2 * Copyright (c) 1982, 1986, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_lookup.c 8.4 (Berkeley) 2/16/94
39 * $FreeBSD: src/sys/kern/vfs_lookup.c,v 1.38.2.3 2001/08/31 19:36:49 dillon Exp $
40 * $DragonFly: src/sys/kern/vfs_lookup.c,v 1.8 2003/10/09 22:27:19 dillon Exp $
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/vnode.h>
48 #include <sys/mount.h>
49 #include <sys/filedesc.h>
51 #include <sys/namei.h>
54 #include <sys/ktrace.h>
57 #include <vm/vm_zone.h>
60 * Convert a pathname into a pointer to a locked inode.
62 * The CNP_FOLLOW flag is set when symbolic links are to be followed
63 * when they occur at the end of the name translation process.
64 * Symbolic links are always followed for all other pathname
65 * components other than the last.
67 * The segflg defines whether the name is to be copied from user
68 * space or kernel space.
70 * Overall outline of namei:
73 * get starting directory
74 * while (!done && !error) {
75 * call lookup to search path.
76 * if symbolic link, massage name in buffer and continue
80 namei(struct nameidata *ndp)
82 struct filedesc *fdp; /* pointer to file descriptor state */
83 char *cp; /* pointer into pathname argument */
84 struct vnode *dp; /* the directory we are searching */
85 struct iovec aiov; /* uio for reading symbolic links */
88 struct componentname *cnp = &ndp->ni_cnd;
91 KKASSERT(ndp->ni_cnd.cn_td != NULL);
92 p = cnp->cn_td->td_proc;
94 KASSERT(cnp->cn_cred, ("namei: bad cred/proc"));
95 KKASSERT(cnp->cn_cred == p->p_ucred); /* YYY */
96 KASSERT((cnp->cn_nameiop & (~NAMEI_OPMASK)) == 0,
97 ("namei: nameiop contaminated with flags"));
98 KASSERT((cnp->cn_flags & NAMEI_OPMASK) == 0,
99 ("namei: flags contaminated with nameiops"));
103 * Get a buffer for the name to be translated, and copy the
104 * name into the buffer.
106 if ((cnp->cn_flags & CNP_HASBUF) == 0)
107 cnp->cn_pnbuf = zalloc(namei_zone);
108 if (ndp->ni_segflg == UIO_SYSSPACE)
109 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf,
110 MAXPATHLEN, (size_t *)&ndp->ni_pathlen);
112 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
113 MAXPATHLEN, (size_t *)&ndp->ni_pathlen);
116 * Don't allow empty pathnames.
118 if (!error && *cnp->cn_pnbuf == '\0')
122 zfree(namei_zone, cnp->cn_pnbuf);
128 if (KTRPOINT(cnp->cn_td, KTR_NAMEI))
129 ktrnamei(cnp->cn_td->td_proc->p_tracep, cnp->cn_pnbuf);
133 * Get starting point for the translation.
135 ndp->ni_rootdir = fdp->fd_rdir;
136 ndp->ni_topdir = fdp->fd_jdir;
142 * Check if root directory should replace current directory.
143 * Done at start of translation and after symbolic link.
