2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
35 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
38 #include <sys/param.h>
39 #include <sys/systm.h>
42 #include <sys/sysent.h>
43 #include <sys/malloc.h>
44 #include <sys/mount.h>
45 #include <sys/mountctl.h>
46 #include <sys/sysproto.h>
47 #include <sys/filedesc.h>
48 #include <sys/kernel.h>
49 #include <sys/fcntl.h>
51 #include <sys/linker.h>
53 #include <sys/unistd.h>
54 #include <sys/vnode.h>
58 #include <sys/namei.h>
59 #include <sys/nlookup.h>
60 #include <sys/dirent.h>
61 #include <sys/extattr.h>
62 #include <sys/spinlock.h>
63 #include <sys/kern_syscall.h>
64 #include <sys/objcache.h>
65 #include <sys/sysctl.h>
68 #include <sys/file2.h>
69 #include <sys/spinlock2.h>
72 #include <vm/vm_object.h>
73 #include <vm/vm_page.h>
75 #include <machine/limits.h>
76 #include <machine/stdarg.h>
78 static void mount_warning(struct mount *mp, const char *ctl, ...)
80 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
81 static int checkvp_chdir (struct vnode *vn, struct thread *td);
82 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
83 static int get_fspriv(const char *);
84 static int chroot_refuse_vdir_fds (thread_t td, struct filedesc *fdp);
85 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
86 static int getutimes (struct timeval *, struct timespec *);
87 static int getutimens (const struct timespec *, struct timespec *, int *);
88 static int setfown (struct mount *, struct vnode *, uid_t, gid_t);
89 static int setfmode (struct vnode *, int);
90 static int setfflags (struct vnode *, u_long);
91 static int setutimes (struct vnode *, struct vattr *,
92 const struct timespec *, int);
94 static int usermount = 0; /* if 1, non-root can mount fs. */
95 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
96 "Allow non-root users to mount filesystems");
98 static int debug_unmount = 0; /* if 1 loop until unmount success */
99 SYSCTL_INT(_vfs, OID_AUTO, debug_unmount, CTLFLAG_RW, &debug_unmount, 0,
100 "Stall failed unmounts in loop");
102 * Virtual File System System Calls
106 * Mount a file system.
108 * mount_args(char *type, char *path, int flags, caddr_t data)
113 sys_mount(struct mount_args *uap)
115 struct thread *td = curthread;
118 struct mount *mp, *nullmp;
119 struct vfsconf *vfsp;
120 int error, flag = 0, flag2 = 0;
124 struct nlookupdata nd;
125 char fstypename[MFSNAMELEN];
130 /* We do not allow user mounts inside a jail for now */
131 if (usermount && jailed(cred)) {
137 * Extract the file system type. We need to know this early, to take
138 * appropriate actions for jails and nullfs mounts.
140 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0)
144 * Select the correct priv according to the file system type.
146 priv = get_fspriv(fstypename);
148 if (usermount == 0 && (error = priv_check(td, priv)))
152 * Do not allow NFS export by non-root users.
154 if (uap->flags & MNT_EXPORTED) {
155 error = priv_check(td, priv);
160 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
162 if (priv_check(td, priv))
163 uap->flags |= MNT_NOSUID | MNT_NODEV;
166 * Lookup the requested path and extract the nch and vnode.
168 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
170 if ((error = nlookup(&nd)) == 0) {
171 if (nd.nl_nch.ncp->nc_vp == NULL)
181 * If the target filesystem is resolved via a nullfs mount, then
182 * nd.nl_nch.mount will be pointing to the nullfs mount structure
183 * instead of the target file system. We need it in case we are
186 nullmp = nd.nl_nch.mount;
189 * Extract the locked+refd ncp and cleanup the nd structure
192 cache_zero(&nd.nl_nch);
195 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
196 (mp = cache_findmount(&nch)) != NULL) {
205 * now we have the locked ref'd nch and unreferenced vnode.
208 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
215 * Now we have an unlocked ref'd nch and a locked ref'd vp
217 if (uap->flags & MNT_UPDATE) {
218 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
225 if (strncmp(fstypename, "null", 5) == 0) {
233 flag2 = mp->mnt_kern_flag;
235 * We only allow the filesystem to be reloaded if it
236 * is currently mounted read-only.
238 if ((uap->flags & MNT_RELOAD) &&
239 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
242 error = EOPNOTSUPP; /* Needs translation */
246 * Only root, or the user that did the original mount is
247 * permitted to update it.
249 if (mp->mnt_stat.f_owner != cred->cr_uid &&
250 (error = priv_check(td, priv))) {
255 if (vfs_busy(mp, LK_NOWAIT)) {
269 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
270 lwkt_gettoken(&mp->mnt_token);
277 * If the user is not root, ensure that they own the directory
278 * onto which we are attempting to mount.
280 if ((error = VOP_GETATTR(vp, &va)) ||
281 (va.va_uid != cred->cr_uid &&
282 (error = priv_check(td, priv)))) {
287 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
292 if (vp->v_type != VDIR) {
298 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
304 vfsp = vfsconf_find_by_name(fstypename);
308 /* Only load modules for root (very important!) */
309 if ((error = priv_check(td, PRIV_ROOT)) != 0) {
314 error = linker_load_file(fstypename, &lf);
315 if (error || lf == NULL) {
323 /* lookup again, see if the VFS was loaded */
324 vfsp = vfsconf_find_by_name(fstypename);
327 linker_file_unload(lf);
342 * Allocate and initialize the filesystem.
344 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
345 mount_init(mp, vfsp->vfc_vfsops);
346 vfs_busy(mp, LK_NOWAIT);
348 mp->mnt_pbuf_count = nswbuf_kva / NSWBUF_SPLIT;
349 vfsp->vfc_refcount++;
350 mp->mnt_stat.f_type = vfsp->vfc_typenum;
351 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
352 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
353 mp->mnt_stat.f_owner = cred->cr_uid;
354 lwkt_gettoken(&mp->mnt_token);
358 * (per-mount token acquired at this point)
360 * Set the mount level flags.
362 if (uap->flags & MNT_RDONLY)
363 mp->mnt_flag |= MNT_RDONLY;
364 else if (mp->mnt_flag & MNT_RDONLY)
365 mp->mnt_kern_flag |= MNTK_WANTRDWR;
366 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
367 MNT_SYNCHRONOUS | MNT_ASYNC | MNT_NOATIME |
368 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
369 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
371 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
372 MNT_NODEV | MNT_SYNCHRONOUS | MNT_ASYNC | MNT_FORCE |
373 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
374 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR |
378 * Pre-set the mount's ALL_MPSAFE flags if specified in the vfsconf.
379 * This way the initial VFS_MOUNT() call will also be MPSAFE.
381 if (vfsp->vfc_flags & VFCF_MPSAFE)
382 mp->mnt_kern_flag |= MNTK_ALL_MPSAFE;
385 * Mount the filesystem.
386 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
389 if (mp->mnt_flag & MNT_UPDATE) {
390 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
391 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
392 mp->mnt_flag &= ~MNT_RDONLY;
393 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
394 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
397 mp->mnt_kern_flag = flag2;
399 lwkt_reltoken(&mp->mnt_token);
405 mp->mnt_ncmounton = nch;
406 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
407 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
410 * Put the new filesystem on the mount list after root. The mount
411 * point gets its own mnt_ncmountpt (unless the VFS already set one
412 * up) which represents the root of the mount. The lookup code
413 * detects the mount point going forward and checks the root of
414 * the mount going backwards.
416 * It is not necessary to invalidate or purge the vnode underneath
417 * because elements under the mount will be given their own glue
421 if (mp->mnt_ncmountpt.ncp == NULL) {
423 * Allocate, then unlock, but leave the ref intact.
424 * This is the mnt_refs (1) that we will retain
425 * through to the unmount.
427 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
428 cache_unlock(&mp->mnt_ncmountpt);
432 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
434 cache_ismounting(mp);
435 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
437 mountlist_insert(mp, MNTINS_LAST);
439 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
440 error = vfs_allocate_syncvnode(mp);
441 lwkt_reltoken(&mp->mnt_token);
443 error = VFS_START(mp, 0);
445 KNOTE(&fs_klist, VQ_MOUNT);
447 bzero(&mp->mnt_ncmounton, sizeof(mp->mnt_ncmounton));
448 vn_syncer_thr_stop(mp);
449 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
450 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
451 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
452 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
453 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
455 crfree(mp->mnt_cred);
458 mp->mnt_vfc->vfc_refcount--;
459 lwkt_reltoken(&mp->mnt_token);
470 * Scan all active processes to see if any of them have a current
471 * or root directory onto which the new filesystem has just been
472 * mounted. If so, replace them with the new mount point.
474 * Both old_nch and new_nch are ref'd on call but not locked.
475 * new_nch must be temporarily locked so it can be associated with the
476 * vnode representing the root of the mount point.
478 struct checkdirs_info {
479 struct nchandle old_nch;
480 struct nchandle new_nch;
481 struct vnode *old_vp;
482 struct vnode *new_vp;
485 static int checkdirs_callback(struct proc *p, void *data);
488 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
490 struct checkdirs_info info;
496 * If the old mount point's vnode has a usecount of 1, it is not
497 * being held as a descriptor anywhere.
499 olddp = old_nch->ncp->nc_vp;
500 if (olddp == NULL || VREFCNT(olddp) == 1)
504 * Force the root vnode of the new mount point to be resolved
505 * so we can update any matching processes.
508 if (VFS_ROOT(mp, &newdp))
509 panic("mount: lost mount");
512 vn_lock(newdp, LK_EXCLUSIVE | LK_RETRY);
513 cache_setunresolved(new_nch);
514 cache_setvp(new_nch, newdp);
515 cache_unlock(new_nch);
518 * Special handling of the root node
520 if (rootvnode == olddp) {
522 vfs_cache_setroot(newdp, cache_hold(new_nch));
526 * Pass newdp separately so the callback does not have to access
527 * it via new_nch->ncp->nc_vp.
529 info.old_nch = *old_nch;
530 info.new_nch = *new_nch;
532 allproc_scan(checkdirs_callback, &info, 0);
537 * NOTE: callback is not MP safe because the scanned process's filedesc
538 * structure can be ripped out from under us, amoung other things.
541 checkdirs_callback(struct proc *p, void *data)
543 struct checkdirs_info *info = data;
544 struct filedesc *fdp;
545 struct nchandle ncdrop1;
546 struct nchandle ncdrop2;
547 struct vnode *vprele1;
548 struct vnode *vprele2;
550 if ((fdp = p->p_fd) != NULL) {
551 cache_zero(&ncdrop1);
552 cache_zero(&ncdrop2);
557 * MPUNSAFE - XXX fdp can be pulled out from under a
560 * A shared filedesc is ok, we don't have to copy it
561 * because we are making this change globally.
563 spin_lock(&fdp->fd_spin);
564 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
565 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
566 vprele1 = fdp->fd_cdir;
568 fdp->fd_cdir = info->new_vp;
569 ncdrop1 = fdp->fd_ncdir;
570 cache_copy(&info->new_nch, &fdp->fd_ncdir);
572 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
573 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
574 vprele2 = fdp->fd_rdir;
576 fdp->fd_rdir = info->new_vp;
577 ncdrop2 = fdp->fd_nrdir;
578 cache_copy(&info->new_nch, &fdp->fd_nrdir);
580 spin_unlock(&fdp->fd_spin);
582 cache_drop(&ncdrop1);
584 cache_drop(&ncdrop2);
594 * Unmount a file system.
596 * Note: unmount takes a path to the vnode mounted on as argument,
597 * not special file (as before).
