2 * Copyright (c) 1982, 1986, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_lookup.c 8.4 (Berkeley) 2/16/94
39 * $FreeBSD: src/sys/kern/vfs_lookup.c,v 1.38.2.3 2001/08/31 19:36:49 dillon Exp $
40 * $DragonFly: src/sys/kern/vfs_lookup.c,v 1.20 2004/10/22 18:03:50 dillon Exp $
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/kernel.h>
48 #include <sys/vnode.h>
49 #include <sys/mount.h>
50 #include <sys/filedesc.h>
52 #include <sys/namei.h>
53 #include <sys/sysctl.h>
56 #include <sys/ktrace.h>
59 #include <vm/vm_zone.h>
61 int varsym_enable = 0;
62 SYSCTL_INT(_vfs, OID_AUTO, varsym_enable, CTLFLAG_RW, &varsym_enable, 0,
63 "Enable Variant Symlinks");
66 * Convert a pathname into a pointer to a locked inode.
68 * The CNP_FOLLOW flag is set when symbolic links are to be followed
69 * when they occur at the end of the name translation process.
70 * Symbolic links are always followed for all other pathname
71 * components other than the last.
73 * The segflg defines whether the name is to be copied from user
74 * space or kernel space.
76 * Overall outline of namei:
79 * get starting directory
80 * while (!done && !error) {
81 * call lookup to search path.
82 * if symbolic link, massage name in buffer and continue
85 * NOTE: when namei() is called from a pure thread the system rootvnode
86 * will be used as a basis for the search.
89 namei(struct nameidata *ndp)
91 struct filedesc *fdp; /* pointer to file descriptor state */
92 char *cp; /* pointer into pathname argument */
93 struct vnode *dp; /* the directory we are searching */
94 struct iovec aiov; /* uio for reading symbolic links */
97 struct componentname *cnp = &ndp->ni_cnd;
100 KKASSERT(ndp->ni_cnd.cn_td != NULL);
101 p = cnp->cn_td->td_proc;
103 KKASSERT(ndp->ni_segflg == UIO_SYSSPACE);
104 printf("namei() from non-process\n");
107 KKASSERT(cnp->cn_cred == p->p_ucred); /* YYY */
110 KASSERT(cnp->cn_cred, ("namei: bad cred/proc"));
111 KASSERT((cnp->cn_nameiop & (~NAMEI_OPMASK)) == 0,
112 ("namei: nameiop contaminated with flags"));
113 KASSERT((cnp->cn_flags & NAMEI_OPMASK) == 0,
114 ("namei: flags contaminated with nameiops"));
117 * Get a buffer for the name to be translated, and copy the
118 * name into the buffer.
120 if ((cnp->cn_flags & CNP_HASBUF) == 0)
121 cnp->cn_pnbuf = zalloc(namei_zone);
122 if (ndp->ni_segflg == UIO_SYSSPACE)
123 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf,
124 MAXPATHLEN, (size_t *)&ndp->ni_pathlen);
126 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
127 MAXPATHLEN, (size_t *)&ndp->ni_pathlen);
130 * Don't allow empty pathnames.
131 * POSIX.1 requirement: "" is not a vaild file name.
133 if (!error && *cnp->cn_pnbuf == '\0')
137 zfree(namei_zone, cnp->cn_pnbuf);
143 if (KTRPOINT(cnp->cn_td, KTR_NAMEI))
144 ktrnamei(cnp->cn_td->td_proc->p_tracep, cnp->cn_pnbuf);
148 * Get starting point for the translation.
151 ndp->ni_rootdir = fdp->fd_rdir;
152 ndp->ni_topdir = fdp->fd_jdir;
155 ndp->ni_rootdir = rootvnode;
156 ndp->ni_topdir = rootvnode;
162 * Check if root directory should replace current directory.
163 * Done at start of translation and after symbolic link.