145 cnp->cn_nameptr = cnp->cn_pnbuf;
146 if (*(cnp->cn_nameptr) == '/') {
148 while (*(cnp->cn_nameptr) == '/') {
152 dp = ndp->ni_rootdir;
155 ndp->ni_startdir = dp;
158 zfree(namei_zone, cnp->cn_pnbuf);
162 * Check for symbolic link
164 if ((cnp->cn_flags & CNP_ISSYMLINK) == 0) {
165 if ((cnp->cn_flags & (CNP_SAVENAME | CNP_SAVESTART)) == 0)
166 zfree(namei_zone, cnp->cn_pnbuf);
168 cnp->cn_flags |= CNP_HASBUF;
170 if (vn_canvmio(ndp->ni_vp) == TRUE &&
171 (cnp->cn_nameiop != NAMEI_DELETE) &&
172 ((cnp->cn_flags & (CNP_NOOBJ|CNP_LOCKLEAF)) ==
174 vfs_object_create(ndp->ni_vp, ndp->ni_cnd.cn_td);
178 if ((cnp->cn_flags & CNP_LOCKPARENT) && ndp->ni_pathlen == 1)
179 VOP_UNLOCK(ndp->ni_dvp, 0, cnp->cn_td);
180 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
184 if (ndp->ni_pathlen > 1)
185 cp = zalloc(namei_zone);
189 aiov.iov_len = MAXPATHLEN;
190 auio.uio_iov = &aiov;
193 auio.uio_rw = UIO_READ;
194 auio.uio_segflg = UIO_SYSSPACE;
196 auio.uio_resid = MAXPATHLEN;
197 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred);
199 if (ndp->ni_pathlen > 1)
200 zfree(namei_zone, cp);
203 linklen = MAXPATHLEN - auio.uio_resid;
205 if (ndp->ni_pathlen > 1)
206 zfree(namei_zone, cp);
210 if (linklen + ndp->ni_pathlen >= MAXPATHLEN) {
211 if (ndp->ni_pathlen > 1)
212 zfree(namei_zone, cp);
213 error = ENAMETOOLONG;
216 if (ndp->ni_pathlen > 1) {
217 bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen);
218 zfree(namei_zone, cnp->cn_pnbuf);
221 cnp->cn_pnbuf[linklen] = '\0';
222 ndp->ni_pathlen += linklen;
226 zfree(namei_zone, cnp->cn_pnbuf);
235 * This is a very central and rather complicated routine.
237 * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
238 * The starting directory is taken from ni_startdir. The pathname is
239 * descended until done, or a symbolic link is encountered. The variable
240 * ni_more is clear if the path is completed; it is set to one if a
241 * symbolic link needing interpretation is encountered.
243 * The flag argument is NAMEI_LOOKUP, CREATE, RENAME, or DELETE depending on
244 * whether the name is to be looked up, created, renamed, or deleted.
245 * When CREATE, RENAME, or DELETE is specified, information usable in
246 * creating, renaming, or deleting a directory entry may be calculated.
247 * If flag has LOCKPARENT or'ed into it, the parent directory is returned
248 * locked. If flag has WANTPARENT or'ed into it, the parent directory is
249 * returned unlocked. Otherwise the parent directory is not returned. If
250 * the target of the pathname exists and LOCKLEAF is or'ed into the flag
251 * the target is returned locked, otherwise it is returned unlocked.
252 * When creating or renaming and LOCKPARENT is specified, the target may not
253 * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
255 * Overall outline of lookup:
258 * identify next component of name at ndp->ni_ptr
259 * handle degenerate case where name is null string
260 * if .. and crossing mount points and on mounted filesys, find parent
261 * call VOP_LOOKUP routine for next component name
262 * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
263 * component vnode returned in ni_vp (if it exists), locked.
264 * if result vnode is mounted on and crossing mount points,
265 * find mounted on vnode
266 * if more components of name, do next level at dirloop
267 * return the answer in ni_vp, locked if LOCKLEAF set
268 * if LOCKPARENT set, return locked parent in ni_dvp
269 * if WANTPARENT set, return unlocked parent in ni_dvp
272 lookup(struct nameidata *ndp)
274 char *cp; /* pointer into pathname argument */
275 struct vnode *dp = NULL; /* the directory we are searching */
276 struct vnode *tdp; /* saved dp */
277 struct mount *mp; /* mount table entry */
278 int docache; /* == 0 do not cache last component */
279 int wantparent; /* 1 => wantparent or lockparent flag */
280 int rdonly; /* lookup read-only flag bit */
283 int dpunlocked = 0; /* dp has already been unlocked */
284 struct componentname *cnp = &ndp->ni_cnd;
285 struct thread *td = cnp->cn_td;
288 * Setup: break out flag bits into variables.
