2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 #include <sys/cdefs.h>
40 #include "opt_capsicum.h"
41 #include "opt_ktrace.h"
43 #include <sys/param.h>
44 #include <sys/systm.h>
47 #include <sys/capsicum.h>
49 #include <sys/malloc.h>
50 #include <sys/mount.h>
51 #include <sys/mutex.h>
52 #include <sys/sysproto.h>
53 #include <sys/namei.h>
54 #include <sys/filedesc.h>
55 #include <sys/kernel.h>
56 #include <sys/fcntl.h>
58 #include <sys/filio.h>
59 #include <sys/limits.h>
60 #include <sys/linker.h>
61 #include <sys/rwlock.h>
65 #include <sys/unistd.h>
66 #include <sys/vnode.h>
69 #include <sys/dirent.h>
71 #include <sys/syscallsubr.h>
72 #include <sys/sysctl.h>
74 #include <sys/ktrace.h>
77 #include <machine/stdarg.h>
79 #include <security/audit/audit.h>
80 #include <security/mac/mac_framework.h>
83 #include <vm/vm_object.h>
84 #include <vm/vm_page.h>
87 #include <fs/devfs/devfs.h>
89 #include <ufs/ufs/quota.h>
91 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
93 static int kern_chflagsat(struct thread *td, int fd, const char *path,
94 enum uio_seg pathseg, u_long flags, int atflag);
95 static int setfflags(struct thread *td, struct vnode *, u_long);
96 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
97 static int getutimens(const struct timespec *, enum uio_seg,
98 struct timespec *, int *);
99 static int setutimes(struct thread *td, struct vnode *,
100 const struct timespec *, int, int);
101 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
103 static int kern_fhlinkat(struct thread *td, int fd, const char *path,
104 enum uio_seg pathseg, fhandle_t *fhp);
105 static int kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg,
106 size_t count, struct thread *td);
107 static int kern_linkat_vp(struct thread *td, struct vnode *vp, int fd,
108 const char *path, enum uio_seg segflag);
111 at2cnpflags(u_int at_flags, u_int mask)
115 MPASS((at_flags & (AT_SYMLINK_FOLLOW | AT_SYMLINK_NOFOLLOW)) !=
116 (AT_SYMLINK_FOLLOW | AT_SYMLINK_NOFOLLOW));
120 if ((at_flags & AT_RESOLVE_BENEATH) != 0)
122 if ((at_flags & AT_SYMLINK_FOLLOW) != 0)
124 /* NOFOLLOW is pseudo flag */
125 if ((mask & AT_SYMLINK_NOFOLLOW) != 0) {
126 res |= (at_flags & AT_SYMLINK_NOFOLLOW) != 0 ? NOFOLLOW :
129 if ((mask & AT_EMPTY_PATH) != 0 && (at_flags & AT_EMPTY_PATH) != 0)
135 kern_sync(struct thread *td)
137 struct mount *mp, *nmp;
140 mtx_lock(&mountlist_mtx);
141 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
142 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
143 nmp = TAILQ_NEXT(mp, mnt_list);
146 if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
147 vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
148 save = curthread_pflags_set(TDP_SYNCIO);
149 vfs_periodic(mp, MNT_NOWAIT);
150 VFS_SYNC(mp, MNT_NOWAIT);
151 curthread_pflags_restore(save);
152 vn_finished_write(mp);
154 mtx_lock(&mountlist_mtx);
155 nmp = TAILQ_NEXT(mp, mnt_list);
158 mtx_unlock(&mountlist_mtx);
163 * Sync each mounted filesystem.
165 #ifndef _SYS_SYSPROTO_H_
172 sys_sync(struct thread *td, struct sync_args *uap)
175 return (kern_sync(td));
179 * Change filesystem quotas.
181 #ifndef _SYS_SYSPROTO_H_
182 struct quotactl_args {
190 sys_quotactl(struct thread *td, struct quotactl_args *uap)
196 AUDIT_ARG_CMD(uap->cmd);
197 AUDIT_ARG_UID(uap->uid);
198 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
200 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
202 if ((error = namei(&nd)) != 0)
204 NDFREE(&nd, NDF_ONLY_PNBUF);
205 mp = nd.ni_vp->v_mount;
208 error = vfs_busy(mp, 0);
213 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg);
216 * Since quota on operation typically needs to open quota
217 * file, the Q_QUOTAON handler needs to unbusy the mount point
218 * before calling into namei. Otherwise, unmount might be
219 * started between two vfs_busy() invocations (first is our,
220 * second is from mount point cross-walk code in lookup()),
223 * Require that Q_QUOTAON handles the vfs_busy() reference on
224 * its own, always returning with ubusied mount point.
226 if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON &&
227 (uap->cmd >> SUBCMDSHIFT) != Q_QUOTAOFF)
234 * Used by statfs conversion routines to scale the block size up if
235 * necessary so that all of the block counts are <= 'max_size'. Note
236 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
240 statfs_scale_blocks(struct statfs *sf, long max_size)
245 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
248 * Attempt to scale the block counts to give a more accurate
249 * overview to userland of the ratio of free space to used
250 * space. To do this, find the largest block count and compute
251 * a divisor that lets it fit into a signed integer <= max_size.
253 if (sf->f_bavail < 0)
254 count = -sf->f_bavail;
256 count = sf->f_bavail;
257 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
258 if (count <= max_size)
261 count >>= flsl(max_size);
268 sf->f_bsize <<= shift;
269 sf->f_blocks >>= shift;
270 sf->f_bfree >>= shift;
271 sf->f_bavail >>= shift;
275 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
281 error = vfs_busy(mp, 0);
286 error = mac_mount_check_stat(td->td_ucred, mp);
290 error = VFS_STATFS(mp, buf);
293 if (priv_check_cred_vfs_generation(td->td_ucred)) {
294 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
295 prison_enforce_statfs(td->td_ucred, mp, buf);
303 * Get filesystem statistics.
305 #ifndef _SYS_SYSPROTO_H_
312 sys_statfs(struct thread *td, struct statfs_args *uap)
317 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
318 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
320 error = copyout(sfp, uap->buf, sizeof(struct statfs));
326 kern_statfs(struct thread *td, const char *path, enum uio_seg pathseg,
333 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
337 mp = vfs_ref_from_vp(nd.ni_vp);
340 return (kern_do_statfs(td, mp, buf));
344 * Get filesystem statistics.
346 #ifndef _SYS_SYSPROTO_H_
347 struct fstatfs_args {
353 sys_fstatfs(struct thread *td, struct fstatfs_args *uap)
358 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
359 error = kern_fstatfs(td, uap->fd, sfp);
361 error = copyout(sfp, uap->buf, sizeof(struct statfs));
367 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
375 error = getvnode_path(td, fd, &cap_fstatfs_rights, &fp);
380 if (AUDITING_TD(td)) {
381 vn_lock(vp, LK_SHARED | LK_RETRY);
382 AUDIT_ARG_VNODE1(vp);
386 mp = vfs_ref_from_vp(vp);
388 return (kern_do_statfs(td, mp, buf));
392 * Get statistics on all filesystems.
394 #ifndef _SYS_SYSPROTO_H_
395 struct getfsstat_args {
402 sys_getfsstat(struct thread *td, struct getfsstat_args *uap)
407 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
409 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
410 UIO_USERSPACE, uap->mode);
412 td->td_retval[0] = count;
417 * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
418 * The caller is responsible for freeing memory which will be allocated
422 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
423 size_t *countp, enum uio_seg bufseg, int mode)
425 struct mount *mp, *nmp;
426 struct statfs *sfsp, *sp, *sptmp, *tofree;
427 size_t count, maxcount;
435 if (bufseg == UIO_SYSSPACE)
440 maxcount = bufsize / sizeof(struct statfs);
444 } else if (bufseg == UIO_USERSPACE) {
447 } else /* if (bufseg == UIO_SYSSPACE) */ {
449 mtx_lock(&mountlist_mtx);
450 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
453 mtx_unlock(&mountlist_mtx);
454 if (maxcount > count)
456 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs),
463 * If there is no target buffer they only want the count.
465 * This could be TAILQ_FOREACH but it is open-coded to match the original
469 mtx_lock(&mountlist_mtx);
470 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
471 if (prison_canseemount(td->td_ucred, mp) != 0) {
472 nmp = TAILQ_NEXT(mp, mnt_list);
476 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
477 nmp = TAILQ_NEXT(mp, mnt_list);
482 nmp = TAILQ_NEXT(mp, mnt_list);
484 mtx_unlock(&mountlist_mtx);
490 * They want the entire thing.
492 * Short-circuit the corner case of no room for anything, avoids
499 mtx_lock(&mountlist_mtx);
500 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
501 if (prison_canseemount(td->td_ucred, mp) != 0) {
502 nmp = TAILQ_NEXT(mp, mnt_list);
506 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
507 nmp = TAILQ_NEXT(mp, mnt_list);
511 if (mode == MNT_WAIT) {
512 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) {
514 * If vfs_busy() failed, and MBF_NOWAIT
515 * wasn't passed, then the mp is gone.