165 cnp->cn_nameptr = cnp->cn_pnbuf;
166 if (*(cnp->cn_nameptr) == '/') {
168 while (*(cnp->cn_nameptr) == '/') {
172 dp = ndp->ni_rootdir;
175 ndp->ni_startdir = dp;
178 zfree(namei_zone, cnp->cn_pnbuf);
182 * Check for symbolic link
184 if ((cnp->cn_flags & CNP_ISSYMLINK) == 0) {
185 if ((cnp->cn_flags & (CNP_SAVENAME | CNP_SAVESTART)) == 0)
186 zfree(namei_zone, cnp->cn_pnbuf);
188 cnp->cn_flags |= CNP_HASBUF;
190 if (vn_canvmio(ndp->ni_vp) == TRUE &&
191 (cnp->cn_nameiop != NAMEI_DELETE) &&
192 ((cnp->cn_flags & (CNP_NOOBJ|CNP_LOCKLEAF)) ==
194 vfs_object_create(ndp->ni_vp, ndp->ni_cnd.cn_td);
198 if ((cnp->cn_flags & CNP_LOCKPARENT) && ndp->ni_pathlen == 1)
199 VOP_UNLOCK(ndp->ni_dvp, 0, cnp->cn_td);
200 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
204 if (ndp->ni_pathlen > 1)
205 cp = zalloc(namei_zone);
209 aiov.iov_len = MAXPATHLEN;
210 auio.uio_iov = &aiov;
213 auio.uio_rw = UIO_READ;
214 auio.uio_segflg = UIO_SYSSPACE;
215 auio.uio_td = cnp->cn_td;
216 auio.uio_resid = MAXPATHLEN;
217 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred);
219 if (ndp->ni_pathlen > 1)
220 zfree(namei_zone, cp);
223 linklen = MAXPATHLEN - auio.uio_resid;
225 if (ndp->ni_pathlen > 1)
226 zfree(namei_zone, cp);
231 linklen = varsymreplace(cp, linklen, MAXPATHLEN);
233 if (ndp->ni_pathlen > 1)
234 zfree(namei_zone, cp);
235 error = ENAMETOOLONG;
239 if (linklen + ndp->ni_pathlen >= MAXPATHLEN) {
240 if (ndp->ni_pathlen > 1)
241 zfree(namei_zone, cp);
242 error = ENAMETOOLONG;
245 if (ndp->ni_pathlen > 1) {
246 bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen);
247 zfree(namei_zone, cnp->cn_pnbuf);
250 cnp->cn_pnbuf[linklen] = '\0';
252 ndp->ni_pathlen += linklen;
256 zfree(namei_zone, cnp->cn_pnbuf);
264 * Old API function, search a patchname. This is an *EXTREMELY* complicated
267 * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
268 * The starting directory is taken from ni_startdir. The pathname is
269 * descended until done, or a symbolic link is encountered. The variable
270 * ni_more is clear if the path is completed; it is set to one if a
271 * symbolic link needing interpretation is encountered.
273 * The flag argument is NAMEI_LOOKUP, CREATE, RENAME, or DELETE depending on
274 * whether the name is to be looked up, created, renamed, or deleted.
275 * When CREATE, RENAME, or DELETE is specified, information usable in
276 * creating, renaming, or deleting a directory entry may be calculated.
277 * If flag has LOCKPARENT or'ed into it, the parent directory is returned
278 * locked. If flag has WANTPARENT or'ed into it, the parent directory is
279 * returned unlocked. Otherwise the parent directory is not returned. If
280 * the target of the pathname exists and LOCKLEAF is or'ed into the flag
281 * the target is returned locked, otherwise it is returned unlocked.
282 * When creating or renaming and LOCKPARENT is specified, the target may not
283 * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
285 * SPECIAL CASE: When a symbolic link is encountered the parent
286 * directory is always returned in ni_dvp regardless of WANTPARENT|LOCKPARENT
287 * and the symbolic link is returned in ni_vp. If the symbolic link was not
288 * the last component ni_dvp will be returned UNLOCKED, regardless of
289 * LOCKPARENT. If the symbolic link is the last component then ni_dvp will
290 * be returned locked or unlocked based on LOCKPARENT.
292 * SPECIAL CASE: If an error occurs ni_vp and/or ni_dvp may contain garbage
295 * VOP_LOOKUP EXPECTATIONS: VOP_LOOKUP() takes a locked directory vnode
296 * and returns a locked target vnode on success. VOP_LOOKUP() may unlock the
297 * directory vnode passed to it, in which case it will set CNP_PDIRUNLOCK.