599 * umount_args(char *path, int flags)
604 sys_unmount(struct unmount_args *uap)
606 struct thread *td = curthread;
607 struct proc *p __debugvar = td->td_proc;
608 struct mount *mp = NULL;
609 struct nlookupdata nd;
610 char fstypename[MFSNAMELEN];
619 /* We do not allow user umounts inside a jail for now */
620 if (usermount && jailed(cred)) {
625 error = nlookup_init(&nd, uap->path, UIO_USERSPACE,
626 NLC_FOLLOW | NLC_IGNBADDIR);
628 error = nlookup(&nd);
632 mp = nd.nl_nch.mount;
634 /* Figure out the fsname in order to select proper privs */
635 ksnprintf(fstypename, MFSNAMELEN, "%s", mp->mnt_vfc->vfc_name);
636 priv = get_fspriv(fstypename);
638 if (usermount == 0 && (error = priv_check(td, priv))) {
644 * Only root, or the user that did the original mount is
645 * permitted to unmount this filesystem.
647 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
648 (error = priv_check(td, priv)))
652 * Don't allow unmounting the root file system.
654 if (mp->mnt_flag & MNT_ROOTFS) {
660 * Must be the root of the filesystem
662 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
667 /* Check if this mount belongs to this prison */
668 if (jailed(cred) && mp->mnt_cred && (!mp->mnt_cred->cr_prison ||
669 mp->mnt_cred->cr_prison != cred->cr_prison)) {
670 kprintf("mountpoint %s does not belong to this jail\n",
677 * If no error try to issue the unmount. We lose our cache
678 * ref when we call nlookup_done so we must hold the mount point
679 * to prevent use-after-free races.
685 error = dounmount(mp, uap->flags, 0);
695 * Do the actual file system unmount (interlocked against the mountlist
696 * token and mp->mnt_token).
699 dounmount_interlock(struct mount *mp)
701 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
703 mp->mnt_kern_flag |= MNTK_UNMOUNT;
708 unmount_allproc_cb(struct proc *p, void *arg)
712 if (p->p_textnch.ncp == NULL)
715 mp = (struct mount *)arg;
716 if (p->p_textnch.mount == mp)
717 cache_drop(&p->p_textnch);
723 * The guts of the unmount code. The mount owns one ref and one hold
724 * count. If we successfully interlock the unmount, those refs are ours.
725 * (The ref is from mnt_ncmountpt).
727 * When halting we shortcut certain mount types such as devfs by not actually
728 * issuing the VFS_SYNC() or VFS_UNMOUNT(). They are still disconnected
729 * from the mountlist so higher-level filesytems can unmount cleanly.
731 * The mount types that allow QUICKHALT are: devfs, tmpfs, procfs.
734 dounmount(struct mount *mp, int flags, int halting)
736 struct namecache *ncp;
747 lwkt_gettoken(&mp->mnt_token);
750 * When halting, certain mount points can essentially just
751 * be unhooked and otherwise ignored.
753 if (halting && (mp->mnt_kern_flag & MNTK_QUICKHALT)) {
762 * Exclusive access for unmounting purposes.
764 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
768 * We now 'own' the last mp->mnt_refs
770 * Allow filesystems to detect that a forced unmount is in progress.
772 if (flags & MNT_FORCE)
773 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
774 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_TIMELOCK);
775 error = lockmgr(&mp->mnt_lock, lflags);
777 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
778 if (mp->mnt_kern_flag & MNTK_MWAIT) {
779 mp->mnt_kern_flag &= ~MNTK_MWAIT;
785 if (mp->mnt_flag & MNT_EXPUBLIC)
786 vfs_setpublicfs(NULL, NULL, NULL);
788 vfs_msync(mp, MNT_WAIT);
789 async_flag = mp->mnt_flag & MNT_ASYNC;
790 mp->mnt_flag &=~ MNT_ASYNC;
793 * Decomission our special mnt_syncer vnode. This also stops
794 * the vnlru code. If we are unable to unmount we recommission
797 * Then sync the filesystem.
799 if ((vp = mp->mnt_syncer) != NULL) {
800 mp->mnt_syncer = NULL;
801 atomic_set_int(&vp->v_refcnt, VREF_FINALIZE);
807 * Sync normally-mounted filesystem.
809 if (quickhalt == 0) {
810 if ((mp->mnt_flag & MNT_RDONLY) == 0)
811 VFS_SYNC(mp, MNT_WAIT);
815 * nchandle records ref the mount structure. Expect a count of 1
816 * (our mount->mnt_ncmountpt).
818 * Scans can get temporary refs on a mountpoint (thought really
819 * heavy duty stuff like cache_findmount() do not).
821 for (retry = 0; (retry < 10 || debug_unmount); ++retry) {
823 * Invalidate the namecache topology under the mount.
824 * nullfs mounts alias a real mount's namecache topology
825 * and it should not be invalidated in that case.
827 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
828 cache_lock(&mp->mnt_ncmountpt);
829 cache_inval(&mp->mnt_ncmountpt,
830 CINV_DESTROY|CINV_CHILDREN);
831 cache_unlock(&mp->mnt_ncmountpt);
837 cache_unmounting(mp);
838 if (mp->mnt_refs != 1)
839 cache_clearmntcache(mp);
842 * Break out if we are good. Don't count ncp refs if the
845 ncp = (mp->mnt_kern_flag & MNTK_NCALIASED) ?
846 NULL : mp->mnt_ncmountpt.ncp;
847 if (mp->mnt_refs == 1 &&
848 (ncp == NULL || (ncp->nc_refs == 1 &&
849 TAILQ_FIRST(&ncp->nc_list) == NULL))) {
854 * If forcing the unmount, clean out any p->p_textnch
855 * nchandles that match this mount.
857 if (flags & MNT_FORCE)
858 allproc_scan(&unmount_allproc_cb, mp, 0);
863 tsleep(&mp->mnt_refs, 0, "mntbsy", hz / 10 + 1);
864 if ((retry & 15) == 15) {
866 "(%p) debug - retry %d, "
867 "%d namecache refs, %d mount refs",
869 (ncp ? ncp->nc_refs - 1 : 0),
875 ncp = (mp->mnt_kern_flag & MNTK_NCALIASED) ?
876 NULL : mp->mnt_ncmountpt.ncp;
877 if (mp->mnt_refs != 1 ||
878 (ncp != NULL && (ncp->nc_refs != 1 ||
879 TAILQ_FIRST(&ncp->nc_list)))) {
881 "(%p): %d namecache refs, %d mount refs "
884 (ncp ? ncp->nc_refs - 1 : 0),
886 if (flags & MNT_FORCE) {
888 mount_warning(mp, "forcing unmount\n");
895 * So far so good, sync the filesystem once more and
896 * call the VFS unmount code if the sync succeeds.
898 if (error == 0 && quickhalt == 0) {
899 if (mp->mnt_flag & MNT_RDONLY) {
900 error = VFS_UNMOUNT(mp, flags);
902 error = VFS_SYNC(mp, MNT_WAIT);
903 if (error == 0 || /* no error */
904 error == EOPNOTSUPP || /* no sync avail */
905 (flags & MNT_FORCE)) { /* force anyway */
906 error = VFS_UNMOUNT(mp, flags);
911 "(%p) unmount: vfs refused to unmount, "
918 * If an error occurred we can still recover, restoring the
919 * syncer vnode and misc flags.
922 if (mp->mnt_syncer == NULL && hadsyncer)
923 vfs_allocate_syncvnode(mp);
924 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
925 mp->mnt_flag |= async_flag;
926 lockmgr(&mp->mnt_lock, LK_RELEASE);
927 if (mp->mnt_kern_flag & MNTK_MWAIT) {
928 mp->mnt_kern_flag &= ~MNTK_MWAIT;
934 * Clean up any journals still associated with the mount after
935 * filesystem activity has ceased.
937 journal_remove_all_journals(mp,
938 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
940 mountlist_remove(mp);
943 * Remove any installed vnode ops here so the individual VFSs don't
946 * mnt_refs should go to zero when we scrap mnt_ncmountpt.
948 * When quickhalting we have to keep these intact because the
949 * underlying vnodes have not been destroyed, and some might be
952 if (quickhalt == 0) {
953 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
954 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
955 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
956 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
957 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
960 if (mp->mnt_ncmountpt.ncp != NULL) {
961 nch = mp->mnt_ncmountpt;
962 cache_zero(&mp->mnt_ncmountpt);
963 cache_clrmountpt(&nch);
966 if (mp->mnt_ncmounton.ncp != NULL) {
967 cache_unmounting(mp);
968 nch = mp->mnt_ncmounton;
969 cache_zero(&mp->mnt_ncmounton);
970 cache_clrmountpt(&nch);
975 crfree(mp->mnt_cred);
979 mp->mnt_vfc->vfc_refcount--;
982 * If not quickhalting the mount, we expect there to be no
985 if (quickhalt == 0 && !TAILQ_EMPTY(&mp->mnt_nvnodelist))
986 panic("unmount: dangling vnode");
991 lockmgr(&mp->mnt_lock, LK_RELEASE);
992 if (mp->mnt_kern_flag & MNTK_MWAIT) {
993 mp->mnt_kern_flag &= ~MNTK_MWAIT;
998 * If we reach here and freeok != 0 we must free the mount.
999 * mnt_refs should already have dropped to 0, so if it is not
1000 * zero we must cycle the caches and wait.
1002 * When we are satisfied that the mount has disconnected we can
1003 * drop the hold on the mp that represented the mount (though the
1004 * caller might actually have another, so the caller's drop may
1005 * do the actual free).
1008 if (mp->mnt_refs > 0)
1009 cache_clearmntcache(mp);
1010 while (mp->mnt_refs > 0) {
1011 cache_unmounting(mp);
1013 tsleep(&mp->mnt_refs, 0, "umntrwait", hz / 10 + 1);
1014 cache_clearmntcache(mp);
1016 lwkt_reltoken(&mp->mnt_token);
1020 cache_clearmntcache(mp);
1023 KNOTE(&fs_klist, VQ_UNMOUNT);
1026 lwkt_reltoken(&mp->mnt_token);
1032 mount_warning(struct mount *mp, const char *ctl, ...)
1038 __va_start(va, ctl);
1039 if (cache_fullpath(NULL, &mp->mnt_ncmounton, NULL,
1040 &ptr, &buf, 0) == 0) {
1041 kprintf("unmount(%s): ", ptr);
1046 kprintf("unmount(%p", mp);
1047 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
1048 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
1057 * Shim cache_fullpath() to handle the case where a process is chrooted into
1058 * a subdirectory of a mount. In this case if the root mount matches the
1059 * process root directory's mount we have to specify the process's root
1060 * directory instead of the mount point, because the mount point might
1061 * be above the root directory.
1065 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
1067 struct nchandle *nch;
1069 if (p && p->p_fd->fd_nrdir.mount == mp)
1070 nch = &p->p_fd->fd_nrdir;
1072 nch = &mp->mnt_ncmountpt;
1073 return(cache_fullpath(p, nch, NULL, rb, fb, 0));
1077 * Sync each mounted filesystem.
1081 static int syncprt = 0;
1082 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
1085 static int sync_callback(struct mount *mp, void *data);
1088 sys_sync(struct sync_args *uap)
1090 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
1096 sync_callback(struct mount *mp, void *data __unused)
1100 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
1101 lwkt_gettoken(&mp->mnt_token);
1102 asyncflag = mp->mnt_flag & MNT_ASYNC;
1103 mp->mnt_flag &= ~MNT_ASYNC;
1104 lwkt_reltoken(&mp->mnt_token);
1105 vfs_msync(mp, MNT_NOWAIT);
1106 VFS_SYNC(mp, MNT_NOWAIT);
1107 lwkt_gettoken(&mp->mnt_token);
1108 mp->mnt_flag |= asyncflag;
1109 lwkt_reltoken(&mp->mnt_token);
1114 /* XXX PRISON: could be per prison flag */
1115 static int prison_quotas;
1117 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
1121 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
1123 * Change filesystem quotas.
