2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
42 #include <sys/param.h>
43 #include <sys/systm.h>
46 #include <sys/sysent.h>
47 #include <sys/malloc.h>
48 #include <sys/mount.h>
49 #include <sys/mountctl.h>
50 #include <sys/sysproto.h>
51 #include <sys/filedesc.h>
52 #include <sys/kernel.h>
53 #include <sys/fcntl.h>
55 #include <sys/linker.h>
57 #include <sys/unistd.h>
58 #include <sys/vnode.h>
62 #include <sys/namei.h>
63 #include <sys/nlookup.h>
64 #include <sys/dirent.h>
65 #include <sys/extattr.h>
66 #include <sys/spinlock.h>
67 #include <sys/kern_syscall.h>
68 #include <sys/objcache.h>
69 #include <sys/sysctl.h>
72 #include <sys/file2.h>
73 #include <sys/spinlock2.h>
74 #include <sys/mplock2.h>
77 #include <vm/vm_object.h>
78 #include <vm/vm_page.h>
80 #include <machine/limits.h>
81 #include <machine/stdarg.h>
83 #include <vfs/union/union.h>
85 static void mount_warning(struct mount *mp, const char *ctl, ...)
87 static int mount_path(struct proc *p, struct mount *mp, char **rb, char **fb);
88 static int checkvp_chdir (struct vnode *vn, struct thread *td);
89 static void checkdirs (struct nchandle *old_nch, struct nchandle *new_nch);
90 static int chroot_refuse_vdir_fds (struct filedesc *fdp);
91 static int chroot_visible_mnt(struct mount *mp, struct proc *p);
92 static int getutimes (const struct timeval *, struct timespec *);
93 static int setfown (struct mount *, struct vnode *, uid_t, gid_t);
94 static int setfmode (struct vnode *, int);
95 static int setfflags (struct vnode *, int);
96 static int setutimes (struct vnode *, struct vattr *,
97 const struct timespec *, int);
98 static int usermount = 0; /* if 1, non-root can mount fs. */
100 int (*union_dircheckp) (struct thread *, struct vnode **, struct file *);
102 SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0,
103 "Allow non-root users to mount filesystems");
106 * Virtual File System System Calls
110 * Mount a file system.
112 * mount_args(char *type, char *path, int flags, caddr_t data)
117 sys_mount(struct mount_args *uap)
119 struct thread *td = curthread;
122 struct mount *mp, *nullmp;
123 struct vfsconf *vfsp;
124 int error, flag = 0, flag2 = 0;
127 struct nlookupdata nd;
128 char fstypename[MFSNAMELEN];
136 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
140 * Do not allow NFS export by non-root users.
142 if (uap->flags & MNT_EXPORTED) {
143 error = priv_check(td, PRIV_ROOT);
148 * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
150 if (priv_check(td, PRIV_ROOT))
151 uap->flags |= MNT_NOSUID | MNT_NODEV;
154 * Lookup the requested path and extract the nch and vnode.
156 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
158 if ((error = nlookup(&nd)) == 0) {
159 if (nd.nl_nch.ncp->nc_vp == NULL)
169 * If the target filesystem is resolved via a nullfs mount, then
170 * nd.nl_nch.mount will be pointing to the nullfs mount structure
171 * instead of the target file system. We need it in case we are
174 nullmp = nd.nl_nch.mount;
177 * Extract the locked+refd ncp and cleanup the nd structure
180 cache_zero(&nd.nl_nch);
183 if ((nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
184 (mp = cache_findmount(&nch)) != NULL) {
193 * now we have the locked ref'd nch and unreferenced vnode.
196 if ((error = vget(vp, LK_EXCLUSIVE)) != 0) {
203 * Extract the file system type. We need to know this early, to take
204 * appropriate actions if we are dealing with a nullfs.
206 if ((error = copyinstr(uap->type, fstypename, MFSNAMELEN, NULL)) != 0) {
213 * Now we have an unlocked ref'd nch and a locked ref'd vp
215 if (uap->flags & MNT_UPDATE) {
216 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
223 if (strncmp(fstypename, "null", 5) == 0) {
231 flag2 = mp->mnt_kern_flag;
233 * We only allow the filesystem to be reloaded if it
234 * is currently mounted read-only.
236 if ((uap->flags & MNT_RELOAD) &&
237 ((mp->mnt_flag & MNT_RDONLY) == 0)) {
240 error = EOPNOTSUPP; /* Needs translation */
244 * Only root, or the user that did the original mount is
245 * permitted to update it.
247 if (mp->mnt_stat.f_owner != cred->cr_uid &&
248 (error = priv_check(td, PRIV_ROOT))) {
253 if (vfs_busy(mp, LK_NOWAIT)) {
259 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
266 vsetflags(vp, VMOUNT);
268 uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
269 lwkt_gettoken(&mp->mnt_token);
274 * If the user is not root, ensure that they own the directory
275 * onto which we are attempting to mount.
277 if ((error = VOP_GETATTR(vp, &va)) ||
278 (va.va_uid != cred->cr_uid && (error = priv_check(td, PRIV_ROOT)))) {
283 if ((error = vinvalbuf(vp, V_SAVE, 0, 0)) != 0) {
288 if (vp->v_type != VDIR) {
294 if (vp->v_mount->mnt_kern_flag & MNTK_NOSTKMNT) {
300 vfsp = vfsconf_find_by_name(fstypename);
304 /* Only load modules for root (very important!) */
305 if ((error = priv_check(td, PRIV_ROOT)) != 0) {
310 error = linker_load_file(fstypename, &lf);
311 if (error || lf == NULL) {
319 /* lookup again, see if the VFS was loaded */
320 vfsp = vfsconf_find_by_name(fstypename);
323 linker_file_unload(lf);
330 if ((vp->v_flag & VMOUNT) != 0 || hasmount) {
336 vsetflags(vp, VMOUNT);
339 * Allocate and initialize the filesystem.
341 mp = kmalloc(sizeof(struct mount), M_MOUNT, M_ZERO|M_WAITOK);
343 vfs_busy(mp, LK_NOWAIT);
344 mp->mnt_op = vfsp->vfc_vfsops;
346 vfsp->vfc_refcount++;
347 mp->mnt_stat.f_type = vfsp->vfc_typenum;
348 mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
349 strncpy(mp->mnt_stat.f_fstypename, vfsp->vfc_name, MFSNAMELEN);
350 mp->mnt_stat.f_owner = cred->cr_uid;
351 lwkt_gettoken(&mp->mnt_token);
355 * (per-mount token acquired at this point)
357 * Set the mount level flags.
359 if (uap->flags & MNT_RDONLY)
360 mp->mnt_flag |= MNT_RDONLY;
361 else if (mp->mnt_flag & MNT_RDONLY)
362 mp->mnt_kern_flag |= MNTK_WANTRDWR;
363 mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
364 MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
365 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
366 MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
367 mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC |
368 MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
369 MNT_NOSYMFOLLOW | MNT_IGNORE | MNT_TRIM |
370 MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
372 * Mount the filesystem.
373 * XXX The final recipients of VFS_MOUNT just overwrite the ndp they
376 error = VFS_MOUNT(mp, uap->path, uap->data, cred);
377 if (mp->mnt_flag & MNT_UPDATE) {
378 if (mp->mnt_kern_flag & MNTK_WANTRDWR)
379 mp->mnt_flag &= ~MNT_RDONLY;
380 mp->mnt_flag &=~ (MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
381 mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
384 mp->mnt_kern_flag = flag2;
386 lwkt_reltoken(&mp->mnt_token);
388 vclrflags(vp, VMOUNT);
393 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
395 * Put the new filesystem on the mount list after root. The mount
396 * point gets its own mnt_ncmountpt (unless the VFS already set one
397 * up) which represents the root of the mount. The lookup code
398 * detects the mount point going forward and checks the root of
399 * the mount going backwards.
401 * It is not necessary to invalidate or purge the vnode underneath
402 * because elements under the mount will be given their own glue
406 if (mp->mnt_ncmountpt.ncp == NULL) {
408 * allocate, then unlock, but leave the ref intact
410 cache_allocroot(&mp->mnt_ncmountpt, mp, NULL);
411 cache_unlock(&mp->mnt_ncmountpt);
413 mp->mnt_ncmounton = nch; /* inherits ref */
414 nch.ncp->nc_flag |= NCF_ISMOUNTPT;
415 cache_ismounting(mp);
417 /* XXX get the root of the fs and cache_setvp(mnt_ncmountpt...) */
418 vclrflags(vp, VMOUNT);
419 mountlist_insert(mp, MNTINS_LAST);
421 checkdirs(&mp->mnt_ncmounton, &mp->mnt_ncmountpt);
422 error = vfs_allocate_syncvnode(mp);
423 lwkt_reltoken(&mp->mnt_token);
425 error = VFS_START(mp, 0);
428 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
429 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
430 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
431 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
432 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
433 vclrflags(vp, VMOUNT);
434 mp->mnt_vfc->vfc_refcount--;
435 lwkt_reltoken(&mp->mnt_token);
446 * Scan all active processes to see if any of them have a current
447 * or root directory onto which the new filesystem has just been
448 * mounted. If so, replace them with the new mount point.
450 * The passed ncp is ref'd and locked (from the mount code) and
451 * must be associated with the vnode representing the root of the
454 struct checkdirs_info {
455 struct nchandle old_nch;
456 struct nchandle new_nch;
457 struct vnode *old_vp;
458 struct vnode *new_vp;
461 static int checkdirs_callback(struct proc *p, void *data);
464 checkdirs(struct nchandle *old_nch, struct nchandle *new_nch)
466 struct checkdirs_info info;
472 * If the old mount point's vnode has a usecount of 1, it is not
473 * being held as a descriptor anywhere.
475 olddp = old_nch->ncp->nc_vp;
476 if (olddp == NULL || olddp->v_sysref.refcnt == 1)
480 * Force the root vnode of the new mount point to be resolved
481 * so we can update any matching processes.
484 if (VFS_ROOT(mp, &newdp))
485 panic("mount: lost mount");
486 cache_setunresolved(new_nch);
487 cache_setvp(new_nch, newdp);
490 * Special handling of the root node
492 if (rootvnode == olddp) {
494 vfs_cache_setroot(newdp, cache_hold(new_nch));
498 * Pass newdp separately so the callback does not have to access
499 * it via new_nch->ncp->nc_vp.
501 info.old_nch = *old_nch;
502 info.new_nch = *new_nch;
504 allproc_scan(checkdirs_callback, &info);
509 * NOTE: callback is not MP safe because the scanned process's filedesc
510 * structure can be ripped out from under us, amoung other things.
513 checkdirs_callback(struct proc *p, void *data)
515 struct checkdirs_info *info = data;
516 struct filedesc *fdp;
517 struct nchandle ncdrop1;
518 struct nchandle ncdrop2;
519 struct vnode *vprele1;
520 struct vnode *vprele2;
522 if ((fdp = p->p_fd) != NULL) {
523 cache_zero(&ncdrop1);
524 cache_zero(&ncdrop2);
529 * MPUNSAFE - XXX fdp can be pulled out from under a
532 * A shared filedesc is ok, we don't have to copy it
533 * because we are making this change globally.
535 spin_lock(&fdp->fd_spin);
536 if (fdp->fd_ncdir.mount == info->old_nch.mount &&
537 fdp->fd_ncdir.ncp == info->old_nch.ncp) {
538 vprele1 = fdp->fd_cdir;
540 fdp->fd_cdir = info->new_vp;
541 ncdrop1 = fdp->fd_ncdir;
542 cache_copy(&info->new_nch, &fdp->fd_ncdir);
544 if (fdp->fd_nrdir.mount == info->old_nch.mount &&
545 fdp->fd_nrdir.ncp == info->old_nch.ncp) {
546 vprele2 = fdp->fd_rdir;
548 fdp->fd_rdir = info->new_vp;
549 ncdrop2 = fdp->fd_nrdir;
550 cache_copy(&info->new_nch, &fdp->fd_nrdir);
552 spin_unlock(&fdp->fd_spin);
554 cache_drop(&ncdrop1);
556 cache_drop(&ncdrop2);
566 * Unmount a file system.