298 * However, this only occurs under very specific circumstances. The
299 * directory vnode will only be returned locked if (1) returned vnode ==
300 * directory vnode, or (2) CNP_LOCKPARENT *AND* CNP_LASTCN are both set.
303 lookup(struct nameidata *ndp)
305 char *cp; /* pointer into pathname argument */
306 struct vnode *dp = NULL; /* the directory we are searching */
307 struct vnode *tdp; /* saved dp */
308 struct mount *mp; /* mount table entry */
309 int docache; /* == 0 do not cache last component */
310 int wantparent; /* 1 => wantparent or lockparent flag */
311 int rdonly; /* lookup read-only flag bit */
314 int dpunlocked = 0; /* dp has already been unlocked */
315 struct componentname *cnp = &ndp->ni_cnd;
316 struct thread *td = cnp->cn_td;
319 * Setup: break out flag bits into variables.
321 wantparent = cnp->cn_flags & (CNP_LOCKPARENT | CNP_WANTPARENT);
322 docache = (cnp->cn_flags & CNP_NOCACHE) ^ CNP_NOCACHE;
323 if (cnp->cn_nameiop == NAMEI_DELETE ||
324 (wantparent && cnp->cn_nameiop != NAMEI_CREATE &&
325 cnp->cn_nameiop != NAMEI_LOOKUP))
327 rdonly = cnp->cn_flags & CNP_RDONLY;
329 cnp->cn_flags &= ~CNP_ISSYMLINK;
330 dp = ndp->ni_startdir;
331 ndp->ni_startdir = NULLVP;
332 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
336 * Search a new directory.
338 * The last component of the filename is left accessible via
339 * cnp->cn_nameptr for callers that need the name. Callers needing
340 * the name set the CNP_SAVENAME flag. When done, they assume
341 * responsibility for freeing the pathname buffer.
344 for (cp = cnp->cn_nameptr; *cp != 0 && *cp != '/'; cp++)
346 cnp->cn_namelen = cp - cnp->cn_nameptr;
347 if (cnp->cn_namelen > NAME_MAX) {
348 error = ENAMETOOLONG;
351 #ifdef NAMEI_DIAGNOSTIC
354 printf("{%s}: ", cnp->cn_nameptr);
357 ndp->ni_pathlen -= cnp->cn_namelen;
361 * Replace multiple slashes by a single slash and trailing slashes
362 * by a null. This must be done before VOP_LOOKUP() because some
363 * fs's don't know about trailing slashes. Remember if there were
364 * trailing slashes to handle symlinks, existing non-directories
365 * and non-existing files that won't be directories specially later.
368 while (*cp == '/' && (cp[1] == '/' || cp[1] == '\0')) {
373 *ndp->ni_next = '\0'; /* XXX for direnter() ... */
378 cnp->cn_flags |= CNP_MAKEENTRY;
379 if (*cp == '\0' && docache == 0)
380 cnp->cn_flags &= ~CNP_MAKEENTRY;
381 if (cnp->cn_namelen == 2 &&
382 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
383 cnp->cn_flags |= CNP_ISDOTDOT;
385 cnp->cn_flags &= ~CNP_ISDOTDOT;
386 if (*ndp->ni_next == 0)
387 cnp->cn_flags |= CNP_ISLASTCN;
389 cnp->cn_flags &= ~CNP_ISLASTCN;
393 * Check for degenerate name (e.g. / or "")
394 * which is a way of talking about a directory,
395 * e.g. like "/." or ".".
397 if (cnp->cn_nameptr[0] == '\0') {
398 if (dp->v_type != VDIR) {
402 if (cnp->cn_nameiop != NAMEI_LOOKUP) {
411 if (!(cnp->cn_flags & (CNP_LOCKPARENT | CNP_LOCKLEAF)))
412 VOP_UNLOCK(dp, 0, cnp->cn_td);
413 /* XXX This should probably move to the top of function. */
414 if (cnp->cn_flags & CNP_SAVESTART)
415 panic("lookup: CNP_SAVESTART");
420 * Handle "..": two special cases.
421 * 1. If at root directory (e.g. after chroot)
422 * or at absolute root directory
423 * then ignore it so can't get out.
424 * 2. If this vnode is the root of a mounted
425 * filesystem, then replace it with the
426 * vnode which was mounted on so we take the
427 * .. in the other file system.