1128 sys_quotactl(struct quotactl_args *uap)
1130 struct nlookupdata nd;
1136 if (td->td_ucred->cr_prison && !prison_quotas) {
1141 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1143 error = nlookup(&nd);
1145 mp = nd.nl_nch.mount;
1146 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
1147 uap->arg, nd.nl_cred);
1155 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
1156 * void *buf, int buflen)
1158 * This function operates on a mount point and executes the specified
1159 * operation using the specified control data, and possibly returns data.
1161 * The actual number of bytes stored in the result buffer is returned, 0
1162 * if none, otherwise an error is returned.
1167 sys_mountctl(struct mountctl_args *uap)
1169 struct thread *td = curthread;
1177 * Sanity and permissions checks. We must be root.
1179 if (td->td_ucred->cr_prison != NULL)
1181 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
1182 (error = priv_check(td, PRIV_ROOT)) != 0)
1186 * Argument length checks
1188 if (uap->ctllen < 0 || uap->ctllen > 1024)
1190 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
1192 if (uap->path == NULL)
1196 * Allocate the necessary buffers and copyin data
1198 path = objcache_get(namei_oc, M_WAITOK);
1199 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
1204 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
1205 error = copyin(uap->ctl, ctl, uap->ctllen);
1210 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1213 * Validate the descriptor
1216 fp = holdfp(td, uap->fd, -1);
1226 * Execute the internal kernel function and clean up.
1228 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen,
1229 buf, uap->buflen, &uap->sysmsg_result);
1231 dropfp(td, uap->fd, fp);
1232 if (error == 0 && uap->sysmsg_result > 0)
1233 error = copyout(buf, uap->buf, uap->sysmsg_result);
1236 objcache_put(namei_oc, path);
1245 * Execute a mount control operation by resolving the path to a mount point
1246 * and calling vop_mountctl().
1248 * Use the mount point from the nch instead of the vnode so nullfs mounts
1249 * can properly spike the VOP.
1252 kern_mountctl(const char *path, int op, struct file *fp,
1253 const void *ctl, int ctllen,
1254 void *buf, int buflen, int *res)
1257 struct nlookupdata nd;
1258 struct nchandle nch;
1264 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1267 error = nlookup(&nd);
1272 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1279 * Yes, all this is needed to use the nch.mount below, because
1280 * we must maintain a ref on the mount to avoid ripouts (e.g.
1281 * due to heavy mount/unmount use by synth or poudriere).
1284 cache_zero(&nd.nl_nch);
1292 * Must be the root of the filesystem
1294 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1299 if (mp == NULL || mp->mnt_kern_flag & MNTK_UNMOUNT) {
1300 kprintf("kern_mountctl: Warning, \"%s\" racing unmount\n",
1306 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1315 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1317 struct thread *td = curthread;
1318 struct proc *p = td->td_proc;
1321 char *fullpath, *freepath;
1324 if ((error = nlookup(nd)) != 0)
1326 mp = nd->nl_nch.mount;
1330 * Ignore refresh error, user should have visibility.
1331 * This can happen if a NFS mount goes bad (e.g. server
1332 * revokes perms or goes down).
1334 error = VFS_STATFS(mp, sp, nd->nl_cred);
1337 error = mount_path(p, mp, &fullpath, &freepath);
1340 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1341 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1342 kfree(freepath, M_TEMP);
1344 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1345 bcopy(sp, buf, sizeof(*buf));
1346 /* Only root should have access to the fsid's. */
1347 if (priv_check(td, PRIV_ROOT))
1348 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1353 * statfs_args(char *path, struct statfs *buf)
1355 * Get filesystem statistics.
1358 sys_statfs(struct statfs_args *uap)
1360 struct nlookupdata nd;
1364 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1366 error = kern_statfs(&nd, &buf);
1369 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1374 kern_fstatfs(int fd, struct statfs *buf)
1376 struct thread *td = curthread;
1377 struct proc *p = td->td_proc;
1381 char *fullpath, *freepath;
1385 if ((error = holdvnode(td, fd, &fp)) != 0)
1389 * Try to use mount info from any overlays rather than the
1390 * mount info for the underlying vnode, otherwise we will
1391 * fail when operating on null-mounted paths inside a chroot.
1393 if ((mp = fp->f_nchandle.mount) == NULL)
1394 mp = ((struct vnode *)fp->f_data)->v_mount;
1399 if (fp->f_cred == NULL) {
1405 * Ignore refresh error, user should have visibility.
1406 * This can happen if a NFS mount goes bad (e.g. server
1407 * revokes perms or goes down).
1410 error = VFS_STATFS(mp, sp, fp->f_cred);
1412 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1414 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1415 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1416 kfree(freepath, M_TEMP);
1418 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1419 bcopy(sp, buf, sizeof(*buf));
1421 /* Only root should have access to the fsid's. */
1422 if (priv_check(td, PRIV_ROOT))
1423 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1431 * fstatfs_args(int fd, struct statfs *buf)
1433 * Get filesystem statistics.
1436 sys_fstatfs(struct fstatfs_args *uap)
1441 error = kern_fstatfs(uap->fd, &buf);
1444 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1449 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1455 if ((error = nlookup(nd)) != 0)
1457 mp = nd->nl_nch.mount;
1458 sp = &mp->mnt_vstat;
1459 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1463 if (mp->mnt_flag & MNT_RDONLY)
1464 sp->f_flag |= ST_RDONLY;
1465 if (mp->mnt_flag & MNT_NOSUID)
1466 sp->f_flag |= ST_NOSUID;
1467 bcopy(sp, buf, sizeof(*buf));
1472 * statfs_args(char *path, struct statfs *buf)
1474 * Get filesystem statistics.
1477 sys_statvfs(struct statvfs_args *uap)
1479 struct nlookupdata nd;
1483 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1485 error = kern_statvfs(&nd, &buf);
1488 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1493 kern_fstatvfs(int fd, struct statvfs *buf)
1495 struct thread *td = curthread;
1501 if ((error = holdvnode(td, fd, &fp)) != 0)
1503 if ((mp = fp->f_nchandle.mount) == NULL)
1504 mp = ((struct vnode *)fp->f_data)->v_mount;
1509 if (fp->f_cred == NULL) {
1513 sp = &mp->mnt_vstat;
1514 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1518 if (mp->mnt_flag & MNT_RDONLY)
1519 sp->f_flag |= ST_RDONLY;
1520 if (mp->mnt_flag & MNT_NOSUID)
1521 sp->f_flag |= ST_NOSUID;
1523 bcopy(sp, buf, sizeof(*buf));
1531 * fstatfs_args(int fd, struct statfs *buf)
1533 * Get filesystem statistics.
1536 sys_fstatvfs(struct fstatvfs_args *uap)
1541 error = kern_fstatvfs(uap->fd, &buf);
1544 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1549 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1551 * Get statistics on all filesystems.
1554 struct getfsstat_info {
1555 struct statfs *sfsp;
1563 static int getfsstat_callback(struct mount *, void *);
1566 sys_getfsstat(struct getfsstat_args *uap)
1568 struct thread *td = curthread;
1569 struct getfsstat_info info;
1571 bzero(&info, sizeof(info));
1573 info.maxcount = uap->bufsize / sizeof(struct statfs);
1574 info.sfsp = uap->buf;
1576 info.flags = uap->flags;
1579 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1580 if (info.sfsp && info.count > info.maxcount)
1581 uap->sysmsg_result = info.maxcount;
1583 uap->sysmsg_result = info.count;
1584 return (info.error);
1588 getfsstat_callback(struct mount *mp, void *data)
1590 struct getfsstat_info *info = data;
1596 if (info->td->td_proc && !chroot_visible_mnt(mp, info->td->td_proc))
1599 if (info->sfsp && info->count < info->maxcount) {
1603 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1604 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1605 * overrides MNT_WAIT.
1607 * Ignore refresh error, user should have visibility.
1608 * This can happen if a NFS mount goes bad (e.g. server
1609 * revokes perms or goes down).
1611 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1612 (info->flags & MNT_WAIT)) &&
1613 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1616 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1618 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1620 info->error = error;
1623 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1624 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1625 kfree(freepath, M_TEMP);
1627 error = copyout(sp, info->sfsp, sizeof(*sp));
1629 info->error = error;
1639 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1640 long bufsize, int flags)
1642 * Get statistics on all filesystems.
1645 struct getvfsstat_info {
1646 struct statfs *sfsp;
1647 struct statvfs *vsfsp;
1655 static int getvfsstat_callback(struct mount *, void *);
1658 sys_getvfsstat(struct getvfsstat_args *uap)
1660 struct thread *td = curthread;
1661 struct getvfsstat_info info;
1663 bzero(&info, sizeof(info));
1665 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1666 info.sfsp = uap->buf;
1667 info.vsfsp = uap->vbuf;
1669 info.flags = uap->flags;
1672 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1673 if (info.vsfsp && info.count > info.maxcount)
1674 uap->sysmsg_result = info.maxcount;
1676 uap->sysmsg_result = info.count;
1677 return (info.error);
1681 getvfsstat_callback(struct mount *mp, void *data)
1683 struct getvfsstat_info *info = data;
1685 struct statvfs *vsp;
1690 if (info->td->td_proc && !chroot_visible_mnt(mp, info->td->td_proc))
1693 if (info->vsfsp && info->count < info->maxcount) {
1695 vsp = &mp->mnt_vstat;
1698 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1699 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1700 * overrides MNT_WAIT.
1702 * Ignore refresh error, user should have visibility.
1703 * This can happen if a NFS mount goes bad (e.g. server
1704 * revokes perms or goes down).
1706 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1707 (info->flags & MNT_WAIT)) &&
1708 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1711 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1713 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1714 (info->flags & MNT_WAIT)) &&
1715 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1719 if (mp->mnt_flag & MNT_RDONLY)
1720 vsp->f_flag |= ST_RDONLY;
1721 if (mp->mnt_flag & MNT_NOSUID)
1722 vsp->f_flag |= ST_NOSUID;
1724 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1726 info->error = error;
1729 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1730 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1731 kfree(freepath, M_TEMP);
1733 error = copyout(sp, info->sfsp, sizeof(*sp));
1735 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1737 info->error = error;
1749 * fchdir_args(int fd)
1751 * Change current working directory to a given file descriptor.
1754 sys_fchdir(struct fchdir_args *uap)
1756 struct thread *td = curthread;
1757 struct proc *p = td->td_proc;
1758 struct filedesc *fdp = p->p_fd;
1759 struct vnode *vp, *ovp;
1762 struct nchandle nch, onch, tnch;
1765 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
1767 lwkt_gettoken(&p->p_token);
1768 vp = (struct vnode *)fp->f_data;
1770 vn_lock(vp, LK_SHARED | LK_RETRY);
1771 if (fp->f_nchandle.ncp == NULL)
1774 error = checkvp_chdir(vp, td);
1779 cache_copy(&fp->f_nchandle, &nch);
1782 * If the ncp has become a mount point, traverse through
1786 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1787 (mp = cache_findmount(&nch)) != NULL
1789 error = nlookup_mp(mp, &tnch);
1791 cache_unlock(&tnch); /* leave ref intact */
1793 vp = tnch.ncp->nc_vp;
1794 error = vget(vp, LK_SHARED);
1795 KKASSERT(error == 0);
1799 cache_dropmount(mp);
1802 spin_lock(&fdp->fd_spin);
1804 onch = fdp->fd_ncdir;
1806 fdp->fd_ncdir = nch;
1807 spin_unlock(&fdp->fd_spin);
1808 vn_unlock(vp); /* leave ref intact */
1817 lwkt_reltoken(&p->p_token);
1822 kern_chdir(struct nlookupdata *nd)
1824 struct thread *td = curthread;
1825 struct proc *p = td->td_proc;
1826 struct filedesc *fdp = p->p_fd;
1827 struct vnode *vp, *ovp;
1828 struct nchandle onch;
1831 nd->nl_flags |= NLC_SHAREDLOCK;
1832 if ((error = nlookup(nd)) != 0)
1834 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1836 if ((error = vget(vp, LK_SHARED)) != 0)
1839 lwkt_gettoken(&p->p_token);
1840 error = checkvp_chdir(vp, td);
1843 spin_lock(&fdp->fd_spin);
1845 onch = fdp->fd_ncdir;
1846 fdp->fd_ncdir = nd->nl_nch;
1848 spin_unlock(&fdp->fd_spin);
1849 cache_unlock(&nd->nl_nch); /* leave reference intact */
1852 cache_zero(&nd->nl_nch);
1856 lwkt_reltoken(&p->p_token);
1861 * chdir_args(char *path)
1863 * Change current working directory (``.'').