568 * Note: unmount takes a path to the vnode mounted on as argument,
569 * not special file (as before).
571 * umount_args(char *path, int flags)
576 sys_unmount(struct unmount_args *uap)
578 struct thread *td = curthread;
579 struct proc *p __debugvar = td->td_proc;
580 struct mount *mp = NULL;
581 struct nlookupdata nd;
586 if (td->td_ucred->cr_prison != NULL) {
590 if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
593 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
595 error = nlookup(&nd);
599 mp = nd.nl_nch.mount;
602 * Only root, or the user that did the original mount is
603 * permitted to unmount this filesystem.
605 if ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) &&
606 (error = priv_check(td, PRIV_ROOT)))
610 * Don't allow unmounting the root file system.
612 if (mp->mnt_flag & MNT_ROOTFS) {
618 * Must be the root of the filesystem
620 if (nd.nl_nch.ncp != mp->mnt_ncmountpt.ncp) {
628 error = dounmount(mp, uap->flags);
635 * Do the actual file system unmount.
638 dounmount_interlock(struct mount *mp)
640 if (mp->mnt_kern_flag & MNTK_UNMOUNT)
642 mp->mnt_kern_flag |= MNTK_UNMOUNT;
647 unmount_allproc_cb(struct proc *p, void *arg)
651 if (p->p_textnch.ncp == NULL)
654 mp = (struct mount *)arg;
655 if (p->p_textnch.mount == mp)
656 cache_drop(&p->p_textnch);
662 dounmount(struct mount *mp, int flags)
664 struct namecache *ncp;
672 lwkt_gettoken(&mp->mnt_token);
674 * Exclusive access for unmounting purposes
676 if ((error = mountlist_interlock(dounmount_interlock, mp)) != 0)
680 * Allow filesystems to detect that a forced unmount is in progress.
682 if (flags & MNT_FORCE)
683 mp->mnt_kern_flag |= MNTK_UNMOUNTF;
684 lflags = LK_EXCLUSIVE | ((flags & MNT_FORCE) ? 0 : LK_NOWAIT);
685 error = lockmgr(&mp->mnt_lock, lflags);
687 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
688 if (mp->mnt_kern_flag & MNTK_MWAIT) {
689 mp->mnt_kern_flag &= ~MNTK_MWAIT;
695 if (mp->mnt_flag & MNT_EXPUBLIC)
696 vfs_setpublicfs(NULL, NULL, NULL);
698 vfs_msync(mp, MNT_WAIT);
699 async_flag = mp->mnt_flag & MNT_ASYNC;
700 mp->mnt_flag &=~ MNT_ASYNC;
703 * If this filesystem isn't aliasing other filesystems,
704 * try to invalidate any remaining namecache entries and
705 * check the count afterwords.
707 if ((mp->mnt_kern_flag & MNTK_NCALIASED) == 0) {
708 cache_lock(&mp->mnt_ncmountpt);
709 cache_inval(&mp->mnt_ncmountpt, CINV_DESTROY|CINV_CHILDREN);
710 cache_unlock(&mp->mnt_ncmountpt);
712 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
713 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
714 allproc_scan(&unmount_allproc_cb, mp);
717 if ((ncp = mp->mnt_ncmountpt.ncp) != NULL &&
718 (ncp->nc_refs != 1 || TAILQ_FIRST(&ncp->nc_list))) {
720 if ((flags & MNT_FORCE) == 0) {
722 mount_warning(mp, "Cannot unmount: "
728 mount_warning(mp, "Forced unmount: "
739 * nchandle records ref the mount structure. Expect a count of 1
740 * (our mount->mnt_ncmountpt).
742 cache_unmounting(mp);
743 if (mp->mnt_refs != 1) {
744 if ((flags & MNT_FORCE) == 0) {
745 mount_warning(mp, "Cannot unmount: "
746 "%d process references still "
747 "present", mp->mnt_refs);
750 mount_warning(mp, "Forced unmount: "
751 "%d process references still "
752 "present", mp->mnt_refs);
758 * Decomission our special mnt_syncer vnode. This also stops
759 * the vnlru code. If we are unable to unmount we recommission
763 if ((vp = mp->mnt_syncer) != NULL) {
764 mp->mnt_syncer = NULL;
767 if (((mp->mnt_flag & MNT_RDONLY) ||
768 (error = VFS_SYNC(mp, MNT_WAIT)) == 0) ||
769 (flags & MNT_FORCE)) {
770 error = VFS_UNMOUNT(mp, flags);
774 if (mp->mnt_syncer == NULL)
775 vfs_allocate_syncvnode(mp);
776 mp->mnt_kern_flag &= ~(MNTK_UNMOUNT | MNTK_UNMOUNTF);
777 mp->mnt_flag |= async_flag;
778 lockmgr(&mp->mnt_lock, LK_RELEASE);
779 if (mp->mnt_kern_flag & MNTK_MWAIT) {
780 mp->mnt_kern_flag &= ~MNTK_MWAIT;
786 * Clean up any journals still associated with the mount after
787 * filesystem activity has ceased.
789 journal_remove_all_journals(mp,
790 ((flags & MNT_FORCE) ? MC_JOURNAL_STOP_IMM : 0));
792 mountlist_remove(mp);
795 * Remove any installed vnode ops here so the individual VFSs don't
798 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_coherency_ops);
799 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_journal_ops);
800 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_norm_ops);
801 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_spec_ops);
802 vfs_rm_vnodeops(mp, NULL, &mp->mnt_vn_fifo_ops);
804 if (mp->mnt_ncmountpt.ncp != NULL) {
805 nch = mp->mnt_ncmountpt;
806 cache_zero(&mp->mnt_ncmountpt);
807 cache_clrmountpt(&nch);
810 if (mp->mnt_ncmounton.ncp != NULL) {
811 cache_unmounting(mp);
812 nch = mp->mnt_ncmounton;
813 cache_zero(&mp->mnt_ncmounton);
814 cache_clrmountpt(&nch);
818 mp->mnt_vfc->vfc_refcount--;
819 if (!TAILQ_EMPTY(&mp->mnt_nvnodelist))
820 panic("unmount: dangling vnode");
821 lockmgr(&mp->mnt_lock, LK_RELEASE);
822 if (mp->mnt_kern_flag & MNTK_MWAIT) {
823 mp->mnt_kern_flag &= ~MNTK_MWAIT;
828 * If we reach here and freeok != 0 we must free the mount.
829 * If refs > 1 cycle and wait, just in case someone tried
830 * to busy the mount after we decided to do the unmount.
833 while (mp->mnt_refs > 1) {
834 cache_unmounting(mp);
836 tsleep(&mp->mnt_refs, 0, "umntrwait", hz / 10 + 1);
838 lwkt_reltoken(&mp->mnt_token);
845 lwkt_reltoken(&mp->mnt_token);
851 mount_warning(struct mount *mp, const char *ctl, ...)
858 if (cache_fullpath(NULL, &mp->mnt_ncmounton, NULL,
859 &ptr, &buf, 0) == 0) {
860 kprintf("unmount(%s): ", ptr);
865 kprintf("unmount(%p", mp);
866 if (mp->mnt_ncmounton.ncp && mp->mnt_ncmounton.ncp->nc_name)
867 kprintf(",%s", mp->mnt_ncmounton.ncp->nc_name);
876 * Shim cache_fullpath() to handle the case where a process is chrooted into
877 * a subdirectory of a mount. In this case if the root mount matches the
878 * process root directory's mount we have to specify the process's root
879 * directory instead of the mount point, because the mount point might
880 * be above the root directory.
884 mount_path(struct proc *p, struct mount *mp, char **rb, char **fb)
886 struct nchandle *nch;
888 if (p && p->p_fd->fd_nrdir.mount == mp)
889 nch = &p->p_fd->fd_nrdir;
891 nch = &mp->mnt_ncmountpt;
892 return(cache_fullpath(p, nch, NULL, rb, fb, 0));
896 * Sync each mounted filesystem.
900 static int syncprt = 0;
901 SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
904 static int sync_callback(struct mount *mp, void *data);
907 sys_sync(struct sync_args *uap)
909 mountlist_scan(sync_callback, NULL, MNTSCAN_FORWARD);
912 * print out buffer pool stat information on each sync() call.
922 sync_callback(struct mount *mp, void *data __unused)
926 if ((mp->mnt_flag & MNT_RDONLY) == 0) {
927 asyncflag = mp->mnt_flag & MNT_ASYNC;
928 mp->mnt_flag &= ~MNT_ASYNC;
929 vfs_msync(mp, MNT_NOWAIT);
930 VFS_SYNC(mp, MNT_NOWAIT);
931 mp->mnt_flag |= asyncflag;
936 /* XXX PRISON: could be per prison flag */
937 static int prison_quotas;
939 SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
943 * quotactl_args(char *path, int fcmd, int uid, caddr_t arg)
945 * Change filesystem quotas.
950 sys_quotactl(struct quotactl_args *uap)
952 struct nlookupdata nd;
959 if (td->td_ucred->cr_prison && !prison_quotas) {
964 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
966 error = nlookup(&nd);
968 mp = nd.nl_nch.mount;
969 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid,
970 uap->arg, nd.nl_cred);
979 * mountctl(char *path, int op, int fd, const void *ctl, int ctllen,
980 * void *buf, int buflen)
982 * This function operates on a mount point and executes the specified
983 * operation using the specified control data, and possibly returns data.
985 * The actual number of bytes stored in the result buffer is returned, 0
986 * if none, otherwise an error is returned.
991 sys_mountctl(struct mountctl_args *uap)
993 struct thread *td = curthread;
994 struct proc *p = td->td_proc;
1002 * Sanity and permissions checks. We must be root.
1005 if (td->td_ucred->cr_prison != NULL)
1007 if ((uap->op != MOUNTCTL_MOUNTFLAGS) &&
1008 (error = priv_check(td, PRIV_ROOT)) != 0)
1012 * Argument length checks
1014 if (uap->ctllen < 0 || uap->ctllen > 1024)
1016 if (uap->buflen < 0 || uap->buflen > 16 * 1024)
1018 if (uap->path == NULL)
1022 * Allocate the necessary buffers and copyin data
1024 path = objcache_get(namei_oc, M_WAITOK);
1025 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
1030 ctl = kmalloc(uap->ctllen + 1, M_TEMP, M_WAITOK|M_ZERO);
1031 error = copyin(uap->ctl, ctl, uap->ctllen);
1036 buf = kmalloc(uap->buflen + 1, M_TEMP, M_WAITOK|M_ZERO);
1039 * Validate the descriptor
1042 fp = holdfp(p->p_fd, uap->fd, -1);
1052 * Execute the internal kernel function and clean up.
1055 error = kern_mountctl(path, uap->op, fp, ctl, uap->ctllen, buf, uap->buflen, &uap->sysmsg_result);
1059 if (error == 0 && uap->sysmsg_result > 0)
1060 error = copyout(buf, uap->buf, uap->sysmsg_result);
1063 objcache_put(namei_oc, path);
1072 * Execute a mount control operation by resolving the path to a mount point
1073 * and calling vop_mountctl().
1075 * Use the mount point from the nch instead of the vnode so nullfs mounts
1076 * can properly spike the VOP.