428 * 3. If the vnode is the top directory of
429 * the jail or chroot, don't let them out.
431 if (cnp->cn_flags & CNP_ISDOTDOT) {
433 if (dp == ndp->ni_rootdir ||
434 dp == ndp->ni_topdir ||
441 if ((dp->v_flag & VROOT) == 0 ||
442 (cnp->cn_flags & CNP_NOCROSSMOUNT))
444 if (dp->v_mount == NULL) { /* forced unmount */
449 dp = dp->v_mount->mnt_vnodecovered;
452 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
457 * We now have a segment name to search for, and a directory to search.
462 cnp->cn_flags &= ~CNP_PDIRUNLOCK;
463 ASSERT_VOP_LOCKED(dp, "lookup");
464 if ((error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp)) != 0) {
465 KASSERT(ndp->ni_vp == NULL, ("leaf should be empty"));
466 #ifdef NAMEI_DIAGNOSTIC
467 printf("not found\n");
469 if ((error == ENOENT) &&
470 (dp->v_flag & VROOT) && (dp->v_mount != NULL) &&
471 (dp->v_mount->mnt_flag & MNT_UNION)) {
473 dp = dp->v_mount->mnt_vnodecovered;
474 if (cnp->cn_flags & CNP_PDIRUNLOCK)
479 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
483 if (error != EJUSTRETURN)
486 * If creating and at end of pathname, then can consider
487 * allowing file to be created.
493 if (*cp == '\0' && trailing_slash &&
494 !(cnp->cn_flags & CNP_WILLBEDIR)) {
499 * We return with ni_vp NULL to indicate that the entry
500 * doesn't currently exist, leaving a pointer to the
501 * (possibly locked) directory inode in ndp->ni_dvp.
503 if (cnp->cn_flags & CNP_SAVESTART) {
504 ndp->ni_startdir = ndp->ni_dvp;
505 vref(ndp->ni_startdir);
509 #ifdef NAMEI_DIAGNOSTIC
513 ASSERT_VOP_LOCKED(ndp->ni_vp, "lookup");
516 * Take into account any additional components consumed by
517 * the underlying filesystem.
519 if (cnp->cn_consume > 0) {
520 cnp->cn_nameptr += cnp->cn_consume;
521 ndp->ni_next += cnp->cn_consume;
522 ndp->ni_pathlen -= cnp->cn_consume;
529 * Check to see if the vnode has been mounted on;
530 * if so find the root of the mounted file system.
532 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) &&
533 (cnp->cn_flags & CNP_NOCROSSMOUNT) == 0) {
534 if (vfs_busy(mp, 0, NULL, td))
536 VOP_UNLOCK(dp, 0, td);
537 error = VFS_ROOT(mp, &tdp);
544 ndp->ni_vp = dp = tdp;
548 * Check for symbolic link
550 if ((dp->v_type == VLNK) &&
551 ((cnp->cn_flags & CNP_FOLLOW) || trailing_slash ||
552 *ndp->ni_next == '/')) {
553 cnp->cn_flags |= CNP_ISSYMLINK;
554 if (dp->v_mount == NULL) {
555 /* We can't know whether the directory was mounted with
556 * NOSYMFOLLOW, so we can't follow safely. */
560 if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) {
568 * Check for bogus trailing slashes.
570 if (trailing_slash && dp->v_type != VDIR) {
577 * Not a symbolic link. If more pathname,
578 * continue at next component, else return.
580 if (*ndp->ni_next == '/') {
581 cnp->cn_nameptr = ndp->ni_next;
582 while (*cnp->cn_nameptr == '/') {
586 if (ndp->ni_dvp != ndp->ni_vp)
587 ASSERT_VOP_UNLOCKED(ndp->ni_dvp, "lookup");
592 * Disallow directory write attempts on read-only file systems.
595 (cnp->cn_nameiop == NAMEI_DELETE || cnp->cn_nameiop == NAMEI_RENAME)) {
599 if (cnp->cn_flags & CNP_SAVESTART) {
600 ndp->ni_startdir = ndp->ni_dvp;
601 vref(ndp->ni_startdir);
606 if ((cnp->cn_flags & CNP_LOCKLEAF) == 0)
607 VOP_UNLOCK(dp, 0, td);
611 if ((cnp->cn_flags & (CNP_LOCKPARENT | CNP_PDIRUNLOCK)) == CNP_LOCKPARENT &&
612 *ndp->ni_next == '\0')
613 VOP_UNLOCK(ndp->ni_dvp, 0, td);
625 * relookup - lookup a path name component
626 * Used by lookup to re-aquire things.