1866 sys_chdir(struct chdir_args *uap)
1868 struct nlookupdata nd;
1871 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1873 error = kern_chdir(&nd);
1879 * Helper function for raised chroot(2) security function: Refuse if
1880 * any filedescriptors are open directories.
1883 chroot_refuse_vdir_fds(thread_t td, struct filedesc *fdp)
1890 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1891 if ((error = holdvnode(td, fd, &fp)) != 0)
1893 vp = (struct vnode *)fp->f_data;
1894 if (vp->v_type != VDIR) {
1905 * This sysctl determines if we will allow a process to chroot(2) if it
1906 * has a directory open:
1907 * 0: disallowed for all processes.
1908 * 1: allowed for processes that were not already chroot(2)'ed.
1909 * 2: allowed for all processes.
1912 static int chroot_allow_open_directories = 1;
1914 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1915 &chroot_allow_open_directories, 0, "");
1918 * chroot to the specified namecache entry. We obtain the vp from the
1919 * namecache data. The passed ncp must be locked and referenced and will
1920 * remain locked and referenced on return.
1923 kern_chroot(struct nchandle *nch)
1925 struct thread *td = curthread;
1926 struct proc *p = td->td_proc;
1927 struct filedesc *fdp = p->p_fd;
1932 * Only privileged user can chroot
1934 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1939 * Disallow open directory descriptors (fchdir() breakouts).
1941 if (chroot_allow_open_directories == 0 ||
1942 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1943 if ((error = chroot_refuse_vdir_fds(td, fdp)) != 0)
1946 if ((vp = nch->ncp->nc_vp) == NULL)
1949 if ((error = vget(vp, LK_SHARED)) != 0)
1953 * Check the validity of vp as a directory to change to and
1954 * associate it with rdir/jdir.
1956 error = checkvp_chdir(vp, td);
1957 vn_unlock(vp); /* leave reference intact */
1959 lwkt_gettoken(&p->p_token);
1960 vrele(fdp->fd_rdir);
1961 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1962 cache_drop(&fdp->fd_nrdir);
1963 cache_copy(nch, &fdp->fd_nrdir);
1964 if (fdp->fd_jdir == NULL) {
1967 cache_copy(nch, &fdp->fd_njdir);
1969 if ((p->p_flags & P_DIDCHROOT) == 0) {
1970 p->p_flags |= P_DIDCHROOT;
1971 if (p->p_depth <= 65535 - 32)
1974 lwkt_reltoken(&p->p_token);
1982 * chroot_args(char *path)
1984 * Change notion of root (``/'') directory.
1987 sys_chroot(struct chroot_args *uap)
1989 struct thread *td __debugvar = curthread;
1990 struct nlookupdata nd;
1993 KKASSERT(td->td_proc);
1994 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1996 nd.nl_flags |= NLC_EXEC;
1997 error = nlookup(&nd);
1999 error = kern_chroot(&nd.nl_nch);
2006 sys_chroot_kernel(struct chroot_kernel_args *uap)
2008 struct thread *td = curthread;
2009 struct nlookupdata nd;
2010 struct nchandle *nch;
2014 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2018 error = nlookup(&nd);
2024 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
2028 if ((vp = nch->ncp->nc_vp) == NULL) {
2033 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
2036 vfs_cache_setroot(vp, cache_hold(nch));
2045 * Common routine for chroot and chdir. Given a locked, referenced vnode,
2046 * determine whether it is legal to chdir to the vnode. The vnode's state
2047 * is not changed by this call.
2050 checkvp_chdir(struct vnode *vp, struct thread *td)
2054 if (vp->v_type != VDIR)
2057 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
2062 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
2064 struct thread *td = curthread;
2065 struct proc *p = td->td_proc;
2066 struct lwp *lp = td->td_lwp;
2067 struct filedesc *fdp = p->p_fd;
2072 int type, indx, error = 0;
2075 if ((oflags & O_ACCMODE) == O_ACCMODE)
2077 flags = FFLAGS(oflags);
2078 error = falloc(lp, &nfp, NULL);
2082 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
2085 * XXX p_dupfd is a real mess. It allows a device to return a
2086 * file descriptor to be duplicated rather then doing the open
2092 * Call vn_open() to do the lookup and assign the vnode to the
2093 * file pointer. vn_open() does not change the ref count on fp
2094 * and the vnode, on success, will be inherited by the file pointer
2097 * Request a shared lock on the vnode if possible.
2099 * When NLC_SHAREDLOCK is set we may still need an exclusive vnode
2100 * lock for O_RDWR opens on executables in order to avoid a VTEXT
2101 * detection race. The NLC_EXCLLOCK_IFEXEC handles this case.
2103 * NOTE: We need a flag to separate terminal vnode locking from
2104 * parent locking. O_CREAT needs parent locking, but O_TRUNC
2105 * and O_RDWR only need to lock the terminal vnode exclusively.
2107 nd->nl_flags |= NLC_LOCKVP;
2108 if ((flags & (O_CREAT|O_TRUNC)) == 0) {
2109 nd->nl_flags |= NLC_SHAREDLOCK;
2111 nd->nl_flags |= NLC_EXCLLOCK_IFEXEC;
2114 error = vn_open(nd, fp, flags, cmode);
2119 * handle special fdopen() case. bleh. dupfdopen() is
2120 * responsible for dropping the old contents of ofiles[indx]
2123 * Note that fsetfd() will add a ref to fp which represents
2124 * the fd_files[] assignment. We must still drop our
2127 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
2128 if (fdalloc(p, 0, &indx) == 0) {
2129 error = dupfdopen(td, indx, lp->lwp_dupfd, flags, error);
2132 fdrop(fp); /* our ref */
2135 fsetfd(fdp, NULL, indx);
2138 fdrop(fp); /* our ref */
2139 if (error == ERESTART)
2145 * ref the vnode for ourselves so it can't be ripped out from under
2146 * is. XXX need an ND flag to request that the vnode be returned
2149 * Reserve a file descriptor but do not assign it until the open
2152 vp = (struct vnode *)fp->f_data;
2154 if ((error = fdalloc(p, 0, &indx)) != 0) {
2161 * If no error occurs the vp will have been assigned to the file
2166 if (flags & (O_EXLOCK | O_SHLOCK)) {
2167 lf.l_whence = SEEK_SET;
2170 if (flags & O_EXLOCK)
2171 lf.l_type = F_WRLCK;
2173 lf.l_type = F_RDLCK;
2174 if (flags & FNONBLOCK)
2179 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
2181 * lock request failed. Clean up the reserved
2185 fsetfd(fdp, NULL, indx);
2189 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
2193 * Assert that all regular file vnodes were created with a object.
2195 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
2196 ("open: regular file has no backing object after vn_open"));
2202 * release our private reference, leaving the one associated with the
2203 * descriptor table intact.
2205 if (oflags & O_CLOEXEC)
2206 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
2207 fsetfd(fdp, fp, indx);
2215 * open_args(char *path, int flags, int mode)
2217 * Check permissions, allocate an open file structure,
2218 * and call the device open routine if any.
2221 sys_open(struct open_args *uap)
2223 struct nlookupdata nd;
2226 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2228 error = kern_open(&nd, uap->flags,
2229 uap->mode, &uap->sysmsg_result);
2236 * openat_args(int fd, char *path, int flags, int mode)
2239 sys_openat(struct openat_args *uap)
2241 struct nlookupdata nd;
2245 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2247 error = kern_open(&nd, uap->flags, uap->mode,
2248 &uap->sysmsg_result);
2250 nlookup_done_at(&nd, fp);
2255 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
2257 struct thread *td = curthread;
2258 struct proc *p = td->td_proc;
2267 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2268 vattr.va_rmajor = rmajor;
2269 vattr.va_rminor = rminor;
2271 switch (mode & S_IFMT) {
2272 case S_IFMT: /* used by badsect to flag bad sectors */
2273 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_BAD, 0);
2274 vattr.va_type = VBAD;
2277 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2278 vattr.va_type = VCHR;
2281 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2282 vattr.va_type = VBLK;
2285 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_WHT, 0);
2288 case S_IFDIR: /* special directories support for HAMMER */
2289 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_DIR, 0);
2290 vattr.va_type = VDIR;
2301 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2302 if ((error = nlookup(nd)) != 0)
2304 if (nd->nl_nch.ncp->nc_vp)
2306 if (nd->nl_dvp == NULL)
2308 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2312 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2313 nd->nl_cred, NAMEI_CREATE);
2316 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2317 &vp, nd->nl_cred, &vattr);
2325 * mknod_args(char *path, int mode, int dev)
2327 * Create a special file.
2330 sys_mknod(struct mknod_args *uap)
2332 struct nlookupdata nd;
2335 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2337 error = kern_mknod(&nd, uap->mode,
2338 umajor(uap->dev), uminor(uap->dev));
2345 * mknodat_args(int fd, char *path, mode_t mode, dev_t dev)
2347 * Create a special file. The path is relative to the directory associated
2351 sys_mknodat(struct mknodat_args *uap)
2353 struct nlookupdata nd;
2357 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2359 error = kern_mknod(&nd, uap->mode,
2360 umajor(uap->dev), uminor(uap->dev));
2362 nlookup_done_at(&nd, fp);
2367 kern_mkfifo(struct nlookupdata *nd, int mode)
2369 struct thread *td = curthread;
2370 struct proc *p = td->td_proc;
2377 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2378 if ((error = nlookup(nd)) != 0)
2380 if (nd->nl_nch.ncp->nc_vp)
2382 if (nd->nl_dvp == NULL)
2384 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2388 vattr.va_type = VFIFO;
2389 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2391 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2398 * mkfifo_args(char *path, int mode)
2400 * Create a named pipe.
2403 sys_mkfifo(struct mkfifo_args *uap)
2405 struct nlookupdata nd;
2408 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2410 error = kern_mkfifo(&nd, uap->mode);
2416 * mkfifoat_args(int fd, char *path, mode_t mode)
2418 * Create a named pipe. The path is relative to the directory associated
2422 sys_mkfifoat(struct mkfifoat_args *uap)
2424 struct nlookupdata nd;
2428 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2430 error = kern_mkfifo(&nd, uap->mode);
2431 nlookup_done_at(&nd, fp);
2435 static int hardlink_check_uid = 0;
2436 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2437 &hardlink_check_uid, 0,
2438 "Unprivileged processes cannot create hard links to files owned by other "
2440 static int hardlink_check_gid = 0;
2441 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2442 &hardlink_check_gid, 0,
2443 "Unprivileged processes cannot create hard links to files owned by other "
2447 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2453 * Shortcut if disabled
2455 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2459 * Privileged user can always hardlink
2461 if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
2465 * Otherwise only if the originating file is owned by the
2466 * same user or group. Note that any group is allowed if
2467 * the file is owned by the caller.
