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2840 &sysmsg->sysmsg_offset);
2846 * Check if current process can access given file. amode is a bitmask of *_OK
2847 * access bits. flags is a bitmask of AT_* flags.
2850 kern_access(struct nlookupdata *nd, int amode, int flags)
2855 if (flags & ~AT_EACCESS)
2857 nd->nl_flags |= NLC_SHAREDLOCK;
2858 if ((error = nlookup(nd)) != 0)
2860 if ((amode & W_OK) && (error = ncp_writechk(&nd->nl_nch)) != 0)
2863 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
2867 /* Flags == 0 means only check for existence. */
2876 if ((mode & VWRITE) == 0 ||
2877 (error = vn_writechk(vp)) == 0) {
2878 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2882 * If the file handle is stale we have to re-resolve the
2883 * entry with the ncp held exclusively. This is a hack
2886 if (error == ESTALE) {
2890 cache_unlock(&nd->nl_nch);
2891 cache_lock(&nd->nl_nch);
2892 dummy_gen = nd->nl_nch.ncp->nc_generation;
2893 cache_setunresolved(&nd->nl_nch);
2894 error = cache_resolve(&nd->nl_nch, &dummy_gen,
2908 * access_args(char *path, int flags)
2910 * Check access permissions.
2913 sys_access(struct sysmsg *sysmsg, const struct access_args *uap)
2915 struct nlookupdata nd;
2918 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2920 error = kern_access(&nd, uap->flags, 0);
2927 * eaccess_args(char *path, int flags)
2929 * Check access permissions.
2932 sys_eaccess(struct sysmsg *sysmsg, const struct eaccess_args *uap)
2934 struct nlookupdata nd;
2937 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2939 error = kern_access(&nd, uap->flags, AT_EACCESS);
2946 * faccessat_args(int fd, char *path, int amode, int flags)
2948 * Check access permissions.
2951 sys_faccessat(struct sysmsg *sysmsg, const struct faccessat_args *uap)
2953 struct nlookupdata nd;
2957 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2960 error = kern_access(&nd, uap->amode, uap->flags);
2961 nlookup_done_at(&nd, fp);
2966 kern_stat(struct nlookupdata *nd, struct stat *st)
2971 nd->nl_flags |= NLC_SHAREDLOCK;
2972 if ((error = nlookup(nd)) != 0)
2975 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2979 error = cache_vref(&nd->nl_nch, NULL, &vp);
2981 error = vget(vp, LK_SHARED);
2985 error = vn_stat(vp, st, nd->nl_cred);
2988 * If the file handle is stale we have to re-resolve the
2989 * entry with the ncp held exclusively. This is a hack
2992 if (error == ESTALE) {
2999 cache_unlock(&nd->nl_nch);
3000 cache_lock(&nd->nl_nch);
3001 dummy_gen = nd->nl_nch.ncp->nc_generation;
3002 cache_setunresolved(&nd->nl_nch);
3003 error = cache_resolve(&nd->nl_nch, &dummy_gen, nd->nl_cred);
3017 * stat_args(char *path, struct stat *ub)
3019 * Get file status; this version follows links.
3022 sys_stat(struct sysmsg *sysmsg, const struct stat_args *uap)
3024 struct nlookupdata nd;
3028 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3030 error = kern_stat(&nd, &st);
3032 error = copyout(&st, uap->ub, sizeof(*uap->ub));
3039 * lstat_args(char *path, struct stat *ub)
3041 * Get file status; this version does not follow links.
3044 sys_lstat(struct sysmsg *sysmsg, const struct lstat_args *uap)
3046 struct nlookupdata nd;
3050 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3052 error = kern_stat(&nd, &st);
3054 error = copyout(&st, uap->ub, sizeof(*uap->ub));
3061 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
3063 * Get status of file pointed to by fd/path.
3066 sys_fstatat(struct sysmsg *sysmsg, const struct fstatat_args *uap)
3068 struct nlookupdata nd;
3074 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3077 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3079 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3080 UIO_USERSPACE, flags);
3082 error = kern_stat(&nd, &st);
3084 error = copyout(&st, uap->sb, sizeof(*uap->sb));
3086 nlookup_done_at(&nd, fp);
3091 kern_pathconf(char *path, int name, int flags, register_t *sysmsg_regp)
3093 struct nlookupdata nd;
3098 error = nlookup_init(&nd, path, UIO_USERSPACE, flags);
3100 error = nlookup(&nd);
3102 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3105 error = VOP_PATHCONF(vp, name, sysmsg_regp);
3112 * pathconf_Args(char *path, int name)
3114 * Get configurable pathname variables.
3117 sys_pathconf(struct sysmsg *sysmsg, const struct pathconf_args *uap)
3119 return (kern_pathconf(uap->path, uap->name, NLC_FOLLOW,
3120 &sysmsg->sysmsg_reg));
3124 * lpathconf_Args(char *path, int name)
3126 * Get configurable pathname variables, but don't follow symlinks.
3129 sys_lpathconf(struct sysmsg *sysmsg, const struct lpathconf_args *uap)
3131 return (kern_pathconf(uap->path, uap->name, 0, &sysmsg->sysmsg_reg));
3136 * kern_readlink isn't properly split yet. There is a copyin burried
3137 * in VOP_READLINK().
3140 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
3142 struct thread *td = curthread;
3148 nd->nl_flags |= NLC_SHAREDLOCK;
3149 if ((error = nlookup(nd)) != 0)
3151 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
3154 if (vp->v_type != VLNK) {
3157 aiov.iov_base = buf;
3158 aiov.iov_len = count;
3159 auio.uio_iov = &aiov;
3160 auio.uio_iovcnt = 1;
3161 auio.uio_offset = 0;
3162 auio.uio_rw = UIO_READ;
3163 auio.uio_segflg = UIO_USERSPACE;
3165 auio.uio_resid = count;
3166 error = VOP_READLINK(vp, &auio, td->td_ucred);
3169 *res = count - auio.uio_resid;
3174 * readlink_args(char *path, char *buf, int count)
3176 * Return target name of a symbolic link.