516 * Furthermore, because of MBF_MNTLSTLOCK,
517 * the mountlist_mtx was dropped. We have
518 * no other choice than to start over.
520 mtx_unlock(&mountlist_mtx);
521 free(tofree, M_STATFS);
525 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) {
526 nmp = TAILQ_NEXT(mp, mnt_list);
532 * If MNT_NOWAIT is specified, do not refresh
535 if (mode != MNT_NOWAIT) {
536 error = VFS_STATFS(mp, sp);
538 mtx_lock(&mountlist_mtx);
539 nmp = TAILQ_NEXT(mp, mnt_list);
544 if (priv_check_cred_vfs_generation(td->td_ucred)) {
545 sptmp = malloc(sizeof(struct statfs), M_STATFS,
548 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
549 prison_enforce_statfs(td->td_ucred, mp, sptmp);
553 if (bufseg == UIO_SYSSPACE) {
554 bcopy(sp, sfsp, sizeof(*sp));
555 free(sptmp, M_STATFS);
556 } else /* if (bufseg == UIO_USERSPACE) */ {
557 error = copyout(sp, sfsp, sizeof(*sp));
558 free(sptmp, M_STATFS);
567 if (count == maxcount) {
572 mtx_lock(&mountlist_mtx);
573 nmp = TAILQ_NEXT(mp, mnt_list);
576 mtx_unlock(&mountlist_mtx);
582 #ifdef COMPAT_FREEBSD4
584 * Get old format filesystem statistics.
586 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *);
588 #ifndef _SYS_SYSPROTO_H_
589 struct freebsd4_statfs_args {
595 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap)
601 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
602 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
604 freebsd4_cvtstatfs(sfp, &osb);
605 error = copyout(&osb, uap->buf, sizeof(osb));
612 * Get filesystem statistics.
614 #ifndef _SYS_SYSPROTO_H_
615 struct freebsd4_fstatfs_args {
621 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap)
627 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
628 error = kern_fstatfs(td, uap->fd, sfp);
630 freebsd4_cvtstatfs(sfp, &osb);
631 error = copyout(&osb, uap->buf, sizeof(osb));
638 * Get statistics on all filesystems.
640 #ifndef _SYS_SYSPROTO_H_
641 struct freebsd4_getfsstat_args {
648 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
650 struct statfs *buf, *sp;
655 if (uap->bufsize < 0)
657 count = uap->bufsize / sizeof(struct ostatfs);
658 if (count > SIZE_MAX / sizeof(struct statfs))
660 size = count * sizeof(struct statfs);
661 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
664 td->td_retval[0] = count;
667 while (count != 0 && error == 0) {
668 freebsd4_cvtstatfs(sp, &osb);
669 error = copyout(&osb, uap->buf, sizeof(osb));
680 * Implement fstatfs() for (NFS) file handles.
682 #ifndef _SYS_SYSPROTO_H_
683 struct freebsd4_fhstatfs_args {
684 struct fhandle *u_fhp;
689 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap)
696 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
699 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
700 error = kern_fhstatfs(td, fh, sfp);
702 freebsd4_cvtstatfs(sfp, &osb);
703 error = copyout(&osb, uap->buf, sizeof(osb));
710 * Convert a new format statfs structure to an old format statfs structure.
713 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp)
716 statfs_scale_blocks(nsp, LONG_MAX);
717 bzero(osp, sizeof(*osp));
718 osp->f_bsize = nsp->f_bsize;
719 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
720 osp->f_blocks = nsp->f_blocks;
721 osp->f_bfree = nsp->f_bfree;
722 osp->f_bavail = nsp->f_bavail;
723 osp->f_files = MIN(nsp->f_files, LONG_MAX);
724 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
725 osp->f_owner = nsp->f_owner;
726 osp->f_type = nsp->f_type;
727 osp->f_flags = nsp->f_flags;
728 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
729 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
730 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
731 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
732 strlcpy(osp->f_fstypename, nsp->f_fstypename,
733 MIN(MFSNAMELEN, OMFSNAMELEN));
734 strlcpy(osp->f_mntonname, nsp->f_mntonname,
735 MIN(MNAMELEN, OMNAMELEN));
736 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
737 MIN(MNAMELEN, OMNAMELEN));
738 osp->f_fsid = nsp->f_fsid;
740 #endif /* COMPAT_FREEBSD4 */
742 #if defined(COMPAT_FREEBSD11)
744 * Get old format filesystem statistics.
746 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *);
749 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap)
751 struct freebsd11_statfs osb;
755 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
756 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
758 freebsd11_cvtstatfs(sfp, &osb);
759 error = copyout(&osb, uap->buf, sizeof(osb));
766 * Get filesystem statistics.
769 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap)
771 struct freebsd11_statfs osb;
775 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
776 error = kern_fstatfs(td, uap->fd, sfp);
778 freebsd11_cvtstatfs(sfp, &osb);
779 error = copyout(&osb, uap->buf, sizeof(osb));
786 * Get statistics on all filesystems.
789 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap)
791 struct freebsd11_statfs osb;
792 struct statfs *buf, *sp;
796 count = uap->bufsize / sizeof(struct ostatfs);
797 size = count * sizeof(struct statfs);
798 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
801 td->td_retval[0] = count;
804 while (count > 0 && error == 0) {
805 freebsd11_cvtstatfs(sp, &osb);
806 error = copyout(&osb, uap->buf, sizeof(osb));
817 * Implement fstatfs() for (NFS) file handles.
820 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap)
822 struct freebsd11_statfs osb;
827 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
830 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
831 error = kern_fhstatfs(td, fh, sfp);
833 freebsd11_cvtstatfs(sfp, &osb);
834 error = copyout(&osb, uap->buf, sizeof(osb));
841 * Convert a new format statfs structure to an old format statfs structure.
844 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp)
847 bzero(osp, sizeof(*osp));
848 osp->f_version = FREEBSD11_STATFS_VERSION;
849 osp->f_type = nsp->f_type;
850 osp->f_flags = nsp->f_flags;
851 osp->f_bsize = nsp->f_bsize;
852 osp->f_iosize = nsp->f_iosize;
853 osp->f_blocks = nsp->f_blocks;
854 osp->f_bfree = nsp->f_bfree;
855 osp->f_bavail = nsp->f_bavail;
856 osp->f_files = nsp->f_files;
857 osp->f_ffree = nsp->f_ffree;
858 osp->f_syncwrites = nsp->f_syncwrites;
859 osp->f_asyncwrites = nsp->f_asyncwrites;
860 osp->f_syncreads = nsp->f_syncreads;
861 osp->f_asyncreads = nsp->f_asyncreads;
862 osp->f_namemax = nsp->f_namemax;
863 osp->f_owner = nsp->f_owner;
864 osp->f_fsid = nsp->f_fsid;
865 strlcpy(osp->f_fstypename, nsp->f_fstypename,
866 MIN(MFSNAMELEN, sizeof(osp->f_fstypename)));
867 strlcpy(osp->f_mntonname, nsp->f_mntonname,
868 MIN(MNAMELEN, sizeof(osp->f_mntonname)));
869 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
870 MIN(MNAMELEN, sizeof(osp->f_mntfromname)));
872 #endif /* COMPAT_FREEBSD11 */
875 * Change current working directory to a given file descriptor.
877 #ifndef _SYS_SYSPROTO_H_
883 sys_fchdir(struct thread *td, struct fchdir_args *uap)
885 struct vnode *vp, *tdp;
890 AUDIT_ARG_FD(uap->fd);
891 error = getvnode_path(td, uap->fd, &cap_fchdir_rights,
898 vn_lock(vp, LK_SHARED | LK_RETRY);
899 AUDIT_ARG_VNODE1(vp);
900 error = change_dir(vp, td);
901 while (!error && (mp = vp->v_mountedhere) != NULL) {
904 error = VFS_ROOT(mp, LK_SHARED, &tdp);
921 * Change current working directory (``.'').
923 #ifndef _SYS_SYSPROTO_H_
929 sys_chdir(struct thread *td, struct chdir_args *uap)
932 return (kern_chdir(td, uap->path, UIO_USERSPACE));
936 kern_chdir(struct thread *td, const char *path, enum uio_seg pathseg)
941 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
943 if ((error = namei(&nd)) != 0)
945 if ((error = change_dir(nd.ni_vp, td)) != 0) {
950 VOP_UNLOCK(nd.ni_vp);
952 pwd_chdir(td, nd.ni_vp);
956 static int unprivileged_chroot = 0;
957 SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_chroot, CTLFLAG_RW,
958 &unprivileged_chroot, 0,
959 "Unprivileged processes can use chroot(2)");
961 * Change notion of root (``/'') directory.