1079 kern_mountctl(const char *path, int op, struct file *fp,
1080 const void *ctl, int ctllen,
1081 void *buf, int buflen, int *res)
1085 struct nlookupdata nd;
1090 error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW);
1092 error = nlookup(&nd);
1094 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
1095 mp = nd.nl_nch.mount;
1102 * Must be the root of the filesystem
1104 if ((vp->v_flag & (VROOT|VPFSROOT)) == 0) {
1108 error = vop_mountctl(mp->mnt_vn_use_ops, vp, op, fp, ctl, ctllen,
1115 kern_statfs(struct nlookupdata *nd, struct statfs *buf)
1117 struct thread *td = curthread;
1118 struct proc *p = td->td_proc;
1121 char *fullpath, *freepath;
1124 if ((error = nlookup(nd)) != 0)
1126 mp = nd->nl_nch.mount;
1128 if ((error = VFS_STATFS(mp, sp, nd->nl_cred)) != 0)
1131 error = mount_path(p, mp, &fullpath, &freepath);
1134 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1135 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1136 kfree(freepath, M_TEMP);
1138 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1139 bcopy(sp, buf, sizeof(*buf));
1140 /* Only root should have access to the fsid's. */
1141 if (priv_check(td, PRIV_ROOT))
1142 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1147 * statfs_args(char *path, struct statfs *buf)
1149 * Get filesystem statistics.
1152 sys_statfs(struct statfs_args *uap)
1154 struct nlookupdata nd;
1158 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1160 error = kern_statfs(&nd, &buf);
1163 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1168 kern_fstatfs(int fd, struct statfs *buf)
1170 struct thread *td = curthread;
1171 struct proc *p = td->td_proc;
1175 char *fullpath, *freepath;
1179 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1183 * Try to use mount info from any overlays rather than the
1184 * mount info for the underlying vnode, otherwise we will
1185 * fail when operating on null-mounted paths inside a chroot.
1187 if ((mp = fp->f_nchandle.mount) == NULL)
1188 mp = ((struct vnode *)fp->f_data)->v_mount;
1193 if (fp->f_cred == NULL) {
1198 if ((error = VFS_STATFS(mp, sp, fp->f_cred)) != 0)
1201 if ((error = mount_path(p, mp, &fullpath, &freepath)) != 0)
1203 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1204 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1205 kfree(freepath, M_TEMP);
1207 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1208 bcopy(sp, buf, sizeof(*buf));
1210 /* Only root should have access to the fsid's. */
1211 if (priv_check(td, PRIV_ROOT))
1212 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
1220 * fstatfs_args(int fd, struct statfs *buf)
1222 * Get filesystem statistics.
1225 sys_fstatfs(struct fstatfs_args *uap)
1230 error = kern_fstatfs(uap->fd, &buf);
1233 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1238 kern_statvfs(struct nlookupdata *nd, struct statvfs *buf)
1244 if ((error = nlookup(nd)) != 0)
1246 mp = nd->nl_nch.mount;
1247 sp = &mp->mnt_vstat;
1248 if ((error = VFS_STATVFS(mp, sp, nd->nl_cred)) != 0)
1252 if (mp->mnt_flag & MNT_RDONLY)
1253 sp->f_flag |= ST_RDONLY;
1254 if (mp->mnt_flag & MNT_NOSUID)
1255 sp->f_flag |= ST_NOSUID;
1256 bcopy(sp, buf, sizeof(*buf));
1261 * statfs_args(char *path, struct statfs *buf)
1263 * Get filesystem statistics.
1266 sys_statvfs(struct statvfs_args *uap)
1268 struct nlookupdata nd;
1272 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1274 error = kern_statvfs(&nd, &buf);
1277 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1282 kern_fstatvfs(int fd, struct statvfs *buf)
1284 struct thread *td = curthread;
1285 struct proc *p = td->td_proc;
1292 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
1294 if ((mp = fp->f_nchandle.mount) == NULL)
1295 mp = ((struct vnode *)fp->f_data)->v_mount;
1300 if (fp->f_cred == NULL) {
1304 sp = &mp->mnt_vstat;
1305 if ((error = VFS_STATVFS(mp, sp, fp->f_cred)) != 0)
1309 if (mp->mnt_flag & MNT_RDONLY)
1310 sp->f_flag |= ST_RDONLY;
1311 if (mp->mnt_flag & MNT_NOSUID)
1312 sp->f_flag |= ST_NOSUID;
1314 bcopy(sp, buf, sizeof(*buf));
1322 * fstatfs_args(int fd, struct statfs *buf)
1324 * Get filesystem statistics.
1327 sys_fstatvfs(struct fstatvfs_args *uap)
1332 error = kern_fstatvfs(uap->fd, &buf);
1335 error = copyout(&buf, uap->buf, sizeof(*uap->buf));
1340 * getfsstat_args(struct statfs *buf, long bufsize, int flags)
1342 * Get statistics on all filesystems.
1345 struct getfsstat_info {
1346 struct statfs *sfsp;
1354 static int getfsstat_callback(struct mount *, void *);
1357 sys_getfsstat(struct getfsstat_args *uap)
1359 struct thread *td = curthread;
1360 struct getfsstat_info info;
1362 bzero(&info, sizeof(info));
1364 info.maxcount = uap->bufsize / sizeof(struct statfs);
1365 info.sfsp = uap->buf;
1367 info.flags = uap->flags;
1370 mountlist_scan(getfsstat_callback, &info, MNTSCAN_FORWARD);
1371 if (info.sfsp && info.count > info.maxcount)
1372 uap->sysmsg_result = info.maxcount;
1374 uap->sysmsg_result = info.count;
1375 return (info.error);
1379 getfsstat_callback(struct mount *mp, void *data)
1381 struct getfsstat_info *info = data;
1387 if (info->sfsp && info->count < info->maxcount) {
1388 if (info->td->td_proc &&
1389 !chroot_visible_mnt(mp, info->td->td_proc)) {
1395 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1396 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1397 * overrides MNT_WAIT.
1399 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1400 (info->flags & MNT_WAIT)) &&
1401 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1404 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1406 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1408 info->error = error;
1411 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1412 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1413 kfree(freepath, M_TEMP);
1415 error = copyout(sp, info->sfsp, sizeof(*sp));
1417 info->error = error;
1427 * getvfsstat_args(struct statfs *buf, struct statvfs *vbuf,
1428 long bufsize, int flags)
1430 * Get statistics on all filesystems.
1433 struct getvfsstat_info {
1434 struct statfs *sfsp;
1435 struct statvfs *vsfsp;
1443 static int getvfsstat_callback(struct mount *, void *);
1446 sys_getvfsstat(struct getvfsstat_args *uap)
1448 struct thread *td = curthread;
1449 struct getvfsstat_info info;
1451 bzero(&info, sizeof(info));
1453 info.maxcount = uap->vbufsize / sizeof(struct statvfs);
1454 info.sfsp = uap->buf;
1455 info.vsfsp = uap->vbuf;
1457 info.flags = uap->flags;
1460 mountlist_scan(getvfsstat_callback, &info, MNTSCAN_FORWARD);
1461 if (info.vsfsp && info.count > info.maxcount)
1462 uap->sysmsg_result = info.maxcount;
1464 uap->sysmsg_result = info.count;
1465 return (info.error);
1469 getvfsstat_callback(struct mount *mp, void *data)
1471 struct getvfsstat_info *info = data;
1473 struct statvfs *vsp;
1478 if (info->vsfsp && info->count < info->maxcount) {
1479 if (info->td->td_proc &&
1480 !chroot_visible_mnt(mp, info->td->td_proc)) {
1484 vsp = &mp->mnt_vstat;
1487 * If MNT_NOWAIT or MNT_LAZY is specified, do not
1488 * refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
1489 * overrides MNT_WAIT.
1491 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1492 (info->flags & MNT_WAIT)) &&
1493 (error = VFS_STATFS(mp, sp, info->td->td_ucred))) {
1496 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
1498 if (((info->flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
1499 (info->flags & MNT_WAIT)) &&
1500 (error = VFS_STATVFS(mp, vsp, info->td->td_ucred))) {
1504 if (mp->mnt_flag & MNT_RDONLY)
1505 vsp->f_flag |= ST_RDONLY;
1506 if (mp->mnt_flag & MNT_NOSUID)
1507 vsp->f_flag |= ST_NOSUID;
1509 error = mount_path(info->td->td_proc, mp, &fullpath, &freepath);
1511 info->error = error;
1514 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
1515 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
1516 kfree(freepath, M_TEMP);
1518 error = copyout(sp, info->sfsp, sizeof(*sp));
1520 error = copyout(vsp, info->vsfsp, sizeof(*vsp));
1522 info->error = error;
1534 * fchdir_args(int fd)
1536 * Change current working directory to a given file descriptor.
1539 sys_fchdir(struct fchdir_args *uap)
1541 struct thread *td = curthread;
1542 struct proc *p = td->td_proc;
1543 struct filedesc *fdp = p->p_fd;
1544 struct vnode *vp, *ovp;
1547 struct nchandle nch, onch, tnch;
1550 if ((error = holdvnode(fdp, uap->fd, &fp)) != 0)
1552 lwkt_gettoken(&p->p_token);
1553 vp = (struct vnode *)fp->f_data;
1555 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1556 if (fp->f_nchandle.ncp == NULL)
1559 error = checkvp_chdir(vp, td);
1564 cache_copy(&fp->f_nchandle, &nch);
1567 * If the ncp has become a mount point, traverse through
1571 while (!error && (nch.ncp->nc_flag & NCF_ISMOUNTPT) &&
1572 (mp = cache_findmount(&nch)) != NULL
1574 error = nlookup_mp(mp, &tnch);
1576 cache_unlock(&tnch); /* leave ref intact */
1578 vp = tnch.ncp->nc_vp;
1579 error = vget(vp, LK_SHARED);
1580 KKASSERT(error == 0);
1584 cache_dropmount(mp);
1588 onch = fdp->fd_ncdir;
1589 vn_unlock(vp); /* leave ref intact */
1591 fdp->fd_ncdir = nch;
1600 lwkt_reltoken(&p->p_token);
1605 kern_chdir(struct nlookupdata *nd)
1607 struct thread *td = curthread;
1608 struct proc *p = td->td_proc;
1609 struct filedesc *fdp = p->p_fd;
1610 struct vnode *vp, *ovp;
1611 struct nchandle onch;
1614 if ((error = nlookup(nd)) != 0)
1616 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
1618 if ((error = vget(vp, LK_SHARED)) != 0)
1621 lwkt_gettoken(&p->p_token);
1622 error = checkvp_chdir(vp, td);
1626 onch = fdp->fd_ncdir;
1627 cache_unlock(&nd->nl_nch); /* leave reference intact */
1628 fdp->fd_ncdir = nd->nl_nch;
1632 cache_zero(&nd->nl_nch);
1636 lwkt_reltoken(&p->p_token);
1641 * chdir_args(char *path)
1643 * Change current working directory (``.'').
1646 sys_chdir(struct chdir_args *uap)
1648 struct nlookupdata nd;
1651 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1653 error = kern_chdir(&nd);
1659 * Helper function for raised chroot(2) security function: Refuse if
1660 * any filedescriptors are open directories.
1663 chroot_refuse_vdir_fds(struct filedesc *fdp)
1670 for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
1671 if ((error = holdvnode(fdp, fd, &fp)) != 0)
1673 vp = (struct vnode *)fp->f_data;
1674 if (vp->v_type != VDIR) {
1685 * This sysctl determines if we will allow a process to chroot(2) if it
1686 * has a directory open:
1687 * 0: disallowed for all processes.
1688 * 1: allowed for processes that were not already chroot(2)'ed.
1689 * 2: allowed for all processes.