3179 sys_readlink(struct sysmsg *sysmsg, const struct readlink_args *uap)
3181 struct nlookupdata nd;
3184 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3186 error = kern_readlink(&nd, uap->buf, uap->count,
3187 &sysmsg->sysmsg_result);
3194 * readlinkat_args(int fd, char *path, char *buf, size_t bufsize)
3196 * Return target name of a symbolic link. The path is relative to the
3197 * directory associated with fd.
3200 sys_readlinkat(struct sysmsg *sysmsg, const struct readlinkat_args *uap)
3202 struct nlookupdata nd;
3206 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
3208 error = kern_readlink(&nd, uap->buf, uap->bufsize,
3209 &sysmsg->sysmsg_result);
3211 nlookup_done_at(&nd, fp);
3216 setfflags(struct vnode *vp, u_long flags)
3218 struct thread *td = curthread;
3223 * Prevent non-root users from setting flags on devices. When
3224 * a device is reused, users can retain ownership of the device
3225 * if they are allowed to set flags and programs assume that
3226 * chown can't fail when done as root.
3228 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
3230 caps_priv_check(td->td_ucred, SYSCAP_NOVFS_CHFLAGS_DEV)) != 0))
3236 * note: vget is required for any operation that might mod the vnode
3237 * so VINACTIVE is properly cleared.
3239 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3241 vattr.va_flags = flags;
3242 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3249 * chflags(const char *path, u_long flags)
3251 * Change flags of a file given a path name.
3254 sys_chflags(struct sysmsg *sysmsg, const struct chflags_args *uap)
3256 struct nlookupdata nd;
3261 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3263 error = nlookup(&nd);
3265 error = ncp_writechk(&nd.nl_nch);
3267 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3270 error = setfflags(vp, uap->flags);
3277 * lchflags(const char *path, u_long flags)
3279 * Change flags of a file given a path name, but don't follow symlinks.
3282 sys_lchflags(struct sysmsg *sysmsg, const struct lchflags_args *uap)
3284 struct nlookupdata nd;
3289 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3291 error = nlookup(&nd);
3293 error = ncp_writechk(&nd.nl_nch);
3295 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3298 error = setfflags(vp, uap->flags);
3305 * fchflags_args(int fd, u_flags flags)
3307 * Change flags of a file given a file descriptor.
3310 sys_fchflags(struct sysmsg *sysmsg, const struct fchflags_args *uap)
3312 struct thread *td = curthread;
3316 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3318 if (fp->f_nchandle.ncp)
3319 error = ncp_writechk(&fp->f_nchandle);
3321 error = setfflags((struct vnode *) fp->f_data, uap->flags);
3327 * chflagsat_args(int fd, const char *path, u_long flags, int atflags)
3328 * change flags given a pathname relative to a filedescriptor
3331 sys_chflagsat(struct sysmsg *sysmsg, const struct chflagsat_args *uap)
3333 struct nlookupdata nd;
3339 if (uap->atflags & ~AT_SYMLINK_NOFOLLOW)
3342 lookupflags = (uap->atflags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3345 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, lookupflags);
3347 error = nlookup(&nd);
3349 error = ncp_writechk(&nd.nl_nch);
3351 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3352 nlookup_done_at(&nd, fp);
3354 error = setfflags(vp, uap->flags);
3362 setfmode(struct vnode *vp, int mode)
3364 struct thread *td = curthread;
3369 * note: vget is required for any operation that might mod the vnode
3370 * so VINACTIVE is properly cleared.
3372 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3374 vattr.va_mode = mode & ALLPERMS;
3375 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3376 cache_inval_wxok(vp);
3383 kern_chmod(struct nlookupdata *nd, int mode)
3388 if ((error = nlookup(nd)) != 0)
3390 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3392 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3393 error = setfmode(vp, mode);
3399 * chmod_args(char *path, int mode)
3401 * Change mode of a file given path name.
3404 sys_chmod(struct sysmsg *sysmsg, const struct chmod_args *uap)
3406 struct nlookupdata nd;
3409 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3411 error = kern_chmod(&nd, uap->mode);
3417 * lchmod_args(char *path, int mode)
3419 * Change mode of a file given path name (don't follow links.)
3422 sys_lchmod(struct sysmsg *sysmsg, const struct lchmod_args *uap)
3424 struct nlookupdata nd;
3427 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3429 error = kern_chmod(&nd, uap->mode);
3435 * fchmod_args(int fd, int mode)
3437 * Change mode of a file given a file descriptor.
3440 sys_fchmod(struct sysmsg *sysmsg, const struct fchmod_args *uap)
3442 struct thread *td = curthread;
3446 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3448 if (fp->f_nchandle.ncp)
3449 error = ncp_writechk(&fp->f_nchandle);
3451 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3457 * fchmodat_args(char *path, int mode)
3459 * Change mode of a file pointed to by fd/path.
3462 sys_fchmodat(struct sysmsg *sysmsg, const struct fchmodat_args *uap)
3464 struct nlookupdata nd;
3469 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3471 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3473 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3474 UIO_USERSPACE, flags);
3476 error = kern_chmod(&nd, uap->mode);
3477 nlookup_done_at(&nd, fp);
3482 setfown(struct mount *mp, struct vnode *vp, uid_t uid, gid_t gid)
3484 struct thread *td = curthread;
3492 * note: vget is required for any operation that might mod the vnode
3493 * so VINACTIVE is properly cleared.