290 wantparent = cnp->cn_flags & (CNP_LOCKPARENT | CNP_WANTPARENT);
291 docache = (cnp->cn_flags & CNP_NOCACHE) ^ CNP_NOCACHE;
292 if (cnp->cn_nameiop == NAMEI_DELETE ||
293 (wantparent && cnp->cn_nameiop != NAMEI_CREATE &&
294 cnp->cn_nameiop != NAMEI_LOOKUP))
296 rdonly = cnp->cn_flags & CNP_RDONLY;
298 cnp->cn_flags &= ~CNP_ISSYMLINK;
299 dp = ndp->ni_startdir;
300 ndp->ni_startdir = NULLVP;
301 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
305 * Search a new directory.
307 * The last component of the filename is left accessible via
308 * cnp->cn_nameptr for callers that need the name. Callers needing
309 * the name set the CNP_SAVENAME flag. When done, they assume
310 * responsibility for freeing the pathname buffer.
313 for (cp = cnp->cn_nameptr; *cp != 0 && *cp != '/'; cp++)
315 cnp->cn_namelen = cp - cnp->cn_nameptr;
316 if (cnp->cn_namelen > NAME_MAX) {
317 error = ENAMETOOLONG;
320 #ifdef NAMEI_DIAGNOSTIC
323 printf("{%s}: ", cnp->cn_nameptr);
326 ndp->ni_pathlen -= cnp->cn_namelen;
330 * Replace multiple slashes by a single slash and trailing slashes
331 * by a null. This must be done before VOP_LOOKUP() because some
332 * fs's don't know about trailing slashes. Remember if there were
333 * trailing slashes to handle symlinks, existing non-directories
334 * and non-existing files that won't be directories specially later.
337 while (*cp == '/' && (cp[1] == '/' || cp[1] == '\0')) {
342 *ndp->ni_next = '\0'; /* XXX for direnter() ... */
347 cnp->cn_flags |= CNP_MAKEENTRY;
348 if (*cp == '\0' && docache == 0)
349 cnp->cn_flags &= ~CNP_MAKEENTRY;
350 if (cnp->cn_namelen == 2 &&
351 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
352 cnp->cn_flags |= CNP_ISDOTDOT;
354 cnp->cn_flags &= ~CNP_ISDOTDOT;
355 if (*ndp->ni_next == 0)
356 cnp->cn_flags |= CNP_ISLASTCN;
358 cnp->cn_flags &= ~CNP_ISLASTCN;
362 * Check for degenerate name (e.g. / or "")
363 * which is a way of talking about a directory,
364 * e.g. like "/." or ".".
366 if (cnp->cn_nameptr[0] == '\0') {
367 if (dp->v_type != VDIR) {
371 if (cnp->cn_nameiop != NAMEI_LOOKUP) {
380 if (!(cnp->cn_flags & (CNP_LOCKPARENT | CNP_LOCKLEAF)))
381 VOP_UNLOCK(dp, 0, cnp->cn_td);
382 /* XXX This should probably move to the top of function. */
383 if (cnp->cn_flags & CNP_SAVESTART)
384 panic("lookup: CNP_SAVESTART");
389 * Handle "..": two special cases.
390 * 1. If at root directory (e.g. after chroot)
391 * or at absolute root directory
392 * then ignore it so can't get out.
393 * 2. If this vnode is the root of a mounted
394 * filesystem, then replace it with the
395 * vnode which was mounted on so we take the
396 * .. in the other file system.
397 * 3. If the vnode is the top directory of
398 * the jail or chroot, don't let them out.
400 if (cnp->cn_flags & CNP_ISDOTDOT) {
402 if (dp == ndp->ni_rootdir ||
403 dp == ndp->ni_topdir ||
410 if ((dp->v_flag & VROOT) == 0 ||
411 (cnp->cn_flags & CNP_NOCROSSMOUNT))
413 if (dp->v_mount == NULL) { /* forced unmount */
418 dp = dp->v_mount->mnt_vnodecovered;
421 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
426 * We now have a segment name to search for, and a directory to search.