1692 static int chroot_allow_open_directories = 1;
1694 SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
1695 &chroot_allow_open_directories, 0, "");
1698 * chroot to the specified namecache entry. We obtain the vp from the
1699 * namecache data. The passed ncp must be locked and referenced and will
1700 * remain locked and referenced on return.
1703 kern_chroot(struct nchandle *nch)
1705 struct thread *td = curthread;
1706 struct proc *p = td->td_proc;
1707 struct filedesc *fdp = p->p_fd;
1712 * Only privileged user can chroot
1714 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1719 * Disallow open directory descriptors (fchdir() breakouts).
1721 if (chroot_allow_open_directories == 0 ||
1722 (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
1723 if ((error = chroot_refuse_vdir_fds(fdp)) != 0)
1726 if ((vp = nch->ncp->nc_vp) == NULL)
1729 if ((error = vget(vp, LK_SHARED)) != 0)
1733 * Check the validity of vp as a directory to change to and
1734 * associate it with rdir/jdir.
1736 error = checkvp_chdir(vp, td);
1737 vn_unlock(vp); /* leave reference intact */
1739 vrele(fdp->fd_rdir);
1740 fdp->fd_rdir = vp; /* reference inherited by fd_rdir */
1741 cache_drop(&fdp->fd_nrdir);
1742 cache_copy(nch, &fdp->fd_nrdir);
1743 if (fdp->fd_jdir == NULL) {
1746 cache_copy(nch, &fdp->fd_njdir);
1755 * chroot_args(char *path)
1757 * Change notion of root (``/'') directory.
1760 sys_chroot(struct chroot_args *uap)
1762 struct thread *td __debugvar = curthread;
1763 struct nlookupdata nd;
1766 KKASSERT(td->td_proc);
1767 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1769 nd.nl_flags |= NLC_EXEC;
1770 error = nlookup(&nd);
1772 error = kern_chroot(&nd.nl_nch);
1779 sys_chroot_kernel(struct chroot_kernel_args *uap)
1781 struct thread *td = curthread;
1782 struct nlookupdata nd;
1783 struct nchandle *nch;
1787 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
1791 error = nlookup(&nd);
1797 error = priv_check_cred(td->td_ucred, PRIV_VFS_CHROOT, 0);
1801 if ((vp = nch->ncp->nc_vp) == NULL) {
1806 if ((error = cache_vref(nch, nd.nl_cred, &vp)) != 0)
1809 kprintf("chroot_kernel: set new rootnch/rootvnode to %s\n", uap->path);
1811 vfs_cache_setroot(vp, cache_hold(nch));
1821 * Common routine for chroot and chdir. Given a locked, referenced vnode,
1822 * determine whether it is legal to chdir to the vnode. The vnode's state
1823 * is not changed by this call.
1826 checkvp_chdir(struct vnode *vp, struct thread *td)
1830 if (vp->v_type != VDIR)
1833 error = VOP_EACCESS(vp, VEXEC, td->td_ucred);
1838 kern_open(struct nlookupdata *nd, int oflags, int mode, int *res)
1840 struct thread *td = curthread;
1841 struct proc *p = td->td_proc;
1842 struct lwp *lp = td->td_lwp;
1843 struct filedesc *fdp = p->p_fd;
1848 int type, indx, error = 0;
1851 if ((oflags & O_ACCMODE) == O_ACCMODE)
1853 flags = FFLAGS(oflags);
1854 error = falloc(lp, &nfp, NULL);
1858 cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
1861 * XXX p_dupfd is a real mess. It allows a device to return a
1862 * file descriptor to be duplicated rather then doing the open
1868 * Call vn_open() to do the lookup and assign the vnode to the
1869 * file pointer. vn_open() does not change the ref count on fp
1870 * and the vnode, on success, will be inherited by the file pointer
1873 nd->nl_flags |= NLC_LOCKVP;
1874 error = vn_open(nd, fp, flags, cmode);
1878 * handle special fdopen() case. bleh. dupfdopen() is
1879 * responsible for dropping the old contents of ofiles[indx]
1882 * Note that fsetfd() will add a ref to fp which represents
1883 * the fd_files[] assignment. We must still drop our
1886 if ((error == ENODEV || error == ENXIO) && lp->lwp_dupfd >= 0) {
1887 if (fdalloc(p, 0, &indx) == 0) {
1888 error = dupfdopen(fdp, indx, lp->lwp_dupfd, flags, error);
1891 fdrop(fp); /* our ref */
1894 fsetfd(fdp, NULL, indx);
1897 fdrop(fp); /* our ref */
1898 if (error == ERESTART)
1904 * ref the vnode for ourselves so it can't be ripped out from under
1905 * is. XXX need an ND flag to request that the vnode be returned
1908 * Reserve a file descriptor but do not assign it until the open
1911 vp = (struct vnode *)fp->f_data;
1913 if ((error = fdalloc(p, 0, &indx)) != 0) {
1920 * If no error occurs the vp will have been assigned to the file
1925 if (flags & (O_EXLOCK | O_SHLOCK)) {
1926 lf.l_whence = SEEK_SET;
1929 if (flags & O_EXLOCK)
1930 lf.l_type = F_WRLCK;
1932 lf.l_type = F_RDLCK;
1933 if (flags & FNONBLOCK)
1938 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
1940 * lock request failed. Clean up the reserved
1944 fsetfd(fdp, NULL, indx);
1948 fp->f_flag |= FHASLOCK;
1952 * Assert that all regular file vnodes were created with a object.
1954 KASSERT(vp->v_type != VREG || vp->v_object != NULL,
1955 ("open: regular file has no backing object after vn_open"));
1961 * release our private reference, leaving the one associated with the
1962 * descriptor table intact.
1964 fsetfd(fdp, fp, indx);
1967 if (oflags & O_CLOEXEC)
1968 error = fsetfdflags(fdp, *res, UF_EXCLOSE);
1973 * open_args(char *path, int flags, int mode)
1975 * Check permissions, allocate an open file structure,
1976 * and call the device open routine if any.
1979 sys_open(struct open_args *uap)
1981 struct nlookupdata nd;
1984 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
1986 error = kern_open(&nd, uap->flags,
1987 uap->mode, &uap->sysmsg_result);
1994 * openat_args(int fd, char *path, int flags, int mode)
1997 sys_openat(struct openat_args *uap)
1999 struct nlookupdata nd;
2003 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2005 error = kern_open(&nd, uap->flags, uap->mode,
2006 &uap->sysmsg_result);
2008 nlookup_done_at(&nd, fp);
2013 kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
2015 struct thread *td = curthread;
2016 struct proc *p = td->td_proc;
2025 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2026 vattr.va_rmajor = rmajor;
2027 vattr.va_rminor = rminor;
2029 switch (mode & S_IFMT) {
2030 case S_IFMT: /* used by badsect to flag bad sectors */
2031 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_BAD, 0);
2032 vattr.va_type = VBAD;
2035 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2036 vattr.va_type = VCHR;
2039 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
2040 vattr.va_type = VBLK;
2043 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_WHT, 0);
2046 case S_IFDIR: /* special directories support for HAMMER */
2047 error = priv_check_cred(td->td_ucred, PRIV_VFS_MKNOD_DIR, 0);
2048 vattr.va_type = VDIR;
2059 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2060 if ((error = nlookup(nd)) != 0)
2062 if (nd->nl_nch.ncp->nc_vp)
2064 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2068 error = VOP_NWHITEOUT(&nd->nl_nch, nd->nl_dvp,
2069 nd->nl_cred, NAMEI_CREATE);
2072 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp,
2073 &vp, nd->nl_cred, &vattr);
2081 * mknod_args(char *path, int mode, int dev)
2083 * Create a special file.
2086 sys_mknod(struct mknod_args *uap)
2088 struct nlookupdata nd;
2091 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2093 error = kern_mknod(&nd, uap->mode,
2094 umajor(uap->dev), uminor(uap->dev));
2101 * mknodat_args(int fd, char *path, mode_t mode, dev_t dev)
2103 * Create a special file. The path is relative to the directory associated
2107 sys_mknodat(struct mknodat_args *uap)
2109 struct nlookupdata nd;
2113 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2115 error = kern_mknod(&nd, uap->mode,
2116 umajor(uap->dev), uminor(uap->dev));
2118 nlookup_done_at(&nd, fp);
2123 kern_mkfifo(struct nlookupdata *nd, int mode)
2125 struct thread *td = curthread;
2126 struct proc *p = td->td_proc;
2133 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2134 if ((error = nlookup(nd)) != 0)
2136 if (nd->nl_nch.ncp->nc_vp)
2138 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2142 vattr.va_type = VFIFO;
2143 vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask;
2145 error = VOP_NMKNOD(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, &vattr);
2152 * mkfifo_args(char *path, int mode)
2154 * Create a named pipe.
2157 sys_mkfifo(struct mkfifo_args *uap)
2159 struct nlookupdata nd;
2162 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2164 error = kern_mkfifo(&nd, uap->mode);
2170 * mkfifoat_args(int fd, char *path, mode_t mode)
2172 * Create a named pipe. The path is relative to the directory associated
2176 sys_mkfifoat(struct mkfifoat_args *uap)
2178 struct nlookupdata nd;
2182 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2184 error = kern_mkfifo(&nd, uap->mode);
2185 nlookup_done_at(&nd, fp);
2189 static int hardlink_check_uid = 0;
2190 SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
2191 &hardlink_check_uid, 0,
2192 "Unprivileged processes cannot create hard links to files owned by other "
2194 static int hardlink_check_gid = 0;
2195 SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
2196 &hardlink_check_gid, 0,
2197 "Unprivileged processes cannot create hard links to files owned by other "
2201 can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
2207 * Shortcut if disabled
2209 if (hardlink_check_uid == 0 && hardlink_check_gid == 0)
2213 * Privileged user can always hardlink
2215 if (priv_check_cred(cred, PRIV_VFS_LINK, 0) == 0)
2219 * Otherwise only if the originating file is owned by the
2220 * same user or group. Note that any group is allowed if
2221 * the file is owned by the caller.
2223 error = VOP_GETATTR(vp, &va);
2227 if (hardlink_check_uid) {
2228 if (cred->cr_uid != va.va_uid)
2232 if (hardlink_check_gid) {
2233 if (cred->cr_uid != va.va_uid && !groupmember(va.va_gid, cred))
2241 kern_link(struct nlookupdata *nd, struct nlookupdata *linknd)
2243 struct thread *td = curthread;
2248 * Lookup the source and obtained a locked vnode.
2250 * You may only hardlink a file which you have write permission
2251 * on or which you own.
2253 * XXX relookup on vget failure / race ?
2256 nd->nl_flags |= NLC_WRITE | NLC_OWN | NLC_HLINK;
2257 if ((error = nlookup(nd)) != 0)
2259 vp = nd->nl_nch.ncp->nc_vp;
2260 KKASSERT(vp != NULL);
2261 if (vp->v_type == VDIR)
2262 return (EPERM); /* POSIX */
2263 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2265 if ((error = vget(vp, LK_EXCLUSIVE)) != 0)
2269 * Unlock the source so we can lookup the target without deadlocking
2270 * (XXX vp is locked already, possible other deadlock?). The target
2273 KKASSERT(nd->nl_flags & NLC_NCPISLOCKED);
2274 nd->nl_flags &= ~NLC_NCPISLOCKED;
2275 cache_unlock(&nd->nl_nch);
2278 linknd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2279 if ((error = nlookup(linknd)) != 0) {
2283 if (linknd->nl_nch.ncp->nc_vp) {
2287 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
2293 * Finally run the new API VOP.
2295 error = can_hardlink(vp, td, td->td_ucred);
2297 error = VOP_NLINK(&linknd->nl_nch, linknd->nl_dvp,
2298 vp, linknd->nl_cred);
2305 * link_args(char *path, char *link)
2307 * Make a hard file link.
