2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_capsicum.h"
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
49 #include <sys/capsicum.h>
51 #include <sys/sysent.h>
52 #include <sys/malloc.h>
53 #include <sys/mount.h>
54 #include <sys/mutex.h>
55 #include <sys/sysproto.h>
56 #include <sys/namei.h>
57 #include <sys/filedesc.h>
58 #include <sys/kernel.h>
59 #include <sys/fcntl.h>
61 #include <sys/filio.h>
62 #include <sys/limits.h>
63 #include <sys/linker.h>
64 #include <sys/rwlock.h>
68 #include <sys/unistd.h>
69 #include <sys/vnode.h>
72 #include <sys/dirent.h>
74 #include <sys/syscallsubr.h>
75 #include <sys/sysctl.h>
77 #include <sys/ktrace.h>
80 #include <machine/stdarg.h>
82 #include <security/audit/audit.h>
83 #include <security/mac/mac_framework.h>
86 #include <vm/vm_object.h>
87 #include <vm/vm_page.h>
90 #include <ufs/ufs/quota.h>
92 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
94 SDT_PROVIDER_DEFINE(vfs);
95 SDT_PROBE_DEFINE2(vfs, , stat, mode, "char *", "int");
96 SDT_PROBE_DEFINE2(vfs, , stat, reg, "char *", "int");
98 static int kern_chflagsat(struct thread *td, int fd, const char *path,
99 enum uio_seg pathseg, u_long flags, int atflag);
100 static int setfflags(struct thread *td, struct vnode *, u_long);
101 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
102 static int getutimens(const struct timespec *, enum uio_seg,
103 struct timespec *, int *);
104 static int setutimes(struct thread *td, struct vnode *,
105 const struct timespec *, int, int);
106 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
108 static int kern_fhlinkat(struct thread *td, int fd, const char *path,
109 enum uio_seg pathseg, fhandle_t *fhp);
110 static int kern_getfhat(struct thread *td, int flags, int fd,
111 const char *path, enum uio_seg pathseg, fhandle_t *fhp);
112 static int kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg,
113 size_t count, struct thread *td);
114 static int kern_linkat_vp(struct thread *td, struct vnode *vp, int fd,
115 const char *path, enum uio_seg segflag);
118 * Sync each mounted filesystem.
120 #ifndef _SYS_SYSPROTO_H_
127 sys_sync(struct thread *td, struct sync_args *uap)
129 struct mount *mp, *nmp;
132 mtx_lock(&mountlist_mtx);
133 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
134 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
135 nmp = TAILQ_NEXT(mp, mnt_list);
138 if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
139 vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
140 save = curthread_pflags_set(TDP_SYNCIO);
141 vfs_msync(mp, MNT_NOWAIT);
142 VFS_SYNC(mp, MNT_NOWAIT);
143 curthread_pflags_restore(save);
144 vn_finished_write(mp);
146 mtx_lock(&mountlist_mtx);
147 nmp = TAILQ_NEXT(mp, mnt_list);
150 mtx_unlock(&mountlist_mtx);
155 * Change filesystem quotas.
157 #ifndef _SYS_SYSPROTO_H_
158 struct quotactl_args {
166 sys_quotactl(struct thread *td, struct quotactl_args *uap)
172 AUDIT_ARG_CMD(uap->cmd);
173 AUDIT_ARG_UID(uap->uid);
174 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
176 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
178 if ((error = namei(&nd)) != 0)
180 NDFREE(&nd, NDF_ONLY_PNBUF);
181 mp = nd.ni_vp->v_mount;
184 error = vfs_busy(mp, 0);
188 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg);
191 * Since quota on operation typically needs to open quota
192 * file, the Q_QUOTAON handler needs to unbusy the mount point
193 * before calling into namei. Otherwise, unmount might be
194 * started between two vfs_busy() invocations (first is our,
195 * second is from mount point cross-walk code in lookup()),
198 * Require that Q_QUOTAON handles the vfs_busy() reference on
199 * its own, always returning with ubusied mount point.
201 if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON &&
202 (uap->cmd >> SUBCMDSHIFT) != Q_QUOTAOFF)
208 * Used by statfs conversion routines to scale the block size up if
209 * necessary so that all of the block counts are <= 'max_size'. Note
210 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
214 statfs_scale_blocks(struct statfs *sf, long max_size)
219 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
222 * Attempt to scale the block counts to give a more accurate
223 * overview to userland of the ratio of free space to used
224 * space. To do this, find the largest block count and compute
225 * a divisor that lets it fit into a signed integer <= max_size.
227 if (sf->f_bavail < 0)
228 count = -sf->f_bavail;
230 count = sf->f_bavail;
231 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
232 if (count <= max_size)
235 count >>= flsl(max_size);
242 sf->f_bsize <<= shift;
243 sf->f_blocks >>= shift;
244 sf->f_bfree >>= shift;
245 sf->f_bavail >>= shift;
249 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
256 error = vfs_busy(mp, 0);
261 error = mac_mount_check_stat(td->td_ucred, mp);
266 * Set these in case the underlying filesystem fails to do so.
269 sp->f_version = STATFS_VERSION;
270 sp->f_namemax = NAME_MAX;
271 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
272 error = VFS_STATFS(mp, sp);
276 if (priv_check(td, PRIV_VFS_GENERATION)) {
277 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
278 prison_enforce_statfs(td->td_ucred, mp, buf);
286 * Get filesystem statistics.
288 #ifndef _SYS_SYSPROTO_H_
295 sys_statfs(struct thread *td, struct statfs_args *uap)
300 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
301 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
303 error = copyout(sfp, uap->buf, sizeof(struct statfs));
309 kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
316 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
321 mp = nd.ni_vp->v_mount;
323 NDFREE(&nd, NDF_ONLY_PNBUF);
325 return (kern_do_statfs(td, mp, buf));
329 * Get filesystem statistics.
331 #ifndef _SYS_SYSPROTO_H_
332 struct fstatfs_args {
338 sys_fstatfs(struct thread *td, struct fstatfs_args *uap)
343 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
344 error = kern_fstatfs(td, uap->fd, sfp);
346 error = copyout(sfp, uap->buf, sizeof(struct statfs));
352 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
360 error = getvnode(td, fd, &cap_fstatfs_rights, &fp);
364 vn_lock(vp, LK_SHARED | LK_RETRY);
366 AUDIT_ARG_VNODE1(vp);
373 return (kern_do_statfs(td, mp, buf));
377 * Get statistics on all filesystems.
379 #ifndef _SYS_SYSPROTO_H_
380 struct getfsstat_args {
387 sys_getfsstat(struct thread *td, struct getfsstat_args *uap)
392 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
394 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
395 UIO_USERSPACE, uap->mode);
397 td->td_retval[0] = count;
402 * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
403 * The caller is responsible for freeing memory which will be allocated
407 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
408 size_t *countp, enum uio_seg bufseg, int mode)
410 struct mount *mp, *nmp;
411 struct statfs *sfsp, *sp, *sptmp, *tofree;
412 size_t count, maxcount;
420 if (bufseg == UIO_SYSSPACE)
425 maxcount = bufsize / sizeof(struct statfs);
429 } else if (bufseg == UIO_USERSPACE) {
432 } else /* if (bufseg == UIO_SYSSPACE) */ {
434 mtx_lock(&mountlist_mtx);
435 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
438 mtx_unlock(&mountlist_mtx);
439 if (maxcount > count)
441 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs),
445 mtx_lock(&mountlist_mtx);
446 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
447 if (prison_canseemount(td->td_ucred, mp) != 0) {
448 nmp = TAILQ_NEXT(mp, mnt_list);
452 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
453 nmp = TAILQ_NEXT(mp, mnt_list);
457 if (mode == MNT_WAIT) {
458 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) {
460 * If vfs_busy() failed, and MBF_NOWAIT
461 * wasn't passed, then the mp is gone.
462 * Furthermore, because of MBF_MNTLSTLOCK,
463 * the mountlist_mtx was dropped. We have
464 * no other choice than to start over.
466 mtx_unlock(&mountlist_mtx);
467 free(tofree, M_STATFS);
471 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) {
472 nmp = TAILQ_NEXT(mp, mnt_list);
476 if (sfsp != NULL && count < maxcount) {
479 * Set these in case the underlying filesystem
482 sp->f_version = STATFS_VERSION;
483 sp->f_namemax = NAME_MAX;
484 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
486 * If MNT_NOWAIT is specified, do not refresh
489 if (mode != MNT_NOWAIT) {
490 error = VFS_STATFS(mp, sp);
492 mtx_lock(&mountlist_mtx);
493 nmp = TAILQ_NEXT(mp, mnt_list);
498 if (priv_check(td, PRIV_VFS_GENERATION)) {
499 sptmp = malloc(sizeof(struct statfs), M_STATFS,
502 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
503 prison_enforce_statfs(td->td_ucred, mp, sptmp);
507 if (bufseg == UIO_SYSSPACE) {
508 bcopy(sp, sfsp, sizeof(*sp));
509 free(sptmp, M_STATFS);
510 } else /* if (bufseg == UIO_USERSPACE) */ {
511 error = copyout(sp, sfsp, sizeof(*sp));
512 free(sptmp, M_STATFS);
521 mtx_lock(&mountlist_mtx);
522 nmp = TAILQ_NEXT(mp, mnt_list);
525 mtx_unlock(&mountlist_mtx);
526 if (sfsp != NULL && count > maxcount)
533 #ifdef COMPAT_FREEBSD4
535 * Get old format filesystem statistics.
537 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *);
539 #ifndef _SYS_SYSPROTO_H_
540 struct freebsd4_statfs_args {
546 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap)
552 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
553 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
555 freebsd4_cvtstatfs(sfp, &osb);
556 error = copyout(&osb, uap->buf, sizeof(osb));
563 * Get filesystem statistics.
565 #ifndef _SYS_SYSPROTO_H_
566 struct freebsd4_fstatfs_args {
572 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap)
578 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
579 error = kern_fstatfs(td, uap->fd, sfp);
581 freebsd4_cvtstatfs(sfp, &osb);
582 error = copyout(&osb, uap->buf, sizeof(osb));
589 * Get statistics on all filesystems.