3495 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3496 if ((error = VOP_GETATTR(vp, &vattr)) != 0)
3498 o_uid = vattr.va_uid;
3499 o_gid = vattr.va_gid;
3500 size = vattr.va_size;
3505 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3514 VFS_ACCOUNT(mp, o_uid, o_gid, -size);
3515 VFS_ACCOUNT(mp, uid, gid, size);
3522 kern_chown(struct nlookupdata *nd, int uid, int gid)
3527 if ((error = nlookup(nd)) != 0)
3529 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3531 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3532 error = setfown(nd->nl_nch.mount, vp, uid, gid);
3538 * chown(char *path, int uid, int gid)
3540 * Set ownership given a path name.
3543 sys_chown(struct sysmsg *sysmsg, const struct chown_args *uap)
3545 struct nlookupdata nd;
3548 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3550 error = kern_chown(&nd, uap->uid, uap->gid);
3556 * lchown_args(char *path, int uid, int gid)
3558 * Set ownership given a path name, do not cross symlinks.
3561 sys_lchown(struct sysmsg *sysmsg, const struct lchown_args *uap)
3563 struct nlookupdata nd;
3566 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3568 error = kern_chown(&nd, uap->uid, uap->gid);
3574 * fchown_args(int fd, int uid, int gid)
3576 * Set ownership given a file descriptor.
3579 sys_fchown(struct sysmsg *sysmsg, const struct fchown_args *uap)
3581 struct thread *td = curthread;
3582 struct proc *p = td->td_proc;
3586 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3588 if (fp->f_nchandle.ncp)
3589 error = ncp_writechk(&fp->f_nchandle);
3591 error = setfown(p->p_fd->fd_ncdir.mount,
3592 (struct vnode *)fp->f_data, uap->uid, uap->gid);
3598 * fchownat(int fd, char *path, int uid, int gid, int flags)
3600 * Set ownership of file pointed to by fd/path.
3603 sys_fchownat(struct sysmsg *sysmsg, const struct fchownat_args *uap)
3605 struct nlookupdata nd;
3610 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3612 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3614 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3615 UIO_USERSPACE, flags);
3617 error = kern_chown(&nd, uap->uid, uap->gid);
3618 nlookup_done_at(&nd, fp);
3624 getutimes(struct timeval *tvp, struct timespec *tsp)
3626 struct timeval tv[2];
3631 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3634 if ((error = itimerfix(tvp)) != 0)
3636 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3637 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3643 getutimens(const struct timespec *ts, struct timespec *newts, int *nullflag)
3645 struct timespec tsnow;
3659 if (newts[0].tv_nsec == UTIME_OMIT && newts[1].tv_nsec == UTIME_OMIT)
3661 if (newts[0].tv_nsec == UTIME_NOW && newts[1].tv_nsec == UTIME_NOW)
3664 if (newts[0].tv_nsec == UTIME_OMIT)
3665 newts[0].tv_sec = VNOVAL;
3666 else if (newts[0].tv_nsec == UTIME_NOW)
3668 else if ((error = itimespecfix(&newts[0])) != 0)
3671 if (newts[1].tv_nsec == UTIME_OMIT)
3672 newts[1].tv_sec = VNOVAL;
3673 else if (newts[1].tv_nsec == UTIME_NOW)
3675 else if ((error = itimespecfix(&newts[1])) != 0)
3682 setutimes(struct vnode *vp, struct vattr *vattr,
3683 const struct timespec *ts, int nullflag)
3685 struct thread *td = curthread;
3689 vattr->va_atime = ts[0];
3690 vattr->va_mtime = ts[1];
3692 vattr->va_vaflags |= VA_UTIMES_NULL;
3693 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3699 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3701 struct timespec ts[2];
3705 if ((error = getutimes(tptr, ts)) != 0)
3708 error = kern_utimensat(nd, tptr ? ts : NULL, 0);
3713 * utimes_args(char *path, struct timeval *tptr)
3715 * Set the access and modification times of a file.
3718 sys_utimes(struct sysmsg *sysmsg, const struct utimes_args *uap)
3720 struct timeval tv[2];
3721 struct nlookupdata nd;
3725 error = copyin(uap->tptr, tv, sizeof(tv));
3729 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3731 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3737 * lutimes_args(char *path, struct timeval *tptr)
3739 * Set the access and modification times of a file.
3742 sys_lutimes(struct sysmsg *sysmsg, const struct lutimes_args *uap)
3744 struct timeval tv[2];
3745 struct nlookupdata nd;
3749 error = copyin(uap->tptr, tv, sizeof(tv));
3753 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3755 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3761 * Set utimes on a file descriptor. The creds used to open the
3762 * file are used to determine whether the operation is allowed
3766 kern_futimens(int fd, struct timespec *ts)
3768 struct thread *td = curthread;
3769 struct timespec newts[2];
3773 struct vattr_lite lva;
3777 error = getutimens(ts, newts, &nullflag);
3780 if ((error = holdvnode(td, fd, &fp)) != 0)
3782 if (fp->f_nchandle.ncp)
3783 error = ncp_writechk(&fp->f_nchandle);
3786 error = vget(vp, LK_EXCLUSIVE);
3788 error = VOP_GETATTR_FP(vp, &vattr, fp);
3790 lva.va_type = vattr.va_type;
3791 lva.va_nlink = vattr.va_nlink;
3792 lva.va_mode = vattr.va_mode;
3793 lva.va_uid = vattr.va_uid;
3794 lva.va_gid = vattr.va_gid;
3795 lva.va_size = vattr.va_size;
3796 lva.va_flags = vattr.va_flags;
3798 error = naccess_lva(&lva, NLC_OWN | NLC_WRITE,
3802 error = setutimes(vp, &vattr, newts, nullflag);
3812 * futimens_args(int fd, struct timespec *ts)
3814 * Set the access and modification times of a file.