2310 sys_link(struct link_args *uap)
2312 struct nlookupdata nd, linknd;
2315 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2317 error = nlookup_init(&linknd, uap->link, UIO_USERSPACE, 0);
2319 error = kern_link(&nd, &linknd);
2320 nlookup_done(&linknd);
2327 * linkat_args(int fd1, char *path1, int fd2, char *path2, int flags)
2329 * Make a hard file link. The path1 argument is relative to the directory
2330 * associated with fd1, and similarly the path2 argument is relative to
2331 * the directory associated with fd2.
2334 sys_linkat(struct linkat_args *uap)
2336 struct nlookupdata nd, linknd;
2337 struct file *fp1, *fp2;
2340 error = nlookup_init_at(&nd, &fp1, uap->fd1, uap->path1, UIO_USERSPACE,
2341 (uap->flags & AT_SYMLINK_FOLLOW) ? NLC_FOLLOW : 0);
2343 error = nlookup_init_at(&linknd, &fp2, uap->fd2,
2344 uap->path2, UIO_USERSPACE, 0);
2346 error = kern_link(&nd, &linknd);
2347 nlookup_done_at(&linknd, fp2);
2349 nlookup_done_at(&nd, fp1);
2354 kern_symlink(struct nlookupdata *nd, char *path, int mode)
2362 nd->nl_flags |= NLC_CREATE | NLC_REFDVP;
2363 if ((error = nlookup(nd)) != 0)
2365 if (nd->nl_nch.ncp->nc_vp)
2367 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2371 vattr.va_mode = mode;
2372 error = VOP_NSYMLINK(&nd->nl_nch, dvp, &vp, nd->nl_cred, &vattr, path);
2379 * symlink(char *path, char *link)
2381 * Make a symbolic link.
2384 sys_symlink(struct symlink_args *uap)
2386 struct thread *td = curthread;
2387 struct nlookupdata nd;
2392 path = objcache_get(namei_oc, M_WAITOK);
2393 error = copyinstr(uap->path, path, MAXPATHLEN, NULL);
2395 error = nlookup_init(&nd, uap->link, UIO_USERSPACE, 0);
2397 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2398 error = kern_symlink(&nd, path, mode);
2402 objcache_put(namei_oc, path);
2407 * symlinkat_args(char *path1, int fd, char *path2)
2409 * Make a symbolic link. The path2 argument is relative to the directory
2410 * associated with fd.
2413 sys_symlinkat(struct symlinkat_args *uap)
2415 struct thread *td = curthread;
2416 struct nlookupdata nd;
2422 path1 = objcache_get(namei_oc, M_WAITOK);
2423 error = copyinstr(uap->path1, path1, MAXPATHLEN, NULL);
2425 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path2,
2428 mode = ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask;
2429 error = kern_symlink(&nd, path1, mode);
2431 nlookup_done_at(&nd, fp);
2433 objcache_put(namei_oc, path1);
2438 * undelete_args(char *path)
2440 * Delete a whiteout from the filesystem.
2443 sys_undelete(struct undelete_args *uap)
2445 struct nlookupdata nd;
2448 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2450 nd.nl_flags |= NLC_DELETE | NLC_REFDVP;
2452 error = nlookup(&nd);
2454 error = ncp_writechk(&nd.nl_nch);
2456 error = VOP_NWHITEOUT(&nd.nl_nch, nd.nl_dvp, nd.nl_cred,
2464 kern_unlink(struct nlookupdata *nd)
2469 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
2470 if ((error = nlookup(nd)) != 0)
2472 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
2474 error = VOP_NREMOVE(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
2479 * unlink_args(char *path)
2481 * Delete a name from the filesystem.
2484 sys_unlink(struct unlink_args *uap)
2486 struct nlookupdata nd;
2489 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2491 error = kern_unlink(&nd);
2498 * unlinkat_args(int fd, char *path, int flags)
2500 * Delete the file or directory entry pointed to by fd/path.
2503 sys_unlinkat(struct unlinkat_args *uap)
2505 struct nlookupdata nd;
2509 if (uap->flags & ~AT_REMOVEDIR)
2512 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2514 if (uap->flags & AT_REMOVEDIR)
2515 error = kern_rmdir(&nd);
2517 error = kern_unlink(&nd);
2519 nlookup_done_at(&nd, fp);
2524 kern_lseek(int fd, off_t offset, int whence, off_t *res)
2526 struct thread *td = curthread;
2527 struct proc *p = td->td_proc;
2534 fp = holdfp(p->p_fd, fd, -1);
2537 if (fp->f_type != DTYPE_VNODE) {
2541 vp = (struct vnode *)fp->f_data;
2545 spin_lock(&fp->f_spin);
2546 new_offset = fp->f_offset + offset;
2550 error = VOP_GETATTR(vp, &vattr);
2551 spin_lock(&fp->f_spin);
2552 new_offset = offset + vattr.va_size;
2555 new_offset = offset;
2557 spin_lock(&fp->f_spin);
2562 spin_lock(&fp->f_spin);
2567 * Validate the seek position. Negative offsets are not allowed
2568 * for regular files or directories.
2570 * Normally we would also not want to allow negative offsets for
2571 * character and block-special devices. However kvm addresses
2572 * on 64 bit architectures might appear to be negative and must
2576 if (new_offset < 0 &&
2577 (vp->v_type == VREG || vp->v_type == VDIR)) {
2580 fp->f_offset = new_offset;
2583 *res = fp->f_offset;
2584 spin_unlock(&fp->f_spin);
2591 * lseek_args(int fd, int pad, off_t offset, int whence)
2593 * Reposition read/write file offset.
2596 sys_lseek(struct lseek_args *uap)
2600 error = kern_lseek(uap->fd, uap->offset, uap->whence,
2601 &uap->sysmsg_offset);
2607 * Check if current process can access given file. amode is a bitmask of *_OK
2608 * access bits. flags is a bitmask of AT_* flags.
2611 kern_access(struct nlookupdata *nd, int amode, int flags)
2616 if (flags & ~AT_EACCESS)
2618 if ((error = nlookup(nd)) != 0)
2621 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2625 /* Flags == 0 means only check for existence. */
2634 if ((mode & VWRITE) == 0 ||
2635 (error = vn_writechk(vp, &nd->nl_nch)) == 0)
2636 error = VOP_ACCESS_FLAGS(vp, mode, flags, nd->nl_cred);
2639 * If the file handle is stale we have to re-resolve the
2640 * entry. This is a hack at the moment.
2642 if (error == ESTALE) {
2644 cache_setunresolved(&nd->nl_nch);
2645 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2658 * access_args(char *path, int flags)
2660 * Check access permissions.
2663 sys_access(struct access_args *uap)
2665 struct nlookupdata nd;
2668 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2670 error = kern_access(&nd, uap->flags, 0);
2677 * eaccess_args(char *path, int flags)
2679 * Check access permissions.
2682 sys_eaccess(struct eaccess_args *uap)
2684 struct nlookupdata nd;
2687 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2689 error = kern_access(&nd, uap->flags, AT_EACCESS);
2696 * faccessat_args(int fd, char *path, int amode, int flags)
2698 * Check access permissions.
2701 sys_faccessat(struct faccessat_args *uap)
2703 struct nlookupdata nd;
2707 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE,
2710 error = kern_access(&nd, uap->amode, uap->flags);
2711 nlookup_done_at(&nd, fp);
2717 kern_stat(struct nlookupdata *nd, struct stat *st)
2722 if ((error = nlookup(nd)) != 0)
2725 if ((vp = nd->nl_nch.ncp->nc_vp) == NULL)
2728 if ((error = vget(vp, LK_SHARED)) != 0)
2730 error = vn_stat(vp, st, nd->nl_cred);
2733 * If the file handle is stale we have to re-resolve the entry. This
2734 * is a hack at the moment.
2736 if (error == ESTALE) {
2738 cache_setunresolved(&nd->nl_nch);
2739 error = cache_resolve(&nd->nl_nch, nd->nl_cred);
2749 * stat_args(char *path, struct stat *ub)
2751 * Get file status; this version follows links.
2754 sys_stat(struct stat_args *uap)
2756 struct nlookupdata nd;
2760 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2762 error = kern_stat(&nd, &st);
2764 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2771 * lstat_args(char *path, struct stat *ub)
2773 * Get file status; this version does not follow links.
2776 sys_lstat(struct lstat_args *uap)
2778 struct nlookupdata nd;
2782 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2784 error = kern_stat(&nd, &st);
2786 error = copyout(&st, uap->ub, sizeof(*uap->ub));
2793 * fstatat_args(int fd, char *path, struct stat *sb, int flags)
2795 * Get status of file pointed to by fd/path.
2798 sys_fstatat(struct fstatat_args *uap)
2800 struct nlookupdata nd;
2806 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
2809 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
2811 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
2812 UIO_USERSPACE, flags);
2814 error = kern_stat(&nd, &st);
2816 error = copyout(&st, uap->sb, sizeof(*uap->sb));
2818 nlookup_done_at(&nd, fp);
2823 * pathconf_Args(char *path, int name)
2825 * Get configurable pathname variables.
2828 sys_pathconf(struct pathconf_args *uap)
2830 struct nlookupdata nd;
2835 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2837 error = nlookup(&nd);
2839 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
2842 error = VOP_PATHCONF(vp, uap->name, &uap->sysmsg_reg);
2850 * kern_readlink isn't properly split yet. There is a copyin burried
2851 * in VOP_READLINK().
2854 kern_readlink(struct nlookupdata *nd, char *buf, int count, int *res)
2856 struct thread *td = curthread;
2862 if ((error = nlookup(nd)) != 0)
2864 error = cache_vget(&nd->nl_nch, nd->nl_cred, LK_EXCLUSIVE, &vp);
2867 if (vp->v_type != VLNK) {
2870 aiov.iov_base = buf;
2871 aiov.iov_len = count;
2872 auio.uio_iov = &aiov;
2873 auio.uio_iovcnt = 1;
2874 auio.uio_offset = 0;
2875 auio.uio_rw = UIO_READ;
2876 auio.uio_segflg = UIO_USERSPACE;
2878 auio.uio_resid = count;
2879 error = VOP_READLINK(vp, &auio, td->td_ucred);
2882 *res = count - auio.uio_resid;
2887 * readlink_args(char *path, char *buf, int count)
2889 * Return target name of a symbolic link.
2892 sys_readlink(struct readlink_args *uap)
2894 struct nlookupdata nd;
2897 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
2899 error = kern_readlink(&nd, uap->buf, uap->count,
2900 &uap->sysmsg_result);
2907 * readlinkat_args(int fd, char *path, char *buf, size_t bufsize)
2909 * Return target name of a symbolic link. The path is relative to the
2910 * directory associated with fd.
2913 sys_readlinkat(struct readlinkat_args *uap)
2915 struct nlookupdata nd;
2919 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
2921 error = kern_readlink(&nd, uap->buf, uap->bufsize,
2922 &uap->sysmsg_result);
2924 nlookup_done_at(&nd, fp);
2929 setfflags(struct vnode *vp, int flags)
2931 struct thread *td = curthread;
2936 * Prevent non-root users from setting flags on devices. When
2937 * a device is reused, users can retain ownership of the device
2938 * if they are allowed to set flags and programs assume that
2939 * chown can't fail when done as root.
2941 if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
2942 ((error = priv_check_cred(td->td_ucred, PRIV_VFS_CHFLAGS_DEV, 0)) != 0))
2946 * note: vget is required for any operation that might mod the vnode
2947 * so VINACTIVE is properly cleared.
2949 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
2951 vattr.va_flags = flags;
2952 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2959 * chflags(char *path, int flags)
2961 * Change flags of a file given a path name.