2469 error = VOP_GETATTR(vp, &va);
2473 if (hardlink_check_uid) {
2474 if (cred->cr_uid != va.va_uid)
2478 if (hardlink_check_gid) {
2479 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2487 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2489 struct thread *td = curthread;
2494 * Lookup the source and obtained a locked vnode.
2496 * You may only hardlink a file which you have write permission
2497 * on or which you own.
2499 * XXX relookup on vget failure / race ?
2502 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2503 if ((error = nlookup(nd)) != 0)
2505 vp = nd->nl_nch.ncp->nc_vp;
2506 KKASSERT(vp != NULL);
2507 if (vp->v_type == VDIR)
2508 return (EPERM); /* POSIX */
2509 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2511 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2515 * Unlock the source so we can lookup the target without deadlocking
2516 * (XXX vp is locked already, possible other deadlock?). The target
2519 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2520 nd->nl_flags &= ~NLC_NCPISLOCKED;
2521 cache_unlock(&nd->nl_nch);
2524 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2525 if ((error = nlookup(linknd)) != 0) {
2529 if (linknd->nl_nch.ncp->nc_vp) {
2533 if (linknd->nl_dvp == NULL) {
2537 VFS_MODIFYING(vp->v_mount);
2538 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
2545 * Finally run the new API VOP.
2547 error = can_hardlink(vp, td, td->td_ucred);
2549 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2550 vp, linknd->nl_cred);
2557 * link_args(char *path, char *link)
2559 * Make a hard file link.
2562 sys_link(struct link_args *uap)
2564 struct nlookupdata nd, linknd;
2567 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2569 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2571 error = kern_link(&nd, &linknd);
2572 nlookup_done(&linknd);
2579 * linkat_args(int fd1, char *path1, int fd2, char *path2, int flags)
2581 * Make a hard file link. The path1 argument is relative to the directory
2582 * associated with fd1, and similarly the path2 argument is relative to
2583 * the directory associated with fd2.
2586 sys_linkat(struct linkat_args *uap)
2588 struct nlookupdata nd, linknd;
2589 struct file *fp1, *fp2;
2592 error = nlookup_init_at(&nd, &fp1, uap->fd1, uap->path1, UIO_USERSPACE,
2593 (uap->flags & AT_SYMLINK_FOLLOW) ? NLC_FOLLOW : 0);
2595 error = nlookup_init_at(&linknd, &fp2, uap->fd2,
2596 uap->path2, UIO_USERSPACE, 0);
2598 error = kern_link(&nd, &linknd);
2599 nlookup_done_at(&linknd, fp2);
2601 nlookup_done_at(&nd, fp1);
2606 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2614 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2615 if ((error = nlookup(nd)) != 0)
2617 if (nd->nl_nch.ncp->nc_vp)
2619 if (nd->nl_dvp == NULL)
2621 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2625 vattr.va_mode = mode;
2626 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2633 * symlink(char *path, char *link)
2635 * Make a symbolic link.
2638 sys_symlink(struct symlink_args *uap)
2640 struct thread *td = curthread;
2641 struct nlookupdata nd;
2646 path = objcache_get(namei_oc, M_WAITOK);
2647 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2649 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2651 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2652 error = kern_symlink(&nd, path, mode);
2656 objcache_put(namei_oc, path);
2661 * symlinkat_args(char *path1, int fd, char *path2)
2663 * Make a symbolic link. The path2 argument is relative to the directory
2664 * associated with fd.
2667 sys_symlinkat(struct symlinkat_args *uap)
2669 struct thread *td = curthread;
2670 struct nlookupdata nd;
2676 path1 = objcache_get(namei_oc, M_WAITOK);
2677 error = copyinstr(uap->path1, path1, MAXPATHLEN, NULL);
2679 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path2,
2682 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2683 error = kern_symlink(&nd, path1, mode);
2685 nlookup_done_at(&nd, fp);
2687 objcache_put(namei_oc, path1);
2692 * undelete_args(char *path)
2694 * Delete a whiteout from the filesystem.
2697 sys_undelete(struct undelete_args *uap)
2699 struct nlookupdata nd;
2702 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2704 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2706 error = nlookup(&nd);
2707 if (error == 0 && nd.nl_dvp == NULL)
2710 error = ncp_writechk(&nd.nl_nch);
2712 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2720 kern_unlink(struct nlookupdata *nd)
2725 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2726 if ((error = nlookup(nd)) != 0)
2728 if (nd->nl_dvp == NULL)
2730 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2732 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2737 * unlink_args(char *path)
2739 * Delete a name from the filesystem.
2742 sys_unlink(struct unlink_args *uap)
2744 struct nlookupdata nd;
2747 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2749 error = kern_unlink(&nd);
2756 * unlinkat_args(int fd, char *path, int flags)
2758 * Delete the file or directory entry pointed to by fd/path.
2761 sys_unlinkat(struct unlinkat_args *uap)
2763 struct nlookupdata nd;
2767 if (uap->flags & ~AT_REMOVEDIR)
2770 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2772 if (uap->flags & AT_REMOVEDIR)
2773 error = kern_rmdir(&nd);
2775 error = kern_unlink(&nd);
2777 nlookup_done_at(&nd, fp);
2782 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2784 struct thread *td = curthread;
2791 fp = holdfp(td, fd, -1);
2794 if (fp->f_type != DTYPE_VNODE) {
2798 vp = (struct vnode *)fp->f_data;
2802 spin_lock(&fp->f_spin);
2803 new_offset = fp->f_offset + offset;
2807 error = VOP_GETATTR_FP(vp, &vattr, fp);
2808 spin_lock(&fp->f_spin);
2809 new_offset = offset + vattr.va_size;
2812 new_offset = offset;
2814 spin_lock(&fp->f_spin);
2819 spin_lock(&fp->f_spin);
2824 * Validate the seek position. Negative offsets are not allowed
2825 * for regular files or directories.
2827 * Normally we would also not want to allow negative offsets for
2828 * character and block-special devices. However kvm addresses
2829 * on 64 bit architectures might appear to be negative and must
2833 if (new_offset < 0 &&
2834 (vp->v_type == VREG || vp->v_type == VDIR)) {
2837 fp->f_offset = new_offset;
2840 *res = fp->f_offset;
2841 spin_unlock(&fp->f_spin);
2849 * lseek_args(int fd, int pad, off_t offset, int whence)
2851 * Reposition read/write file offset.
2854 sys_lseek(struct lseek_args *uap)
2858 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2859 &uap->sysmsg_offset);
2865 * Check if current process can access given file. amode is a bitmask of *_OK
2866 * access bits. flags is a bitmask of AT_* flags.
2869 kern_access(struct nlookupdata *nd, int amode, int flags)
2874 if (flags & ~AT_EACCESS)
2876 nd->nl_flags |= NLC_SHAREDLOCK;
2877 if ((error = nlookup(nd)) != 0)
2879 if ((amode & W_OK) && (error = ncp_writechk(&nd->nl_nch)) != 0)
2882 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
2886 /* Flags == 0 means only check for existence. */
2895 if ((mode & VWRITE) == 0 ||
2896 (error = vn_writechk(vp)) == 0) {
2897 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2901 * If the file handle is stale we have to re-resolve the
2902 * entry with the ncp held exclusively. This is a hack
2905 if (error == ESTALE) {
2907 cache_unlock(&nd->nl_nch);
2908 cache_lock(&nd->nl_nch);
2909 cache_setunresolved(&nd->nl_nch);
2910 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2923 * access_args(char *path, int flags)
2925 * Check access permissions.
2928 sys_access(struct access_args *uap)
2930 struct nlookupdata nd;
2933 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2935 error = kern_access(&nd, uap->flags, 0);
2942 * eaccess_args(char *path, int flags)
2944 * Check access permissions.
2947 sys_eaccess(struct eaccess_args *uap)
2949 struct nlookupdata nd;
2952 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2954 error = kern_access(&nd, uap->flags, AT_EACCESS);
2961 * faccessat_args(int fd, char *path, int amode, int flags)
2963 * Check access permissions.
2966 sys_faccessat(struct faccessat_args *uap)
2968 struct nlookupdata nd;
2972 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2975 error = kern_access(&nd, uap->amode, uap->flags);
2976 nlookup_done_at(&nd, fp);
2981 kern_stat(struct nlookupdata *nd, struct stat *st)
2986 nd->nl_flags |= NLC_SHAREDLOCK;
2987 if ((error = nlookup(nd)) != 0)
2990 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2994 error = cache_vref(&nd->nl_nch, NULL, &vp);
2996 error = vget(vp, LK_SHARED);
3000 error = vn_stat(vp, st, nd->nl_cred);
3003 * If the file handle is stale we have to re-resolve the
3004 * entry with the ncp held exclusively. This is a hack
3007 if (error == ESTALE) {
3013 cache_unlock(&nd->nl_nch);
3014 cache_lock(&nd->nl_nch);
3015 cache_setunresolved(&nd->nl_nch);
3016 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
3030 * stat_args(char *path, struct stat *ub)
3032 * Get file status; this version follows links.
3035 sys_stat(struct stat_args *uap)
3037 struct nlookupdata nd;
3041 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3043 error = kern_stat(&nd, &st);
3045 error = copyout(&st, uap->ub, sizeof(*uap->ub));
3052 * lstat_args(char *path, struct stat *ub)
3054 * Get file status; this version does not follow links.
3057 sys_lstat(struct lstat_args *uap)
3059 struct nlookupdata nd;
3063 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3065 error = kern_stat(&nd, &st);
3067 error = copyout(&st, uap->ub, sizeof(*uap->ub));
3074 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
3076 * Get status of file pointed to by fd/path.
3079 sys_fstatat(struct fstatat_args *uap)
3081 struct nlookupdata nd;
3087 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3090 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3092 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3093 UIO_USERSPACE, flags);
3095 error = kern_stat(&nd, &st);
3097 error = copyout(&st, uap->sb, sizeof(*uap->sb));
3099 nlookup_done_at(&nd, fp);
3104 kern_pathconf(char *path, int name, int flags, register_t *sysmsg_regp)
3106 struct nlookupdata nd;
3111 error = nlookup_init(&nd, path, UIO_USERSPACE, flags);
3113 error = nlookup(&nd);
3115 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
3118 error = VOP_PATHCONF(vp, name, sysmsg_regp);
3125 * pathconf_Args(char *path, int name)
3127 * Get configurable pathname variables.
3130 sys_pathconf(struct pathconf_args *uap)
3132 return (kern_pathconf(uap->path, uap->name, NLC_FOLLOW,
3137 * lpathconf_Args(char *path, int name)
3139 * Get configurable pathname variables, but don't follow symlinks.
3142 sys_lpathconf(struct lpathconf_args *uap)
3144 return (kern_pathconf(uap->path, uap->name, 0, &uap->sysmsg_reg));
3149 * kern_readlink isn't properly split yet. There is a copyin burried
3150 * in VOP_READLINK().
3153 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
3155 struct thread *td = curthread;
3161 nd->nl_flags |= NLC_SHAREDLOCK;
3162 if ((error = nlookup(nd)) != 0)
3164 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_SHARED, &vp);
3167 if (vp->v_type != VLNK) {
3170 aiov.iov_base = buf;
3171 aiov.iov_len = count;
3172 auio.uio_iov = &aiov;
3173 auio.uio_iovcnt = 1;
3174 auio.uio_offset = 0;
3175 auio.uio_rw = UIO_READ;
3176 auio.uio_segflg = UIO_USERSPACE;
3178 auio.uio_resid = count;
3179 error = VOP_READLINK(vp, &auio, td->td_ucred);
3182 *res = count - auio.uio_resid;
3187 * readlink_args(char *path, char *buf, int count)
3189 * Return target name of a symbolic link.