3817 sys_futimens(struct sysmsg *sysmsg, const struct futimens_args *uap)
3819 struct timespec ts[2];
3823 error = copyin(uap->ts, ts, sizeof(ts));
3827 error = kern_futimens(uap->fd, uap->ts ? ts : NULL);
3832 kern_futimes(int fd, struct timeval *tptr)
3834 struct timespec ts[2];
3838 if ((error = getutimes(tptr, ts)) != 0)
3841 error = kern_futimens(fd, tptr ? ts : NULL);
3846 * futimes_args(int fd, struct timeval *tptr)
3848 * Set the access and modification times of a file.
3851 sys_futimes(struct sysmsg *sysmsg, const struct futimes_args *uap)
3853 struct timeval tv[2];
3857 error = copyin(uap->tptr, tv, sizeof(tv));
3861 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3866 kern_utimensat(struct nlookupdata *nd, const struct timespec *ts, int flags)
3868 struct timespec newts[2];
3874 if (flags & ~AT_SYMLINK_NOFOLLOW)
3877 error = getutimens(ts, newts, &nullflag);
3881 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3882 if ((error = nlookup(nd)) != 0)
3884 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3886 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3888 if ((error = vn_writechk(vp)) == 0) {
3889 error = vget(vp, LK_EXCLUSIVE);
3891 error = setutimes(vp, &vattr, newts, nullflag);
3900 * utimensat_args(int fd, const char *path, const struct timespec *ts, int flags);
3902 * Set file access and modification times of a file.
3905 sys_utimensat(struct sysmsg *sysmsg, const struct utimensat_args *uap)
3907 struct timespec ts[2];
3908 struct nlookupdata nd;
3914 error = copyin(uap->ts, ts, sizeof(ts));
3919 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3920 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3921 UIO_USERSPACE, flags);
3923 error = kern_utimensat(&nd, uap->ts ? ts : NULL, uap->flags);
3924 nlookup_done_at(&nd, fp);
3929 kern_truncate(struct nlookupdata *nd, off_t length)
3936 uint64_t old_size = 0;
3940 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3941 if ((error = nlookup(nd)) != 0)
3943 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3945 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3947 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
3952 if (vp->v_type == VDIR) {
3956 if (vfs_quota_enabled) {
3957 error = VOP_GETATTR(vp, &vattr);
3958 KASSERT(error == 0, ("kern_truncate(): VOP_GETATTR didn't return 0"));
3961 old_size = vattr.va_size;
3964 if ((error = vn_writechk(vp)) == 0) {
3966 vattr.va_size = length;
3967 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3968 VFS_ACCOUNT(nd->nl_nch.mount, uid, gid, length - old_size);
3976 * truncate(char *path, int pad, off_t length)
3978 * Truncate a file given its path name.
3981 sys_truncate(struct sysmsg *sysmsg, const struct truncate_args *uap)
3983 struct nlookupdata nd;
3986 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3988 error = kern_truncate(&nd, uap->length);
3994 kern_ftruncate(int fd, off_t length)
3996 struct thread *td = curthread;
4003 uint64_t old_size = 0;
4008 if ((error = holdvnode(td, fd, &fp)) != 0)
4010 if (fp->f_nchandle.ncp) {
4011 error = ncp_writechk(&fp->f_nchandle);
4015 if ((fp->f_flag & FWRITE) == 0) {
4019 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
4023 vp = (struct vnode *)fp->f_data;
4024 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4025 if (vp->v_type == VDIR) {
4031 if (vfs_quota_enabled) {
4032 error = VOP_GETATTR_FP(vp, &vattr, fp);
4033 KASSERT(error == 0, ("kern_ftruncate(): VOP_GETATTR didn't return 0"));
4036 old_size = vattr.va_size;
4039 if ((error = vn_writechk(vp)) == 0) {
4041 vattr.va_size = length;
4042 error = VOP_SETATTR_FP(vp, &vattr, fp->f_cred, fp);
4044 VFS_ACCOUNT(mp, uid, gid, length - old_size);
4053 * ftruncate_args(int fd, int pad, off_t length)
4055 * Truncate a file given a file descriptor.
4058 sys_ftruncate(struct sysmsg *sysmsg, const struct ftruncate_args *uap)
4062 error = kern_ftruncate(uap->fd, uap->length);
4068 kern_fsync(int fd, bool fullsync)
4070 struct thread *td = curthread;
4076 if ((error = holdvnode(td, fd, &fp)) != 0)
4078 vp = (struct vnode *)fp->f_data;
4079 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4080 if ((obj = vp->v_object) != NULL) {
4081 if (vp->v_mount == NULL ||
4082 (vp->v_mount->mnt_kern_flag & MNTK_NOMSYNC) == 0) {
4083 vm_object_page_clean(obj, 0, 0, 0);
4087 VOP_FSYNC_FP(vp, MNT_WAIT, VOP_FSYNC_SYSCALL, fp) :
4088 VOP_FDATASYNC_FP(vp, MNT_WAIT, VOP_FSYNC_SYSCALL, fp);
4089 if (error == 0 && vp->v_mount)
4090 error = buf_fsync(vp);
4100 * Sync an open file.
4103 sys_fsync(struct sysmsg *sysmsg, const struct fsync_args *uap)
4105 return (kern_fsync(uap->fd, true));
4111 * Data-sync an open file.
4114 sys_fdatasync(struct sysmsg *sysmsg, const struct fdatasync_args *uap)
4116 return (kern_fsync(uap->fd, false));
4122 * NOTE: error == 0 and nl_dvp is NULL indicates a mount point, operation
4123 * disallowed. e.g. /var/cache where /var/cache is a null-mount, for
4127 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
4129 struct nchandle fnchd;
4130 struct nchandle tnchd;
4131 struct namecache *ncp;
4135 struct mount *userenlk;
4141 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
4142 if ((error = nlookup(fromnd)) != 0)
4146 * Attempt to rename a mount point (from or to)
4148 if (error == 0 && fromnd->nl_dvp == NULL)
4151 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
4153 fnchd.mount = fromnd->nl_nch.mount;
4157 * unlock the source nch so we can lookup the target nch without
4158 * deadlocking. The target may or may not exist so we do not check
4159 * for a target vp like kern_mkdir() and other creation functions do.