591 #ifndef _SYS_SYSPROTO_H_
592 struct freebsd4_getfsstat_args {
599 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
601 struct statfs *buf, *sp;
606 if (uap->bufsize < 0)
608 count = uap->bufsize / sizeof(struct ostatfs);
609 if (count > SIZE_MAX / sizeof(struct statfs))
611 size = count * sizeof(struct statfs);
612 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
615 td->td_retval[0] = count;
618 while (count != 0 && error == 0) {
619 freebsd4_cvtstatfs(sp, &osb);
620 error = copyout(&osb, uap->buf, sizeof(osb));
631 * Implement fstatfs() for (NFS) file handles.
633 #ifndef _SYS_SYSPROTO_H_
634 struct freebsd4_fhstatfs_args {
635 struct fhandle *u_fhp;
640 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap)
647 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
650 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
651 error = kern_fhstatfs(td, fh, sfp);
653 freebsd4_cvtstatfs(sfp, &osb);
654 error = copyout(&osb, uap->buf, sizeof(osb));
661 * Convert a new format statfs structure to an old format statfs structure.
664 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp)
667 statfs_scale_blocks(nsp, LONG_MAX);
668 bzero(osp, sizeof(*osp));
669 osp->f_bsize = nsp->f_bsize;
670 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
671 osp->f_blocks = nsp->f_blocks;
672 osp->f_bfree = nsp->f_bfree;
673 osp->f_bavail = nsp->f_bavail;
674 osp->f_files = MIN(nsp->f_files, LONG_MAX);
675 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
676 osp->f_owner = nsp->f_owner;
677 osp->f_type = nsp->f_type;
678 osp->f_flags = nsp->f_flags;
679 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
680 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
681 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
682 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
683 strlcpy(osp->f_fstypename, nsp->f_fstypename,
684 MIN(MFSNAMELEN, OMFSNAMELEN));
685 strlcpy(osp->f_mntonname, nsp->f_mntonname,
686 MIN(MNAMELEN, OMNAMELEN));
687 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
688 MIN(MNAMELEN, OMNAMELEN));
689 osp->f_fsid = nsp->f_fsid;
691 #endif /* COMPAT_FREEBSD4 */
693 #if defined(COMPAT_FREEBSD11)
695 * Get old format filesystem statistics.
697 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *);
700 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap)
702 struct freebsd11_statfs osb;
706 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
707 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
709 freebsd11_cvtstatfs(sfp, &osb);
710 error = copyout(&osb, uap->buf, sizeof(osb));
717 * Get filesystem statistics.
720 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap)
722 struct freebsd11_statfs osb;
726 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
727 error = kern_fstatfs(td, uap->fd, sfp);
729 freebsd11_cvtstatfs(sfp, &osb);
730 error = copyout(&osb, uap->buf, sizeof(osb));
737 * Get statistics on all filesystems.
740 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap)
742 struct freebsd11_statfs osb;
743 struct statfs *buf, *sp;
747 count = uap->bufsize / sizeof(struct ostatfs);
748 size = count * sizeof(struct statfs);
749 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
752 td->td_retval[0] = count;
755 while (count > 0 && error == 0) {
756 freebsd11_cvtstatfs(sp, &osb);
757 error = copyout(&osb, uap->buf, sizeof(osb));
768 * Implement fstatfs() for (NFS) file handles.
771 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap)
773 struct freebsd11_statfs osb;
778 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
781 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
782 error = kern_fhstatfs(td, fh, sfp);
784 freebsd11_cvtstatfs(sfp, &osb);
785 error = copyout(&osb, uap->buf, sizeof(osb));
792 * Convert a new format statfs structure to an old format statfs structure.
795 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp)
798 bzero(osp, sizeof(*osp));
799 osp->f_version = FREEBSD11_STATFS_VERSION;
800 osp->f_type = nsp->f_type;
801 osp->f_flags = nsp->f_flags;
802 osp->f_bsize = nsp->f_bsize;
803 osp->f_iosize = nsp->f_iosize;
804 osp->f_blocks = nsp->f_blocks;
805 osp->f_bfree = nsp->f_bfree;
806 osp->f_bavail = nsp->f_bavail;
807 osp->f_files = nsp->f_files;
808 osp->f_ffree = nsp->f_ffree;
809 osp->f_syncwrites = nsp->f_syncwrites;
810 osp->f_asyncwrites = nsp->f_asyncwrites;
811 osp->f_syncreads = nsp->f_syncreads;
812 osp->f_asyncreads = nsp->f_asyncreads;
813 osp->f_namemax = nsp->f_namemax;
814 osp->f_owner = nsp->f_owner;
815 osp->f_fsid = nsp->f_fsid;
816 strlcpy(osp->f_fstypename, nsp->f_fstypename,
817 MIN(MFSNAMELEN, sizeof(osp->f_fstypename)));
818 strlcpy(osp->f_mntonname, nsp->f_mntonname,
819 MIN(MNAMELEN, sizeof(osp->f_mntonname)));
820 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
821 MIN(MNAMELEN, sizeof(osp->f_mntfromname)));
823 #endif /* COMPAT_FREEBSD11 */
826 * Change current working directory to a given file descriptor.
828 #ifndef _SYS_SYSPROTO_H_
834 sys_fchdir(struct thread *td, struct fchdir_args *uap)
836 struct vnode *vp, *tdp;
841 AUDIT_ARG_FD(uap->fd);
842 error = getvnode(td, uap->fd, &cap_fchdir_rights,
849 vn_lock(vp, LK_SHARED | LK_RETRY);
850 AUDIT_ARG_VNODE1(vp);
851 error = change_dir(vp, td);
852 while (!error && (mp = vp->v_mountedhere) != NULL) {
855 error = VFS_ROOT(mp, LK_SHARED, &tdp);
872 * Change current working directory (``.'').
874 #ifndef _SYS_SYSPROTO_H_
880 sys_chdir(struct thread *td, struct chdir_args *uap)
883 return (kern_chdir(td, uap->path, UIO_USERSPACE));
887 kern_chdir(struct thread *td, char *path, enum uio_seg pathseg)
892 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
894 if ((error = namei(&nd)) != 0)
896 if ((error = change_dir(nd.ni_vp, td)) != 0) {
898 NDFREE(&nd, NDF_ONLY_PNBUF);
901 VOP_UNLOCK(nd.ni_vp, 0);
902 NDFREE(&nd, NDF_ONLY_PNBUF);
903 pwd_chdir(td, nd.ni_vp);
908 * Change notion of root (``/'') directory.
910 #ifndef _SYS_SYSPROTO_H_
916 sys_chroot(struct thread *td, struct chroot_args *uap)
921 error = priv_check(td, PRIV_VFS_CHROOT);
924 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
925 UIO_USERSPACE, uap->path, td);
929 error = change_dir(nd.ni_vp, td);
933 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
937 VOP_UNLOCK(nd.ni_vp, 0);
938 error = pwd_chroot(td, nd.ni_vp);
940 NDFREE(&nd, NDF_ONLY_PNBUF);
945 NDFREE(&nd, NDF_ONLY_PNBUF);
950 * Common routine for chroot and chdir. Callers must provide a locked vnode
954 change_dir(struct vnode *vp, struct thread *td)
960 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
961 if (vp->v_type != VDIR)
964 error = mac_vnode_check_chdir(td->td_ucred, vp);
968 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
972 flags_to_rights(int flags, cap_rights_t *rightsp)
975 if (flags & O_EXEC) {
976 cap_rights_set(rightsp, CAP_FEXECVE);
978 switch ((flags & O_ACCMODE)) {
980 cap_rights_set(rightsp, CAP_READ);
983 cap_rights_set(rightsp, CAP_READ);
986 cap_rights_set(rightsp, CAP_WRITE);
987 if (!(flags & (O_APPEND | O_TRUNC)))
988 cap_rights_set(rightsp, CAP_SEEK);
994 cap_rights_set(rightsp, CAP_CREATE);
997 cap_rights_set(rightsp, CAP_FTRUNCATE);
999 if (flags & (O_SYNC | O_FSYNC))
1000 cap_rights_set(rightsp, CAP_FSYNC);
1002 if (flags & (O_EXLOCK | O_SHLOCK))
1003 cap_rights_set(rightsp, CAP_FLOCK);
1007 * Check permissions, allocate an open file structure, and call the device
1008 * open routine if any.
1010 #ifndef _SYS_SYSPROTO_H_
1018 sys_open(struct thread *td, struct open_args *uap)
1021 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1022 uap->flags, uap->mode));
1025 #ifndef _SYS_SYSPROTO_H_
1026 struct openat_args {
1034 sys_openat(struct thread *td, struct openat_args *uap)
1037 AUDIT_ARG_FD(uap->fd);
1038 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1043 kern_openat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1044 int flags, int mode)
1046 struct proc *p = td->td_proc;
1047 struct filedesc *fdp = p->p_fd;
1050 struct nameidata nd;
1051 cap_rights_t rights;
1052 int cmode, error, indx;
1056 AUDIT_ARG_FFLAGS(flags);
1057 AUDIT_ARG_MODE(mode);
1058 cap_rights_init(&rights, CAP_LOOKUP);
1059 flags_to_rights(flags, &rights);
1061 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
1064 if (flags & O_EXEC) {
1065 if (flags & O_ACCMODE)
1067 } else if ((flags & O_ACCMODE) == O_ACCMODE) {
1070 flags = FFLAGS(flags);
1074 * Allocate a file structure. The descriptor to reference it
1075 * is allocated and set by finstall() below.
1077 error = falloc_noinstall(td, &fp);
1081 * An extra reference on `fp' has been held for us by
1082 * falloc_noinstall().
1084 /* Set the flags early so the finit in devfs can pick them up. */
1085 fp->f_flag = flags & FMASK;
1086 cmode = ((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
1087 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
1089 td->td_dupfd = -1; /* XXX check for fdopen */
1090 error = vn_open(&nd, &flags, cmode, fp);
1093 * If the vn_open replaced the method vector, something
1094 * wonderous happened deep below and we just pass it up
1095 * pretending we know what we do.
1097 if (error == ENXIO && fp->f_ops != &badfileops)
1101 * Handle special fdopen() case. bleh.
1103 * Don't do this for relative (capability) lookups; we don't
1104 * understand exactly what would happen, and we don't think
1105 * that it ever should.