431 cnp->cn_flags &= ~CNP_PDIRUNLOCK;
432 ASSERT_VOP_LOCKED(dp, "lookup");
433 if ((error = VOP_LOOKUP(dp, NCPNULL, &ndp->ni_vp, NCPPNULL, cnp)) != 0) {
434 KASSERT(ndp->ni_vp == NULL, ("leaf should be empty"));
435 #ifdef NAMEI_DIAGNOSTIC
436 printf("not found\n");
438 if ((error == ENOENT) &&
439 (dp->v_flag & VROOT) && (dp->v_mount != NULL) &&
440 (dp->v_mount->mnt_flag & MNT_UNION)) {
442 dp = dp->v_mount->mnt_vnodecovered;
443 if (cnp->cn_flags & CNP_PDIRUNLOCK)
448 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
452 if (error != EJUSTRETURN)
455 * If creating and at end of pathname, then can consider
456 * allowing file to be created.
462 if (*cp == '\0' && trailing_slash &&
463 !(cnp->cn_flags & CNP_WILLBEDIR)) {
468 * We return with ni_vp NULL to indicate that the entry
469 * doesn't currently exist, leaving a pointer to the
470 * (possibly locked) directory inode in ndp->ni_dvp.
472 if (cnp->cn_flags & CNP_SAVESTART) {
473 ndp->ni_startdir = ndp->ni_dvp;
474 VREF(ndp->ni_startdir);
478 #ifdef NAMEI_DIAGNOSTIC
482 ASSERT_VOP_LOCKED(ndp->ni_vp, "lookup");
485 * Take into account any additional components consumed by
486 * the underlying filesystem.
488 if (cnp->cn_consume > 0) {
489 cnp->cn_nameptr += cnp->cn_consume;
490 ndp->ni_next += cnp->cn_consume;
491 ndp->ni_pathlen -= cnp->cn_consume;
498 * Check to see if the vnode has been mounted on;
499 * if so find the root of the mounted file system.
501 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) &&
502 (cnp->cn_flags & CNP_NOCROSSMOUNT) == 0) {
503 if (vfs_busy(mp, 0, 0, td))
505 VOP_UNLOCK(dp, 0, td);
506 error = VFS_ROOT(mp, &tdp);
512 cache_mount(dp, tdp);
514 ndp->ni_vp = dp = tdp;
518 * Check for symbolic link
520 if ((dp->v_type == VLNK) &&
521 ((cnp->cn_flags & CNP_FOLLOW) || trailing_slash ||
522 *ndp->ni_next == '/')) {
523 cnp->cn_flags |= CNP_ISSYMLINK;
524 if (dp->v_mount == NULL) {
525 /* We can't know whether the directory was mounted with
526 * NOSYMFOLLOW, so we can't follow safely. */
530 if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) {
538 * Check for bogus trailing slashes.
540 if (trailing_slash && dp->v_type != VDIR) {
547 * Not a symbolic link. If more pathname,
548 * continue at next component, else return.
550 if (*ndp->ni_next == '/') {
551 cnp->cn_nameptr = ndp->ni_next;
552 while (*cnp->cn_nameptr == '/') {
556 if (ndp->ni_dvp != ndp->ni_vp)
557 ASSERT_VOP_UNLOCKED(ndp->ni_dvp, "lookup");
562 * Disallow directory write attempts on read-only file systems.
565 (cnp->cn_nameiop == NAMEI_DELETE || cnp->cn_nameiop == NAMEI_RENAME)) {
569 if (cnp->cn_flags & CNP_SAVESTART) {
570 ndp->ni_startdir = ndp->ni_dvp;
571 VREF(ndp->ni_startdir);
576 if ((cnp->cn_flags & CNP_LOCKLEAF) == 0)
577 VOP_UNLOCK(dp, 0, td);
581 if ((cnp->cn_flags & (CNP_LOCKPARENT | CNP_PDIRUNLOCK)) == CNP_LOCKPARENT &&
582 *ndp->ni_next == '\0')
583 VOP_UNLOCK(ndp->ni_dvp, 0, td);
595 * relookup - lookup a path name component
596 * Used by lookup to re-aquire things.