4161 * The source and target directories are ref'd and rechecked after
4162 * everything is relocked to determine if the source or target file
4165 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
4166 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
4167 fncp_gen = fromnd->nl_nch.ncp->nc_generation;
4169 if (fromnd->nl_nch.ncp->nc_vp &&
4170 fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
4171 userenlk = fnchd.mount;
4172 cache_unlock(&fromnd->nl_nch);
4173 lockmgr(&userenlk->mnt_renlock, LK_EXCLUSIVE);
4176 cache_unlock(&fromnd->nl_nch);
4182 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
4183 if ((error = nlookup(tond)) != 0) {
4187 tncp_gen = tond->nl_nch.ncp->nc_generation;
4190 * Attempt to rename a mount point (from or to)
4192 if (error == 0 && tond->nl_dvp == NULL) {
4198 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
4203 tnchd.mount = tond->nl_nch.mount;
4207 * If the source and target are the same there is nothing to do
4209 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
4217 * Mount points cannot be renamed or overwritten
4219 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
4229 * Lock all four namecache entries. tond is already locked.
4231 cache_lock4_tondlocked(&fnchd, &fromnd->nl_nch,
4232 &tnchd, &tond->nl_nch,
4233 fromnd->nl_cred, tond->nl_cred);
4234 fromnd->nl_flags |= NLC_NCPISLOCKED;
4237 * If the namecache generation changed for either fromnd or tond,
4240 if (((fromnd->nl_nch.ncp->nc_generation - fncp_gen) & ~1) ||
4241 ((tond->nl_nch.ncp->nc_generation - tncp_gen) & ~1))
4243 krateprintf(&krate_rename,
4244 "kern_rename: retry due to race on: "
4245 "\"%s\" -> \"%s\" (%d,%d)\n",
4246 fromnd->nl_nch.ncp->nc_name,
4247 tond->nl_nch.ncp->nc_name,
4248 fromnd->nl_nch.ncp->nc_generation - fncp_gen,
4249 tond->nl_nch.ncp->nc_generation - tncp_gen);
4255 * If either fromnd or tond are marked destroyed a ripout occured
4256 * out from under us and we must retry.
4258 if ((fromnd->nl_nch.ncp->nc_flag & (NCF_DESTROYED | NCF_UNRESOLVED)) ||
4259 fromnd->nl_nch.ncp->nc_vp == NULL ||
4260 (tond->nl_nch.ncp->nc_flag & (NCF_DESTROYED | NCF_UNRESOLVED))) {
4261 krateprintf(&krate_rename,
4262 "kern_rename: retry due to ripout on: "
4263 "\"%s\" -> \"%s\"\n",
4264 fromnd->nl_nch.ncp->nc_name,
4265 tond->nl_nch.ncp->nc_name);
4271 * Make sure the parent directories linkages are the same. We have
4272 * already checked that fromnd and tond are not mount points so this
4273 * should not loop forever on a cross-mount.
4275 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
4276 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
4282 * Both the source and target must be within the same filesystem and
4283 * in the same filesystem as their parent directories within the
4284 * namecache topology.
4286 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
4289 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
4290 mp != tond->nl_nch.mount) {
4296 * Make sure the mount point is writable
4298 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
4303 * If the target exists and either the source or target is a directory,
4304 * then both must be directories.
4306 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
4309 if (tond->nl_nch.ncp->nc_vp) {
4310 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
4312 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
4313 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
4315 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
4321 * You cannot rename a source into itself or a subdirectory of itself.
4322 * We check this by travsersing the target directory upwards looking
4323 * for a match against the source.
4325 * Only required when renaming a directory, in which case userenlk is
4328 if (__predict_false(userenlk && error == 0)) {
4329 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
4330 if (fromnd->nl_nch.ncp == ncp) {
4338 * Even though the namespaces are different, they may still represent
4339 * hardlinks to the same file. The filesystem might have a hard time
4340 * with this so we issue a NREMOVE of the source instead of a NRENAME
4341 * when we detect the situation.
4344 fdvp = fromnd->nl_dvp;
4345 tdvp = tond->nl_dvp;
4346 if (fdvp == NULL || tdvp == NULL) {
4348 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
4349 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
4352 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
4353 fdvp, tdvp, tond->nl_cred);
4361 lockmgr(&userenlk->mnt_renlock, LK_RELEASE);
4366 * rename_args(char *from, char *to)
4368 * Rename files. Source and destination must either both be directories,
4369 * or both not be directories. If target is a directory, it must be empty.
4372 sys_rename(struct sysmsg *sysmsg, const struct rename_args *uap)
4374 struct nlookupdata fromnd, tond;
4378 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
4380 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
4382 error = kern_rename(&fromnd, &tond);
4383 nlookup_done(&tond);
4385 nlookup_done(&fromnd);
4386 } while (error == EAGAIN);
4391 * renameat_args(int oldfd, char *old, int newfd, char *new)
4393 * Rename files using paths relative to the directories associated with
4394 * oldfd and newfd. Source and destination must either both be directories,
4395 * or both not be directories. If target is a directory, it must be empty.