1107 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) == 0 &&
1108 (error == ENODEV || error == ENXIO) &&
1109 td->td_dupfd >= 0) {
1110 error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1119 NDFREE(&nd, NDF_ONLY_PNBUF);
1123 * Store the vnode, for any f_type. Typically, the vnode use
1124 * count is decremented by direct call to vn_closefile() for
1125 * files that switched type in the cdevsw fdopen() method.
1129 * If the file wasn't claimed by devfs bind it to the normal
1130 * vnode operations here.
1132 if (fp->f_ops == &badfileops) {
1133 KASSERT(vp->v_type != VFIFO, ("Unexpected fifo."));
1135 finit(fp, (flags & FMASK) | (fp->f_flag & FHASLOCK),
1136 DTYPE_VNODE, vp, &vnops);
1140 if (flags & O_TRUNC) {
1141 error = fo_truncate(fp, 0, td->td_ucred, td);
1147 * If we haven't already installed the FD (for dupfdopen), do so now.
1150 struct filecaps *fcaps;
1153 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) != 0)
1154 fcaps = &nd.ni_filecaps;
1158 error = finstall(td, fp, &indx, flags, fcaps);
1159 /* On success finstall() consumes fcaps. */
1161 filecaps_free(&nd.ni_filecaps);
1165 filecaps_free(&nd.ni_filecaps);
1169 * Release our private reference, leaving the one associated with
1170 * the descriptor table intact.
1173 td->td_retval[0] = indx;
1176 KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1185 #ifndef _SYS_SYSPROTO_H_
1186 struct ocreat_args {
1192 ocreat(struct thread *td, struct ocreat_args *uap)
1195 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1196 O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1198 #endif /* COMPAT_43 */
1201 * Create a special file.
1203 #ifndef _SYS_SYSPROTO_H_
1204 struct mknodat_args {
1212 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1215 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1219 #if defined(COMPAT_FREEBSD11)
1221 freebsd11_mknod(struct thread *td,
1222 struct freebsd11_mknod_args *uap)
1225 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1226 uap->mode, uap->dev));
1230 freebsd11_mknodat(struct thread *td,
1231 struct freebsd11_mknodat_args *uap)
1234 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1237 #endif /* COMPAT_FREEBSD11 */
1240 kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1241 int mode, dev_t dev)
1246 struct nameidata nd;
1247 int error, whiteout = 0;
1249 AUDIT_ARG_MODE(mode);
1251 switch (mode & S_IFMT) {
1254 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1255 if (error == 0 && dev == VNOVAL)
1259 error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1263 return (kern_mkfifoat(td, fd, path, pathseg, mode));
1273 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1274 NOCACHE, pathseg, path, fd, &cap_mknodat_rights,
1276 if ((error = namei(&nd)) != 0)
1280 NDFREE(&nd, NDF_ONLY_PNBUF);
1281 if (vp == nd.ni_dvp)
1289 vattr.va_mode = (mode & ALLPERMS) &
1290 ~td->td_proc->p_fd->fd_cmask;
1291 vattr.va_rdev = dev;
1294 switch (mode & S_IFMT) {
1296 vattr.va_type = VCHR;
1299 vattr.va_type = VBLK;
1305 panic("kern_mknod: invalid mode");
1308 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1309 NDFREE(&nd, NDF_ONLY_PNBUF);
1311 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1316 if (error == 0 && !whiteout)
1317 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1318 &nd.ni_cnd, &vattr);
1322 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1324 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1325 &nd.ni_cnd, &vattr);
1330 NDFREE(&nd, NDF_ONLY_PNBUF);
1332 vn_finished_write(mp);
1337 * Create a named pipe.
1339 #ifndef _SYS_SYSPROTO_H_
1340 struct mkfifo_args {
1346 sys_mkfifo(struct thread *td, struct mkfifo_args *uap)
1349 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1353 #ifndef _SYS_SYSPROTO_H_
1354 struct mkfifoat_args {
1361 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1364 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1369 kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1374 struct nameidata nd;
1377 AUDIT_ARG_MODE(mode);
1380 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1381 NOCACHE, pathseg, path, fd, &cap_mkfifoat_rights,
1383 if ((error = namei(&nd)) != 0)
1385 if (nd.ni_vp != NULL) {
1386 NDFREE(&nd, NDF_ONLY_PNBUF);
1387 if (nd.ni_vp == nd.ni_dvp)
1394 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1395 NDFREE(&nd, NDF_ONLY_PNBUF);
1397 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1402 vattr.va_type = VFIFO;
1403 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask;
1405 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1410 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1417 vn_finished_write(mp);
1418 NDFREE(&nd, NDF_ONLY_PNBUF);
1423 * Make a hard file link.
1425 #ifndef _SYS_SYSPROTO_H_
1432 sys_link(struct thread *td, struct link_args *uap)
1435 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link,
1436 UIO_USERSPACE, FOLLOW));
1439 #ifndef _SYS_SYSPROTO_H_
1440 struct linkat_args {
1449 sys_linkat(struct thread *td, struct linkat_args *uap)
1454 if (flag & ~AT_SYMLINK_FOLLOW)
1457 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1458 UIO_USERSPACE, (flag & AT_SYMLINK_FOLLOW) ? FOLLOW : NOFOLLOW));
1461 int hardlink_check_uid = 0;
1462 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1463 &hardlink_check_uid, 0,
1464 "Unprivileged processes cannot create hard links to files owned by other "
1466 static int hardlink_check_gid = 0;
1467 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1468 &hardlink_check_gid, 0,
1469 "Unprivileged processes cannot create hard links to files owned by other "
1473 can_hardlink(struct vnode *vp, struct ucred *cred)
1478 if (!hardlink_check_uid && !hardlink_check_gid)
1481 error = VOP_GETATTR(vp, &va, cred);
1485 if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1486 error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
1491 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1492 error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
1501 kern_linkat(struct thread *td, int fd1, int fd2, char *path1, char *path2,
1502 enum uio_seg segflag, int follow)
1504 struct nameidata nd;
1509 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, segflag,
1510 path1, fd1, &cap_linkat_source_rights, td);
1511 if ((error = namei(&nd)) != 0)
1513 NDFREE(&nd, NDF_ONLY_PNBUF);
1514 error = kern_linkat_vp(td, nd.ni_vp, fd2, path2, segflag);
1515 } while (error == EAGAIN);
1520 kern_linkat_vp(struct thread *td, struct vnode *vp, int fd, const char *path,
1521 enum uio_seg segflag)
1523 struct nameidata nd;
1527 if (vp->v_type == VDIR) {
1529 return (EPERM); /* POSIX */
1531 NDINIT_ATRIGHTS(&nd, CREATE,
1532 LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflag, path, fd,
1533 &cap_linkat_target_rights, td);
1534 if ((error = namei(&nd)) == 0) {
1535 if (nd.ni_vp != NULL) {
1536 NDFREE(&nd, NDF_ONLY_PNBUF);
1537 if (nd.ni_dvp == nd.ni_vp)
1544 } else if (nd.ni_dvp->v_mount != vp->v_mount) {
1546 * Cross-device link. No need to recheck
1547 * vp->v_type, since it cannot change, except
1550 NDFREE(&nd, NDF_ONLY_PNBUF);
1554 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) {
1555 error = can_hardlink(vp, td->td_ucred);
1558 error = mac_vnode_check_link(td->td_ucred,
1559 nd.ni_dvp, vp, &nd.ni_cnd);
1564 NDFREE(&nd, NDF_ONLY_PNBUF);
1567 error = vn_start_write(vp, &mp, V_NOWAIT);
1571 NDFREE(&nd, NDF_ONLY_PNBUF);
1572 error = vn_start_write(NULL, &mp,
1578 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1581 vn_finished_write(mp);
1582 NDFREE(&nd, NDF_ONLY_PNBUF);
1585 NDFREE(&nd, NDF_ONLY_PNBUF);
1595 * Make a symbolic link.
1597 #ifndef _SYS_SYSPROTO_H_
1598 struct symlink_args {
1604 sys_symlink(struct thread *td, struct symlink_args *uap)
1607 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link,
1611 #ifndef _SYS_SYSPROTO_H_
1612 struct symlinkat_args {
1619 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1622 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1627 kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
1628 enum uio_seg segflg)
1633 struct nameidata nd;
1636 if (segflg == UIO_SYSSPACE) {
1639 syspath = uma_zalloc(namei_zone, M_WAITOK);
1640 if ((error = copyinstr(path1, syspath, MAXPATHLEN, NULL)) != 0)
1643 AUDIT_ARG_TEXT(syspath);
1646 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1647 NOCACHE, segflg, path2, fd, &cap_symlinkat_rights,
1649 if ((error = namei(&nd)) != 0)
1652 NDFREE(&nd, NDF_ONLY_PNBUF);
1653 if (nd.ni_vp == nd.ni_dvp)
1661 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1662 NDFREE(&nd, NDF_ONLY_PNBUF);
1664 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1669 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask;
1671 vattr.va_type = VLNK;
1672 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1677 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1683 NDFREE(&nd, NDF_ONLY_PNBUF);
1685 vn_finished_write(mp);
1687 if (segflg != UIO_SYSSPACE)
1688 uma_zfree(namei_zone, syspath);
1693 * Delete a whiteout from the filesystem.
1695 #ifndef _SYS_SYSPROTO_H_
1696 struct undelete_args {
1701 sys_undelete(struct thread *td, struct undelete_args *uap)
1704 struct nameidata nd;
1709 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1710 UIO_USERSPACE, uap->path, td);
1715 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1716 NDFREE(&nd, NDF_ONLY_PNBUF);
1717 if (nd.ni_vp == nd.ni_dvp)
1725 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1726 NDFREE(&nd, NDF_ONLY_PNBUF);
1728 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1732 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1733 NDFREE(&nd, NDF_ONLY_PNBUF);
1735 vn_finished_write(mp);
1740 * Delete a name from the filesystem.