3192 sys_readlink(struct readlink_args *uap)
3194 struct nlookupdata nd;
3197 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3199 error = kern_readlink(&nd, uap->buf, uap->count,
3200 &uap->sysmsg_result);
3207 * readlinkat_args(int fd, char *path, char *buf, size_t bufsize)
3209 * Return target name of a symbolic link. The path is relative to the
3210 * directory associated with fd.
3213 sys_readlinkat(struct readlinkat_args *uap)
3215 struct nlookupdata nd;
3219 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
3221 error = kern_readlink(&nd, uap->buf, uap->bufsize,
3222 &uap->sysmsg_result);
3224 nlookup_done_at(&nd, fp);
3229 setfflags(struct vnode *vp, u_long flags)
3231 struct thread *td = curthread;
3236 * Prevent non-root users from setting flags on devices. When
3237 * a device is reused, users can retain ownership of the device
3238 * if they are allowed to set flags and programs assume that
3239 * chown can't fail when done as root.
3241 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
3242 ((error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
3246 * note: vget is required for any operation that might mod the vnode
3247 * so VINACTIVE is properly cleared.
3249 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3251 vattr.va_flags = flags;
3252 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3259 * chflags(const char *path, u_long flags)
3261 * Change flags of a file given a path name.
3264 sys_chflags(struct chflags_args *uap)
3266 struct nlookupdata nd;
3271 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3273 error = nlookup(&nd);
3275 error = ncp_writechk(&nd.nl_nch);
3277 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3280 error = setfflags(vp, uap->flags);
3287 * lchflags(const char *path, u_long flags)
3289 * Change flags of a file given a path name, but don't follow symlinks.
3292 sys_lchflags(struct lchflags_args *uap)
3294 struct nlookupdata nd;
3299 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3301 error = nlookup(&nd);
3303 error = ncp_writechk(&nd.nl_nch);
3305 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3308 error = setfflags(vp, uap->flags);
3315 * fchflags_args(int fd, u_flags flags)
3317 * Change flags of a file given a file descriptor.
3320 sys_fchflags(struct fchflags_args *uap)
3322 struct thread *td = curthread;
3326 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3328 if (fp->f_nchandle.ncp)
3329 error = ncp_writechk(&fp->f_nchandle);
3331 error = setfflags((struct vnode *) fp->f_data, uap->flags);
3337 * chflagsat_args(int fd, const char *path, u_long flags, int atflags)
3338 * change flags given a pathname relative to a filedescriptor
3340 int sys_chflagsat(struct chflagsat_args *uap)
3342 struct nlookupdata nd;
3348 if (uap->atflags & ~AT_SYMLINK_NOFOLLOW)
3351 lookupflags = (uap->atflags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3354 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, lookupflags);
3356 error = nlookup(&nd);
3358 error = ncp_writechk(&nd.nl_nch);
3360 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3361 nlookup_done_at(&nd, fp);
3363 error = setfflags(vp, uap->flags);
3371 setfmode(struct vnode *vp, int mode)
3373 struct thread *td = curthread;
3378 * note: vget is required for any operation that might mod the vnode
3379 * so VINACTIVE is properly cleared.
3381 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3383 vattr.va_mode = mode & ALLPERMS;
3384 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3385 cache_inval_wxok(vp);
3392 kern_chmod(struct nlookupdata *nd, int mode)
3397 if ((error = nlookup(nd)) != 0)
3399 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3401 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3402 error = setfmode(vp, mode);
3408 * chmod_args(char *path, int mode)
3410 * Change mode of a file given path name.
3413 sys_chmod(struct chmod_args *uap)
3415 struct nlookupdata nd;
3418 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3420 error = kern_chmod(&nd, uap->mode);
3426 * lchmod_args(char *path, int mode)
3428 * Change mode of a file given path name (don't follow links.)
3431 sys_lchmod(struct lchmod_args *uap)
3433 struct nlookupdata nd;
3436 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3438 error = kern_chmod(&nd, uap->mode);
3444 * fchmod_args(int fd, int mode)
3446 * Change mode of a file given a file descriptor.
3449 sys_fchmod(struct fchmod_args *uap)
3451 struct thread *td = curthread;
3455 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3457 if (fp->f_nchandle.ncp)
3458 error = ncp_writechk(&fp->f_nchandle);
3460 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3466 * fchmodat_args(char *path, int mode)
3468 * Change mode of a file pointed to by fd/path.
3471 sys_fchmodat(struct fchmodat_args *uap)
3473 struct nlookupdata nd;
3478 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3480 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3482 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3483 UIO_USERSPACE, flags);
3485 error = kern_chmod(&nd, uap->mode);
3486 nlookup_done_at(&nd, fp);
3491 setfown(struct mount *mp, struct vnode *vp, uid_t uid, gid_t gid)
3493 struct thread *td = curthread;
3501 * note: vget is required for any operation that might mod the vnode
3502 * so VINACTIVE is properly cleared.
3504 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3505 if ((error = VOP_GETATTR(vp, &vattr)) != 0)
3507 o_uid = vattr.va_uid;
3508 o_gid = vattr.va_gid;
3509 size = vattr.va_size;
3514 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3523 VFS_ACCOUNT(mp, o_uid, o_gid, -size);
3524 VFS_ACCOUNT(mp, uid, gid, size);
3531 kern_chown(struct nlookupdata *nd, int uid, int gid)
3536 if ((error = nlookup(nd)) != 0)
3538 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3540 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3541 error = setfown(nd->nl_nch.mount, vp, uid, gid);
3547 * chown(char *path, int uid, int gid)
3549 * Set ownership given a path name.
3552 sys_chown(struct chown_args *uap)
3554 struct nlookupdata nd;
3557 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3559 error = kern_chown(&nd, uap->uid, uap->gid);
3565 * lchown_args(char *path, int uid, int gid)
3567 * Set ownership given a path name, do not cross symlinks.
3570 sys_lchown(struct lchown_args *uap)
3572 struct nlookupdata nd;
3575 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3577 error = kern_chown(&nd, uap->uid, uap->gid);
3583 * fchown_args(int fd, int uid, int gid)
3585 * Set ownership given a file descriptor.
3588 sys_fchown(struct fchown_args *uap)
3590 struct thread *td = curthread;
3591 struct proc *p = td->td_proc;
3595 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
3597 if (fp->f_nchandle.ncp)
3598 error = ncp_writechk(&fp->f_nchandle);
3600 error = setfown(p->p_fd->fd_ncdir.mount,
3601 (struct vnode *)fp->f_data, uap->uid, uap->gid);
3607 * fchownat(int fd, char *path, int uid, int gid, int flags)
3609 * Set ownership of file pointed to by fd/path.
3612 sys_fchownat(struct fchownat_args *uap)
3614 struct nlookupdata nd;
3619 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3621 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3623 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3624 UIO_USERSPACE, flags);
3626 error = kern_chown(&nd, uap->uid, uap->gid);
3627 nlookup_done_at(&nd, fp);
3633 getutimes(struct timeval *tvp, struct timespec *tsp)
3635 struct timeval tv[2];
3640 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3643 if ((error = itimerfix(tvp)) != 0)
3645 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3646 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3652 getutimens(const struct timespec *ts, struct timespec *newts, int *nullflag)
3654 struct timespec tsnow;
3668 if (newts[0].tv_nsec == UTIME_OMIT && newts[1].tv_nsec == UTIME_OMIT)
3670 if (newts[0].tv_nsec == UTIME_NOW && newts[1].tv_nsec == UTIME_NOW)
3673 if (newts[0].tv_nsec == UTIME_OMIT)
3674 newts[0].tv_sec = VNOVAL;
3675 else if (newts[0].tv_nsec == UTIME_NOW)
3677 else if ((error = itimespecfix(&newts[0])) != 0)
3680 if (newts[1].tv_nsec == UTIME_OMIT)
3681 newts[1].tv_sec = VNOVAL;
3682 else if (newts[1].tv_nsec == UTIME_NOW)
3684 else if ((error = itimespecfix(&newts[1])) != 0)
3691 setutimes(struct vnode *vp, struct vattr *vattr,
3692 const struct timespec *ts, int nullflag)
3694 struct thread *td = curthread;
3698 vattr->va_atime = ts[0];
3699 vattr->va_mtime = ts[1];
3701 vattr->va_vaflags |= VA_UTIMES_NULL;
3702 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3708 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3710 struct timespec ts[2];
3714 if ((error = getutimes(tptr, ts)) != 0)
3717 error = kern_utimensat(nd, tptr ? ts : NULL, 0);
3722 * utimes_args(char *path, struct timeval *tptr)
3724 * Set the access and modification times of a file.
3727 sys_utimes(struct utimes_args *uap)
3729 struct timeval tv[2];
3730 struct nlookupdata nd;
3734 error = copyin(uap->tptr, tv, sizeof(tv));
3738 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3740 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3746 * lutimes_args(char *path, struct timeval *tptr)
3748 * Set the access and modification times of a file.
3751 sys_lutimes(struct lutimes_args *uap)
3753 struct timeval tv[2];
3754 struct nlookupdata nd;
3758 error = copyin(uap->tptr, tv, sizeof(tv));
3762 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3764 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3770 * Set utimes on a file descriptor. The creds used to open the
3771 * file are used to determine whether the operation is allowed
3775 kern_futimens(int fd, struct timespec *ts)
3777 struct thread *td = curthread;
3778 struct timespec newts[2];
3785 error = getutimens(ts, newts, &nullflag);
3788 if ((error = holdvnode(td, fd, &fp)) != 0)
3790 if (fp->f_nchandle.ncp)
3791 error = ncp_writechk(&fp->f_nchandle);
3794 error = vget(vp, LK_EXCLUSIVE);
3796 error = VOP_GETATTR_FP(vp, &vattr, fp);
3798 error = naccess_va(&vattr, NLC_OWN | NLC_WRITE,
3802 error = setutimes(vp, &vattr, newts, nullflag);
3812 * futimens_args(int fd, struct timespec *ts)
3814 * Set the access and modification times of a file.
3817 sys_futimens(struct futimens_args *uap)
3819 struct timespec ts[2];
3823 error = copyin(uap->ts, ts, sizeof(ts));
3827 error = kern_futimens(uap->fd, uap->ts ? ts : NULL);
3832 kern_futimes(int fd, struct timeval *tptr)
3834 struct timespec ts[2];
3838 if ((error = getutimes(tptr, ts)) != 0)
3841 error = kern_futimens(fd, tptr ? ts : NULL);
3846 * futimes_args(int fd, struct timeval *tptr)
3848 * Set the access and modification times of a file.
3851 sys_futimes(struct futimes_args *uap)
3853 struct timeval tv[2];
3857 error = copyin(uap->tptr, tv, sizeof(tv));
3861 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3866 kern_utimensat(struct nlookupdata *nd, const struct timespec *ts, int flags)
3868 struct timespec newts[2];
3874 if (flags & ~AT_SYMLINK_NOFOLLOW)
3877 error = getutimens(ts, newts, &nullflag);
3881 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3882 if ((error = nlookup(nd)) != 0)
3884 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3886 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3888 if ((error = vn_writechk(vp)) == 0) {
3889 error = vget(vp, LK_EXCLUSIVE);
3891 error = setutimes(vp, &vattr, newts, nullflag);
3900 * utimensat_args(int fd, const char *path, const struct timespec *ts, int flags);
3902 * Set file access and modification times of a file.