2964 sys_chflags(struct chflags_args *uap)
2966 struct nlookupdata nd;
2971 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
2973 error = nlookup(&nd);
2975 error = ncp_writechk(&nd.nl_nch);
2977 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
2980 error = setfflags(vp, uap->flags);
2987 * lchflags(char *path, int flags)
2989 * Change flags of a file given a path name, but don't follow symlinks.
2992 sys_lchflags(struct lchflags_args *uap)
2994 struct nlookupdata nd;
2999 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3001 error = nlookup(&nd);
3003 error = ncp_writechk(&nd.nl_nch);
3005 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
3008 error = setfflags(vp, uap->flags);
3015 * fchflags_args(int fd, int flags)
3017 * Change flags of a file given a file descriptor.
3020 sys_fchflags(struct fchflags_args *uap)
3022 struct thread *td = curthread;
3023 struct proc *p = td->td_proc;
3027 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3029 if (fp->f_nchandle.ncp)
3030 error = ncp_writechk(&fp->f_nchandle);
3032 error = setfflags((struct vnode *) fp->f_data, uap->flags);
3038 setfmode(struct vnode *vp, int mode)
3040 struct thread *td = curthread;
3045 * note: vget is required for any operation that might mod the vnode
3046 * so VINACTIVE is properly cleared.
3048 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3050 vattr.va_mode = mode & ALLPERMS;
3051 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3058 kern_chmod(struct nlookupdata *nd, int mode)
3063 if ((error = nlookup(nd)) != 0)
3065 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3067 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3068 error = setfmode(vp, mode);
3074 * chmod_args(char *path, int mode)
3076 * Change mode of a file given path name.
3079 sys_chmod(struct chmod_args *uap)
3081 struct nlookupdata nd;
3084 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3086 error = kern_chmod(&nd, uap->mode);
3092 * lchmod_args(char *path, int mode)
3094 * Change mode of a file given path name (don't follow links.)
3097 sys_lchmod(struct lchmod_args *uap)
3099 struct nlookupdata nd;
3102 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3104 error = kern_chmod(&nd, uap->mode);
3110 * fchmod_args(int fd, int mode)
3112 * Change mode of a file given a file descriptor.
3115 sys_fchmod(struct fchmod_args *uap)
3117 struct thread *td = curthread;
3118 struct proc *p = td->td_proc;
3122 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3124 if (fp->f_nchandle.ncp)
3125 error = ncp_writechk(&fp->f_nchandle);
3127 error = setfmode((struct vnode *)fp->f_data, uap->mode);
3133 * fchmodat_args(char *path, int mode)
3135 * Change mode of a file pointed to by fd/path.
3138 sys_fchmodat(struct fchmodat_args *uap)
3140 struct nlookupdata nd;
3145 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3147 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3149 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3150 UIO_USERSPACE, flags);
3152 error = kern_chmod(&nd, uap->mode);
3153 nlookup_done_at(&nd, fp);
3158 setfown(struct mount *mp, struct vnode *vp, uid_t uid, gid_t gid)
3160 struct thread *td = curthread;
3168 * note: vget is required for any operation that might mod the vnode
3169 * so VINACTIVE is properly cleared.
3171 if ((error = vget(vp, LK_EXCLUSIVE)) == 0) {
3172 if ((error = VOP_GETATTR(vp, &vattr)) != 0)
3174 o_uid = vattr.va_uid;
3175 o_gid = vattr.va_gid;
3176 size = vattr.va_size;
3181 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3190 VFS_ACCOUNT(mp, o_uid, o_gid, -size);
3191 VFS_ACCOUNT(mp, uid, gid, size);
3198 kern_chown(struct nlookupdata *nd, int uid, int gid)
3203 if ((error = nlookup(nd)) != 0)
3205 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3207 if ((error = ncp_writechk(&nd->nl_nch)) == 0)
3208 error = setfown(nd->nl_nch.mount, vp, uid, gid);
3214 * chown(char *path, int uid, int gid)
3216 * Set ownership given a path name.
3219 sys_chown(struct chown_args *uap)
3221 struct nlookupdata nd;
3224 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3226 error = kern_chown(&nd, uap->uid, uap->gid);
3232 * lchown_args(char *path, int uid, int gid)
3234 * Set ownership given a path name, do not cross symlinks.
3237 sys_lchown(struct lchown_args *uap)
3239 struct nlookupdata nd;
3242 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3244 error = kern_chown(&nd, uap->uid, uap->gid);
3250 * fchown_args(int fd, int uid, int gid)
3252 * Set ownership given a file descriptor.
3255 sys_fchown(struct fchown_args *uap)
3257 struct thread *td = curthread;
3258 struct proc *p = td->td_proc;
3262 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3264 if (fp->f_nchandle.ncp)
3265 error = ncp_writechk(&fp->f_nchandle);
3267 error = setfown(p->p_fd->fd_ncdir.mount,
3268 (struct vnode *)fp->f_data, uap->uid, uap->gid);
3274 * fchownat(int fd, char *path, int uid, int gid, int flags)
3276 * Set ownership of file pointed to by fd/path.
3279 sys_fchownat(struct fchownat_args *uap)
3281 struct nlookupdata nd;
3286 if (uap->flags & ~AT_SYMLINK_NOFOLLOW)
3288 flags = (uap->flags & AT_SYMLINK_NOFOLLOW) ? 0 : NLC_FOLLOW;
3290 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path,
3291 UIO_USERSPACE, flags);
3293 error = kern_chown(&nd, uap->uid, uap->gid);
3294 nlookup_done_at(&nd, fp);
3300 getutimes(const struct timeval *tvp, struct timespec *tsp)
3302 struct timeval tv[2];
3306 TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
3309 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3310 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3316 setutimes(struct vnode *vp, struct vattr *vattr,
3317 const struct timespec *ts, int nullflag)
3319 struct thread *td = curthread;
3323 vattr->va_atime = ts[0];
3324 vattr->va_mtime = ts[1];
3326 vattr->va_vaflags |= VA_UTIMES_NULL;
3327 error = VOP_SETATTR(vp, vattr, td->td_ucred);
3333 kern_utimes(struct nlookupdata *nd, struct timeval *tptr)
3335 struct timespec ts[2];
3340 if ((error = getutimes(tptr, ts)) != 0)
3344 * NOTE: utimes() succeeds for the owner even if the file
3345 * is not user-writable.
3347 nd->nl_flags |= NLC_OWN | NLC_WRITE;
3349 if ((error = nlookup(nd)) != 0)
3351 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3353 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3357 * note: vget is required for any operation that might mod the vnode
3358 * so VINACTIVE is properly cleared.
3360 if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3361 error = vget(vp, LK_EXCLUSIVE);
3363 error = setutimes(vp, &vattr, ts, (tptr == NULL));
3372 * utimes_args(char *path, struct timeval *tptr)
3374 * Set the access and modification times of a file.
3377 sys_utimes(struct utimes_args *uap)
3379 struct timeval tv[2];
3380 struct nlookupdata nd;
3384 error = copyin(uap->tptr, tv, sizeof(tv));
3388 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3390 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3396 * lutimes_args(char *path, struct timeval *tptr)
3398 * Set the access and modification times of a file.
3401 sys_lutimes(struct lutimes_args *uap)
3403 struct timeval tv[2];
3404 struct nlookupdata nd;
3408 error = copyin(uap->tptr, tv, sizeof(tv));
3412 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3414 error = kern_utimes(&nd, uap->tptr ? tv : NULL);
3420 * Set utimes on a file descriptor. The creds used to open the
3421 * file are used to determine whether the operation is allowed
3425 kern_futimes(int fd, struct timeval *tptr)
3427 struct thread *td = curthread;
3428 struct proc *p = td->td_proc;
3429 struct timespec ts[2];
3435 error = getutimes(tptr, ts);
3438 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3440 if (fp->f_nchandle.ncp)
3441 error = ncp_writechk(&fp->f_nchandle);
3444 error = vget(vp, LK_EXCLUSIVE);
3446 error = VOP_GETATTR(vp, &vattr);
3448 error = naccess_va(&vattr, NLC_OWN | NLC_WRITE,
3452 error = setutimes(vp, &vattr, ts,
3463 * futimes_args(int fd, struct timeval *tptr)
3465 * Set the access and modification times of a file.
3468 sys_futimes(struct futimes_args *uap)
3470 struct timeval tv[2];
3474 error = copyin(uap->tptr, tv, sizeof(tv));
3478 error = kern_futimes(uap->fd, uap->tptr ? tv : NULL);
3484 kern_truncate(struct nlookupdata *nd, off_t length)
3491 uint64_t old_size = 0;
3495 nd->nl_flags |= NLC_WRITE | NLC_TRUNCATE;
3496 if ((error = nlookup(nd)) != 0)
3498 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3500 if ((error = cache_vref(&nd->nl_nch, nd->nl_cred, &vp)) != 0)
3502 if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY)) != 0) {
3506 if (vp->v_type == VDIR) {
3510 if (vfs_quota_enabled) {
3511 error = VOP_GETATTR(vp, &vattr);
3512 KASSERT(error == 0, ("kern_truncate(): VOP_GETATTR didn't return 0"));
3515 old_size = vattr.va_size;
3518 if ((error = vn_writechk(vp, &nd->nl_nch)) == 0) {
3520 vattr.va_size = length;
3521 error = VOP_SETATTR(vp, &vattr, nd->nl_cred);
3522 VFS_ACCOUNT(nd->nl_nch.mount, uid, gid, length - old_size);
3530 * truncate(char *path, int pad, off_t length)
3532 * Truncate a file given its path name.
3535 sys_truncate(struct truncate_args *uap)
3537 struct nlookupdata nd;
3540 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
3542 error = kern_truncate(&nd, uap->length);
3548 kern_ftruncate(int fd, off_t length)
3550 struct thread *td = curthread;
3551 struct proc *p = td->td_proc;
3558 uint64_t old_size = 0;
3563 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
3565 if (fp->f_nchandle.ncp) {
3566 error = ncp_writechk(&fp->f_nchandle);
3570 if ((fp->f_flag & FWRITE) == 0) {
3574 if (fp->f_flag & FAPPENDONLY) { /* inode was set s/uapnd */
3578 vp = (struct vnode *)fp->f_data;
3579 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3580 if (vp->v_type == VDIR) {
3585 if (vfs_quota_enabled) {
3586 error = VOP_GETATTR(vp, &vattr);
3587 KASSERT(error == 0, ("kern_ftruncate(): VOP_GETATTR didn't return 0"));
3590 old_size = vattr.va_size;
3593 if ((error = vn_writechk(vp, NULL)) == 0) {
3595 vattr.va_size = length;
3596 error = VOP_SETATTR(vp, &vattr, fp->f_cred);
3598 VFS_ACCOUNT(mp, uid, gid, length - old_size);
3607 * ftruncate_args(int fd, int pad, off_t length)
3609 * Truncate a file given a file descriptor.
3612 sys_ftruncate(struct ftruncate_args *uap)
3616 error = kern_ftruncate(uap->fd, uap->length);
3624 * Sync an open file.