963 #ifndef _SYS_SYSPROTO_H_
969 sys_chroot(struct thread *td, struct chroot_args *uap)
975 error = priv_check(td, PRIV_VFS_CHROOT);
979 if (unprivileged_chroot == 0 ||
980 (p->p_flag2 & P2_NO_NEW_PRIVS) == 0) {
986 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
987 UIO_USERSPACE, uap->path, td);
991 error = change_dir(nd.ni_vp, td);
995 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
999 VOP_UNLOCK(nd.ni_vp);
1000 error = pwd_chroot(td, nd.ni_vp);
1002 NDFREE_NOTHING(&nd);
1007 NDFREE_NOTHING(&nd);
1012 * Common routine for chroot and chdir. Callers must provide a locked vnode
1016 change_dir(struct vnode *vp, struct thread *td)
1022 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
1023 if (vp->v_type != VDIR)
1026 error = mac_vnode_check_chdir(td->td_ucred, vp);
1030 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
1033 static __inline void
1034 flags_to_rights(int flags, cap_rights_t *rightsp)
1036 if (flags & O_EXEC) {
1037 cap_rights_set_one(rightsp, CAP_FEXECVE);
1041 switch ((flags & O_ACCMODE)) {
1043 cap_rights_set_one(rightsp, CAP_READ);
1046 cap_rights_set_one(rightsp, CAP_READ);
1049 cap_rights_set_one(rightsp, CAP_WRITE);
1050 if (!(flags & (O_APPEND | O_TRUNC)))
1051 cap_rights_set_one(rightsp, CAP_SEEK);
1056 if (flags & O_CREAT)
1057 cap_rights_set_one(rightsp, CAP_CREATE);
1059 if (flags & O_TRUNC)
1060 cap_rights_set_one(rightsp, CAP_FTRUNCATE);
1062 if (flags & (O_SYNC | O_FSYNC))
1063 cap_rights_set_one(rightsp, CAP_FSYNC);
1065 if (flags & (O_EXLOCK | O_SHLOCK))
1066 cap_rights_set_one(rightsp, CAP_FLOCK);
1070 * Check permissions, allocate an open file structure, and call the device
1071 * open routine if any.
1073 #ifndef _SYS_SYSPROTO_H_
1081 sys_open(struct thread *td, struct open_args *uap)
1084 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1085 uap->flags, uap->mode));
1088 #ifndef _SYS_SYSPROTO_H_
1089 struct openat_args {
1097 sys_openat(struct thread *td, struct openat_args *uap)
1100 AUDIT_ARG_FD(uap->fd);
1101 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1106 kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1107 int flags, int mode)
1109 struct proc *p = td->td_proc;
1110 struct filedesc *fdp;
1111 struct pwddesc *pdp;
1114 struct nameidata nd;
1115 cap_rights_t rights;
1116 int cmode, error, indx;
1122 AUDIT_ARG_FFLAGS(flags);
1123 AUDIT_ARG_MODE(mode);
1124 cap_rights_init_one(&rights, CAP_LOOKUP);
1125 flags_to_rights(flags, &rights);
1128 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
1129 * may be specified. On the other hand, for O_PATH any mode
1130 * except O_EXEC is ignored.
1132 if ((flags & O_PATH) != 0) {
1133 flags &= ~(O_CREAT | O_ACCMODE);
1134 } else if ((flags & O_EXEC) != 0) {
1135 if (flags & O_ACCMODE)
1137 } else if ((flags & O_ACCMODE) == O_ACCMODE) {
1140 flags = FFLAGS(flags);
1144 * Allocate a file structure. The descriptor to reference it
1145 * is allocated and used by finstall_refed() below.
1147 error = falloc_noinstall(td, &fp);
1150 /* Set the flags early so the finit in devfs can pick them up. */
1151 fp->f_flag = flags & FMASK;
1152 cmode = ((mode & ~pdp->pd_cmask) & ALLPERMS) & ~S_ISTXT;
1153 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1 | WANTIOCTLCAPS,
1154 pathseg, path, fd, &rights, td);
1155 td->td_dupfd = -1; /* XXX check for fdopen */
1156 error = vn_open_cred(&nd, &flags, cmode, VN_OPEN_WANTIOCTLCAPS,
1160 * If the vn_open replaced the method vector, something
1161 * wonderous happened deep below and we just pass it up
1162 * pretending we know what we do.
1164 if (error == ENXIO && fp->f_ops != &badfileops) {
1165 MPASS((flags & O_PATH) == 0);
1170 * Handle special fdopen() case. bleh.
1172 * Don't do this for relative (capability) lookups; we don't
1173 * understand exactly what would happen, and we don't think
1174 * that it ever should.
1176 if ((nd.ni_resflags & NIRES_STRICTREL) == 0 &&
1177 (error == ENODEV || error == ENXIO) &&
1178 td->td_dupfd >= 0) {
1179 error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1188 NDFREE(&nd, NDF_ONLY_PNBUF);
1192 * Store the vnode, for any f_type. Typically, the vnode use
1193 * count is decremented by direct call to vn_closefile() for
1194 * files that switched type in the cdevsw fdopen() method.
1199 * If the file wasn't claimed by devfs bind it to the normal
1200 * vnode operations here.
1202 if (fp->f_ops == &badfileops) {
1203 KASSERT(vp->v_type != VFIFO || (flags & O_PATH) != 0,
1204 ("Unexpected fifo fp %p vp %p", fp, vp));
1205 if ((flags & O_PATH) != 0) {
1206 finit(fp, (flags & FMASK) | (fp->f_flag & FKQALLOWED),
1207 DTYPE_VNODE, NULL, &path_fileops);
1209 finit_vnode(fp, flags, NULL, &vnops);
1214 if (flags & O_TRUNC) {
1215 error = fo_truncate(fp, 0, td->td_ucred, td);
1221 * If we haven't already installed the FD (for dupfdopen), do so now.
1224 struct filecaps *fcaps;
1227 if ((nd.ni_resflags & NIRES_STRICTREL) != 0)
1228 fcaps = &nd.ni_filecaps;
1232 error = finstall_refed(td, fp, &indx, flags, fcaps);
1233 /* On success finstall_refed() consumes fcaps. */
1238 NDFREE_IOCTLCAPS(&nd);
1239 falloc_abort(td, fp);
1242 td->td_retval[0] = indx;
1245 KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1246 NDFREE_IOCTLCAPS(&nd);
1247 falloc_abort(td, fp);
1255 #ifndef _SYS_SYSPROTO_H_
1256 struct ocreat_args {
1262 ocreat(struct thread *td, struct ocreat_args *uap)
1265 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1266 O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1268 #endif /* COMPAT_43 */
1271 * Create a special file.
1273 #ifndef _SYS_SYSPROTO_H_
1274 struct mknodat_args {
1282 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1285 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1289 #if defined(COMPAT_FREEBSD11)
1291 freebsd11_mknod(struct thread *td,
1292 struct freebsd11_mknod_args *uap)
1295 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1296 uap->mode, uap->dev));
1300 freebsd11_mknodat(struct thread *td,
1301 struct freebsd11_mknodat_args *uap)
1304 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1307 #endif /* COMPAT_FREEBSD11 */
1310 kern_mknodat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1311 int mode, dev_t dev)
1316 struct nameidata nd;
1317 int error, whiteout = 0;
1319 AUDIT_ARG_MODE(mode);
1321 switch (mode & S_IFMT) {
1324 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1325 if (error == 0 && dev == VNOVAL)
1329 error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1333 return (kern_mkfifoat(td, fd, path, pathseg, mode));
1344 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1345 NOCACHE, pathseg, path, fd, &cap_mknodat_rights,
1347 if ((error = namei(&nd)) != 0)
1351 NDFREE(&nd, NDF_ONLY_PNBUF);
1352 if (vp == nd.ni_dvp)
1360 vattr.va_mode = (mode & ALLPERMS) &
1361 ~td->td_proc->p_pd->pd_cmask;
1362 vattr.va_rdev = dev;
1365 switch (mode & S_IFMT) {
1367 vattr.va_type = VCHR;
1370 vattr.va_type = VBLK;
1376 panic("kern_mknod: invalid mode");
1379 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1380 NDFREE(&nd, NDF_ONLY_PNBUF);
1382 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1387 if (error == 0 && !whiteout)
1388 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1389 &nd.ni_cnd, &vattr);
1393 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1395 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1396 &nd.ni_cnd, &vattr);
1399 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 && !whiteout ? &nd.ni_vp : NULL,
1401 vn_finished_write(mp);
1402 NDFREE(&nd, NDF_ONLY_PNBUF);
1403 if (error == ERELOOKUP)
1409 * Create a named pipe.
