2 * Copyright (c) 1982, 1986, 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)vfs_lookup.c 8.4 (Berkeley) 2/16/94
42 #include "opt_ktrace.h"
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/kernel.h>
48 #include <sys/mutex.h>
49 #include <sys/namei.h>
50 #include <sys/vnode.h>
51 #include <sys/mount.h>
52 #include <sys/filedesc.h>
55 #include <sys/ktrace.h>
58 #include <vm/vm_zone.h>
61 * Allocation zone for namei
66 nameiinit(void *dummy __unused)
68 namei_zone = uma_zcreate("NAMEI", MAXPATHLEN, NULL, NULL, NULL, NULL,
72 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nameiinit, NULL)
75 * Convert a pathname into a pointer to a locked inode.
77 * The FOLLOW flag is set when symbolic links are to be followed
78 * when they occur at the end of the name translation process.
79 * Symbolic links are always followed for all other pathname
80 * components other than the last.
82 * The segflg defines whether the name is to be copied from user
83 * space or kernel space.
85 * Overall outline of namei:
88 * get starting directory
89 * while (!done && !error) {
90 * call lookup to search path.
91 * if symbolic link, massage name in buffer and continue
96 register struct nameidata *ndp;
98 register struct filedesc *fdp; /* pointer to file descriptor state */
99 register char *cp; /* pointer into pathname argument */
100 register struct vnode *dp; /* the directory we are searching */
101 struct iovec aiov; /* uio for reading symbolic links */
104 struct componentname *cnp = &ndp->ni_cnd;
105 struct thread *td = cnp->cn_thread;
106 struct proc *p = td->td_proc;
108 ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_ucred;
109 KASSERT(cnp->cn_cred && p, ("namei: bad cred/proc"));
110 KASSERT((cnp->cn_nameiop & (~OPMASK)) == 0,
111 ("namei: nameiop contaminated with flags"));
112 KASSERT((cnp->cn_flags & OPMASK) == 0,
113 ("namei: flags contaminated with nameiops"));
117 * Get a buffer for the name to be translated, and copy the
118 * name into the buffer.
120 if ((cnp->cn_flags & HASBUF) == 0)
121 cnp->cn_pnbuf = zalloc(namei_zone);
122 if (ndp->ni_segflg == UIO_SYSSPACE)
123 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf,
124 MAXPATHLEN, (size_t *)&ndp->ni_pathlen);
126 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
127 MAXPATHLEN, (size_t *)&ndp->ni_pathlen);
130 * Don't allow empty pathnames.
132 if (!error && *cnp->cn_pnbuf == '\0')
136 zfree(namei_zone, cnp->cn_pnbuf);
142 if (KTRPOINT(p, KTR_NAMEI))
143 ktrnamei(p->p_tracep, cnp->cn_pnbuf);
147 * Get starting point for the translation.
150 ndp->ni_rootdir = fdp->fd_rdir;
151 ndp->ni_topdir = fdp->fd_jdir;
155 FILEDESC_UNLOCK(fdp);
158 * Check if root directory should replace current directory.
159 * Done at start of translation and after symbolic link.
161 cnp->cn_nameptr = cnp->cn_pnbuf;
162 if (*(cnp->cn_nameptr) == '/') {
164 while (*(cnp->cn_nameptr) == '/') {
168 dp = ndp->ni_rootdir;
171 ndp->ni_startdir = dp;
174 zfree(namei_zone, cnp->cn_pnbuf);
178 * Check for symbolic link
180 if ((cnp->cn_flags & ISSYMLINK) == 0) {
181 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0)
182 zfree(namei_zone, cnp->cn_pnbuf);
184 cnp->cn_flags |= HASBUF;
186 if (vn_canvmio(ndp->ni_vp) == TRUE &&
187 (cnp->cn_nameiop != DELETE) &&
188 ((cnp->cn_flags & (NOOBJ|LOCKLEAF)) ==
190 vfs_object_create(ndp->ni_vp, td,
191 ndp->ni_cnd.cn_cred);
195 if ((cnp->cn_flags & LOCKPARENT) && ndp->ni_pathlen == 1)
196 VOP_UNLOCK(ndp->ni_dvp, 0, td);
197 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
201 if (ndp->ni_pathlen > 1)
202 cp = zalloc(namei_zone);
206 aiov.iov_len = MAXPATHLEN;
207 auio.uio_iov = &aiov;
210 auio.uio_rw = UIO_READ;
211 auio.uio_segflg = UIO_SYSSPACE;
212 auio.uio_td = (struct thread *)0;
213 auio.uio_resid = MAXPATHLEN;
214 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred);
216 if (ndp->ni_pathlen > 1)
217 zfree(namei_zone, cp);
220 linklen = MAXPATHLEN - auio.uio_resid;
222 if (ndp->ni_pathlen > 1)
223 zfree(namei_zone, cp);
227 if (linklen + ndp->ni_pathlen >= MAXPATHLEN) {
228 if (ndp->ni_pathlen > 1)
229 zfree(namei_zone, cp);
230 error = ENAMETOOLONG;
233 if (ndp->ni_pathlen > 1) {
234 bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen);
235 zfree(namei_zone, cnp->cn_pnbuf);
238 cnp->cn_pnbuf[linklen] = '\0';
239 ndp->ni_pathlen += linklen;
243 zfree(namei_zone, cnp->cn_pnbuf);
252 * This is a very central and rather complicated routine.