3627 sys_fsync(struct fsync_args *uap)
3629 struct thread *td = curthread;
3630 struct proc *p = td->td_proc;
3636 if ((error = holdvnode(p->p_fd, uap->fd, &fp)) != 0)
3638 vp = (struct vnode *)fp->f_data;
3639 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3640 if ((obj = vp->v_object) != NULL)
3641 vm_object_page_clean(obj, 0, 0, 0);
3642 error = VOP_FSYNC(vp, MNT_WAIT, VOP_FSYNC_SYSCALL);
3643 if (error == 0 && vp->v_mount)
3644 error = buf_fsync(vp);
3652 kern_rename(struct nlookupdata *fromnd, struct nlookupdata *tond)
3654 struct nchandle fnchd;
3655 struct nchandle tnchd;
3656 struct namecache *ncp;
3663 fromnd->nl_flags |= NLC_REFDVP | NLC_RENAME_SRC;
3664 if ((error = nlookup(fromnd)) != 0)
3666 if ((fnchd.ncp = fromnd->nl_nch.ncp->nc_parent) == NULL)
3668 fnchd.mount = fromnd->nl_nch.mount;
3672 * unlock the source nch so we can lookup the target nch without
3673 * deadlocking. The target may or may not exist so we do not check
3674 * for a target vp like kern_mkdir() and other creation functions do.
3676 * The source and target directories are ref'd and rechecked after
3677 * everything is relocked to determine if the source or target file
3680 KKASSERT(fromnd->nl_flags & NLC_NCPISLOCKED);
3681 fromnd->nl_flags &= ~NLC_NCPISLOCKED;
3682 cache_unlock(&fromnd->nl_nch);
3684 tond->nl_flags |= NLC_RENAME_DST | NLC_REFDVP;
3685 if ((error = nlookup(tond)) != 0) {
3689 if ((tnchd.ncp = tond->nl_nch.ncp->nc_parent) == NULL) {
3693 tnchd.mount = tond->nl_nch.mount;
3697 * If the source and target are the same there is nothing to do
3699 if (fromnd->nl_nch.ncp == tond->nl_nch.ncp) {
3706 * Mount points cannot be renamed or overwritten
3708 if ((fromnd->nl_nch.ncp->nc_flag | tond->nl_nch.ncp->nc_flag) &
3717 * Relock the source ncp. cache_relock() will deal with any
3718 * deadlocks against the already-locked tond and will also
3719 * make sure both are resolved.
3721 * NOTE AFTER RELOCKING: The source or target ncp may have become
3722 * invalid while they were unlocked, nc_vp and nc_mount could
3725 cache_relock(&fromnd->nl_nch, fromnd->nl_cred,
3726 &tond->nl_nch, tond->nl_cred);
3727 fromnd->nl_flags |= NLC_NCPISLOCKED;
3730 * If either fromnd or tond are marked destroyed a ripout occured
3731 * out from under us and we must retry.
3733 if ((fromnd->nl_nch.ncp->nc_flag & (NCF_DESTROYED | NCF_UNRESOLVED)) ||
3734 fromnd->nl_nch.ncp->nc_vp == NULL ||
3735 (tond->nl_nch.ncp->nc_flag & NCF_DESTROYED)) {
3736 kprintf("kern_rename: retry due to ripout on: "
3737 "\"%s\" -> \"%s\"\n",
3738 fromnd->nl_nch.ncp->nc_name,
3739 tond->nl_nch.ncp->nc_name);
3746 * make sure the parent directories linkages are the same
3748 if (fnchd.ncp != fromnd->nl_nch.ncp->nc_parent ||
3749 tnchd.ncp != tond->nl_nch.ncp->nc_parent) {
3756 * Both the source and target must be within the same filesystem and
3757 * in the same filesystem as their parent directories within the
3758 * namecache topology.
3760 * NOTE: fromnd's nc_mount or nc_vp could be NULL.
3763 if (mp != tnchd.mount || mp != fromnd->nl_nch.mount ||
3764 mp != tond->nl_nch.mount) {
3771 * Make sure the mount point is writable
3773 if ((error = ncp_writechk(&tond->nl_nch)) != 0) {
3780 * If the target exists and either the source or target is a directory,
3781 * then both must be directories.
3783 * Due to relocking of the source, fromnd->nl_nch.ncp->nc_vp might h
3786 if (tond->nl_nch.ncp->nc_vp) {
3787 if (fromnd->nl_nch.ncp->nc_vp == NULL) {
3789 } else if (fromnd->nl_nch.ncp->nc_vp->v_type == VDIR) {
3790 if (tond->nl_nch.ncp->nc_vp->v_type != VDIR)
3792 } else if (tond->nl_nch.ncp->nc_vp->v_type == VDIR) {
3798 * You cannot rename a source into itself or a subdirectory of itself.
3799 * We check this by travsersing the target directory upwards looking
3800 * for a match against the source.
3805 for (ncp = tnchd.ncp; ncp; ncp = ncp->nc_parent) {
3806 if (fromnd->nl_nch.ncp == ncp) {
3817 * Even though the namespaces are different, they may still represent
3818 * hardlinks to the same file. The filesystem might have a hard time
3819 * with this so we issue a NREMOVE of the source instead of a NRENAME
3820 * when we detect the situation.
3823 fdvp = fromnd->nl_dvp;
3824 tdvp = tond->nl_dvp;
3825 if (fdvp == NULL || tdvp == NULL) {
3827 } else if (fromnd->nl_nch.ncp->nc_vp == tond->nl_nch.ncp->nc_vp) {
3828 error = VOP_NREMOVE(&fromnd->nl_nch, fdvp,
3831 error = VOP_NRENAME(&fromnd->nl_nch, &tond->nl_nch,
3832 fdvp, tdvp, tond->nl_cred);
3839 * rename_args(char *from, char *to)
3841 * Rename files. Source and destination must either both be directories,
3842 * or both not be directories. If target is a directory, it must be empty.
3845 sys_rename(struct rename_args *uap)
3847 struct nlookupdata fromnd, tond;
3851 error = nlookup_init(&fromnd, uap->from, UIO_USERSPACE, 0);
3853 error = nlookup_init(&tond, uap->to, UIO_USERSPACE, 0);
3855 error = kern_rename(&fromnd, &tond);
3856 nlookup_done(&tond);
3858 nlookup_done(&fromnd);
3859 } while (error == EAGAIN);
3864 * renameat_args(int oldfd, char *old, int newfd, char *new)
3866 * Rename files using paths relative to the directories associated with
3867 * oldfd and newfd. Source and destination must either both be directories,
3868 * or both not be directories. If target is a directory, it must be empty.
3871 sys_renameat(struct renameat_args *uap)
3873 struct nlookupdata oldnd, newnd;
3874 struct file *oldfp, *newfp;
3878 error = nlookup_init_at(&oldnd, &oldfp,
3879 uap->oldfd, uap->old,
3882 error = nlookup_init_at(&newnd, &newfp,
3883 uap->newfd, uap->new,
3886 error = kern_rename(&oldnd, &newnd);
3887 nlookup_done_at(&newnd, newfp);
3889 nlookup_done_at(&oldnd, oldfp);
3890 } while (error == EAGAIN);
3895 kern_mkdir(struct nlookupdata *nd, int mode)
3897 struct thread *td = curthread;
3898 struct proc *p = td->td_proc;
3904 nd->nl_flags |= NLC_WILLBEDIR | NLC_CREATE | NLC_REFDVP;
3905 if ((error = nlookup(nd)) != 0)
3908 if (nd->nl_nch.ncp->nc_vp)
3910 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3913 vattr.va_type = VDIR;
3914 vattr.va_mode = (mode & ACCESSPERMS) &~ p->p_fd->fd_cmask;
3917 error = VOP_NMKDIR(&nd->nl_nch, nd->nl_dvp, &vp, td->td_ucred, &vattr);
3924 * mkdir_args(char *path, int mode)
3926 * Make a directory file.
3929 sys_mkdir(struct mkdir_args *uap)
3931 struct nlookupdata nd;
3934 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3936 error = kern_mkdir(&nd, uap->mode);
3942 * mkdirat_args(int fd, char *path, mode_t mode)
3944 * Make a directory file. The path is relative to the directory associated
3948 sys_mkdirat(struct mkdirat_args *uap)
3950 struct nlookupdata nd;
3954 error = nlookup_init_at(&nd, &fp, uap->fd, uap->path, UIO_USERSPACE, 0);
3956 error = kern_mkdir(&nd, uap->mode);
3957 nlookup_done_at(&nd, fp);
3962 kern_rmdir(struct nlookupdata *nd)
3967 nd->nl_flags |= NLC_DELETE | NLC_REFDVP;
3968 if ((error = nlookup(nd)) != 0)
3972 * Do not allow directories representing mount points to be
3973 * deleted, even if empty. Check write perms on mount point
3974 * in case the vnode is aliased (aka nullfs).
3976 if (nd->nl_nch.ncp->nc_flag & (NCF_ISMOUNTPT))
3978 if ((error = ncp_writechk(&nd->nl_nch)) != 0)
3980 error = VOP_NRMDIR(&nd->nl_nch, nd->nl_dvp, nd->nl_cred);
3985 * rmdir_args(char *path)
3987 * Remove a directory file.
3990 sys_rmdir(struct rmdir_args *uap)
3992 struct nlookupdata nd;
3995 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, 0);
3997 error = kern_rmdir(&nd);
4003 kern_getdirentries(int fd, char *buf, u_int count, long *basep, int *res,
4004 enum uio_seg direction)
4006 struct thread *td = curthread;
4007 struct proc *p = td->td_proc;
4015 if ((error = holdvnode(p->p_fd, fd, &fp)) != 0)
4017 if ((fp->f_flag & FREAD) == 0) {
4021 vp = (struct vnode *)fp->f_data;
4023 if (vp->v_type != VDIR) {
4027 aiov.iov_base = buf;
4028 aiov.iov_len = count;
4029 auio.uio_iov = &aiov;
4030 auio.uio_iovcnt = 1;
4031 auio.uio_rw = UIO_READ;
4032 auio.uio_segflg = direction;
4034 auio.uio_resid = count;
4035 loff = auio.uio_offset = fp->f_offset;
4036 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
4037 fp->f_offset = auio.uio_offset;
4040 if (count == auio.uio_resid) {
4041 if (union_dircheckp) {
4042 error = union_dircheckp(td, &vp, fp);
4049 if ((vp->v_flag & VROOT) &&
4050 (vp->v_mount->mnt_flag & MNT_UNION)) {
4051 struct vnode *tvp = vp;
4052 vp = vp->v_mount->mnt_vnodecovered;
4063 * WARNING! *basep may not be wide enough to accomodate the
4064 * seek offset. XXX should we hack this to return the upper 32 bits
4065 * for offsets greater then 4G?
4068 *basep = (long)loff;
4070 *res = count - auio.uio_resid;
4077 * getdirentries_args(int fd, char *buf, u_int conut, long *basep)
4079 * Read a block of directory entries in a file system independent format.
4082 sys_getdirentries(struct getdirentries_args *uap)
4087 error = kern_getdirentries(uap->fd, uap->buf, uap->count, &base,
4088 &uap->sysmsg_result, UIO_USERSPACE);
4090 if (error == 0 && uap->basep)
4091 error = copyout(&base, uap->basep, sizeof(*uap->basep));
4096 * getdents_args(int fd, char *buf, size_t count)
4099 sys_getdents(struct getdents_args *uap)
4103 error = kern_getdirentries(uap->fd, uap->buf, uap->count, NULL,
4104 &uap->sysmsg_result, UIO_USERSPACE);
4110 * Set the mode mask for creation of filesystem nodes.
4112 * umask(int newmask)
4115 sys_umask(struct umask_args *uap)
4117 struct thread *td = curthread;
4118 struct proc *p = td->td_proc;
4119 struct filedesc *fdp;
4122 uap->sysmsg_result = fdp->fd_cmask;
4123 fdp->fd_cmask = uap->newmask & ALLPERMS;
4128 * revoke(char *path)
4130 * Void all references to file by ripping underlying filesystem
4134 sys_revoke(struct revoke_args *uap)
4136 struct nlookupdata nd;
4143 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4145 error = nlookup(&nd);
4147 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4148 cred = crhold(nd.nl_cred);
4152 error = VOP_GETATTR(vp, &vattr);
4153 if (error == 0 && cred->cr_uid != vattr.va_uid)
4154 error = priv_check_cred(cred, PRIV_VFS_REVOKE, 0);
4155 if (error == 0 && (vp->v_type == VCHR || vp->v_type == VBLK)) {
4157 error = vrevoke(vp, cred);
4158 } else if (error == 0) {
4159 error = vrevoke(vp, cred);
4169 * getfh_args(char *fname, fhandle_t *fhp)
4171 * Get (NFS) file handle
4173 * NOTE: We use the fsid of the covering mount, even if it is a nullfs
4174 * mount. This allows nullfs mounts to be explicitly exported.