629 relookup(dvp, vpp, cnp)
630 struct vnode *dvp, **vpp;
631 struct componentname *cnp;
633 struct thread *td = cnp->cn_td;
634 struct vnode *dp = 0; /* the directory we are searching */
635 int wantparent; /* 1 => wantparent or lockparent flag */
636 int rdonly; /* lookup read-only flag bit */
638 #ifdef NAMEI_DIAGNOSTIC
639 int newhash; /* DEBUG: check name hash */
640 char *cp; /* DEBUG: check name ptr/len */
644 * Setup: break out flag bits into variables.
646 wantparent = cnp->cn_flags & (CNP_LOCKPARENT|CNP_WANTPARENT);
647 rdonly = cnp->cn_flags & CNP_RDONLY;
648 cnp->cn_flags &= ~CNP_ISSYMLINK;
650 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
654 * Search a new directory.
656 * The last component of the filename is left accessible via
657 * cnp->cn_nameptr for callers that need the name. Callers needing
658 * the name set the CNP_SAVENAME flag. When done, they assume
659 * responsibility for freeing the pathname buffer.
661 #ifdef NAMEI_DIAGNOSTIC
662 if (cnp->cn_namelen != cp - cnp->cn_nameptr)
663 panic ("relookup: bad len");
665 panic("relookup: not last component");
666 printf("{%s}: ", cnp->cn_nameptr);
670 * Check for degenerate name (e.g. / or "")
671 * which is a way of talking about a directory,
672 * e.g. like "/." or ".".
674 if (cnp->cn_nameptr[0] == '\0') {
675 if (cnp->cn_nameiop != NAMEI_LOOKUP || wantparent) {
679 if (dp->v_type != VDIR) {
683 if (!(cnp->cn_flags & CNP_LOCKLEAF))
684 VOP_UNLOCK(dp, 0, td);
686 /* XXX This should probably move to the top of function. */
687 if (cnp->cn_flags & CNP_SAVESTART)
688 panic("lookup: CNP_SAVESTART");
692 if (cnp->cn_flags & CNP_ISDOTDOT)
693 panic ("relookup: lookup on dot-dot");
696 * We now have a segment name to search for, and a directory to search.
698 if ((error = VOP_LOOKUP(dp, vpp, cnp)) != 0) {
699 KASSERT(*vpp == NULL, ("leaf should be empty"));
700 if (error != EJUSTRETURN)
703 * If creating and at end of pathname, then can consider
704 * allowing file to be created.
710 /* ASSERT(dvp == ndp->ni_startdir) */
711 if (cnp->cn_flags & CNP_SAVESTART)
714 * We return with ni_vp NULL to indicate that the entry
715 * doesn't currently exist, leaving a pointer to the
716 * (possibly locked) directory inode in ndp->ni_dvp.
723 * Check for symbolic link
725 KASSERT(dp->v_type != VLNK || !(cnp->cn_flags & CNP_FOLLOW),
726 ("relookup: symlink found.\n"));
729 * Disallow directory write attempts on read-only file systems.
732 (cnp->cn_nameiop == NAMEI_DELETE || cnp->cn_nameiop == NAMEI_RENAME)) {
736 /* ASSERT(dvp == ndp->ni_startdir) */
737 if (cnp->cn_flags & CNP_SAVESTART)
743 if (vn_canvmio(dp) == TRUE &&
744 ((cnp->cn_flags & (CNP_NOOBJ|CNP_LOCKLEAF)) == CNP_LOCKLEAF))
745 vfs_object_create(dp, cnp->cn_td);
747 if ((cnp->cn_flags & CNP_LOCKLEAF) == 0)
748 VOP_UNLOCK(dp, 0, td);
752 if ((cnp->cn_flags & CNP_LOCKPARENT) && (cnp->cn_flags & CNP_ISLASTCN))
753 VOP_UNLOCK(dvp, 0, td);