254 * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
255 * The starting directory is taken from ni_startdir. The pathname is
256 * descended until done, or a symbolic link is encountered. The variable
257 * ni_more is clear if the path is completed; it is set to one if a
258 * symbolic link needing interpretation is encountered.
260 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
261 * whether the name is to be looked up, created, renamed, or deleted.
262 * When CREATE, RENAME, or DELETE is specified, information usable in
263 * creating, renaming, or deleting a directory entry may be calculated.
264 * If flag has LOCKPARENT or'ed into it, the parent directory is returned
265 * locked. If flag has WANTPARENT or'ed into it, the parent directory is
266 * returned unlocked. Otherwise the parent directory is not returned. If
267 * the target of the pathname exists and LOCKLEAF is or'ed into the flag
268 * the target is returned locked, otherwise it is returned unlocked.
269 * When creating or renaming and LOCKPARENT is specified, the target may not
270 * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
272 * Overall outline of lookup:
275 * identify next component of name at ndp->ni_ptr
276 * handle degenerate case where name is null string
277 * if .. and crossing mount points and on mounted filesys, find parent
278 * call VOP_LOOKUP routine for next component name
279 * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
280 * component vnode returned in ni_vp (if it exists), locked.
281 * if result vnode is mounted on and crossing mount points,
282 * find mounted on vnode
283 * if more components of name, do next level at dirloop
284 * return the answer in ni_vp, locked if LOCKLEAF set
285 * if LOCKPARENT set, return locked parent in ni_dvp
286 * if WANTPARENT set, return unlocked parent in ni_dvp
290 register struct nameidata *ndp;
292 register char *cp; /* pointer into pathname argument */
293 register struct vnode *dp = 0; /* the directory we are searching */
294 struct vnode *tdp; /* saved dp */
295 struct mount *mp; /* mount table entry */
296 int docache; /* == 0 do not cache last component */
297 int wantparent; /* 1 => wantparent or lockparent flag */
298 int rdonly; /* lookup read-only flag bit */
301 int dpunlocked = 0; /* dp has already been unlocked */
302 struct componentname *cnp = &ndp->ni_cnd;
303 struct thread *td = cnp->cn_thread;
306 * Setup: break out flag bits into variables.
308 wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
309 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE;
310 if (cnp->cn_nameiop == DELETE ||
311 (wantparent && cnp->cn_nameiop != CREATE &&
312 cnp->cn_nameiop != LOOKUP))
314 rdonly = cnp->cn_flags & RDONLY;
316 cnp->cn_flags &= ~ISSYMLINK;
317 dp = ndp->ni_startdir;
318 ndp->ni_startdir = NULLVP;
319 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
323 * Search a new directory.
325 * The last component of the filename is left accessible via
326 * cnp->cn_nameptr for callers that need the name. Callers needing
327 * the name set the SAVENAME flag. When done, they assume
328 * responsibility for freeing the pathname buffer.
331 for (cp = cnp->cn_nameptr; *cp != 0 && *cp != '/'; cp++)
333 cnp->cn_namelen = cp - cnp->cn_nameptr;
334 if (cnp->cn_namelen > NAME_MAX) {
335 error = ENAMETOOLONG;
338 #ifdef NAMEI_DIAGNOSTIC
341 printf("{%s}: ", cnp->cn_nameptr);
344 ndp->ni_pathlen -= cnp->cn_namelen;
348 * Replace multiple slashes by a single slash and trailing slashes
349 * by a null. This must be done before VOP_LOOKUP() because some
350 * fs's don't know about trailing slashes. Remember if there were
351 * trailing slashes to handle symlinks, existing non-directories
352 * and non-existing files that won't be directories specially later.