1742 #ifndef _SYS_SYSPROTO_H_
1743 struct unlink_args {
1748 sys_unlink(struct thread *td, struct unlink_args *uap)
1751 return (kern_unlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE, 0));
1754 #ifndef _SYS_SYSPROTO_H_
1755 struct unlinkat_args {
1762 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1764 int flag = uap->flag;
1766 char *path = uap->path;
1768 if (flag & ~AT_REMOVEDIR)
1771 if (flag & AT_REMOVEDIR)
1772 return (kern_rmdirat(td, fd, path, UIO_USERSPACE));
1774 return (kern_unlinkat(td, fd, path, UIO_USERSPACE, 0));
1778 kern_unlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1783 struct nameidata nd;
1789 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
1790 pathseg, path, fd, &cap_unlinkat_rights, td);
1791 if ((error = namei(&nd)) != 0)
1792 return (error == EINVAL ? EPERM : error);
1794 if (vp->v_type == VDIR && oldinum == 0) {
1795 error = EPERM; /* POSIX */
1796 } else if (oldinum != 0 &&
1797 ((error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td)) == 0) &&
1798 sb.st_ino != oldinum) {
1799 error = EIDRM; /* Identifier removed */
1802 * The root of a mounted filesystem cannot be deleted.
1804 * XXX: can this only be a VDIR case?
1806 if (vp->v_vflag & VV_ROOT)
1810 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1811 NDFREE(&nd, NDF_ONLY_PNBUF);
1813 if (vp == nd.ni_dvp)
1817 if ((error = vn_start_write(NULL, &mp,
1818 V_XSLEEP | PCATCH)) != 0)
1823 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1828 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1829 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1833 vn_finished_write(mp);
1835 NDFREE(&nd, NDF_ONLY_PNBUF);
1837 if (vp == nd.ni_dvp)
1845 * Reposition read/write file offset.
1847 #ifndef _SYS_SYSPROTO_H_
1856 sys_lseek(struct thread *td, struct lseek_args *uap)
1859 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1863 kern_lseek(struct thread *td, int fd, off_t offset, int whence)
1869 error = fget(td, fd, &cap_seek_rights, &fp);
1872 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
1873 fo_seek(fp, offset, whence, td) : ESPIPE;
1878 #if defined(COMPAT_43)
1880 * Reposition read/write file offset.
1882 #ifndef _SYS_SYSPROTO_H_
1883 struct olseek_args {
1890 olseek(struct thread *td, struct olseek_args *uap)
1893 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1895 #endif /* COMPAT_43 */
1897 #if defined(COMPAT_FREEBSD6)
1898 /* Version with the 'pad' argument */
1900 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap)
1903 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1908 * Check access permissions using passed credentials.
1911 vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
1917 /* Flags == 0 means only check for existence. */
1918 if (user_flags == 0)
1922 if (user_flags & R_OK)
1924 if (user_flags & W_OK)
1926 if (user_flags & X_OK)
1929 error = mac_vnode_check_access(cred, vp, accmode);
1933 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
1934 error = VOP_ACCESS(vp, accmode, cred, td);
1939 * Check access permissions using "real" credentials.
1941 #ifndef _SYS_SYSPROTO_H_
1942 struct access_args {
1948 sys_access(struct thread *td, struct access_args *uap)
1951 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1955 #ifndef _SYS_SYSPROTO_H_
1956 struct faccessat_args {
1964 sys_faccessat(struct thread *td, struct faccessat_args *uap)
1967 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1972 kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
1973 int flag, int amode)
1975 struct ucred *cred, *usecred;
1977 struct nameidata nd;
1980 if (flag & ~AT_EACCESS)
1982 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
1986 * Create and modify a temporary credential instead of one that
1987 * is potentially shared (if we need one).
1989 cred = td->td_ucred;
1990 if ((flag & AT_EACCESS) == 0 &&
1991 ((cred->cr_uid != cred->cr_ruid ||
1992 cred->cr_rgid != cred->cr_groups[0]))) {
1993 usecred = crdup(cred);
1994 usecred->cr_uid = cred->cr_ruid;
1995 usecred->cr_groups[0] = cred->cr_rgid;
1996 td->td_ucred = usecred;
1999 AUDIT_ARG_VALUE(amode);
2000 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
2001 AUDITVNODE1, pathseg, path, fd, &cap_fstat_rights,
2003 if ((error = namei(&nd)) != 0)
2007 error = vn_access(vp, amode, usecred, td);
2008 NDFREE(&nd, NDF_ONLY_PNBUF);
2011 if (usecred != cred) {
2012 td->td_ucred = cred;
2019 * Check access permissions using "effective" credentials.
2021 #ifndef _SYS_SYSPROTO_H_
2022 struct eaccess_args {
2028 sys_eaccess(struct thread *td, struct eaccess_args *uap)
2031 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2032 AT_EACCESS, uap->amode));
2035 #if defined(COMPAT_43)
2037 * Get file status; this version follows links.
2039 #ifndef _SYS_SYSPROTO_H_
2046 ostat(struct thread *td, struct ostat_args *uap)
2052 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2057 return (copyout(&osb, uap->ub, sizeof (osb)));
2061 * Get file status; this version does not follow links.
2063 #ifndef _SYS_SYSPROTO_H_
2064 struct olstat_args {
2070 olstat(struct thread *td, struct olstat_args *uap)
2076 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2077 UIO_USERSPACE, &sb, NULL);
2081 return (copyout(&osb, uap->ub, sizeof (osb)));
2085 * Convert from an old to a new stat structure.
2086 * XXX: many values are blindly truncated.
2089 cvtstat(struct stat *st, struct ostat *ost)
2092 bzero(ost, sizeof(*ost));
2093 ost->st_dev = st->st_dev;
2094 ost->st_ino = st->st_ino;
2095 ost->st_mode = st->st_mode;
2096 ost->st_nlink = st->st_nlink;
2097 ost->st_uid = st->st_uid;
2098 ost->st_gid = st->st_gid;
2099 ost->st_rdev = st->st_rdev;
2100 ost->st_size = MIN(st->st_size, INT32_MAX);
2101 ost->st_atim = st->st_atim;
2102 ost->st_mtim = st->st_mtim;
2103 ost->st_ctim = st->st_ctim;
2104 ost->st_blksize = st->st_blksize;
2105 ost->st_blocks = st->st_blocks;
2106 ost->st_flags = st->st_flags;
2107 ost->st_gen = st->st_gen;
2109 #endif /* COMPAT_43 */
2111 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
2112 int ino64_trunc_error;
2113 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW,
2114 &ino64_trunc_error, 0,
2115 "Error on truncation of device, file or inode number, or link count");
2118 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost)
2121 ost->st_dev = st->st_dev;
2122 if (ost->st_dev != st->st_dev) {
2123 switch (ino64_trunc_error) {
2126 * Since dev_t is almost raw, don't clamp to the
2127 * maximum for case 2, but ignore the error.
2134 ost->st_ino = st->st_ino;
2135 if (ost->st_ino != st->st_ino) {
2136 switch (ino64_trunc_error) {
2143 ost->st_ino = UINT32_MAX;
2147 ost->st_mode = st->st_mode;
2148 ost->st_nlink = st->st_nlink;
2149 if (ost->st_nlink != st->st_nlink) {
2150 switch (ino64_trunc_error) {
2157 ost->st_nlink = UINT16_MAX;
2161 ost->st_uid = st->st_uid;
2162 ost->st_gid = st->st_gid;
2163 ost->st_rdev = st->st_rdev;
2164 if (ost->st_rdev != st->st_rdev) {
2165 switch (ino64_trunc_error) {
2172 ost->st_atim = st->st_atim;
2173 ost->st_mtim = st->st_mtim;
2174 ost->st_ctim = st->st_ctim;
2175 ost->st_size = st->st_size;
2176 ost->st_blocks = st->st_blocks;
2177 ost->st_blksize = st->st_blksize;
2178 ost->st_flags = st->st_flags;
2179 ost->st_gen = st->st_gen;
2181 ost->st_birthtim = st->st_birthtim;
2182 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim),
2183 sizeof(*ost) - offsetof(struct freebsd11_stat,
2184 st_birthtim) - sizeof(ost->st_birthtim));
2189 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap)
2192 struct freebsd11_stat osb;
2195 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2199 error = freebsd11_cvtstat(&sb, &osb);
2201 error = copyout(&osb, uap->ub, sizeof(osb));
2206 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap)
2209 struct freebsd11_stat osb;
2212 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2213 UIO_USERSPACE, &sb, NULL);
2216 error = freebsd11_cvtstat(&sb, &osb);
2218 error = copyout(&osb, uap->ub, sizeof(osb));
2223 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap)
2227 struct freebsd11_stat osb;
2230 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
2233 error = kern_fhstat(td, fh, &sb);
2236 error = freebsd11_cvtstat(&sb, &osb);
2238 error = copyout(&osb, uap->sb, sizeof(osb));
2243 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap)
2246 struct freebsd11_stat osb;
2249 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2250 UIO_USERSPACE, &sb, NULL);
2253 error = freebsd11_cvtstat(&sb, &osb);
2255 error = copyout(&osb, uap->buf, sizeof(osb));
2258 #endif /* COMPAT_FREEBSD11 */
2263 #ifndef _SYS_SYSPROTO_H_
2264 struct fstatat_args {
2272 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2277 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2278 UIO_USERSPACE, &sb, NULL);
2280 error = copyout(&sb, uap->buf, sizeof (sb));
2285 kern_statat(struct thread *td, int flag, int fd, char *path,
2286 enum uio_seg pathseg, struct stat *sbp,
2287 void (*hook)(struct vnode *vp, struct stat *sbp))
2289 struct nameidata nd;
2293 if (flag & ~AT_SYMLINK_NOFOLLOW)
2296 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
2297 FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd,
2298 &cap_fstat_rights, td);
2300 if ((error = namei(&nd)) != 0)
2302 error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td);
2304 SDT_PROBE2(vfs, , stat, mode, path, sb.st_mode);
2305 if (S_ISREG(sb.st_mode))
2306 SDT_PROBE2(vfs, , stat, reg, path, pathseg);
2307 if (__predict_false(hook != NULL))
2308 hook(nd.ni_vp, &sb);
2310 NDFREE(&nd, NDF_ONLY_PNBUF);
2314 #ifdef __STAT_TIME_T_EXT
2322 if (KTRPOINT(td, KTR_STRUCT))
2328 #if defined(COMPAT_FREEBSD11)
2330 * Implementation of the NetBSD [l]stat() functions.