1411 #ifndef _SYS_SYSPROTO_H_
1412 struct mkfifo_args {
1418 sys_mkfifo(struct thread *td, struct mkfifo_args *uap)
1421 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1425 #ifndef _SYS_SYSPROTO_H_
1426 struct mkfifoat_args {
1433 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1436 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1441 kern_mkfifoat(struct thread *td, int fd, const char *path,
1442 enum uio_seg pathseg, int mode)
1446 struct nameidata nd;
1449 AUDIT_ARG_MODE(mode);
1453 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1454 NOCACHE, pathseg, path, fd, &cap_mkfifoat_rights,
1456 if ((error = namei(&nd)) != 0)
1458 if (nd.ni_vp != NULL) {
1459 NDFREE(&nd, NDF_ONLY_PNBUF);
1460 if (nd.ni_vp == nd.ni_dvp)
1467 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1468 NDFREE(&nd, NDF_ONLY_PNBUF);
1470 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1475 vattr.va_type = VFIFO;
1476 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_pd->pd_cmask;
1478 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1483 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1487 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
1488 vn_finished_write(mp);
1489 NDFREE(&nd, NDF_ONLY_PNBUF);
1490 if (error == ERELOOKUP)
1496 * Make a hard file link.
1498 #ifndef _SYS_SYSPROTO_H_
1505 sys_link(struct thread *td, struct link_args *uap)
1508 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link,
1509 UIO_USERSPACE, AT_SYMLINK_FOLLOW));
1512 #ifndef _SYS_SYSPROTO_H_
1513 struct linkat_args {
1522 sys_linkat(struct thread *td, struct linkat_args *uap)
1525 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1526 UIO_USERSPACE, uap->flag));
1529 int hardlink_check_uid = 0;
1530 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1531 &hardlink_check_uid, 0,
1532 "Unprivileged processes cannot create hard links to files owned by other "
1534 static int hardlink_check_gid = 0;
1535 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1536 &hardlink_check_gid, 0,
1537 "Unprivileged processes cannot create hard links to files owned by other "
1541 can_hardlink(struct vnode *vp, struct ucred *cred)
1546 if (!hardlink_check_uid && !hardlink_check_gid)
1549 error = VOP_GETATTR(vp, &va, cred);
1553 if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1554 error = priv_check_cred(cred, PRIV_VFS_LINK);
1559 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1560 error = priv_check_cred(cred, PRIV_VFS_LINK);
1569 kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
1570 const char *path2, enum uio_seg segflag, int flag)
1572 struct nameidata nd;
1575 if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
1576 AT_EMPTY_PATH)) != 0)
1582 NDINIT_ATRIGHTS(&nd, LOOKUP, AUDITVNODE1 | at2cnpflags(flag,
1583 AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH | AT_EMPTY_PATH),
1584 segflag, path1, fd1, &cap_linkat_source_rights, td);
1585 if ((error = namei(&nd)) != 0)
1587 NDFREE(&nd, NDF_ONLY_PNBUF);
1588 if ((nd.ni_resflags & NIRES_EMPTYPATH) != 0) {
1589 error = priv_check(td, PRIV_VFS_FHOPEN);
1595 error = kern_linkat_vp(td, nd.ni_vp, fd2, path2, segflag);
1596 } while (error == EAGAIN || error == ERELOOKUP);
1601 kern_linkat_vp(struct thread *td, struct vnode *vp, int fd, const char *path,
1602 enum uio_seg segflag)
1604 struct nameidata nd;
1608 if (vp->v_type == VDIR) {
1610 return (EPERM); /* POSIX */
1612 NDINIT_ATRIGHTS(&nd, CREATE,
1613 LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflag, path, fd,
1614 &cap_linkat_target_rights, td);
1615 if ((error = namei(&nd)) == 0) {
1616 if (nd.ni_vp != NULL) {
1617 NDFREE(&nd, NDF_ONLY_PNBUF);
1618 if (nd.ni_dvp == nd.ni_vp)
1625 } else if (nd.ni_dvp->v_mount != vp->v_mount) {
1627 * Cross-device link. No need to recheck
1628 * vp->v_type, since it cannot change, except
1631 NDFREE(&nd, NDF_ONLY_PNBUF);
1635 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) {
1636 error = can_hardlink(vp, td->td_ucred);
1639 error = mac_vnode_check_link(td->td_ucred,
1640 nd.ni_dvp, vp, &nd.ni_cnd);
1645 NDFREE(&nd, NDF_ONLY_PNBUF);
1648 error = vn_start_write(vp, &mp, V_NOWAIT);
1652 NDFREE(&nd, NDF_ONLY_PNBUF);
1653 error = vn_start_write(NULL, &mp,
1659 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1660 VOP_VPUT_PAIR(nd.ni_dvp, &vp, true);
1661 vn_finished_write(mp);
1662 NDFREE(&nd, NDF_ONLY_PNBUF);
1666 NDFREE(&nd, NDF_ONLY_PNBUF);
1677 * Make a symbolic link.
1679 #ifndef _SYS_SYSPROTO_H_
1680 struct symlink_args {
1686 sys_symlink(struct thread *td, struct symlink_args *uap)
1689 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link,
1693 #ifndef _SYS_SYSPROTO_H_
1694 struct symlinkat_args {
1701 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1704 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1709 kern_symlinkat(struct thread *td, const char *path1, int fd, const char *path2,
1710 enum uio_seg segflg)
1714 const char *syspath;
1716 struct nameidata nd;
1719 if (segflg == UIO_SYSSPACE) {
1722 tmppath = uma_zalloc(namei_zone, M_WAITOK);
1723 if ((error = copyinstr(path1, tmppath, MAXPATHLEN, NULL)) != 0)
1727 AUDIT_ARG_TEXT(syspath);
1731 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1732 NOCACHE, segflg, path2, fd, &cap_symlinkat_rights,
1734 if ((error = namei(&nd)) != 0)
1737 NDFREE(&nd, NDF_ONLY_PNBUF);
1738 if (nd.ni_vp == nd.ni_dvp)
1747 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1748 NDFREE(&nd, NDF_ONLY_PNBUF);
1750 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1755 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_pd->pd_cmask;
1757 vattr.va_type = VLNK;
1758 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1763 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1767 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
1768 vn_finished_write(mp);
1769 NDFREE(&nd, NDF_ONLY_PNBUF);
1770 if (error == ERELOOKUP)
1773 if (segflg != UIO_SYSSPACE)
1774 uma_zfree(namei_zone, tmppath);
1779 * Delete a whiteout from the filesystem.
1781 #ifndef _SYS_SYSPROTO_H_
1782 struct undelete_args {
1787 sys_undelete(struct thread *td, struct undelete_args *uap)
1790 struct nameidata nd;
1796 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1797 UIO_USERSPACE, uap->path, td);
1802 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1803 NDFREE(&nd, NDF_ONLY_PNBUF);
1804 if (nd.ni_vp == nd.ni_dvp)
1812 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1813 NDFREE(&nd, NDF_ONLY_PNBUF);
1815 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1819 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1820 NDFREE(&nd, NDF_ONLY_PNBUF);
1822 vn_finished_write(mp);
1823 if (error == ERELOOKUP)
1829 * Delete a name from the filesystem.
1831 #ifndef _SYS_SYSPROTO_H_
1832 struct unlink_args {
1837 sys_unlink(struct thread *td, struct unlink_args *uap)
1840 return (kern_funlinkat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
1845 kern_funlinkat_ex(struct thread *td, int dfd, const char *path, int fd,
1846 int flag, enum uio_seg pathseg, ino_t oldinum)
1849 if ((flag & ~(AT_REMOVEDIR | AT_RESOLVE_BENEATH)) != 0)
1852 if ((flag & AT_REMOVEDIR) != 0)
1853 return (kern_frmdirat(td, dfd, path, fd, UIO_USERSPACE, 0));
1855 return (kern_funlinkat(td, dfd, path, fd, UIO_USERSPACE, 0, 0));
1858 #ifndef _SYS_SYSPROTO_H_
1859 struct unlinkat_args {
1866 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1869 return (kern_funlinkat_ex(td, uap->fd, uap->path, FD_NONE, uap->flag,
1873 #ifndef _SYS_SYSPROTO_H_
1874 struct funlinkat_args {
1882 sys_funlinkat(struct thread *td, struct funlinkat_args *uap)
1885 return (kern_funlinkat_ex(td, uap->dfd, uap->path, uap->fd, uap->flag,
1890 kern_funlinkat(struct thread *td, int dfd, const char *path, int fd,
1891 enum uio_seg pathseg, int flag, ino_t oldinum)
1896 struct nameidata nd;
1901 if (fd != FD_NONE) {
1902 error = getvnode_path(td, fd, &cap_no_rights, &fp);
1910 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
1911 at2cnpflags(flag, AT_RESOLVE_BENEATH),
1912 pathseg, path, dfd, &cap_unlinkat_rights, td);
1913 if ((error = namei(&nd)) != 0) {
1914 if (error == EINVAL)
1919 if (vp->v_type == VDIR && oldinum == 0) {
1920 error = EPERM; /* POSIX */
1921 } else if (oldinum != 0 &&
1922 ((error = VOP_STAT(vp, &sb, td->td_ucred, NOCRED, td)) == 0) &&
1923 sb.st_ino != oldinum) {
1924 error = EIDRM; /* Identifier removed */
1925 } else if (fp != NULL && fp->f_vnode != vp) {
1926 if (VN_IS_DOOMED(fp->f_vnode))
1932 * The root of a mounted filesystem cannot be deleted.