355 while (*cp == '/' && (cp[1] == '/' || cp[1] == '\0')) {
360 *ndp->ni_next = '\0'; /* XXX for direnter() ... */
365 cnp->cn_flags |= MAKEENTRY;
366 if (*cp == '\0' && docache == 0)
367 cnp->cn_flags &= ~MAKEENTRY;
368 if (cnp->cn_namelen == 2 &&
369 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
370 cnp->cn_flags |= ISDOTDOT;
372 cnp->cn_flags &= ~ISDOTDOT;
373 if (*ndp->ni_next == 0)
374 cnp->cn_flags |= ISLASTCN;
376 cnp->cn_flags &= ~ISLASTCN;
380 * Check for degenerate name (e.g. / or "")
381 * which is a way of talking about a directory,
382 * e.g. like "/." or ".".
384 if (cnp->cn_nameptr[0] == '\0') {
385 if (dp->v_type != VDIR) {
389 if (cnp->cn_nameiop != LOOKUP) {
398 if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF)))
399 VOP_UNLOCK(dp, 0, td);
400 /* XXX This should probably move to the top of function. */
401 if (cnp->cn_flags & SAVESTART)
402 panic("lookup: SAVESTART");
407 * Handle "..": two special cases.
408 * 1. If at root directory (e.g. after chroot)
409 * or at absolute root directory
410 * then ignore it so can't get out.
411 * 2. If this vnode is the root of a mounted
412 * filesystem, then replace it with the
413 * vnode which was mounted on so we take the
414 * .. in the other file system.
415 * 3. If the vnode is the top directory of
416 * the jail or chroot, don't let them out.
418 if (cnp->cn_flags & ISDOTDOT) {
420 if (dp == ndp->ni_rootdir ||
421 dp == ndp->ni_topdir ||
428 if ((dp->v_flag & VROOT) == 0 ||
429 (cnp->cn_flags & NOCROSSMOUNT))
431 if (dp->v_mount == NULL) { /* forced unmount */
436 dp = dp->v_mount->mnt_vnodecovered;
439 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
444 * We now have a segment name to search for, and a directory to search.
449 cnp->cn_flags &= ~PDIRUNLOCK;
450 ASSERT_VOP_LOCKED(dp, "lookup");
451 if ((error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp)) != 0) {
452 KASSERT(ndp->ni_vp == NULL, ("leaf should be empty"));
453 #ifdef NAMEI_DIAGNOSTIC
454 printf("not found\n");
456 if ((error == ENOENT) &&
457 (dp->v_flag & VROOT) && (dp->v_mount != NULL) &&
458 (dp->v_mount->mnt_flag & MNT_UNION)) {
460 dp = dp->v_mount->mnt_vnodecovered;
461 if (cnp->cn_flags & PDIRUNLOCK)
466 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
470 if (error != EJUSTRETURN)
473 * If creating and at end of pathname, then can consider
474 * allowing file to be created.
480 if (*cp == '\0' && trailing_slash &&
481 !(cnp->cn_flags & WILLBEDIR)) {
486 * We return with ni_vp NULL to indicate that the entry
487 * doesn't currently exist, leaving a pointer to the
488 * (possibly locked) directory inode in ndp->ni_dvp.
490 if (cnp->cn_flags & SAVESTART) {
491 ndp->ni_startdir = ndp->ni_dvp;
492 VREF(ndp->ni_startdir);
496 #ifdef NAMEI_DIAGNOSTIC
500 ASSERT_VOP_LOCKED(ndp->ni_vp, "lookup");
503 * Take into account any additional components consumed by
504 * the underlying filesystem.
506 if (cnp->cn_consume > 0) {
507 cnp->cn_nameptr += cnp->cn_consume;
508 ndp->ni_next += cnp->cn_consume;
509 ndp->ni_pathlen -= cnp->cn_consume;
516 * Check to see if the vnode has been mounted on;
517 * if so find the root of the mounted file system.
519 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) &&
520 (cnp->cn_flags & NOCROSSMOUNT) == 0) {
521 if (vfs_busy(mp, 0, 0, td))
523 VOP_UNLOCK(dp, 0, td);
524 error = VFS_ROOT(mp, &tdp);
531 ndp->ni_vp = dp = tdp;
535 * Check for symbolic link
537 if ((dp->v_type == VLNK) &&
538 ((cnp->cn_flags & FOLLOW) || trailing_slash ||
539 *ndp->ni_next == '/')) {
540 cnp->cn_flags |= ISSYMLINK;
541 if (dp->v_mount == NULL) {
542 /* We can't know whether the directory was mounted with
543 * NOSYMFOLLOW, so we can't follow safely. */
547 if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) {
555 * Check for bogus trailing slashes.
557 if (trailing_slash && dp->v_type != VDIR) {
564 * Not a symbolic link. If more pathname,
565 * continue at next component, else return.