2333 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb)
2336 bzero(nsb, sizeof(*nsb));
2337 nsb->st_dev = sb->st_dev;
2338 nsb->st_ino = sb->st_ino;
2339 nsb->st_mode = sb->st_mode;
2340 nsb->st_nlink = sb->st_nlink;
2341 nsb->st_uid = sb->st_uid;
2342 nsb->st_gid = sb->st_gid;
2343 nsb->st_rdev = sb->st_rdev;
2344 nsb->st_atim = sb->st_atim;
2345 nsb->st_mtim = sb->st_mtim;
2346 nsb->st_ctim = sb->st_ctim;
2347 nsb->st_size = sb->st_size;
2348 nsb->st_blocks = sb->st_blocks;
2349 nsb->st_blksize = sb->st_blksize;
2350 nsb->st_flags = sb->st_flags;
2351 nsb->st_gen = sb->st_gen;
2352 nsb->st_birthtim = sb->st_birthtim;
2355 #ifndef _SYS_SYSPROTO_H_
2356 struct freebsd11_nstat_args {
2362 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap)
2368 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2372 freebsd11_cvtnstat(&sb, &nsb);
2373 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2377 * NetBSD lstat. Get file status; this version does not follow links.
2379 #ifndef _SYS_SYSPROTO_H_
2380 struct freebsd11_nlstat_args {
2386 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap)
2392 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2393 UIO_USERSPACE, &sb, NULL);
2396 freebsd11_cvtnstat(&sb, &nsb);
2397 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2399 #endif /* COMPAT_FREEBSD11 */
2402 * Get configurable pathname variables.
2404 #ifndef _SYS_SYSPROTO_H_
2405 struct pathconf_args {
2411 sys_pathconf(struct thread *td, struct pathconf_args *uap)
2416 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW,
2419 td->td_retval[0] = value;
2423 #ifndef _SYS_SYSPROTO_H_
2424 struct lpathconf_args {
2430 sys_lpathconf(struct thread *td, struct lpathconf_args *uap)
2435 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2438 td->td_retval[0] = value;
2443 kern_pathconf(struct thread *td, char *path, enum uio_seg pathseg, int name,
2444 u_long flags, long *valuep)
2446 struct nameidata nd;
2449 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2451 if ((error = namei(&nd)) != 0)
2453 NDFREE(&nd, NDF_ONLY_PNBUF);
2455 error = VOP_PATHCONF(nd.ni_vp, name, valuep);
2461 * Return target name of a symbolic link.
2463 #ifndef _SYS_SYSPROTO_H_
2464 struct readlink_args {
2471 sys_readlink(struct thread *td, struct readlink_args *uap)
2474 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2475 uap->buf, UIO_USERSPACE, uap->count));
2477 #ifndef _SYS_SYSPROTO_H_
2478 struct readlinkat_args {
2486 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2489 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2490 uap->buf, UIO_USERSPACE, uap->bufsize));
2494 kern_readlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2495 char *buf, enum uio_seg bufseg, size_t count)
2498 struct nameidata nd;
2501 if (count > IOSIZE_MAX)
2504 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
2505 pathseg, path, fd, td);
2507 if ((error = namei(&nd)) != 0)
2509 NDFREE(&nd, NDF_ONLY_PNBUF);
2512 error = kern_readlink_vp(vp, buf, bufseg, count, td);
2519 * Helper function to readlink from a vnode
2522 kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg, size_t count,
2529 ASSERT_VOP_LOCKED(vp, "kern_readlink_vp(): vp not locked");
2531 error = mac_vnode_check_readlink(td->td_ucred, vp);
2535 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0)
2538 aiov.iov_base = buf;
2539 aiov.iov_len = count;
2540 auio.uio_iov = &aiov;
2541 auio.uio_iovcnt = 1;
2542 auio.uio_offset = 0;
2543 auio.uio_rw = UIO_READ;
2544 auio.uio_segflg = bufseg;
2546 auio.uio_resid = count;
2547 error = VOP_READLINK(vp, &auio, td->td_ucred);
2548 td->td_retval[0] = count - auio.uio_resid;
2553 * Common implementation code for chflags() and fchflags().
2556 setfflags(struct thread *td, struct vnode *vp, u_long flags)
2562 /* We can't support the value matching VNOVAL. */
2563 if (flags == VNOVAL)
2564 return (EOPNOTSUPP);
2567 * Prevent non-root users from setting flags on devices. When
2568 * a device is reused, users can retain ownership of the device
2569 * if they are allowed to set flags and programs assume that
2570 * chown can't fail when done as root.
2572 if (vp->v_type == VCHR || vp->v_type == VBLK) {
2573 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2578 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2581 vattr.va_flags = flags;
2582 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2584 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2587 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2589 vn_finished_write(mp);
2594 * Change flags of a file given a path name.
2596 #ifndef _SYS_SYSPROTO_H_
2597 struct chflags_args {
2603 sys_chflags(struct thread *td, struct chflags_args *uap)
2606 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2610 #ifndef _SYS_SYSPROTO_H_
2611 struct chflagsat_args {
2619 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2622 const char *path = uap->path;
2623 u_long flags = uap->flags;
2624 int atflag = uap->atflag;
2626 if (atflag & ~AT_SYMLINK_NOFOLLOW)
2629 return (kern_chflagsat(td, fd, path, UIO_USERSPACE, flags, atflag));
2633 * Same as chflags() but doesn't follow symlinks.
2635 #ifndef _SYS_SYSPROTO_H_
2636 struct lchflags_args {
2642 sys_lchflags(struct thread *td, struct lchflags_args *uap)
2645 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2646 uap->flags, AT_SYMLINK_NOFOLLOW));
2650 kern_chflagsat(struct thread *td, int fd, const char *path,
2651 enum uio_seg pathseg, u_long flags, int atflag)
2653 struct nameidata nd;
2656 AUDIT_ARG_FFLAGS(flags);
2657 follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2658 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2659 &cap_fchflags_rights, td);
2660 if ((error = namei(&nd)) != 0)
2662 NDFREE(&nd, NDF_ONLY_PNBUF);
2663 error = setfflags(td, nd.ni_vp, flags);
2669 * Change flags of a file given a file descriptor.
2671 #ifndef _SYS_SYSPROTO_H_
2672 struct fchflags_args {
2678 sys_fchflags(struct thread *td, struct fchflags_args *uap)
2683 AUDIT_ARG_FD(uap->fd);
2684 AUDIT_ARG_FFLAGS(uap->flags);
2685 error = getvnode(td, uap->fd, &cap_fchflags_rights,
2690 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2691 AUDIT_ARG_VNODE1(fp->f_vnode);
2692 VOP_UNLOCK(fp->f_vnode, 0);
2694 error = setfflags(td, fp->f_vnode, uap->flags);
2700 * Common implementation code for chmod(), lchmod() and fchmod().
2703 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode)
2709 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2711 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2713 vattr.va_mode = mode & ALLPERMS;
2715 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2718 error = VOP_SETATTR(vp, &vattr, cred);
2720 vn_finished_write(mp);
2725 * Change mode of a file given path name.
2727 #ifndef _SYS_SYSPROTO_H_
2734 sys_chmod(struct thread *td, struct chmod_args *uap)
2737 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2741 #ifndef _SYS_SYSPROTO_H_
2742 struct fchmodat_args {
2750 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2752 int flag = uap->flag;
2754 char *path = uap->path;
2755 mode_t mode = uap->mode;
2757 if (flag & ~AT_SYMLINK_NOFOLLOW)
2760 return (kern_fchmodat(td, fd, path, UIO_USERSPACE, mode, flag));
2764 * Change mode of a file given path name (don't follow links.)
2766 #ifndef _SYS_SYSPROTO_H_
2767 struct lchmod_args {
2773 sys_lchmod(struct thread *td, struct lchmod_args *uap)
2776 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2777 uap->mode, AT_SYMLINK_NOFOLLOW));
2781 kern_fchmodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2782 mode_t mode, int flag)
2784 struct nameidata nd;
2787 AUDIT_ARG_MODE(mode);
2788 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2789 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2790 &cap_fchmod_rights, td);
2791 if ((error = namei(&nd)) != 0)
2793 NDFREE(&nd, NDF_ONLY_PNBUF);
2794 error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2800 * Change mode of a file given a file descriptor.
2802 #ifndef _SYS_SYSPROTO_H_
2803 struct fchmod_args {
2809 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2814 AUDIT_ARG_FD(uap->fd);
2815 AUDIT_ARG_MODE(uap->mode);
2817 error = fget(td, uap->fd, &cap_fchmod_rights, &fp);
2820 error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2826 * Common implementation for chown(), lchown(), and fchown()
2829 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid,
2836 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2838 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2843 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2847 error = VOP_SETATTR(vp, &vattr, cred);
2849 vn_finished_write(mp);
2854 * Set ownership given a path name.
2856 #ifndef _SYS_SYSPROTO_H_
2864 sys_chown(struct thread *td, struct chown_args *uap)
2867 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid,
2871 #ifndef _SYS_SYSPROTO_H_
2872 struct fchownat_args {
2881 sys_fchownat(struct thread *td, struct fchownat_args *uap)
2886 if (flag & ~AT_SYMLINK_NOFOLLOW)
2889 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
2890 uap->gid, uap->flag));
2894 kern_fchownat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
2895 int uid, int gid, int flag)
2897 struct nameidata nd;
2900 AUDIT_ARG_OWNER(uid, gid);
2901 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2902 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2903 &cap_fchown_rights, td);
2905 if ((error = namei(&nd)) != 0)
2907 NDFREE(&nd, NDF_ONLY_PNBUF);
2908 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
2914 * Set ownership given a path name, do not cross symlinks.
2916 #ifndef _SYS_SYSPROTO_H_
2917 struct lchown_args {
2924 sys_lchown(struct thread *td, struct lchown_args *uap)
2927 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2928 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW));
2932 * Set ownership given a file descriptor.
2934 #ifndef _SYS_SYSPROTO_H_
2935 struct fchown_args {
2942 sys_fchown(struct thread *td, struct fchown_args *uap)
2947 AUDIT_ARG_FD(uap->fd);
2948 AUDIT_ARG_OWNER(uap->uid, uap->gid);
2949 error = fget(td, uap->fd, &cap_fchown_rights, &fp);
2952 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
2958 * Common implementation code for utimes(), lutimes(), and futimes().