3905 sys_utimensat(struct utimensat_args *uap)
3907 struct timespec ts[2];
3908 struct nlookupdata nd;
3914 error = copyin(uap->ts, ts, sizeof(ts));
3919 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3920 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3921 UIO_USERSPACE, flags);
3923 error = kern_utimensat(&nd, uap->ts ? ts : NULL, uap->flags);
3924 nlookup_done_at(&nd, fp);
3929 kern_truncate(struct nlookupdata *nd, off_t length)
3936 uint64_t old_size = 0;
3940 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3941 if ((error = nlookup(nd)) != 0)
3943 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3945 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3947 error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY | LK_FAILRECLAIM);
3952 if (vp->v_type == VDIR) {
3956 if (vfs_quota_enabled) {
3957 error = VOP_GETATTR(vp, &vattr);
3958 KASSERT(error == 0, ("kern_truncate(): VOP_GETATTR didn't return 0"));
3961 old_size = vattr.va_size;
3964 if ((error = vn_writechk(vp)) == 0) {
3966 vattr.va_size = length;
3967 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3968 VFS_ACCOUNT(nd->nl_nch.mount, uid, gid, length - old_size);
3976 * truncate(char *path, int pad, off_t length)
3978 * Truncate a file given its path name.
3981 sys_truncate(struct truncate_args *uap)
3983 struct nlookupdata nd;
3986 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3988 error = kern_truncate(&nd, uap->length);
3994 kern_ftruncate(int fd, off_t length)
3996 struct thread *td = curthread;
4003 uint64_t old_size = 0;
4008 if ((error = holdvnode(td, fd, &fp)) != 0)
4010 if (fp->f_nchandle.ncp) {
4011 error = ncp_writechk(&fp->f_nchandle);
4015 if ((fp->f_flag & FWRITE) == 0) {
4019 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
4023 vp = (struct vnode *)fp->f_data;
4024 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4025 if (vp->v_type == VDIR) {
4031 if (vfs_quota_enabled) {
4032 error = VOP_GETATTR_FP(vp, &vattr, fp);
4033 KASSERT(error == 0, ("kern_ftruncate(): VOP_GETATTR didn't return 0"));
4036 old_size = vattr.va_size;
4039 if ((error = vn_writechk(vp)) == 0) {
4041 vattr.va_size = length;
4042 error = VOP_SETATTR_FP(vp, &vattr, fp->f_cred, fp);
4044 VFS_ACCOUNT(mp, uid, gid, length - old_size);
4053 * ftruncate_args(int fd, int pad, off_t length)
4055 * Truncate a file given a file descriptor.
4058 sys_ftruncate(struct ftruncate_args *uap)
4062 error = kern_ftruncate(uap->fd, uap->length);
4070 * Sync an open file.
4073 sys_fsync(struct fsync_args *uap)
4075 struct thread *td = curthread;
4081 if ((error = holdvnode(td, uap->fd, &fp)) != 0)
4083 vp = (struct vnode *)fp->f_data;
4084 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4085 if ((obj = vp->v_object) != NULL) {
4086 if (vp->v_mount == NULL ||
4087 (vp->v_mount->mnt_kern_flag & MNTK_NOMSYNC) == 0) {
4088 vm_object_page_clean(obj, 0, 0, 0);
4091 error = VOP_FSYNC_FP(vp, MNT_WAIT, VOP_FSYNC_SYSCALL, fp);
4092 if (error == 0 && vp->v_mount)
4093 error = buf_fsync(vp);
4101 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
4103 struct nchandle fnchd;
4104 struct nchandle tnchd;
4105 struct namecache *ncp;
4114 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
4115 if ((error = nlookup(fromnd)) != 0)
4117 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
4119 fnchd.mount = fromnd->nl_nch.mount;
4123 * unlock the source nch so we can lookup the target nch without
4124 * deadlocking. The target may or may not exist so we do not check
4125 * for a target vp like kern_mkdir() and other creation functions do.
4127 * The source and target directories are ref'd and rechecked after
4128 * everything is relocked to determine if the source or target file
4131 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
4132 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
4134 fncp_gen = fromnd->nl_nch.ncp->nc_generation;
4136 cache_unlock(&fromnd->nl_nch);
4138 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
4139 if ((error = nlookup(tond)) != 0) {
4143 tncp_gen = tond->nl_nch.ncp->nc_generation;
4145 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
4149 tnchd.mount = tond->nl_nch.mount;
4153 * If the source and target are the same there is nothing to do
4155 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
4162 * Mount points cannot be renamed or overwritten
4164 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
4173 * Relock the source ncp. cache_relock() will deal with any
4174 * deadlocks against the already-locked tond and will also
4175 * make sure both are resolved.
4177 * NOTE AFTER RELOCKING: The source or target ncp may have become
4178 * invalid while they were unlocked, nc_vp and nc_mount could
4181 cache_relock(&fromnd->nl_nch, fromnd->nl_cred,
4182 &tond->nl_nch, tond->nl_cred);
4183 fromnd->nl_flags |= NLC_NCPISLOCKED;
4186 * If the namecache generation changed for either fromnd or tond,
4189 if (fromnd->nl_nch.ncp->nc_generation != fncp_gen ||
4190 tond->nl_nch.ncp->nc_generation != tncp_gen) {
4191 kprintf("kern_rename: retry due to gen on: "
4192 "\"%s\" -> \"%s\"\n",
4193 fromnd->nl_nch.ncp->nc_name,
4194 tond->nl_nch.ncp->nc_name);
4201 * If either fromnd or tond are marked destroyed a ripout occured
4202 * out from under us and we must retry.
4204 if ((fromnd->nl_nch.ncp->nc_flag & (NCF_DESTROYED | NCF_UNRESOLVED)) ||
4205 fromnd->nl_nch.ncp->nc_vp == NULL ||
4206 (tond->nl_nch.ncp->nc_flag & NCF_DESTROYED)) {
4207 kprintf("kern_rename: retry due to ripout on: "
4208 "\"%s\" -> \"%s\"\n",
4209 fromnd->nl_nch.ncp->nc_name,
4210 tond->nl_nch.ncp->nc_name);
4217 * Make sure the parent directories linkages are the same.
4218 * XXX shouldn't be needed any more w/ generation check above.
4220 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
4221 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
4228 * Both the source and target must be within the same filesystem and
4229 * in the same filesystem as their parent directories within the
4230 * namecache topology.
4232 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
4235 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
4236 mp != tond->nl_nch.mount) {
4243 * Make sure the mount point is writable
4245 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
4252 * If the target exists and either the source or target is a directory,
4253 * then both must be directories.
4255 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
4258 if (tond->nl_nch.ncp->nc_vp) {
4259 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
4261 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
4262 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
4264 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
4270 * You cannot rename a source into itself or a subdirectory of itself.
4271 * We check this by travsersing the target directory upwards looking
4272 * for a match against the source.
4277 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
4278 if (fromnd->nl_nch.ncp == ncp) {
4289 * Even though the namespaces are different, they may still represent
4290 * hardlinks to the same file. The filesystem might have a hard time
4291 * with this so we issue a NREMOVE of the source instead of a NRENAME
4292 * when we detect the situation.
4295 fdvp = fromnd->nl_dvp;
4296 tdvp = tond->nl_dvp;
4297 if (fdvp == NULL || tdvp == NULL) {
4299 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
4300 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
4303 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
4304 fdvp, tdvp, tond->nl_cred);
4311 * rename_args(char *from, char *to)
4313 * Rename files. Source and destination must either both be directories,
4314 * or both not be directories. If target is a directory, it must be empty.
4317 sys_rename(struct rename_args *uap)
4319 struct nlookupdata fromnd, tond;
4323 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
4325 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
4327 error = kern_rename(&fromnd, &tond);
4328 nlookup_done(&tond);
4330 nlookup_done(&fromnd);
4331 } while (error == EAGAIN);
4336 * renameat_args(int oldfd, char *old, int newfd, char *new)
4338 * Rename files using paths relative to the directories associated with
4339 * oldfd and newfd. Source and destination must either both be directories,
4340 * or both not be directories. If target is a directory, it must be empty.
4343 sys_renameat(struct renameat_args *uap)
4345 struct nlookupdata oldnd, newnd;
4346 struct file *oldfp, *newfp;
4350 error = nlookup_init_at(&oldnd, &oldfp,
4351 uap->oldfd, uap->old,
4354 error = nlookup_init_at(&newnd, &newfp,
4355 uap->newfd, uap->new,
4358 error = kern_rename(&oldnd, &newnd);
4359 nlookup_done_at(&newnd, newfp);
4361 nlookup_done_at(&oldnd, oldfp);
4362 } while (error == EAGAIN);
4367 kern_mkdir(struct nlookupdata *nd, int mode)
4369 struct thread *td = curthread;
4370 struct proc *p = td->td_proc;
4376 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
4377 if ((error = nlookup(nd)) != 0)
4380 if (nd->nl_nch.ncp->nc_vp)
4382 if (nd->nl_dvp == NULL)
4384 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4387 vattr.va_type = VDIR;
4388 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
4391 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
4398 * mkdir_args(char *path, int mode)
4400 * Make a directory file.
4403 sys_mkdir(struct mkdir_args *uap)
4405 struct nlookupdata nd;
4408 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4410 error = kern_mkdir(&nd, uap->mode);
4416 * mkdirat_args(int fd, char *path, mode_t mode)
4418 * Make a directory file. The path is relative to the directory associated
4422 sys_mkdirat(struct mkdirat_args *uap)
4424 struct nlookupdata nd;
4428 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
4430 error = kern_mkdir(&nd, uap->mode);
4431 nlookup_done_at(&nd, fp);
4436 kern_rmdir(struct nlookupdata *nd)
4441 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
4442 if ((error = nlookup(nd)) != 0)
4446 * Do not allow directories representing mount points to be
4447 * deleted, even if empty. Check write perms on mount point
4448 * in case the vnode is aliased (aka nullfs).
4450 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
4452 if (nd->nl_dvp == NULL)
4454 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
4456 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
4461 * rmdir_args(char *path)
4463 * Remove a directory file.
4466 sys_rmdir(struct rmdir_args *uap)
4468 struct nlookupdata nd;
4471 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
4473 error = kern_rmdir(&nd);
4479 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
4480 enum uio_seg direction)
4482 struct thread *td = curthread;
4490 if ((error = holdvnode(td, fd, &fp)) != 0)
4492 if ((fp->f_flag & FREAD) == 0) {
4496 vp = (struct vnode *)fp->f_data;
4497 if (vp->v_type != VDIR) {
4501 aiov.iov_base = buf;
4502 aiov.iov_len = count;
4503 auio.uio_iov = &aiov;
4504 auio.uio_iovcnt = 1;
4505 auio.uio_rw = UIO_READ;
4506 auio.uio_segflg = direction;
4508 auio.uio_resid = count;
4509 loff = auio.uio_offset = fp->f_offset;
4510 error = VOP_READDIR_FP(vp, &auio, fp->f_cred, &eofflag, NULL, NULL, fp);
4511 fp->f_offset = auio.uio_offset;
4516 * WARNING! *basep may not be wide enough to accomodate the
4517 * seek offset. XXX should we hack this to return the upper 32 bits
4518 * for offsets greater then 4G?
4521 *basep = (long)loff;
4523 *res = count - auio.uio_resid;
4530 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
4532 * Read a block of directory entries in a file system independent format.
4535 sys_getdirentries(struct getdirentries_args *uap)
4540 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
4541 &uap->sysmsg_result, UIO_USERSPACE);
4543 if (error == 0 && uap->basep)
4544 error = copyout(&base, uap->basep, sizeof(*uap->basep));
4549 * getdents_args(int fd, char *buf, size_t count)
4552 sys_getdents(struct getdents_args *uap)
4556 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
4557 &uap->sysmsg_result, UIO_USERSPACE);
4563 * Set the mode mask for creation of filesystem nodes.