4398 sys_renameat(struct sysmsg *sysmsg, const struct renameat_args *uap)
4400 struct nlookupdata oldnd, newnd;
4401 struct file *oldfp, *newfp;
4405 error = nlookup_init_at(&oldnd, &oldfp,
4406 uap->oldfd, uap->old,
4409 error = nlookup_init_at(&newnd, &newfp,
4410 uap->newfd, uap->new,
4413 error = kern_rename(&oldnd, &newnd);
4414 nlookup_done_at(&newnd, newfp);
4416 nlookup_done_at(&oldnd, oldfp);
4417 } while (error == EAGAIN);
4422 kern_mkdir(struct nlookupdata *nd, int mode)
4424 struct thread *td = curthread;
4425 struct proc *p = td->td_proc;
4431 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
4432 if ((error = nlookup(nd)) != 0)
4435 if (nd->nl_nch.ncp->nc_vp)
4437 if (nd->nl_dvp == NULL)
4439 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4442 vattr.va_type = VDIR;
4443 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
4446 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
4453 * mkdir_args(char *path, int mode)
4455 * Make a directory file.
4458 sys_mkdir(struct sysmsg *sysmsg, const struct mkdir_args *uap)
4460 struct nlookupdata nd;
4463 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4465 error = kern_mkdir(&nd, uap->mode);
4471 * mkdirat_args(int fd, char *path, mode_t mode)
4473 * Make a directory file. The path is relative to the directory associated
4477 sys_mkdirat(struct sysmsg *sysmsg, const struct mkdirat_args *uap)
4479 struct nlookupdata nd;
4483 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
4485 error = kern_mkdir(&nd, uap->mode);
4486 nlookup_done_at(&nd, fp);
4491 kern_rmdir(struct nlookupdata *nd)
4496 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
4497 if ((error = nlookup(nd)) != 0)
4501 * Do not allow directories representing mount points to be
4502 * deleted, even if empty. Check write perms on mount point
4503 * in case the vnode is aliased (aka nullfs).
4505 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
4507 if (nd->nl_dvp == NULL)
4509 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4511 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
4516 * rmdir_args(char *path)
4518 * Remove a directory file.
4521 sys_rmdir(struct sysmsg *sysmsg, const struct rmdir_args *uap)
4523 struct nlookupdata nd;
4526 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4528 error = kern_rmdir(&nd);
4534 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
4535 enum uio_seg direction)
4537 struct thread *td = curthread;
4545 if ((error = holdvnode(td, fd, &fp)) != 0)
4547 if ((fp->f_flag & FREAD) == 0) {
4551 vp = (struct vnode *)fp->f_data;
4552 if (vp->v_type != VDIR) {
4556 aiov.iov_base = buf;
4557 aiov.iov_len = count;
4558 auio.uio_iov = &aiov;
4559 auio.uio_iovcnt = 1;
4560 auio.uio_rw = UIO_READ;
4561 auio.uio_segflg = direction;
4563 auio.uio_resid = count;
4564 loff = auio.uio_offset = fp->f_offset;
4565 error = VOP_READDIR_FP(vp, &auio, fp->f_cred, &eofflag, NULL, NULL, fp);
4566 fp->f_offset = auio.uio_offset;
4571 * WARNING! *basep may not be wide enough to accomodate the
4572 * seek offset. XXX should we hack this to return the upper 32 bits
4573 * for offsets greater then 4G?
4576 *basep = (long)loff;
4578 *res = count - auio.uio_resid;
4585 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
4587 * Read a block of directory entries in a file system independent format.
4590 sys_getdirentries(struct sysmsg *sysmsg, const struct getdirentries_args *uap)
4595 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
4596 &sysmsg->sysmsg_result, UIO_USERSPACE);
4598 if (error == 0 && uap->basep)
4599 error = copyout(&base, uap->basep, sizeof(*uap->basep));
4604 * getdents_args(int fd, char *buf, size_t count)
4607 sys_getdents(struct sysmsg *sysmsg, const struct getdents_args *uap)
4611 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
4612 &sysmsg->sysmsg_result, UIO_USERSPACE);
4618 * Set the mode mask for creation of filesystem nodes.
4620 * umask(int newmask)
4623 sys_umask(struct sysmsg *sysmsg, const struct umask_args *uap)
4625 struct thread *td = curthread;
4626 struct proc *p = td->td_proc;
4627 struct filedesc *fdp;
4630 sysmsg->sysmsg_result = fdp->fd_cmask;
4631 fdp->fd_cmask = uap->newmask & ALLPERMS;
4636 * revoke(char *path)
4638 * Void all references to file by ripping underlying filesystem
4642 sys_revoke(struct sysmsg *sysmsg, const struct revoke_args *uap)
4644 struct nlookupdata nd;
4651 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4653 error = nlookup(&nd);
4655 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4656 cred = crhold(nd.nl_cred);
4660 error = VOP_GETATTR(vp, &vattr);
4661 if (error == 0 && cred->cr_uid != vattr.va_uid)
4662 error = caps_priv_check(cred, SYSCAP_NOVFS_REVOKE);
4663 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
4665 error = vrevoke(vp, cred);
4666 } else if (error == 0) {
4667 error = vrevoke(vp, cred);
4677 * getfh_args(char *fname, fhandle_t *fhp)
4679 * Get (NFS) file handle
4681 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4682 * mount. This allows nullfs mounts to be explicitly exported.
4684 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4686 * nullfs mounts of subdirectories are not safe. That is, it will
4687 * work, but you do not really have protection against access to
4688 * the related parent directories.
4691 sys_getfh(struct sysmsg *sysmsg, const struct getfh_args *uap)
4693 struct nlookupdata nd;
4700 * Must be super user
4702 if ((error = caps_priv_check_self(SYSCAP_RESTRICTEDROOT)) != 0)
4706 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4708 error = nlookup(&nd);
4710 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4711 mp = nd.nl_nch.mount;
4714 bzero(&fh, sizeof(fh));
4715 fh.fh_fsid = mp->mnt_stat.f_fsid;
4716 error = VFS_VPTOFH(vp, &fh.fh_fid);
4719 error = copyout(&fh, uap->fhp, sizeof(fh));
4725 * fhopen_args(const struct fhandle *u_fhp, int flags)
4727 * syscall for the rpc.lockd to use to translate a NFS file handle into
4728 * an open descriptor.