1934 * XXX: can this only be a VDIR case?
1936 if (vp->v_vflag & VV_ROOT)
1940 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1941 NDFREE(&nd, NDF_ONLY_PNBUF);
1943 if (vp == nd.ni_dvp)
1947 if ((error = vn_start_write(NULL, &mp,
1948 V_XSLEEP | PCATCH)) != 0) {
1954 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1959 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1960 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1964 vn_finished_write(mp);
1966 NDFREE(&nd, NDF_ONLY_PNBUF);
1968 if (vp == nd.ni_dvp)
1972 if (error == ERELOOKUP)
1981 * Reposition read/write file offset.
1983 #ifndef _SYS_SYSPROTO_H_
1992 sys_lseek(struct thread *td, struct lseek_args *uap)
1995 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1999 kern_lseek(struct thread *td, int fd, off_t offset, int whence)
2005 error = fget(td, fd, &cap_seek_rights, &fp);
2008 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
2009 fo_seek(fp, offset, whence, td) : ESPIPE;
2014 #if defined(COMPAT_43)
2016 * Reposition read/write file offset.
2018 #ifndef _SYS_SYSPROTO_H_
2019 struct olseek_args {
2026 olseek(struct thread *td, struct olseek_args *uap)
2029 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2031 #endif /* COMPAT_43 */
2033 #if defined(COMPAT_FREEBSD6)
2034 /* Version with the 'pad' argument */
2036 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap)
2039 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2044 * Check access permissions using passed credentials.
2047 vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
2053 /* Flags == 0 means only check for existence. */
2054 if (user_flags == 0)
2058 if (user_flags & R_OK)
2060 if (user_flags & W_OK)
2062 if (user_flags & X_OK)
2065 error = mac_vnode_check_access(cred, vp, accmode);
2069 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
2070 error = VOP_ACCESS(vp, accmode, cred, td);
2075 * Check access permissions using "real" credentials.
2077 #ifndef _SYS_SYSPROTO_H_
2078 struct access_args {
2084 sys_access(struct thread *td, struct access_args *uap)
2087 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2091 #ifndef _SYS_SYSPROTO_H_
2092 struct faccessat_args {
2100 sys_faccessat(struct thread *td, struct faccessat_args *uap)
2103 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
2108 kern_accessat(struct thread *td, int fd, const char *path,
2109 enum uio_seg pathseg, int flag, int amode)
2111 struct ucred *cred, *usecred;
2113 struct nameidata nd;
2116 if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH)) != 0)
2118 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
2122 * Create and modify a temporary credential instead of one that
2123 * is potentially shared (if we need one).
2125 cred = td->td_ucred;
2126 if ((flag & AT_EACCESS) == 0 &&
2127 ((cred->cr_uid != cred->cr_ruid ||
2128 cred->cr_rgid != cred->cr_groups[0]))) {
2129 usecred = crdup(cred);
2130 usecred->cr_uid = cred->cr_ruid;
2131 usecred->cr_groups[0] = cred->cr_rgid;
2132 td->td_ucred = usecred;
2135 AUDIT_ARG_VALUE(amode);
2136 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
2137 AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH |
2138 AT_EMPTY_PATH), pathseg, path, fd, &cap_fstat_rights, td);
2139 if ((error = namei(&nd)) != 0)
2143 error = vn_access(vp, amode, usecred, td);
2144 NDFREE_NOTHING(&nd);
2147 if (usecred != cred) {
2148 td->td_ucred = cred;
2155 * Check access permissions using "effective" credentials.
2157 #ifndef _SYS_SYSPROTO_H_
2158 struct eaccess_args {
2164 sys_eaccess(struct thread *td, struct eaccess_args *uap)
2167 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2168 AT_EACCESS, uap->amode));
2171 #if defined(COMPAT_43)
2173 * Get file status; this version follows links.
2175 #ifndef _SYS_SYSPROTO_H_
2182 ostat(struct thread *td, struct ostat_args *uap)
2188 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, &sb);
2192 return (copyout(&osb, uap->ub, sizeof (osb)));
2196 * Get file status; this version does not follow links.
2198 #ifndef _SYS_SYSPROTO_H_
2199 struct olstat_args {
2205 olstat(struct thread *td, struct olstat_args *uap)
2211 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2212 UIO_USERSPACE, &sb);
2216 return (copyout(&osb, uap->ub, sizeof (osb)));
2220 * Convert from an old to a new stat structure.
2221 * XXX: many values are blindly truncated.
2224 cvtstat(struct stat *st, struct ostat *ost)
2227 bzero(ost, sizeof(*ost));
2228 ost->st_dev = st->st_dev;
2229 ost->st_ino = st->st_ino;
2230 ost->st_mode = st->st_mode;
2231 ost->st_nlink = st->st_nlink;
2232 ost->st_uid = st->st_uid;
2233 ost->st_gid = st->st_gid;
2234 ost->st_rdev = st->st_rdev;
2235 ost->st_size = MIN(st->st_size, INT32_MAX);
2236 ost->st_atim = st->st_atim;
2237 ost->st_mtim = st->st_mtim;
2238 ost->st_ctim = st->st_ctim;
2239 ost->st_blksize = st->st_blksize;
2240 ost->st_blocks = st->st_blocks;
2241 ost->st_flags = st->st_flags;
2242 ost->st_gen = st->st_gen;
2244 #endif /* COMPAT_43 */
2246 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
2247 int ino64_trunc_error;
2248 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW,
2249 &ino64_trunc_error, 0,
2250 "Error on truncation of device, file or inode number, or link count");
2253 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost)
2256 ost->st_dev = st->st_dev;
2257 if (ost->st_dev != st->st_dev) {
2258 switch (ino64_trunc_error) {
2261 * Since dev_t is almost raw, don't clamp to the
2262 * maximum for case 2, but ignore the error.
2269 ost->st_ino = st->st_ino;
2270 if (ost->st_ino != st->st_ino) {
2271 switch (ino64_trunc_error) {
2278 ost->st_ino = UINT32_MAX;
2282 ost->st_mode = st->st_mode;
2283 ost->st_nlink = st->st_nlink;
2284 if (ost->st_nlink != st->st_nlink) {
2285 switch (ino64_trunc_error) {
2292 ost->st_nlink = UINT16_MAX;
2296 ost->st_uid = st->st_uid;
2297 ost->st_gid = st->st_gid;
2298 ost->st_rdev = st->st_rdev;
2299 if (ost->st_rdev != st->st_rdev) {
2300 switch (ino64_trunc_error) {
2307 ost->st_atim = st->st_atim;
2308 ost->st_mtim = st->st_mtim;
2309 ost->st_ctim = st->st_ctim;
2310 ost->st_size = st->st_size;
2311 ost->st_blocks = st->st_blocks;
2312 ost->st_blksize = st->st_blksize;
2313 ost->st_flags = st->st_flags;
2314 ost->st_gen = st->st_gen;
2316 ost->st_birthtim = st->st_birthtim;
2317 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim),
2318 sizeof(*ost) - offsetof(struct freebsd11_stat,
2319 st_birthtim) - sizeof(ost->st_birthtim));
2324 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap)
2327 struct freebsd11_stat osb;
2330 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, &sb);
2333 error = freebsd11_cvtstat(&sb, &osb);
2335 error = copyout(&osb, uap->ub, sizeof(osb));
2340 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap)
2343 struct freebsd11_stat osb;
2346 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2347 UIO_USERSPACE, &sb);
2350 error = freebsd11_cvtstat(&sb, &osb);
2352 error = copyout(&osb, uap->ub, sizeof(osb));
2357 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap)
2361 struct freebsd11_stat osb;
2364 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
2367 error = kern_fhstat(td, fh, &sb);
2370 error = freebsd11_cvtstat(&sb, &osb);
2372 error = copyout(&osb, uap->sb, sizeof(osb));
2377 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap)
2380 struct freebsd11_stat osb;
2383 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2384 UIO_USERSPACE, &sb);
2387 error = freebsd11_cvtstat(&sb, &osb);
2389 error = copyout(&osb, uap->buf, sizeof(osb));
2392 #endif /* COMPAT_FREEBSD11 */
2397 #ifndef _SYS_SYSPROTO_H_
2398 struct fstatat_args {
2406 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2411 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2412 UIO_USERSPACE, &sb);
2414 error = copyout(&sb, uap->buf, sizeof (sb));
2419 kern_statat(struct thread *td, int flag, int fd, const char *path,
2420 enum uio_seg pathseg, struct stat *sbp)
2422 struct nameidata nd;
2425 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2426 AT_EMPTY_PATH)) != 0)
2429 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_RESOLVE_BENEATH |
2430 AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH) | LOCKSHARED | LOCKLEAF |
2431 AUDITVNODE1, pathseg, path, fd, &cap_fstat_rights, td);
2433 if ((error = namei(&nd)) != 0) {
2434 if (error == ENOTDIR &&
2435 (nd.ni_resflags & NIRES_EMPTYPATH) != 0)
2436 error = kern_fstat(td, fd, sbp);
2439 error = VOP_STAT(nd.ni_vp, sbp, td->td_ucred, NOCRED, td);
2440 NDFREE_NOTHING(&nd);
2442 #ifdef __STAT_TIME_T_EXT
2443 sbp->st_atim_ext = 0;
2444 sbp->st_mtim_ext = 0;
2445 sbp->st_ctim_ext = 0;
2446 sbp->st_btim_ext = 0;
2449 if (KTRPOINT(td, KTR_STRUCT))
2450 ktrstat_error(sbp, error);
2455 #if defined(COMPAT_FREEBSD11)
2457 * Implementation of the NetBSD [l]stat() functions.