4565 * umask(int newmask)
4568 sys_umask(struct umask_args *uap)
4570 struct thread *td = curthread;
4571 struct proc *p = td->td_proc;
4572 struct filedesc *fdp;
4575 uap->sysmsg_result = fdp->fd_cmask;
4576 fdp->fd_cmask = uap->newmask & ALLPERMS;
4581 * revoke(char *path)
4583 * Void all references to file by ripping underlying filesystem
4587 sys_revoke(struct revoke_args *uap)
4589 struct nlookupdata nd;
4596 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4598 error = nlookup(&nd);
4600 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4601 cred = crhold(nd.nl_cred);
4605 error = VOP_GETATTR(vp, &vattr);
4606 if (error == 0 && cred->cr_uid != vattr.va_uid)
4607 error = priv_check_cred(cred, PRIV_VFS_REVOKE, 0);
4608 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
4610 error = vrevoke(vp, cred);
4611 } else if (error == 0) {
4612 error = vrevoke(vp, cred);
4622 * getfh_args(char *fname, fhandle_t *fhp)
4624 * Get (NFS) file handle
4626 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4627 * mount. This allows nullfs mounts to be explicitly exported.
4629 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4631 * nullfs mounts of subdirectories are not safe. That is, it will
4632 * work, but you do not really have protection against access to
4633 * the related parent directories.
4636 sys_getfh(struct getfh_args *uap)
4638 struct thread *td = curthread;
4639 struct nlookupdata nd;
4646 * Must be super user
4648 if ((error = priv_check(td, PRIV_ROOT)) != 0)
4652 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4654 error = nlookup(&nd);
4656 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4657 mp = nd.nl_nch.mount;
4660 bzero(&fh, sizeof(fh));
4661 fh.fh_fsid = mp->mnt_stat.f_fsid;
4662 error = VFS_VPTOFH(vp, &fh.fh_fid);
4665 error = copyout(&fh, uap->fhp, sizeof(fh));
4671 * fhopen_args(const struct fhandle *u_fhp, int flags)
4673 * syscall for the rpc.lockd to use to translate a NFS file handle into
4674 * an open descriptor.
4676 * warning: do not remove the priv_check() call or this becomes one giant
4680 sys_fhopen(struct fhopen_args *uap)
4682 struct thread *td = curthread;
4683 struct filedesc *fdp = td->td_proc->p_fd;
4688 struct vattr *vap = &vat;
4690 int fmode, mode, error = 0, type;
4696 * Must be super user
4698 error = priv_check(td, PRIV_ROOT);
4702 fmode = FFLAGS(uap->flags);
4705 * Why not allow a non-read/write open for our lockd?
4707 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4709 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4714 * Find the mount point
4716 mp = vfs_getvfs(&fhp.fh_fsid);
4721 /* now give me my vnode, it gets returned to me locked */
4722 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4726 * from now on we have to make sure not
4727 * to forget about the vnode
4728 * any error that causes an abort must vput(vp)
4729 * just set error = err and 'goto bad;'.
4735 if (vp->v_type == VLNK) {
4739 if (vp->v_type == VSOCK) {
4744 if (fmode & (FWRITE | O_TRUNC)) {
4745 if (vp->v_type == VDIR) {
4749 error = vn_writechk(vp);
4757 error = VOP_ACCESS(vp, mode, td->td_ucred);
4761 if (fmode & O_TRUNC) {
4762 vn_unlock(vp); /* XXX */
4763 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4766 error = VOP_SETATTR(vp, vap, td->td_ucred);
4772 * VOP_OPEN needs the file pointer so it can potentially override
4775 * WARNING! no f_nchandle will be associated when fhopen()ing a
4778 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4782 error = VOP_OPEN(vp, fmode, td->td_ucred, fp);
4785 * setting f_ops this way prevents VOP_CLOSE from being
4786 * called or fdrop() releasing the vp from v_data. Since
4787 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4789 fp->f_ops = &badfileops;
4795 * The fp is given its own reference, we still have our ref and lock.
4797 * Assert that all regular files must be created with a VM object.
4799 if (vp->v_type == VREG && vp->v_object == NULL) {
4800 kprintf("fhopen: regular file did not "
4801 "have VM object: %p\n",
4807 * The open was successful. Handle any locking requirements.
4809 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4810 lf.l_whence = SEEK_SET;
4813 if (fmode & O_EXLOCK)
4814 lf.l_type = F_WRLCK;
4816 lf.l_type = F_RDLCK;
4817 if (fmode & FNONBLOCK)
4822 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK,
4825 * release our private reference.
4827 fsetfd(fdp, NULL, indx);
4832 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4833 atomic_set_int(&fp->f_flag, FHASLOCK); /* race ok */
4837 * Clean up. Associate the file pointer with the previously
4838 * reserved descriptor and return it.
4841 if (uap->flags & O_CLOEXEC)
4842 fdp->fd_files[indx].fileflags |= UF_EXCLOSE;
4843 fsetfd(fdp, fp, indx);
4845 uap->sysmsg_result = indx;
4851 fsetfd(fdp, NULL, indx);
4862 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4865 sys_fhstat(struct fhstat_args *uap)
4867 struct thread *td = curthread;
4875 * Must be super user
4877 error = priv_check(td, PRIV_ROOT);
4881 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4885 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4888 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4889 error = vn_stat(vp, &sb, td->td_ucred);
4894 error = copyout(&sb, uap->sb, sizeof(sb));
4902 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4905 sys_fhstatfs(struct fhstatfs_args *uap)
4907 struct thread *td = curthread;
4908 struct proc *p = td->td_proc;
4913 char *fullpath, *freepath;
4918 * Must be super user
4920 if ((error = priv_check(td, PRIV_ROOT)))
4923 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4926 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4930 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4935 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4940 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4943 error = mount_path(p, mp, &fullpath, &freepath);
4946 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
4947 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
4948 kfree(freepath, M_TEMP);
4950 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4951 if (priv_check(td, PRIV_ROOT)) {
4952 bcopy(sp, &sb, sizeof(sb));
4953 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
4956 error = copyout(sp, uap->buf, sizeof(*sp));
4965 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
4968 sys_fhstatvfs(struct fhstatvfs_args *uap)
4970 struct thread *td = curthread;
4971 struct proc *p = td->td_proc;
4979 * Must be super user
4981 if ((error = priv_check(td, PRIV_ROOT)))
4984 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4987 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4991 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4996 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
4999 sp = &mp->mnt_vstat;
5001 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
5005 if (mp->mnt_flag & MNT_RDONLY)
5006 sp->f_flag |= ST_RDONLY;
5007 if (mp->mnt_flag & MNT_NOSUID)
5008 sp->f_flag |= ST_NOSUID;
5009 error = copyout(sp, uap->buf, sizeof(*sp));
5018 * Syscall to push extended attribute configuration information into the
5019 * VFS. Accepts a path, which it converts to a mountpoint, as well as
5020 * a command (int cmd), and attribute name and misc data. For now, the
5021 * attribute name is left in userspace for consumption by the VFS_op.
5022 * It will probably be changed to be copied into sysspace by the
5023 * syscall in the future, once issues with various consumers of the
5024 * attribute code have raised their hands.
5026 * Currently this is used only by UFS Extended Attributes.
5029 sys_extattrctl(struct extattrctl_args *uap)
5031 struct nlookupdata nd;
5033 char attrname[EXTATTR_MAXNAMELEN];
5041 if (error == 0 && uap->filename) {
5042 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
5045 error = nlookup(&nd);
5047 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
5051 if (error == 0 && uap->attrname) {
5052 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
5057 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5059 error = nlookup(&nd);
5061 error = ncp_writechk(&nd.nl_nch);
5063 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
5065 uap->attrname, nd.nl_cred);
5074 * Syscall to get a named extended attribute on a file or directory.
5077 sys_extattr_set_file(struct extattr_set_file_args *uap)
5079 char attrname[EXTATTR_MAXNAMELEN];
5080 struct nlookupdata nd;
5086 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5092 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5094 error = nlookup(&nd);
5096 error = ncp_writechk(&nd.nl_nch);
5098 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5104 bzero(&auio, sizeof(auio));
5105 aiov.iov_base = uap->data;
5106 aiov.iov_len = uap->nbytes;
5107 auio.uio_iov = &aiov;
5108 auio.uio_iovcnt = 1;
5109 auio.uio_offset = 0;
5110 auio.uio_resid = uap->nbytes;
5111 auio.uio_rw = UIO_WRITE;
5112 auio.uio_td = curthread;
5114 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
5123 * Syscall to get a named extended attribute on a file or directory.
5126 sys_extattr_get_file(struct extattr_get_file_args *uap)
5128 char attrname[EXTATTR_MAXNAMELEN];
5129 struct nlookupdata nd;
5135 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5141 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5143 error = nlookup(&nd);
5145 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_SHARED, &vp);
5151 bzero(&auio, sizeof(auio));
5152 aiov.iov_base = uap->data;
5153 aiov.iov_len = uap->nbytes;
5154 auio.uio_iov = &aiov;
5155 auio.uio_iovcnt = 1;
5156 auio.uio_offset = 0;
5157 auio.uio_resid = uap->nbytes;
5158 auio.uio_rw = UIO_READ;
5159 auio.uio_td = curthread;
5161 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
5163 uap->sysmsg_result = uap->nbytes - auio.uio_resid;
5171 * Syscall to delete a named extended attribute from a file or directory.
5172 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
5175 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
5177 char attrname[EXTATTR_MAXNAMELEN];
5178 struct nlookupdata nd;
5182 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
5186 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5188 error = nlookup(&nd);
5190 error = ncp_writechk(&nd.nl_nch);
5192 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
5194 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
5195 attrname, NULL, nd.nl_cred);
5204 * Determine if the mount is visible to the process.
5207 chroot_visible_mnt(struct mount *mp, struct proc *p)
5209 struct nchandle nch;
5212 * Traverse from the mount point upwards. If we hit the process
5213 * root then the mount point is visible to the process.
5215 nch = mp->mnt_ncmountpt;
5217 if (nch.mount == p->p_fd->fd_nrdir.mount &&
5218 nch.ncp == p->p_fd->fd_nrdir.ncp) {
5221 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
5222 nch = nch.mount->mnt_ncmounton;
5224 nch.ncp = nch.ncp->nc_parent;
5229 * If the mount point is not visible to the process, but the
5230 * process root is in a subdirectory of the mount, return
5233 if (p->p_fd->fd_nrdir.mount == mp)
5239 /* Sets priv to PRIV_ROOT in case no matching fs */
5241 get_fspriv(const char *fsname)
5244 if (strncmp("null", fsname, 5) == 0) {
5245 return PRIV_VFS_MOUNT_NULLFS;
5246 } else if (strncmp(fsname, "tmpfs", 6) == 0) {
5247 return PRIV_VFS_MOUNT_TMPFS;
5254 sys___realpath(struct __realpath_args *uap)
5256 struct nlookupdata nd;
5263 * Invalid length if less than 0. 0 is allowed
5265 if ((ssize_t)uap->len < 0)
5270 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
5274 nd.nl_flags |= NLC_SHAREDLOCK;
5275 error = nlookup(&nd);
5279 if (nd.nl_nch.ncp->nc_vp == NULL) {
5285 * Shortcut test for existence.
5287 if (uap->len == 0) {
5288 error = ENAMETOOLONG;
5293 * Obtain the path relative to the process root. The nch must not
5294 * be locked for the cache_fullpath() call.
5296 if (nd.nl_flags & NLC_NCPISLOCKED) {
5297 nd.nl_flags &= ~NLC_NCPISLOCKED;
5298 cache_unlock(&nd.nl_nch);
5300 error = cache_fullpath(curproc, &nd.nl_nch, NULL, &rbuf, &fbuf, 0);
5304 rlen = (ssize_t)strlen(rbuf);
5305 if (rlen >= uap->len) {
5306 error = ENAMETOOLONG;
5309 error = copyout(rbuf, uap->buf, rlen + 1);
5311 uap->sysmsg_szresult = rlen;
5315 kfree(fbuf, M_TEMP);
projects / dragonfly.git / blob