2961 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg,
2962 struct timespec *tsp)
2964 struct timeval tv[2];
2965 const struct timeval *tvp;
2968 if (usrtvp == NULL) {
2969 vfs_timestamp(&tsp[0]);
2972 if (tvpseg == UIO_SYSSPACE) {
2975 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
2980 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
2981 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
2983 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
2984 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
2990 * Common implementation code for futimens(), utimensat().
2992 #define UTIMENS_NULL 0x1
2993 #define UTIMENS_EXIT 0x2
2995 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
2996 struct timespec *tsp, int *retflags)
2998 struct timespec tsnow;
3001 vfs_timestamp(&tsnow);
3003 if (usrtsp == NULL) {
3006 *retflags |= UTIMENS_NULL;
3009 if (tspseg == UIO_SYSSPACE) {
3012 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
3014 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
3015 *retflags |= UTIMENS_EXIT;
3016 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
3017 *retflags |= UTIMENS_NULL;
3018 if (tsp[0].tv_nsec == UTIME_OMIT)
3019 tsp[0].tv_sec = VNOVAL;
3020 else if (tsp[0].tv_nsec == UTIME_NOW)
3022 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
3024 if (tsp[1].tv_nsec == UTIME_OMIT)
3025 tsp[1].tv_sec = VNOVAL;
3026 else if (tsp[1].tv_nsec == UTIME_NOW)
3028 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
3035 * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
3039 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts,
3040 int numtimes, int nullflag)
3044 int error, setbirthtime;
3046 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
3048 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3050 if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) &&
3051 timespeccmp(&ts[1], &vattr.va_birthtime, < ))
3054 vattr.va_atime = ts[0];
3055 vattr.va_mtime = ts[1];
3057 vattr.va_birthtime = ts[1];
3059 vattr.va_birthtime = ts[2];
3061 vattr.va_vaflags |= VA_UTIMES_NULL;
3063 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3067 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3069 vn_finished_write(mp);
3074 * Set the access and modification times of a file.
3076 #ifndef _SYS_SYSPROTO_H_
3077 struct utimes_args {
3079 struct timeval *tptr;
3083 sys_utimes(struct thread *td, struct utimes_args *uap)
3086 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3087 uap->tptr, UIO_USERSPACE));
3090 #ifndef _SYS_SYSPROTO_H_
3091 struct futimesat_args {
3094 const struct timeval * times;
3098 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3101 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3102 uap->times, UIO_USERSPACE));
3106 kern_utimesat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
3107 struct timeval *tptr, enum uio_seg tptrseg)
3109 struct nameidata nd;
3110 struct timespec ts[2];
3113 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3115 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3116 &cap_futimes_rights, td);
3118 if ((error = namei(&nd)) != 0)
3120 NDFREE(&nd, NDF_ONLY_PNBUF);
3121 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3127 * Set the access and modification times of a file.
3129 #ifndef _SYS_SYSPROTO_H_
3130 struct lutimes_args {
3132 struct timeval *tptr;
3136 sys_lutimes(struct thread *td, struct lutimes_args *uap)
3139 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3144 kern_lutimes(struct thread *td, char *path, enum uio_seg pathseg,
3145 struct timeval *tptr, enum uio_seg tptrseg)
3147 struct timespec ts[2];
3148 struct nameidata nd;
3151 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3153 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td);
3154 if ((error = namei(&nd)) != 0)
3156 NDFREE(&nd, NDF_ONLY_PNBUF);
3157 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3163 * Set the access and modification times of a file.
3165 #ifndef _SYS_SYSPROTO_H_
3166 struct futimes_args {
3168 struct timeval *tptr;
3172 sys_futimes(struct thread *td, struct futimes_args *uap)
3175 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3179 kern_futimes(struct thread *td, int fd, struct timeval *tptr,
3180 enum uio_seg tptrseg)
3182 struct timespec ts[2];
3187 error = getutimes(tptr, tptrseg, ts);
3190 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3194 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3195 AUDIT_ARG_VNODE1(fp->f_vnode);
3196 VOP_UNLOCK(fp->f_vnode, 0);
3198 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3204 sys_futimens(struct thread *td, struct futimens_args *uap)
3207 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3211 kern_futimens(struct thread *td, int fd, struct timespec *tptr,
3212 enum uio_seg tptrseg)
3214 struct timespec ts[2];
3219 error = getutimens(tptr, tptrseg, ts, &flags);
3222 if (flags & UTIMENS_EXIT)
3224 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3228 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3229 AUDIT_ARG_VNODE1(fp->f_vnode);
3230 VOP_UNLOCK(fp->f_vnode, 0);
3232 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3238 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3241 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3242 uap->times, UIO_USERSPACE, uap->flag));
3246 kern_utimensat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
3247 struct timespec *tptr, enum uio_seg tptrseg, int flag)
3249 struct nameidata nd;
3250 struct timespec ts[2];
3253 if (flag & ~AT_SYMLINK_NOFOLLOW)
3256 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3258 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
3259 FOLLOW) | AUDITVNODE1, pathseg, path, fd,
3260 &cap_futimes_rights, td);
3261 if ((error = namei(&nd)) != 0)
3264 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3266 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3267 * "Search permission is denied by a component of the path prefix."
3269 NDFREE(&nd, NDF_ONLY_PNBUF);
3270 if ((flags & UTIMENS_EXIT) == 0)
3271 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3277 * Truncate a file given its path name.
3279 #ifndef _SYS_SYSPROTO_H_
3280 struct truncate_args {
3287 sys_truncate(struct thread *td, struct truncate_args *uap)
3290 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3294 kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length)
3300 struct nameidata nd;
3305 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
3306 if ((error = namei(&nd)) != 0)
3309 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3310 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
3311 vn_rangelock_unlock(vp, rl_cookie);
3315 NDFREE(&nd, NDF_ONLY_PNBUF);
3316 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3317 if (vp->v_type == VDIR)
3320 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) {
3323 else if ((error = vn_writechk(vp)) == 0 &&
3324 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
3326 vattr.va_size = length;
3327 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3330 vn_finished_write(mp);
3331 vn_rangelock_unlock(vp, rl_cookie);
3336 #if defined(COMPAT_43)
3338 * Truncate a file given its path name.
3340 #ifndef _SYS_SYSPROTO_H_
3341 struct otruncate_args {
3347 otruncate(struct thread *td, struct otruncate_args *uap)
3350 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3352 #endif /* COMPAT_43 */
3354 #if defined(COMPAT_FREEBSD6)
3355 /* Versions with the pad argument */
3357 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3360 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3364 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3367 return (kern_ftruncate(td, uap->fd, uap->length));
3372 kern_fsync(struct thread *td, int fd, bool fullsync)
3377 int error, lock_flags;
3380 error = getvnode(td, fd, &cap_fsync_rights, &fp);
3386 /* XXXKIB: compete outstanding aio writes */;
3388 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3391 if (MNT_SHARED_WRITES(mp) ||
3392 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) {
3393 lock_flags = LK_SHARED;
3395 lock_flags = LK_EXCLUSIVE;
3397 vn_lock(vp, lock_flags | LK_RETRY);
3398 AUDIT_ARG_VNODE1(vp);
3399 if (vp->v_object != NULL) {
3400 VM_OBJECT_WLOCK(vp->v_object);
3401 vm_object_page_clean(vp->v_object, 0, 0, 0);
3402 VM_OBJECT_WUNLOCK(vp->v_object);
3404 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td);
3406 vn_finished_write(mp);
3413 * Sync an open file.
3415 #ifndef _SYS_SYSPROTO_H_
3421 sys_fsync(struct thread *td, struct fsync_args *uap)
3424 return (kern_fsync(td, uap->fd, true));
3428 sys_fdatasync(struct thread *td, struct fdatasync_args *uap)
3431 return (kern_fsync(td, uap->fd, false));
3435 * Rename files. Source and destination must either both be directories, or
3436 * both not be directories. If target is a directory, it must be empty.
3438 #ifndef _SYS_SYSPROTO_H_
3439 struct rename_args {
3445 sys_rename(struct thread *td, struct rename_args *uap)
3448 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD,
3449 uap->to, UIO_USERSPACE));
3452 #ifndef _SYS_SYSPROTO_H_
3453 struct renameat_args {
3461 sys_renameat(struct thread *td, struct renameat_args *uap)
3464 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3469 kern_renameat(struct thread *td, int oldfd, char *old, int newfd, char *new,
3470 enum uio_seg pathseg)
3472 struct mount *mp = NULL;
3473 struct vnode *tvp, *fvp, *tdvp;
3474 struct nameidata fromnd, tond;
3480 NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
3481 AUDITVNODE1, pathseg, old, oldfd,
3482 &cap_renameat_source_rights, td);
3484 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1,
3485 pathseg, old, oldfd,
3486 &cap_renameat_source_rights, td);
3489 if ((error = namei(&fromnd)) != 0)
3492 error = mac_vnode_check_rename_from(td->td_ucred, fromnd.ni_dvp,
3493 fromnd.ni_vp, &fromnd.ni_cnd);
3494 VOP_UNLOCK(fromnd.ni_dvp, 0);
3495 if (fromnd.ni_dvp != fromnd.ni_vp)
3496 VOP_UNLOCK(fromnd.ni_vp, 0);
3499 NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE |
3500 SAVESTART | AUDITVNODE2, pathseg, new, newfd,
3501 &cap_renameat_target_rights, td);
3502 if (fromnd.ni_vp->v_type == VDIR)
3503 tond.ni_cnd.cn_flags |= WILLBEDIR;
3504 if ((error = namei(&tond)) != 0) {
3505 /* Translate error code for rename("dir1", "dir2/."). */
3506 if (error == EISDIR && fvp->v_type == VDIR)
3508 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3509 vrele(fromnd.ni_dvp);
3515 error = vn_start_write(fvp, &mp, V_NOWAIT);
3517 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3518 NDFREE(&tond, NDF_ONLY_PNBUF);
3525 vrele(fromnd.ni_dvp);
3527 vrele(tond.ni_startdir);
3528 if (fromnd.ni_startdir != NULL)
3529 vrele(fromnd.ni_startdir);
3530 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
3536 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3539 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3544 if (newfd != AT_FDCWD && (tond.ni_resflags & NIRES_ABS) == 0) {
3546 * If the target already exists we require CAP_UNLINKAT
3547 * from 'newfd', when newfd was used for the lookup.