2460 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb)
2463 bzero(nsb, sizeof(*nsb));
2464 nsb->st_dev = sb->st_dev;
2465 nsb->st_ino = sb->st_ino;
2466 nsb->st_mode = sb->st_mode;
2467 nsb->st_nlink = sb->st_nlink;
2468 nsb->st_uid = sb->st_uid;
2469 nsb->st_gid = sb->st_gid;
2470 nsb->st_rdev = sb->st_rdev;
2471 nsb->st_atim = sb->st_atim;
2472 nsb->st_mtim = sb->st_mtim;
2473 nsb->st_ctim = sb->st_ctim;
2474 nsb->st_size = sb->st_size;
2475 nsb->st_blocks = sb->st_blocks;
2476 nsb->st_blksize = sb->st_blksize;
2477 nsb->st_flags = sb->st_flags;
2478 nsb->st_gen = sb->st_gen;
2479 nsb->st_birthtim = sb->st_birthtim;
2482 #ifndef _SYS_SYSPROTO_H_
2483 struct freebsd11_nstat_args {
2489 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap)
2495 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE, &sb);
2498 freebsd11_cvtnstat(&sb, &nsb);
2499 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2503 * NetBSD lstat. Get file status; this version does not follow links.
2505 #ifndef _SYS_SYSPROTO_H_
2506 struct freebsd11_nlstat_args {
2512 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap)
2518 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2519 UIO_USERSPACE, &sb);
2522 freebsd11_cvtnstat(&sb, &nsb);
2523 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2525 #endif /* COMPAT_FREEBSD11 */
2528 * Get configurable pathname variables.
2530 #ifndef _SYS_SYSPROTO_H_
2531 struct pathconf_args {
2537 sys_pathconf(struct thread *td, struct pathconf_args *uap)
2542 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW,
2545 td->td_retval[0] = value;
2549 #ifndef _SYS_SYSPROTO_H_
2550 struct lpathconf_args {
2556 sys_lpathconf(struct thread *td, struct lpathconf_args *uap)
2561 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2564 td->td_retval[0] = value;
2569 kern_pathconf(struct thread *td, const char *path, enum uio_seg pathseg,
2570 int name, u_long flags, long *valuep)
2572 struct nameidata nd;
2575 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2577 if ((error = namei(&nd)) != 0)
2579 NDFREE_NOTHING(&nd);
2581 error = VOP_PATHCONF(nd.ni_vp, name, valuep);
2587 * Return target name of a symbolic link.
2589 #ifndef _SYS_SYSPROTO_H_
2590 struct readlink_args {
2597 sys_readlink(struct thread *td, struct readlink_args *uap)
2600 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2601 uap->buf, UIO_USERSPACE, uap->count));
2603 #ifndef _SYS_SYSPROTO_H_
2604 struct readlinkat_args {
2612 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2615 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2616 uap->buf, UIO_USERSPACE, uap->bufsize));
2620 kern_readlinkat(struct thread *td, int fd, const char *path,
2621 enum uio_seg pathseg, char *buf, enum uio_seg bufseg, size_t count)
2624 struct nameidata nd;
2627 if (count > IOSIZE_MAX)
2630 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1 |
2631 EMPTYPATH, pathseg, path, fd, td);
2633 if ((error = namei(&nd)) != 0)
2635 NDFREE_NOTHING(&nd);
2638 error = kern_readlink_vp(vp, buf, bufseg, count, td);
2645 * Helper function to readlink from a vnode
2648 kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg, size_t count,
2655 ASSERT_VOP_LOCKED(vp, "kern_readlink_vp(): vp not locked");
2657 error = mac_vnode_check_readlink(td->td_ucred, vp);
2661 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0)
2664 aiov.iov_base = buf;
2665 aiov.iov_len = count;
2666 auio.uio_iov = &aiov;
2667 auio.uio_iovcnt = 1;
2668 auio.uio_offset = 0;
2669 auio.uio_rw = UIO_READ;
2670 auio.uio_segflg = bufseg;
2672 auio.uio_resid = count;
2673 error = VOP_READLINK(vp, &auio, td->td_ucred);
2674 td->td_retval[0] = count - auio.uio_resid;
2679 * Common implementation code for chflags() and fchflags().
2682 setfflags(struct thread *td, struct vnode *vp, u_long flags)
2688 /* We can't support the value matching VNOVAL. */
2689 if (flags == VNOVAL)
2690 return (EOPNOTSUPP);
2693 * Prevent non-root users from setting flags on devices. When
2694 * a device is reused, users can retain ownership of the device
2695 * if they are allowed to set flags and programs assume that
2696 * chown can't fail when done as root.
2698 if (vp->v_type == VCHR || vp->v_type == VBLK) {
2699 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2704 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2707 vattr.va_flags = flags;
2708 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2710 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2713 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2715 vn_finished_write(mp);
2720 * Change flags of a file given a path name.
2722 #ifndef _SYS_SYSPROTO_H_
2723 struct chflags_args {
2729 sys_chflags(struct thread *td, struct chflags_args *uap)
2732 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2736 #ifndef _SYS_SYSPROTO_H_
2737 struct chflagsat_args {
2745 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2748 return (kern_chflagsat(td, uap->fd, uap->path, UIO_USERSPACE,
2749 uap->flags, uap->atflag));
2753 * Same as chflags() but doesn't follow symlinks.
2755 #ifndef _SYS_SYSPROTO_H_
2756 struct lchflags_args {
2762 sys_lchflags(struct thread *td, struct lchflags_args *uap)
2765 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2766 uap->flags, AT_SYMLINK_NOFOLLOW));
2770 kern_chflagsat(struct thread *td, int fd, const char *path,
2771 enum uio_seg pathseg, u_long flags, int atflag)
2773 struct nameidata nd;
2776 if ((atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2777 AT_EMPTY_PATH)) != 0)
2780 AUDIT_ARG_FFLAGS(flags);
2781 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(atflag, AT_SYMLINK_NOFOLLOW |
2782 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
2783 fd, &cap_fchflags_rights, td);
2784 if ((error = namei(&nd)) != 0)
2786 NDFREE_NOTHING(&nd);
2787 error = setfflags(td, nd.ni_vp, flags);
2793 * Change flags of a file given a file descriptor.
2795 #ifndef _SYS_SYSPROTO_H_
2796 struct fchflags_args {
2802 sys_fchflags(struct thread *td, struct fchflags_args *uap)
2807 AUDIT_ARG_FD(uap->fd);
2808 AUDIT_ARG_FFLAGS(uap->flags);
2809 error = getvnode(td, uap->fd, &cap_fchflags_rights,
2814 if (AUDITING_TD(td)) {
2815 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2816 AUDIT_ARG_VNODE1(fp->f_vnode);
2817 VOP_UNLOCK(fp->f_vnode);
2820 error = setfflags(td, fp->f_vnode, uap->flags);
2826 * Common implementation code for chmod(), lchmod() and fchmod().
2829 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode)
2835 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2837 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2839 vattr.va_mode = mode & ALLPERMS;
2841 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2844 error = VOP_SETATTR(vp, &vattr, cred);
2846 vn_finished_write(mp);
2851 * Change mode of a file given path name.
2853 #ifndef _SYS_SYSPROTO_H_
2860 sys_chmod(struct thread *td, struct chmod_args *uap)
2863 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2867 #ifndef _SYS_SYSPROTO_H_
2868 struct fchmodat_args {
2876 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2879 return (kern_fchmodat(td, uap->fd, uap->path, UIO_USERSPACE,
2880 uap->mode, uap->flag));
2884 * Change mode of a file given path name (don't follow links.)
2886 #ifndef _SYS_SYSPROTO_H_
2887 struct lchmod_args {
2893 sys_lchmod(struct thread *td, struct lchmod_args *uap)
2896 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2897 uap->mode, AT_SYMLINK_NOFOLLOW));
2901 kern_fchmodat(struct thread *td, int fd, const char *path,
2902 enum uio_seg pathseg, mode_t mode, int flag)
2904 struct nameidata nd;
2907 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2908 AT_EMPTY_PATH)) != 0)
2911 AUDIT_ARG_MODE(mode);
2912 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
2913 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
2914 fd, &cap_fchmod_rights, td);
2915 if ((error = namei(&nd)) != 0)
2917 NDFREE_NOTHING(&nd);
2918 error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2924 * Change mode of a file given a file descriptor.