4176 * WARNING: nullfs mounts of HAMMER PFS ROOTs are safe.
4178 * nullfs mounts of subdirectories are not safe. That is, it will
4179 * work, but you do not really have protection against access to
4180 * the related parent directories.
4183 sys_getfh(struct getfh_args *uap)
4185 struct thread *td = curthread;
4186 struct nlookupdata nd;
4193 * Must be super user
4195 if ((error = priv_check(td, PRIV_ROOT)) != 0)
4199 error = nlookup_init(&nd, uap->fname, UIO_USERSPACE, NLC_FOLLOW);
4201 error = nlookup(&nd);
4203 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4204 mp = nd.nl_nch.mount;
4207 bzero(&fh, sizeof(fh));
4208 fh.fh_fsid = mp->mnt_stat.f_fsid;
4209 error = VFS_VPTOFH(vp, &fh.fh_fid);
4212 error = copyout(&fh, uap->fhp, sizeof(fh));
4218 * fhopen_args(const struct fhandle *u_fhp, int flags)
4220 * syscall for the rpc.lockd to use to translate a NFS file handle into
4221 * an open descriptor.
4223 * warning: do not remove the priv_check() call or this becomes one giant
4227 sys_fhopen(struct fhopen_args *uap)
4229 struct thread *td = curthread;
4230 struct filedesc *fdp = td->td_proc->p_fd;
4235 struct vattr *vap = &vat;
4237 int fmode, mode, error = 0, type;
4243 * Must be super user
4245 error = priv_check(td, PRIV_ROOT);
4249 fmode = FFLAGS(uap->flags);
4252 * Why not allow a non-read/write open for our lockd?
4254 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4256 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4261 * Find the mount point
4263 mp = vfs_getvfs(&fhp.fh_fsid);
4268 /* now give me my vnode, it gets returned to me locked */
4269 error = VFS_FHTOVP(mp, NULL, &fhp.fh_fid, &vp);
4273 * from now on we have to make sure not
4274 * to forget about the vnode
4275 * any error that causes an abort must vput(vp)
4276 * just set error = err and 'goto bad;'.
4282 if (vp->v_type == VLNK) {
4286 if (vp->v_type == VSOCK) {
4291 if (fmode & (FWRITE | O_TRUNC)) {
4292 if (vp->v_type == VDIR) {
4296 error = vn_writechk(vp, NULL);
4304 error = VOP_ACCESS(vp, mode, td->td_ucred);
4308 if (fmode & O_TRUNC) {
4309 vn_unlock(vp); /* XXX */
4310 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
4313 error = VOP_SETATTR(vp, vap, td->td_ucred);
4319 * VOP_OPEN needs the file pointer so it can potentially override
4322 * WARNING! no f_nchandle will be associated when fhopen()ing a
4325 if ((error = falloc(td->td_lwp, &nfp, &indx)) != 0)
4329 error = VOP_OPEN(vp, fmode, td->td_ucred, fp);
4332 * setting f_ops this way prevents VOP_CLOSE from being
4333 * called or fdrop() releasing the vp from v_data. Since
4334 * the VOP_OPEN failed we don't want to VOP_CLOSE.
4336 fp->f_ops = &badfileops;
4342 * The fp is given its own reference, we still have our ref and lock.
4344 * Assert that all regular files must be created with a VM object.
4346 if (vp->v_type == VREG && vp->v_object == NULL) {
4347 kprintf("fhopen: regular file did not have VM object: %p\n", vp);
4352 * The open was successful. Handle any locking requirements.
4354 if (fmode & (O_EXLOCK | O_SHLOCK)) {
4355 lf.l_whence = SEEK_SET;
4358 if (fmode & O_EXLOCK)
4359 lf.l_type = F_WRLCK;
4361 lf.l_type = F_RDLCK;
4362 if (fmode & FNONBLOCK)
4367 if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
4369 * release our private reference.
4371 fsetfd(fdp, NULL, indx);
4376 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4377 fp->f_flag |= FHASLOCK;
4381 * Clean up. Associate the file pointer with the previously
4382 * reserved descriptor and return it.
4385 fsetfd(fdp, fp, indx);
4387 uap->sysmsg_result = indx;
4388 if (uap->flags & O_CLOEXEC)
4389 error = fsetfdflags(fdp, indx, UF_EXCLOSE);
4393 fsetfd(fdp, NULL, indx);
4402 * fhstat_args(struct fhandle *u_fhp, struct stat *sb)
4405 sys_fhstat(struct fhstat_args *uap)
4407 struct thread *td = curthread;
4415 * Must be super user
4417 error = priv_check(td, PRIV_ROOT);
4421 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4425 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
4428 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) == 0) {
4429 error = vn_stat(vp, &sb, td->td_ucred);
4434 error = copyout(&sb, uap->sb, sizeof(sb));
4439 * fhstatfs_args(struct fhandle *u_fhp, struct statfs *buf)
4442 sys_fhstatfs(struct fhstatfs_args *uap)
4444 struct thread *td = curthread;
4445 struct proc *p = td->td_proc;
4450 char *fullpath, *freepath;
4455 * Must be super user
4457 if ((error = priv_check(td, PRIV_ROOT)))
4460 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4463 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4467 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4472 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)) != 0)
4477 if ((error = VFS_STATFS(mp, sp, td->td_ucred)) != 0)
4480 error = mount_path(p, mp, &fullpath, &freepath);
4483 bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
4484 strlcpy(sp->f_mntonname, fullpath, sizeof(sp->f_mntonname));
4485 kfree(freepath, M_TEMP);
4487 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4488 if (priv_check(td, PRIV_ROOT)) {
4489 bcopy(sp, &sb, sizeof(sb));
4490 sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
4493 error = copyout(sp, uap->buf, sizeof(*sp));
4499 * fhstatvfs_args(struct fhandle *u_fhp, struct statvfs *buf)
4502 sys_fhstatvfs(struct fhstatvfs_args *uap)
4504 struct thread *td = curthread;
4505 struct proc *p = td->td_proc;
4513 * Must be super user
4515 if ((error = priv_check(td, PRIV_ROOT)))
4518 if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
4521 if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL) {
4525 if (p != NULL && !chroot_visible_mnt(mp, p)) {
4530 if ((error = VFS_FHTOVP(mp, NULL, &fh.fh_fid, &vp)))
4533 sp = &mp->mnt_vstat;
4535 if ((error = VFS_STATVFS(mp, sp, td->td_ucred)) != 0)
4539 if (mp->mnt_flag & MNT_RDONLY)
4540 sp->f_flag |= ST_RDONLY;
4541 if (mp->mnt_flag & MNT_NOSUID)
4542 sp->f_flag |= ST_NOSUID;
4543 error = copyout(sp, uap->buf, sizeof(*sp));
4550 * Syscall to push extended attribute configuration information into the
4551 * VFS. Accepts a path, which it converts to a mountpoint, as well as
4552 * a command (int cmd), and attribute name and misc data. For now, the
4553 * attribute name is left in userspace for consumption by the VFS_op.
4554 * It will probably be changed to be copied into sysspace by the
4555 * syscall in the future, once issues with various consumers of the
4556 * attribute code have raised their hands.
4558 * Currently this is used only by UFS Extended Attributes.
4561 sys_extattrctl(struct extattrctl_args *uap)
4563 struct nlookupdata nd;
4565 char attrname[EXTATTR_MAXNAMELEN];
4573 if (error == 0 && uap->filename) {
4574 error = nlookup_init(&nd, uap->filename, UIO_USERSPACE,
4577 error = nlookup(&nd);
4579 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp);
4583 if (error == 0 && uap->attrname) {
4584 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
4589 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4591 error = nlookup(&nd);
4593 error = ncp_writechk(&nd.nl_nch);
4595 error = VFS_EXTATTRCTL(nd.nl_nch.mount, uap->cmd, vp,
4597 uap->attrname, nd.nl_cred);
4606 * Syscall to get a named extended attribute on a file or directory.
4609 sys_extattr_set_file(struct extattr_set_file_args *uap)
4611 char attrname[EXTATTR_MAXNAMELEN];
4612 struct nlookupdata nd;
4618 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4624 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4626 error = nlookup(&nd);
4628 error = ncp_writechk(&nd.nl_nch);
4630 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4636 bzero(&auio, sizeof(auio));
4637 aiov.iov_base = uap->data;
4638 aiov.iov_len = uap->nbytes;
4639 auio.uio_iov = &aiov;
4640 auio.uio_iovcnt = 1;
4641 auio.uio_offset = 0;
4642 auio.uio_resid = uap->nbytes;
4643 auio.uio_rw = UIO_WRITE;
4644 auio.uio_td = curthread;
4646 error = VOP_SETEXTATTR(vp, uap->attrnamespace, attrname,
4655 * Syscall to get a named extended attribute on a file or directory.
4658 sys_extattr_get_file(struct extattr_get_file_args *uap)
4660 char attrname[EXTATTR_MAXNAMELEN];
4661 struct nlookupdata nd;
4667 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4673 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4675 error = nlookup(&nd);
4677 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4683 bzero(&auio, sizeof(auio));
4684 aiov.iov_base = uap->data;
4685 aiov.iov_len = uap->nbytes;
4686 auio.uio_iov = &aiov;
4687 auio.uio_iovcnt = 1;
4688 auio.uio_offset = 0;
4689 auio.uio_resid = uap->nbytes;
4690 auio.uio_rw = UIO_READ;
4691 auio.uio_td = curthread;
4693 error = VOP_GETEXTATTR(vp, uap->attrnamespace, attrname,
4695 uap->sysmsg_result = uap->nbytes - auio.uio_resid;
4703 * Syscall to delete a named extended attribute from a file or directory.
4704 * Accepts attribute name. The real work happens in VOP_SETEXTATTR().
4707 sys_extattr_delete_file(struct extattr_delete_file_args *uap)
4709 char attrname[EXTATTR_MAXNAMELEN];
4710 struct nlookupdata nd;
4714 error = copyin(uap->attrname, attrname, EXTATTR_MAXNAMELEN);
4718 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
4720 error = nlookup(&nd);
4722 error = ncp_writechk(&nd.nl_nch);
4724 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
4726 error = VOP_SETEXTATTR(vp, uap->attrnamespace,
4727 attrname, NULL, nd.nl_cred);
4736 * Determine if the mount is visible to the process.
4739 chroot_visible_mnt(struct mount *mp, struct proc *p)
4741 struct nchandle nch;
4744 * Traverse from the mount point upwards. If we hit the process
4745 * root then the mount point is visible to the process.
4747 nch = mp->mnt_ncmountpt;
4749 if (nch.mount == p->p_fd->fd_nrdir.mount &&
4750 nch.ncp == p->p_fd->fd_nrdir.ncp) {
4753 if (nch.ncp == nch.mount->mnt_ncmountpt.ncp) {
4754 nch = nch.mount->mnt_ncmounton;
4756 nch.ncp = nch.ncp->nc_parent;
4761 * If the mount point is not visible to the process, but the
4762 * process root is in a subdirectory of the mount, return
4765 if (p->p_fd->fd_nrdir.mount == mp)