4730 * WARNING: Do not remove the caps_priv_check() call or this becomes
4731 * one giant security hole.
4734 sys_fhopen(struct sysmsg *sysmsg, const struct fhopen_args *uap)
4736 struct thread *td = curthread;
4737 struct filedesc *fdp = td->td_proc->p_fd;
4742 struct vattr *vap = &vat;
4744 int fmode, mode, error = 0, type;
4750 * Must be super user
4752 error = caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT);
4756 fmode = FFLAGS(uap->flags);
4759 * Why not allow a non-read/write open for our lockd?
4761 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4763 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4768 * Find the mount point
4770 mp = vfs_getvfs(&fhp.fh_fsid);
4775 /* now give me my vnode, it gets returned to me locked */
4776 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4780 * from now on we have to make sure not
4781 * to forget about the vnode
4782 * any error that causes an abort must vput(vp)
4783 * just set error = err and 'goto bad;'.
4789 if (vp->v_type == VLNK) {
4793 if (vp->v_type == VSOCK) {
4798 if (fmode & (FWRITE | O_TRUNC)) {
4799 if (vp->v_type == VDIR) {
4803 error = vn_writechk(vp);
4811 error = VOP_ACCESS(vp, mode, td->td_ucred);
4815 if (fmode & O_TRUNC) {
4816 vn_unlock(vp); /* XXX */
4817 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4820 error = VOP_SETATTR(vp, vap, td->td_ucred);
4826 * VOP_OPEN needs the file pointer so it can potentially override
4829 * WARNING! no f_nchandle will be associated when fhopen()ing a
4832 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4834 error = VOP_OPEN(vp, fmode, td->td_ucred, &nfp);
4839 * setting f_ops this way prevents VOP_CLOSE from being
4840 * called or fdrop() releasing the vp from v_data. Since
4841 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4843 fp->f_ops = &badfileops;
4849 * The fp is given its own reference, we still have our ref and lock.
4851 * Assert that all regular files must be created with a VM object.
4853 if (vp->v_type == VREG && vp->v_object == NULL) {
4854 kprintf("fhopen: regular file did not "
4855 "have VM object: %p\n",
4861 * The open was successful. Handle any locking requirements.
4863 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4864 lf.l_whence = SEEK_SET;
4867 if (fmode & O_EXLOCK)
4868 lf.l_type = F_WRLCK;
4870 lf.l_type = F_RDLCK;
4871 if (fmode & FNONBLOCK)
4876 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK,
4879 * release our private reference.
4881 fsetfd(fdp, NULL, indx);
4886 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4887 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
4891 * Clean up. Associate the file pointer with the previously
4892 * reserved descriptor and return it.
4895 if (uap->flags & O_CLOEXEC)
4896 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
4897 fsetfd(fdp, fp, indx);
4899 sysmsg->sysmsg_result = indx;
4905 fsetfd(fdp, NULL, indx);
4916 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4919 sys_fhstat(struct sysmsg *sysmsg, const struct fhstat_args *uap)
4921 struct thread *td = curthread;
4929 * Must be super user
4931 error = caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT);
4935 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4939 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4942 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4943 error = vn_stat(vp, &sb, td->td_ucred);
4948 error = copyout(&sb, uap->sb, sizeof(sb));
4956 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4959 sys_fhstatfs(struct sysmsg *sysmsg, const struct fhstatfs_args *uap)
4961 struct thread *td = curthread;
4962 struct proc *p = td->td_proc;
4967 char *fullpath, *freepath;
4972 * Must be super user
4974 error = caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT);
4978 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4981 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4985 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4990 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4995 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4998 error = mount_path(p, mp, &fullpath, &freepath);
5001 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
5002 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
5003 kfree(freepath, M_TEMP);
5005 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
5006 if (caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT)) {
5007 bcopy(sp, &sb, sizeof(sb));
5008 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
5011 error = copyout(sp, uap->buf, sizeof(*sp));
5020 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
5023 sys_fhstatvfs(struct sysmsg *sysmsg, const struct fhstatvfs_args *uap)
5025 struct thread *td = curthread;
5026 struct proc *p = td->td_proc;
5034 * Must be super user
5036 if ((error = caps_priv_check_td(td, SYSCAP_RESTRICTEDROOT)))
5039 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
5042 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
5046 if (p != NULL && !chroot_visible_mnt(mp, p)) {
5051 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
5054 sp = &mp->mnt_vstat;
5056 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
5060 if (mp->mnt_flag & MNT_RDONLY)
5061 sp->f_flag |= ST_RDONLY;
5062 if (mp->mnt_flag & MNT_NOSUID)
5063 sp->f_flag |= ST_NOSUID;
5064 error = copyout(sp, uap->buf, sizeof(*sp));
5073 * Syscall to push extended attribute configuration information into the
5074 * VFS. Accepts a path, which it converts to a mountpoint, as well as
5075 * a command (int cmd), and attribute name and misc data. For now, the
5076 * attribute name is left in userspace for consumption by the VFS_op.
5077 * It will probably be changed to be copied into sysspace by the
5078 * syscall in the future, once issues with various consumers of the
5079 * attribute code have raised their hands.
5081 * Currently this is used only by UFS Extended Attributes.
5084 sys_extattrctl(struct sysmsg *sysmsg, const struct extattrctl_args *uap)
5086 struct nlookupdata nd;
5088 char attrname[EXTATTR_MAXNAMELEN];
5096 if (error == 0 && uap->filename) {
5097 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
5100 error = nlookup(&nd);
5102 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
5106 if (error == 0 && uap->attrname) {
5107 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
5112 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5114 error = nlookup(&nd);
5116 error = ncp_writechk(&nd.nl_nch);
5118 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
5120 uap->attrname, nd.nl_cred);
5129 * Syscall to get a named extended attribute on a file or directory.