599 relookup(dvp, vpp, cnp)
600 struct vnode *dvp, **vpp;
601 struct componentname *cnp;
603 struct thread *td = cnp->cn_td;
604 struct vnode *dp = 0; /* the directory we are searching */
605 int docache; /* == 0 do not cache last component */
606 int wantparent; /* 1 => wantparent or lockparent flag */
607 int rdonly; /* lookup read-only flag bit */
609 #ifdef NAMEI_DIAGNOSTIC
610 int newhash; /* DEBUG: check name hash */
611 char *cp; /* DEBUG: check name ptr/len */
615 * Setup: break out flag bits into variables.
617 wantparent = cnp->cn_flags & (CNP_LOCKPARENT|CNP_WANTPARENT);
618 docache = (cnp->cn_flags & CNP_NOCACHE) ^ CNP_NOCACHE;
619 if (cnp->cn_nameiop == NAMEI_DELETE ||
620 (wantparent && cnp->cn_nameiop != NAMEI_CREATE))
622 rdonly = cnp->cn_flags & CNP_RDONLY;
623 cnp->cn_flags &= ~CNP_ISSYMLINK;
625 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
629 * Search a new directory.
631 * The last component of the filename is left accessible via
632 * cnp->cn_nameptr for callers that need the name. Callers needing
633 * the name set the CNP_SAVENAME flag. When done, they assume
634 * responsibility for freeing the pathname buffer.
636 #ifdef NAMEI_DIAGNOSTIC
637 if (cnp->cn_namelen != cp - cnp->cn_nameptr)
638 panic ("relookup: bad len");
640 panic("relookup: not last component");
641 printf("{%s}: ", cnp->cn_nameptr);
645 * Check for degenerate name (e.g. / or "")
646 * which is a way of talking about a directory,
647 * e.g. like "/." or ".".
649 if (cnp->cn_nameptr[0] == '\0') {
650 if (cnp->cn_nameiop != NAMEI_LOOKUP || wantparent) {
654 if (dp->v_type != VDIR) {
658 if (!(cnp->cn_flags & CNP_LOCKLEAF))
659 VOP_UNLOCK(dp, 0, td);
661 /* XXX This should probably move to the top of function. */
662 if (cnp->cn_flags & CNP_SAVESTART)
663 panic("lookup: CNP_SAVESTART");
667 if (cnp->cn_flags & CNP_ISDOTDOT)
668 panic ("relookup: lookup on dot-dot");
671 * We now have a segment name to search for, and a directory to search.
673 if ((error = VOP_LOOKUP(dp, NCPNULL, vpp, NCPPNULL, cnp)) != 0) {
674 KASSERT(*vpp == NULL, ("leaf should be empty"));
675 if (error != EJUSTRETURN)
678 * If creating and at end of pathname, then can consider
679 * allowing file to be created.
685 /* ASSERT(dvp == ndp->ni_startdir) */
686 if (cnp->cn_flags & CNP_SAVESTART)
689 * We return with ni_vp NULL to indicate that the entry
690 * doesn't currently exist, leaving a pointer to the
691 * (possibly locked) directory inode in ndp->ni_dvp.
698 * Check for symbolic link
700 KASSERT(dp->v_type != VLNK || !(cnp->cn_flags & CNP_FOLLOW),
701 ("relookup: symlink found.\n"));
704 * Disallow directory write attempts on read-only file systems.
707 (cnp->cn_nameiop == NAMEI_DELETE || cnp->cn_nameiop == NAMEI_RENAME)) {
711 /* ASSERT(dvp == ndp->ni_startdir) */
712 if (cnp->cn_flags & CNP_SAVESTART)
718 if (vn_canvmio(dp) == TRUE &&
719 ((cnp->cn_flags & (CNP_NOOBJ|CNP_LOCKLEAF)) == CNP_LOCKLEAF))
720 vfs_object_create(dp, cnp->cn_td);
722 if ((cnp->cn_flags & CNP_LOCKLEAF) == 0)
723 VOP_UNLOCK(dp, 0, td);
727 if ((cnp->cn_flags & CNP_LOCKPARENT) && (cnp->cn_flags & CNP_ISLASTCN))
728 VOP_UNLOCK(dvp, 0, td);