2926 #ifndef _SYS_SYSPROTO_H_
2927 struct fchmod_args {
2933 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2938 AUDIT_ARG_FD(uap->fd);
2939 AUDIT_ARG_MODE(uap->mode);
2941 error = fget(td, uap->fd, &cap_fchmod_rights, &fp);
2944 error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2950 * Common implementation for chown(), lchown(), and fchown()
2953 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid,
2960 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2962 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2967 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2971 error = VOP_SETATTR(vp, &vattr, cred);
2973 vn_finished_write(mp);
2978 * Set ownership given a path name.
2980 #ifndef _SYS_SYSPROTO_H_
2988 sys_chown(struct thread *td, struct chown_args *uap)
2991 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid,
2995 #ifndef _SYS_SYSPROTO_H_
2996 struct fchownat_args {
3005 sys_fchownat(struct thread *td, struct fchownat_args *uap)
3008 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
3009 uap->gid, uap->flag));
3013 kern_fchownat(struct thread *td, int fd, const char *path,
3014 enum uio_seg pathseg, int uid, int gid, int flag)
3016 struct nameidata nd;
3019 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
3020 AT_EMPTY_PATH)) != 0)
3023 AUDIT_ARG_OWNER(uid, gid);
3024 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
3025 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
3026 fd, &cap_fchown_rights, td);
3028 if ((error = namei(&nd)) != 0)
3030 NDFREE_NOTHING(&nd);
3031 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
3037 * Set ownership given a path name, do not cross symlinks.
3039 #ifndef _SYS_SYSPROTO_H_
3040 struct lchown_args {
3047 sys_lchown(struct thread *td, struct lchown_args *uap)
3050 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3051 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW));
3055 * Set ownership given a file descriptor.
3057 #ifndef _SYS_SYSPROTO_H_
3058 struct fchown_args {
3065 sys_fchown(struct thread *td, struct fchown_args *uap)
3070 AUDIT_ARG_FD(uap->fd);
3071 AUDIT_ARG_OWNER(uap->uid, uap->gid);
3072 error = fget(td, uap->fd, &cap_fchown_rights, &fp);
3075 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
3081 * Common implementation code for utimes(), lutimes(), and futimes().
3084 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg,
3085 struct timespec *tsp)
3087 struct timeval tv[2];
3088 const struct timeval *tvp;
3091 if (usrtvp == NULL) {
3092 vfs_timestamp(&tsp[0]);
3095 if (tvpseg == UIO_SYSSPACE) {
3098 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
3103 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
3104 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
3106 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3107 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3113 * Common implementation code for futimens(), utimensat().
3115 #define UTIMENS_NULL 0x1
3116 #define UTIMENS_EXIT 0x2
3118 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
3119 struct timespec *tsp, int *retflags)
3121 struct timespec tsnow;
3124 vfs_timestamp(&tsnow);
3126 if (usrtsp == NULL) {
3129 *retflags |= UTIMENS_NULL;
3132 if (tspseg == UIO_SYSSPACE) {
3135 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
3137 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
3138 *retflags |= UTIMENS_EXIT;
3139 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
3140 *retflags |= UTIMENS_NULL;
3141 if (tsp[0].tv_nsec == UTIME_OMIT)
3142 tsp[0].tv_sec = VNOVAL;
3143 else if (tsp[0].tv_nsec == UTIME_NOW)
3145 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
3147 if (tsp[1].tv_nsec == UTIME_OMIT)
3148 tsp[1].tv_sec = VNOVAL;
3149 else if (tsp[1].tv_nsec == UTIME_NOW)
3151 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
3158 * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
3162 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts,
3163 int numtimes, int nullflag)
3170 setbirthtime = false;
3171 vattr.va_birthtime.tv_sec = VNOVAL;
3172 vattr.va_birthtime.tv_nsec = 0;
3174 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
3176 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3177 if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred) == 0 &&
3178 timespeccmp(&ts[1], &vattr.va_birthtime, < ))
3179 setbirthtime = true;
3181 vattr.va_atime = ts[0];
3182 vattr.va_mtime = ts[1];
3184 vattr.va_birthtime = ts[1];
3186 vattr.va_birthtime = ts[2];
3188 vattr.va_vaflags |= VA_UTIMES_NULL;
3190 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3194 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3196 vn_finished_write(mp);
3201 * Set the access and modification times of a file.
3203 #ifndef _SYS_SYSPROTO_H_
3204 struct utimes_args {
3206 struct timeval *tptr;
3210 sys_utimes(struct thread *td, struct utimes_args *uap)
3213 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3214 uap->tptr, UIO_USERSPACE));
3217 #ifndef _SYS_SYSPROTO_H_
3218 struct futimesat_args {
3221 const struct timeval * times;
3225 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3228 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3229 uap->times, UIO_USERSPACE));
3233 kern_utimesat(struct thread *td, int fd, const char *path,
3234 enum uio_seg pathseg, struct timeval *tptr, enum uio_seg tptrseg)
3236 struct nameidata nd;
3237 struct timespec ts[2];
3240 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3242 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3243 &cap_futimes_rights, td);
3245 if ((error = namei(&nd)) != 0)
3247 NDFREE_NOTHING(&nd);
3248 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3254 * Set the access and modification times of a file.
3256 #ifndef _SYS_SYSPROTO_H_
3257 struct lutimes_args {
3259 struct timeval *tptr;
3263 sys_lutimes(struct thread *td, struct lutimes_args *uap)
3266 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3271 kern_lutimes(struct thread *td, const char *path, enum uio_seg pathseg,
3272 struct timeval *tptr, enum uio_seg tptrseg)
3274 struct timespec ts[2];
3275 struct nameidata nd;
3278 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3280 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td);
3281 if ((error = namei(&nd)) != 0)
3283 NDFREE_NOTHING(&nd);
3284 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3290 * Set the access and modification times of a file.
3292 #ifndef _SYS_SYSPROTO_H_
3293 struct futimes_args {
3295 struct timeval *tptr;
3299 sys_futimes(struct thread *td, struct futimes_args *uap)
3302 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3306 kern_futimes(struct thread *td, int fd, struct timeval *tptr,
3307 enum uio_seg tptrseg)
3309 struct timespec ts[2];
3314 error = getutimes(tptr, tptrseg, ts);
3317 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3321 if (AUDITING_TD(td)) {
3322 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3323 AUDIT_ARG_VNODE1(fp->f_vnode);
3324 VOP_UNLOCK(fp->f_vnode);
3327 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3333 sys_futimens(struct thread *td, struct futimens_args *uap)
3336 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3340 kern_futimens(struct thread *td, int fd, struct timespec *tptr,
3341 enum uio_seg tptrseg)
3343 struct timespec ts[2];
3348 error = getutimens(tptr, tptrseg, ts, &flags);
3351 if (flags & UTIMENS_EXIT)
3353 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3357 if (AUDITING_TD(td)) {
3358 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3359 AUDIT_ARG_VNODE1(fp->f_vnode);
3360 VOP_UNLOCK(fp->f_vnode);
3363 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3369 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3372 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3373 uap->times, UIO_USERSPACE, uap->flag));
3377 kern_utimensat(struct thread *td, int fd, const char *path,
3378 enum uio_seg pathseg, struct timespec *tptr, enum uio_seg tptrseg,
3381 struct nameidata nd;
3382 struct timespec ts[2];
3385 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
3386 AT_EMPTY_PATH)) != 0)
3389 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3391 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
3392 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1,
3393 pathseg, path, fd, &cap_futimes_rights, td);
3394 if ((error = namei(&nd)) != 0)
3397 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3399 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3400 * "Search permission is denied by a component of the path prefix."
3402 NDFREE_NOTHING(&nd);
3403 if ((flags & UTIMENS_EXIT) == 0)
3404 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3410 * Truncate a file given its path name.
3412 #ifndef _SYS_SYSPROTO_H_
3413 struct truncate_args {
3420 sys_truncate(struct thread *td, struct truncate_args *uap)
3423 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3427 kern_truncate(struct thread *td, const char *path, enum uio_seg pathseg,
3434 struct nameidata nd;
3441 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
3442 if ((error = namei(&nd)) != 0)
3445 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3446 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
3447 vn_rangelock_unlock(vp, rl_cookie);
3451 NDFREE(&nd, NDF_ONLY_PNBUF);
3452 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3453 if (vp->v_type == VDIR)
3456 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) {
3459 else if ((error = vn_writechk(vp)) == 0 &&
3460 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
3462 vattr.va_size = length;
3463 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3466 vn_finished_write(mp);
3467 vn_rangelock_unlock(vp, rl_cookie);
3469 if (error == ERELOOKUP)
3474 #if defined(COMPAT_43)
3476 * Truncate a file given its path name.