3549 error = cap_check(&tond.ni_filecaps.fc_rights,
3550 &cap_unlinkat_rights);
3561 * If the source is the same as the destination (that is, if they
3562 * are links to the same vnode), then there is nothing to do.
3568 error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3569 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3573 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3574 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3575 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3576 NDFREE(&tond, NDF_ONLY_PNBUF);
3578 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3579 NDFREE(&tond, NDF_ONLY_PNBUF);
3586 vrele(fromnd.ni_dvp);
3589 vrele(tond.ni_startdir);
3590 vn_finished_write(mp);
3592 if (fromnd.ni_startdir)
3593 vrele(fromnd.ni_startdir);
3600 * Make a directory file.
3602 #ifndef _SYS_SYSPROTO_H_
3609 sys_mkdir(struct thread *td, struct mkdir_args *uap)
3612 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3616 #ifndef _SYS_SYSPROTO_H_
3617 struct mkdirat_args {
3624 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3627 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3631 kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg,
3637 struct nameidata nd;
3640 AUDIT_ARG_MODE(mode);
3643 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
3644 NOCACHE, segflg, path, fd, &cap_mkdirat_rights,
3646 nd.ni_cnd.cn_flags |= WILLBEDIR;
3647 if ((error = namei(&nd)) != 0)
3651 NDFREE(&nd, NDF_ONLY_PNBUF);
3653 * XXX namei called with LOCKPARENT but not LOCKLEAF has
3654 * the strange behaviour of leaving the vnode unlocked
3655 * if the target is the same vnode as the parent.
3657 if (vp == nd.ni_dvp)
3664 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3665 NDFREE(&nd, NDF_ONLY_PNBUF);
3667 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3672 vattr.va_type = VDIR;
3673 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask;
3675 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3680 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3684 NDFREE(&nd, NDF_ONLY_PNBUF);
3688 vn_finished_write(mp);
3693 * Remove a directory file.
3695 #ifndef _SYS_SYSPROTO_H_
3701 sys_rmdir(struct thread *td, struct rmdir_args *uap)
3704 return (kern_rmdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE));
3708 kern_rmdirat(struct thread *td, int fd, char *path, enum uio_seg pathseg)
3712 struct nameidata nd;
3717 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
3718 pathseg, path, fd, &cap_unlinkat_rights, td);
3719 if ((error = namei(&nd)) != 0)
3722 if (vp->v_type != VDIR) {
3727 * No rmdir "." please.
3729 if (nd.ni_dvp == vp) {
3734 * The root of a mounted filesystem cannot be deleted.
3736 if (vp->v_vflag & VV_ROOT) {
3741 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3746 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3747 NDFREE(&nd, NDF_ONLY_PNBUF);
3749 if (nd.ni_dvp == vp)
3753 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3757 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3758 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3759 vn_finished_write(mp);
3761 NDFREE(&nd, NDF_ONLY_PNBUF);
3763 if (nd.ni_dvp == vp)
3770 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
3772 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count,
3773 long *basep, void (*func)(struct freebsd11_dirent *))
3775 struct freebsd11_dirent dstdp;
3776 struct dirent *dp, *edp;
3779 ssize_t resid, ucount;
3782 /* XXX arbitrary sanity limit on `count'. */
3783 count = min(count, 64 * 1024);
3785 dirbuf = malloc(count, M_TEMP, M_WAITOK);
3787 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid,
3795 for (dp = (struct dirent *)dirbuf,
3796 edp = (struct dirent *)&dirbuf[count - resid];
3797 ucount < count && dp < edp; ) {
3798 if (dp->d_reclen == 0)
3800 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0));
3801 if (dp->d_namlen >= sizeof(dstdp.d_name))
3803 dstdp.d_type = dp->d_type;
3804 dstdp.d_namlen = dp->d_namlen;
3805 dstdp.d_fileno = dp->d_fileno; /* truncate */
3806 if (dstdp.d_fileno != dp->d_fileno) {
3807 switch (ino64_trunc_error) {
3815 dstdp.d_fileno = UINT32_MAX;
3819 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) +
3820 ((dp->d_namlen + 1 + 3) &~ 3);
3821 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
3822 bzero(dstdp.d_name + dstdp.d_namlen,
3823 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) -
3825 MPASS(dstdp.d_reclen <= dp->d_reclen);
3826 MPASS(ucount + dstdp.d_reclen <= count);
3829 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen);
3832 dp = (struct dirent *)((char *)dp + dp->d_reclen);
3833 ucount += dstdp.d_reclen;
3837 free(dirbuf, M_TEMP);
3839 td->td_retval[0] = ucount;
3846 ogetdirentries_cvt(struct freebsd11_dirent *dp)
3848 #if (BYTE_ORDER == LITTLE_ENDIAN)
3850 * The expected low byte of dp->d_namlen is our dp->d_type.
3851 * The high MBZ byte of dp->d_namlen is our dp->d_namlen.
3853 dp->d_type = dp->d_namlen;
3857 * The dp->d_type is the high byte of the expected dp->d_namlen,
3858 * so must be zero'ed.
3865 * Read a block of directory entries in a filesystem independent format.
3867 #ifndef _SYS_SYSPROTO_H_
3868 struct ogetdirentries_args {
3876 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
3881 error = kern_ogetdirentries(td, uap, &loff);
3883 error = copyout(&loff, uap->basep, sizeof(long));
3888 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
3894 /* XXX arbitrary sanity limit on `count'. */
3895 if (uap->count > 64 * 1024)
3898 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
3899 &base, ogetdirentries_cvt);
3901 if (error == 0 && uap->basep != NULL)
3902 error = copyout(&base, uap->basep, sizeof(long));
3906 #endif /* COMPAT_43 */
3908 #if defined(COMPAT_FREEBSD11)
3909 #ifndef _SYS_SYSPROTO_H_
3910 struct freebsd11_getdirentries_args {
3918 freebsd11_getdirentries(struct thread *td,
3919 struct freebsd11_getdirentries_args *uap)
3924 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
3927 if (error == 0 && uap->basep != NULL)
3928 error = copyout(&base, uap->basep, sizeof(long));
3933 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap)
3935 struct freebsd11_getdirentries_args ap;
3939 ap.count = uap->count;
3941 return (freebsd11_getdirentries(td, &ap));
3943 #endif /* COMPAT_FREEBSD11 */
3946 * Read a block of directory entries in a filesystem independent format.
3949 sys_getdirentries(struct thread *td, struct getdirentries_args *uap)
3954 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
3955 NULL, UIO_USERSPACE);
3958 if (uap->basep != NULL)
3959 error = copyout(&base, uap->basep, sizeof(off_t));
3964 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count,
3965 off_t *basep, ssize_t *residp, enum uio_seg bufseg)
3976 if (count > IOSIZE_MAX)
3978 auio.uio_resid = count;
3979 error = getvnode(td, fd, &cap_read_rights, &fp);
3982 if ((fp->f_flag & FREAD) == 0) {
3987 foffset = foffset_lock(fp, 0);
3989 if (vp->v_type != VDIR) {
3993 aiov.iov_base = buf;
3994 aiov.iov_len = count;
3995 auio.uio_iov = &aiov;
3996 auio.uio_iovcnt = 1;
3997 auio.uio_rw = UIO_READ;
3998 auio.uio_segflg = bufseg;
4000 vn_lock(vp, LK_SHARED | LK_RETRY);
4001 AUDIT_ARG_VNODE1(vp);
4002 loff = auio.uio_offset = foffset;
4004 error = mac_vnode_check_readdir(td->td_ucred, vp);
4007 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4009 foffset = auio.uio_offset;
4014 if (count == auio.uio_resid &&
4015 (vp->v_vflag & VV_ROOT) &&
4016 (vp->v_mount->mnt_flag & MNT_UNION)) {
4017 struct vnode *tvp = vp;
4019 vp = vp->v_mount->mnt_vnodecovered;
4030 *residp = auio.uio_resid;
4031 td->td_retval[0] = count - auio.uio_resid;
4033 foffset_unlock(fp, foffset, 0);
4039 * Set the mode mask for creation of filesystem nodes.
4041 #ifndef _SYS_SYSPROTO_H_
4047 sys_umask(struct thread *td, struct umask_args *uap)
4049 struct filedesc *fdp;
4051 fdp = td->td_proc->p_fd;
4052 FILEDESC_XLOCK(fdp);
4053 td->td_retval[0] = fdp->fd_cmask;
4054 fdp->fd_cmask = uap->newmask & ALLPERMS;
4055 FILEDESC_XUNLOCK(fdp);
4060 * Void all references to file by ripping underlying filesystem away from
4063 #ifndef _SYS_SYSPROTO_H_
4064 struct revoke_args {
4069 sys_revoke(struct thread *td, struct revoke_args *uap)
4073 struct nameidata nd;
4076 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4078 if ((error = namei(&nd)) != 0)
4081 NDFREE(&nd, NDF_ONLY_PNBUF);
4082 if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4087 error = mac_vnode_check_revoke(td->td_ucred, vp);
4091 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4094 if (td->td_ucred->cr_uid != vattr.va_uid) {
4095 error = priv_check(td, PRIV_VFS_ADMIN);
4100 VOP_REVOKE(vp, REVOKEALL);
4107 * Convert a user file descriptor to a kernel file entry and check that, if it
4108 * is a capability, the correct rights are present. A reference on the file
4109 * entry is held upon returning.
4112 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
4117 error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp, NULL);
4122 * The file could be not of the vnode type, or it may be not
4123 * yet fully initialized, in which case the f_vnode pointer
4124 * may be set, but f_ops is still badfileops. E.g.,
4125 * devfs_open() transiently create such situation to
4126 * facilitate csw d_fdopen().
4128 * Dupfdopen() handling in kern_openat() installs the
4129 * half-baked file into the process descriptor table, allowing
4130 * other thread to dereference it. Guard against the race by
4133 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) {
4143 * Get an (NFS) file handle.
4145 #ifndef _SYS_SYSPROTO_H_
4146 struct lgetfh_args {
4152 sys_lgetfh(struct thread *td, struct lgetfh_args *uap)
4155 return (kern_getfhat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->fname,
4156 UIO_USERSPACE, uap->fhp));
4159 #ifndef _SYS_SYSPROTO_H_
4166 sys_getfh(struct thread *td, struct getfh_args *uap)
4169 return (kern_getfhat(td, 0, AT_FDCWD, uap->fname, UIO_USERSPACE,
4174 * syscall for the rpc.lockd to use to translate an open descriptor into
4175 * a NFS file handle.