5132 sys_extattr_set_file(struct sysmsg *sysmsg,
5133 const struct extattr_set_file_args *uap)
5135 char attrname[EXTATTR_MAXNAMELEN];
5136 struct nlookupdata nd;
5142 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5148 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5150 error = nlookup(&nd);
5152 error = ncp_writechk(&nd.nl_nch);
5154 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5160 bzero(&auio, sizeof(auio));
5161 aiov.iov_base = uap->data;
5162 aiov.iov_len = uap->nbytes;
5163 auio.uio_iov = &aiov;
5164 auio.uio_iovcnt = 1;
5165 auio.uio_offset = 0;
5166 auio.uio_resid = uap->nbytes;
5167 auio.uio_rw = UIO_WRITE;
5168 auio.uio_td = curthread;
5170 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
5179 * Syscall to get a named extended attribute on a file or directory.
5182 sys_extattr_get_file(struct sysmsg *sysmsg,
5183 const struct extattr_get_file_args *uap)
5185 char attrname[EXTATTR_MAXNAMELEN];
5186 struct nlookupdata nd;
5192 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5198 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5200 error = nlookup(&nd);
5202 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_SHARED, &vp);
5208 bzero(&auio, sizeof(auio));
5209 aiov.iov_base = uap->data;
5210 aiov.iov_len = uap->nbytes;
5211 auio.uio_iov = &aiov;
5212 auio.uio_iovcnt = 1;
5213 auio.uio_offset = 0;
5214 auio.uio_resid = uap->nbytes;
5215 auio.uio_rw = UIO_READ;
5216 auio.uio_td = curthread;
5218 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
5220 sysmsg->sysmsg_result = uap->nbytes - auio.uio_resid;
5228 * Syscall to delete a named extended attribute from a file or directory.
5229 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
5232 sys_extattr_delete_file(struct sysmsg *sysmsg,
5233 const struct extattr_delete_file_args *uap)
5235 char attrname[EXTATTR_MAXNAMELEN];
5236 struct nlookupdata nd;
5240 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5244 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5246 error = nlookup(&nd);
5248 error = ncp_writechk(&nd.nl_nch);
5250 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5252 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
5253 attrname, NULL, nd.nl_cred);
5262 * Determine if the mount is visible to the process.
5265 chroot_visible_mnt(struct mount *mp, struct proc *p)
5267 struct nchandle nch;
5270 * Traverse from the mount point upwards. If we hit the process
5271 * root then the mount point is visible to the process.
5273 nch = mp->mnt_ncmountpt;
5275 if (nch.mount == p->p_fd->fd_nrdir.mount &&
5276 nch.ncp == p->p_fd->fd_nrdir.ncp) {
5279 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
5280 nch = nch.mount->mnt_ncmounton;
5282 nch.ncp = nch.ncp->nc_parent;
5287 * If the mount point is not visible to the process, but the
5288 * process root is in a subdirectory of the mount, return
5291 if (p->p_fd->fd_nrdir.mount == mp)
5298 * Return the appropriate system capability restriction.
5301 get_fscap(const char *fsname)
5304 if (strncmp("null", fsname, 5) == 0) {
5305 return SYSCAP_NOMOUNT_NULLFS;
5306 } else if (strncmp(fsname, "devfs", 6) == 0) {
5307 return SYSCAP_NOMOUNT_DEVFS;
5308 } else if (strncmp(fsname, "procfs", 7) == 0) {
5309 return SYSCAP_NOMOUNT_PROCFS;
5310 } else if (strncmp(fsname, "tmpfs", 6) == 0) {
5311 return SYSCAP_NOMOUNT_TMPFS;
5312 } else if (strncmp(fsname, "fusefs", 7) == 0) {
5313 return SYSCAP_NOMOUNT_FUSE;
5315 return SYSCAP_RESTRICTEDROOT;
5319 sys___realpath(struct sysmsg *sysmsg, const struct __realpath_args *uap)
5321 struct nlookupdata nd;
5328 * Invalid length if less than 0. 0 is allowed
5330 if ((ssize_t)uap->len < 0)
5335 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5339 nd.nl_flags |= NLC_SHAREDLOCK;
5340 error = nlookup(&nd);
5344 if (nd.nl_nch.ncp->nc_vp == NULL) {
5350 * Shortcut test for existence.
5352 if (uap->len == 0) {
5353 error = ENAMETOOLONG;
5358 * Obtain the path relative to the process root. The nch must not
5359 * be locked for the cache_fullpath() call.
5361 if (nd.nl_flags & NLC_NCPISLOCKED) {
5362 nd.nl_flags &= ~NLC_NCPISLOCKED;
5363 cache_unlock(&nd.nl_nch);
5365 error = cache_fullpath(curproc, &nd.nl_nch, NULL, &rbuf, &fbuf, 0);
5369 rlen = (ssize_t)strlen(rbuf);
5370 if (rlen >= uap->len) {
5371 error = ENAMETOOLONG;
5374 error = copyout(rbuf, uap->buf, rlen + 1);
5376 sysmsg->sysmsg_szresult = rlen;
5380 kfree(fbuf, M_TEMP);
5386 sys_posix_fallocate(struct sysmsg *sysmsg, const struct posix_fallocate_args *uap)
5388 return (kern_posix_fallocate(uap->fd, uap->offset, uap->len));
5392 kern_posix_fallocate(int fd, off_t offset, off_t len)
5394 struct thread *td = curthread;
5399 if (offset < 0 || len <= 0)
5401 /* Check for wrap. */
5402 if (offset > OFF_MAX - len)
5405 fp = holdfp(td, fd, -1);
5409 switch (fp->f_type) {
5421 if ((fp->f_flag & FWRITE) == 0) {
5427 if (vp->v_type != VREG) {
5432 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
5433 error = VOP_ALLOCATE(vp, offset, len);