567 if (*ndp->ni_next == '/') {
568 cnp->cn_nameptr = ndp->ni_next;
569 while (*cnp->cn_nameptr == '/') {
573 if (ndp->ni_dvp != ndp->ni_vp)
574 ASSERT_VOP_UNLOCKED(ndp->ni_dvp, "lookup");
579 * Disallow directory write attempts on read-only file systems.
582 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
586 if (cnp->cn_flags & SAVESTART) {
587 ndp->ni_startdir = ndp->ni_dvp;
588 VREF(ndp->ni_startdir);
593 if ((cnp->cn_flags & LOCKLEAF) == 0)
594 VOP_UNLOCK(dp, 0, td);
598 if ((cnp->cn_flags & (LOCKPARENT | PDIRUNLOCK)) == LOCKPARENT &&
599 *ndp->ni_next == '\0')
600 VOP_UNLOCK(ndp->ni_dvp, 0, td);
612 * relookup - lookup a path name component
613 * Used by lookup to re-aquire things.
616 relookup(dvp, vpp, cnp)
617 struct vnode *dvp, **vpp;
618 struct componentname *cnp;
620 struct thread *td = cnp->cn_thread;
621 struct vnode *dp = 0; /* the directory we are searching */
622 int docache; /* == 0 do not cache last component */
623 int wantparent; /* 1 => wantparent or lockparent flag */
624 int rdonly; /* lookup read-only flag bit */
626 #ifdef NAMEI_DIAGNOSTIC
627 int newhash; /* DEBUG: check name hash */
628 char *cp; /* DEBUG: check name ptr/len */
632 * Setup: break out flag bits into variables.
634 wantparent = cnp->cn_flags & (LOCKPARENT|WANTPARENT);
635 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE;
636 if (cnp->cn_nameiop == DELETE ||
637 (wantparent && cnp->cn_nameiop != CREATE))
639 rdonly = cnp->cn_flags & RDONLY;
640 cnp->cn_flags &= ~ISSYMLINK;
642 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY, td);
646 * Search a new directory.
648 * The last component of the filename is left accessible via
649 * cnp->cn_nameptr for callers that need the name. Callers needing
650 * the name set the SAVENAME flag. When done, they assume
651 * responsibility for freeing the pathname buffer.
653 #ifdef NAMEI_DIAGNOSTIC
654 if (cnp->cn_namelen != cp - cnp->cn_nameptr)
655 panic ("relookup: bad len");
657 panic("relookup: not last component");
658 printf("{%s}: ", cnp->cn_nameptr);
662 * Check for degenerate name (e.g. / or "")
663 * which is a way of talking about a directory,
664 * e.g. like "/." or ".".
666 if (cnp->cn_nameptr[0] == '\0') {
667 if (cnp->cn_nameiop != LOOKUP || wantparent) {
671 if (dp->v_type != VDIR) {
675 if (!(cnp->cn_flags & LOCKLEAF))
676 VOP_UNLOCK(dp, 0, td);
678 /* XXX This should probably move to the top of function. */
679 if (cnp->cn_flags & SAVESTART)
680 panic("lookup: SAVESTART");
684 if (cnp->cn_flags & ISDOTDOT)
685 panic ("relookup: lookup on dot-dot");
688 * We now have a segment name to search for, and a directory to search.
690 if ((error = VOP_LOOKUP(dp, vpp, cnp)) != 0) {
691 KASSERT(*vpp == NULL, ("leaf should be empty"));
692 if (error != EJUSTRETURN)
695 * If creating and at end of pathname, then can consider
696 * allowing file to be created.
702 /* ASSERT(dvp == ndp->ni_startdir) */
703 if (cnp->cn_flags & SAVESTART)
706 * We return with ni_vp NULL to indicate that the entry
707 * doesn't currently exist, leaving a pointer to the
708 * (possibly locked) directory inode in ndp->ni_dvp.
715 * Check for symbolic link
717 KASSERT(dp->v_type != VLNK || !(cnp->cn_flags & FOLLOW),
718 ("relookup: symlink found.\n"));
721 * Disallow directory write attempts on read-only file systems.
724 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
728 /* ASSERT(dvp == ndp->ni_startdir) */
729 if (cnp->cn_flags & SAVESTART)
735 if (vn_canvmio(dp) == TRUE &&
736 ((cnp->cn_flags & (NOOBJ|LOCKLEAF)) == LOCKLEAF))
737 vfs_object_create(dp, td, cnp->cn_cred);
739 if ((cnp->cn_flags & LOCKLEAF) == 0)
740 VOP_UNLOCK(dp, 0, td);
744 if ((cnp->cn_flags & LOCKPARENT) && (cnp->cn_flags & ISLASTCN))
745 VOP_UNLOCK(dvp, 0, td);