4177 * warning: do not remove the priv_check() call or this becomes one giant
4180 #ifndef _SYS_SYSPROTO_H_
4181 struct getfhat_args {
4189 sys_getfhat(struct thread *td, struct getfhat_args *uap)
4192 if ((uap->flags & ~(AT_SYMLINK_NOFOLLOW)) != 0)
4194 return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
4199 kern_getfhat(struct thread *td, int flags, int fd, const char *path,
4200 enum uio_seg pathseg, fhandle_t *fhp)
4202 struct nameidata nd;
4207 error = priv_check(td, PRIV_VFS_GETFH);
4210 NDINIT_AT(&nd, LOOKUP, ((flags & AT_SYMLINK_NOFOLLOW) != 0 ? NOFOLLOW :
4211 FOLLOW) | /*((flags & AT_BENEATH) != 0 ? BENEATH : 0) |*/ LOCKLEAF |
4212 AUDITVNODE1, pathseg, path, fd, td);
4216 NDFREE(&nd, NDF_ONLY_PNBUF);
4218 bzero(&fh, sizeof(fh));
4219 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4220 error = VOP_VPTOFH(vp, &fh.fh_fid);
4223 error = copyout(&fh, fhp, sizeof (fh));
4227 #ifndef _SYS_SYSPROTO_H_
4228 struct fhlink_args {
4234 sys_fhlink(struct thread *td, struct fhlink_args *uap)
4237 return (kern_fhlinkat(td, AT_FDCWD, uap->to, UIO_USERSPACE, uap->fhp));
4240 #ifndef _SYS_SYSPROTO_H_
4241 struct fhlinkat_args {
4248 sys_fhlinkat(struct thread *td, struct fhlinkat_args *uap)
4251 return (kern_fhlinkat(td, uap->tofd, uap->to, UIO_USERSPACE, uap->fhp));
4255 kern_fhlinkat(struct thread *td, int fd, const char *path,
4256 enum uio_seg pathseg, fhandle_t *fhp)
4263 error = priv_check(td, PRIV_VFS_GETFH);
4266 error = copyin(fhp, &fh, sizeof(fh));
4271 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4273 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4278 } while ((error = kern_linkat_vp(td, vp, fd, path, pathseg)) == EAGAIN);
4282 #ifndef _SYS_SYSPROTO_H_
4283 struct fhreadlink_args {
4290 sys_fhreadlink(struct thread *td, struct fhreadlink_args *uap)
4297 error = priv_check(td, PRIV_VFS_GETFH);
4300 if (uap->bufsize > IOSIZE_MAX)
4302 error = copyin(uap->fhp, &fh, sizeof(fh));
4305 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4307 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4311 error = kern_readlink_vp(vp, uap->buf, UIO_USERSPACE, uap->bufsize, td);
4317 * syscall for the rpc.lockd to use to translate a NFS file handle into an
4320 * warning: do not remove the priv_check() call or this becomes one giant
4323 #ifndef _SYS_SYSPROTO_H_
4324 struct fhopen_args {
4325 const struct fhandle *u_fhp;
4330 sys_fhopen(struct thread *td, struct fhopen_args *uap)
4339 error = priv_check(td, PRIV_VFS_FHOPEN);
4343 fmode = FFLAGS(uap->flags);
4344 /* why not allow a non-read/write open for our lockd? */
4345 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4347 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4350 /* find the mount point */
4351 mp = vfs_busyfs(&fhp.fh_fsid);
4354 /* now give me my vnode, it gets returned to me locked */
4355 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4360 error = falloc_noinstall(td, &fp);
4366 * An extra reference on `fp' has been held for us by
4367 * falloc_noinstall().
4373 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4375 KASSERT(fp->f_ops == &badfileops,
4376 ("VOP_OPEN in fhopen() set f_ops"));
4377 KASSERT(td->td_dupfd < 0,
4378 ("fhopen() encountered fdopen()"));
4388 finit(fp, (fmode & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE, vp,
4391 if ((fmode & O_TRUNC) != 0) {
4392 error = fo_truncate(fp, 0, td->td_ucred, td);
4397 error = finstall(td, fp, &indx, fmode, NULL);
4400 td->td_retval[0] = indx;
4405 * Stat an (NFS) file handle.
4407 #ifndef _SYS_SYSPROTO_H_
4408 struct fhstat_args {
4409 struct fhandle *u_fhp;
4414 sys_fhstat(struct thread *td, struct fhstat_args *uap)
4420 error = copyin(uap->u_fhp, &fh, sizeof(fh));
4423 error = kern_fhstat(td, fh, &sb);
4425 error = copyout(&sb, uap->sb, sizeof(sb));
4430 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4436 error = priv_check(td, PRIV_VFS_FHSTAT);
4439 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4441 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4445 error = vn_stat(vp, sb, td->td_ucred, NOCRED, td);
4451 * Implement fstatfs() for (NFS) file handles.
4453 #ifndef _SYS_SYSPROTO_H_
4454 struct fhstatfs_args {
4455 struct fhandle *u_fhp;
4460 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap)
4466 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4469 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
4470 error = kern_fhstatfs(td, fh, sfp);
4472 error = copyout(sfp, uap->buf, sizeof(*sfp));
4473 free(sfp, M_STATFS);
4478 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4485 error = priv_check(td, PRIV_VFS_FHSTATFS);
4488 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4490 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4496 error = prison_canseemount(td->td_ucred, mp);
4500 error = mac_mount_check_stat(td->td_ucred, mp);
4505 * Set these in case the underlying filesystem fails to do so.
4508 sp->f_version = STATFS_VERSION;
4509 sp->f_namemax = NAME_MAX;
4510 sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
4511 error = VFS_STATFS(mp, sp);
4520 kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len)
4525 off_t olen, ooffset;
4528 int audited_vnode1 = 0;
4532 if (offset < 0 || len <= 0)
4534 /* Check for wrap. */
4535 if (offset > OFF_MAX - len)
4538 error = fget(td, fd, &cap_pwrite_rights, &fp);
4541 AUDIT_ARG_FILE(td->td_proc, fp);
4542 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4546 if ((fp->f_flag & FWRITE) == 0) {
4550 if (fp->f_type != DTYPE_VNODE) {
4555 if (vp->v_type != VREG) {
4560 /* Allocating blocks may take a long time, so iterate. */
4567 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
4570 error = vn_lock(vp, LK_EXCLUSIVE);
4572 vn_finished_write(mp);
4576 if (!audited_vnode1) {
4577 AUDIT_ARG_VNODE1(vp);
4582 error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp);
4585 error = VOP_ALLOCATE(vp, &offset, &len);
4587 vn_finished_write(mp);
4589 if (olen + ooffset != offset + len) {
4590 panic("offset + len changed from %jx/%jx to %jx/%jx",
4591 ooffset, olen, offset, len);
4593 if (error != 0 || len == 0)
4595 KASSERT(olen > len, ("Iteration did not make progress?"));
4604 sys_posix_fallocate(struct thread *td, struct posix_fallocate_args *uap)
4608 error = kern_posix_fallocate(td, uap->fd, uap->offset, uap->len);
4609 return (kern_posix_error(td, error));
4613 * Unlike madvise(2), we do not make a best effort to remember every
4614 * possible caching hint. Instead, we remember the last setting with
4615 * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4616 * region of any current setting.
4619 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4622 struct fadvise_info *fa, *new;
4628 if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4630 AUDIT_ARG_VALUE(advice);
4632 case POSIX_FADV_SEQUENTIAL:
4633 case POSIX_FADV_RANDOM:
4634 case POSIX_FADV_NOREUSE:
4635 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4637 case POSIX_FADV_NORMAL:
4638 case POSIX_FADV_WILLNEED:
4639 case POSIX_FADV_DONTNEED:
4645 /* XXX: CAP_POSIX_FADVISE? */
4647 error = fget(td, fd, &cap_no_rights, &fp);
4650 AUDIT_ARG_FILE(td->td_proc, fp);
4651 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4655 if (fp->f_type != DTYPE_VNODE) {
4660 if (vp->v_type != VREG) {
4667 end = offset + len - 1;
4669 case POSIX_FADV_SEQUENTIAL:
4670 case POSIX_FADV_RANDOM:
4671 case POSIX_FADV_NOREUSE:
4673 * Try to merge any existing non-standard region with
4674 * this new region if possible, otherwise create a new
4675 * non-standard region for this request.
4677 mtx_pool_lock(mtxpool_sleep, fp);
4679 if (fa != NULL && fa->fa_advice == advice &&
4680 ((fa->fa_start <= end && fa->fa_end >= offset) ||
4681 (end != OFF_MAX && fa->fa_start == end + 1) ||
4682 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4683 if (offset < fa->fa_start)
4684 fa->fa_start = offset;
4685 if (end > fa->fa_end)
4688 new->fa_advice = advice;
4689 new->fa_start = offset;
4694 mtx_pool_unlock(mtxpool_sleep, fp);
4696 case POSIX_FADV_NORMAL:
4698 * If a the "normal" region overlaps with an existing
4699 * non-standard region, trim or remove the
4700 * non-standard region.
4702 mtx_pool_lock(mtxpool_sleep, fp);
4705 if (offset <= fa->fa_start && end >= fa->fa_end) {
4707 fp->f_advice = NULL;
4708 } else if (offset <= fa->fa_start &&
4709 end >= fa->fa_start)
4710 fa->fa_start = end + 1;
4711 else if (offset <= fa->fa_end && end >= fa->fa_end)
4712 fa->fa_end = offset - 1;
4713 else if (offset >= fa->fa_start && end <= fa->fa_end) {
4715 * If the "normal" region is a middle
4716 * portion of the existing
4717 * non-standard region, just remove
4718 * the whole thing rather than picking
4719 * one side or the other to
4723 fp->f_advice = NULL;
4726 mtx_pool_unlock(mtxpool_sleep, fp);
4728 case POSIX_FADV_WILLNEED:
4729 case POSIX_FADV_DONTNEED:
4730 error = VOP_ADVISE(vp, offset, end, advice);
4736 free(new, M_FADVISE);
4741 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4745 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len,
4747 return (kern_posix_error(td, error));
projects / FreeBSD / FreeBSD.git / blob