3478 #ifndef _SYS_SYSPROTO_H_
3479 struct otruncate_args {
3485 otruncate(struct thread *td, struct otruncate_args *uap)
3488 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3490 #endif /* COMPAT_43 */
3492 #if defined(COMPAT_FREEBSD6)
3493 /* Versions with the pad argument */
3495 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3498 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3502 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3505 return (kern_ftruncate(td, uap->fd, uap->length));
3510 kern_fsync(struct thread *td, int fd, bool fullsync)
3518 error = getvnode(td, fd, &cap_fsync_rights, &fp);
3524 /* XXXKIB: compete outstanding aio writes */;
3527 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3530 vn_lock(vp, vn_lktype_write(mp, vp) | LK_RETRY);
3531 AUDIT_ARG_VNODE1(vp);
3532 if (vp->v_object != NULL) {
3533 VM_OBJECT_WLOCK(vp->v_object);
3534 vm_object_page_clean(vp->v_object, 0, 0, 0);
3535 VM_OBJECT_WUNLOCK(vp->v_object);
3537 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td);
3539 vn_finished_write(mp);
3540 if (error == ERELOOKUP)
3548 * Sync an open file.
3550 #ifndef _SYS_SYSPROTO_H_
3556 sys_fsync(struct thread *td, struct fsync_args *uap)
3559 return (kern_fsync(td, uap->fd, true));
3563 sys_fdatasync(struct thread *td, struct fdatasync_args *uap)
3566 return (kern_fsync(td, uap->fd, false));
3570 * Rename files. Source and destination must either both be directories, or
3571 * both not be directories. If target is a directory, it must be empty.
3573 #ifndef _SYS_SYSPROTO_H_
3574 struct rename_args {
3580 sys_rename(struct thread *td, struct rename_args *uap)
3583 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD,
3584 uap->to, UIO_USERSPACE));
3587 #ifndef _SYS_SYSPROTO_H_
3588 struct renameat_args {
3596 sys_renameat(struct thread *td, struct renameat_args *uap)
3599 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3605 kern_renameat_mac(struct thread *td, int oldfd, const char *old, int newfd,
3606 const char *new, enum uio_seg pathseg, struct nameidata *fromnd)
3610 NDINIT_ATRIGHTS(fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
3611 AUDITVNODE1, pathseg, old, oldfd, &cap_renameat_source_rights, td);
3612 if ((error = namei(fromnd)) != 0)
3614 error = mac_vnode_check_rename_from(td->td_ucred, fromnd->ni_dvp,
3615 fromnd->ni_vp, &fromnd->ni_cnd);
3616 VOP_UNLOCK(fromnd->ni_dvp);
3617 if (fromnd->ni_dvp != fromnd->ni_vp)
3618 VOP_UNLOCK(fromnd->ni_vp);
3620 NDFREE(fromnd, NDF_ONLY_PNBUF);
3621 vrele(fromnd->ni_dvp);
3622 vrele(fromnd->ni_vp);
3623 if (fromnd->ni_startdir)
3624 vrele(fromnd->ni_startdir);
3631 kern_renameat(struct thread *td, int oldfd, const char *old, int newfd,
3632 const char *new, enum uio_seg pathseg)
3634 struct mount *mp = NULL;
3635 struct vnode *tvp, *fvp, *tdvp;
3636 struct nameidata fromnd, tond;
3637 u_int64_t tondflags;
3643 if (mac_vnode_check_rename_from_enabled()) {
3644 error = kern_renameat_mac(td, oldfd, old, newfd, new, pathseg,
3650 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1,
3651 pathseg, old, oldfd, &cap_renameat_source_rights, td);
3652 if ((error = namei(&fromnd)) != 0)
3658 tondflags = LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | AUDITVNODE2;
3659 if (fromnd.ni_vp->v_type == VDIR)
3660 tondflags |= WILLBEDIR;
3661 NDINIT_ATRIGHTS(&tond, RENAME, tondflags, pathseg, new, newfd,
3662 &cap_renameat_target_rights, td);
3663 if ((error = namei(&tond)) != 0) {
3664 /* Translate error code for rename("dir1", "dir2/."). */
3665 if (error == EISDIR && fvp->v_type == VDIR)
3667 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3668 vrele(fromnd.ni_dvp);
3674 error = vn_start_write(fvp, &mp, V_NOWAIT);
3676 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3677 NDFREE(&tond, NDF_ONLY_PNBUF);
3684 vrele(fromnd.ni_dvp);
3686 vrele(tond.ni_startdir);
3687 if (fromnd.ni_startdir != NULL)
3688 vrele(fromnd.ni_startdir);
3689 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
3695 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3698 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3703 if (newfd != AT_FDCWD && (tond.ni_resflags & NIRES_ABS) == 0) {
3705 * If the target already exists we require CAP_UNLINKAT
3706 * from 'newfd', when newfd was used for the lookup.
3708 error = cap_check(&tond.ni_filecaps.fc_rights,
3709 &cap_unlinkat_rights);
3720 * If the source is the same as the destination (that is, if they
3721 * are links to the same vnode), then there is nothing to do.
3727 error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3728 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3732 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3733 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3734 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3735 NDFREE(&tond, NDF_ONLY_PNBUF);
3737 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3738 NDFREE(&tond, NDF_ONLY_PNBUF);
3745 vrele(fromnd.ni_dvp);
3748 vrele(tond.ni_startdir);
3749 vn_finished_write(mp);
3751 if (fromnd.ni_startdir)
3752 vrele(fromnd.ni_startdir);
3753 if (error == ERESTART)
3755 if (error == ERELOOKUP)
3761 * Make a directory file.
3763 #ifndef _SYS_SYSPROTO_H_
3770 sys_mkdir(struct thread *td, struct mkdir_args *uap)
3773 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3777 #ifndef _SYS_SYSPROTO_H_
3778 struct mkdirat_args {
3785 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3788 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3792 kern_mkdirat(struct thread *td, int fd, const char *path, enum uio_seg segflg,
3797 struct nameidata nd;
3800 AUDIT_ARG_MODE(mode);
3804 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
3805 NC_NOMAKEENTRY | NC_KEEPPOSENTRY | FAILIFEXISTS | WILLBEDIR,
3806 segflg, path, fd, &cap_mkdirat_rights, td);
3807 if ((error = namei(&nd)) != 0)
3809 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3810 NDFREE(&nd, NDF_ONLY_PNBUF);
3812 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3817 vattr.va_type = VDIR;
3818 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_pd->pd_cmask;
3820 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3825 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3829 NDFREE(&nd, NDF_ONLY_PNBUF);
3830 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
3831 vn_finished_write(mp);
3832 if (error == ERELOOKUP)
3838 * Remove a directory file.
3840 #ifndef _SYS_SYSPROTO_H_
3846 sys_rmdir(struct thread *td, struct rmdir_args *uap)
3849 return (kern_frmdirat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
3854 kern_frmdirat(struct thread *td, int dfd, const char *path, int fd,
3855 enum uio_seg pathseg, int flag)
3860 struct nameidata nd;
3861 cap_rights_t rights;
3865 if (fd != FD_NONE) {
3866 error = getvnode(td, fd, cap_rights_init_one(&rights,
3875 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
3876 at2cnpflags(flag, AT_RESOLVE_BENEATH),
3877 pathseg, path, dfd, &cap_unlinkat_rights, td);
3878 if ((error = namei(&nd)) != 0)
3881 if (vp->v_type != VDIR) {
3886 * No rmdir "." please.
3888 if (nd.ni_dvp == vp) {
3893 * The root of a mounted filesystem cannot be deleted.
3895 if (vp->v_vflag & VV_ROOT) {
3900 if (fp != NULL && fp->f_vnode != vp) {
3901 if (VN_IS_DOOMED(fp->f_vnode))
3909 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3914 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3915 NDFREE(&nd, NDF_ONLY_PNBUF);
3917 if (nd.ni_dvp == vp)
3921 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3925 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3926 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3927 vn_finished_write(mp);
3929 NDFREE(&nd, NDF_ONLY_PNBUF);
3931 if (nd.ni_dvp == vp)
3935 if (error == ERELOOKUP)
3943 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
3945 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count,
3946 long *basep, void (*func)(struct freebsd11_dirent *))
3948 struct freebsd11_dirent dstdp;
3949 struct dirent *dp, *edp;
3952 ssize_t resid, ucount;
3955 /* XXX arbitrary sanity limit on `count'. */
3956 count = min(count, 64 * 1024);
3958 dirbuf = malloc(count, M_TEMP, M_WAITOK);
3960 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid,
3968 for (dp = (struct dirent *)dirbuf,
3969 edp = (struct dirent *)&dirbuf[count - resid];
3970 ucount < count && dp < edp; ) {
3971 if (dp->d_reclen == 0)
3973 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0));
3974 if (dp->d_namlen >= sizeof(dstdp.d_name))
3976 dstdp.d_type = dp->d_type;
3977 dstdp.d_namlen = dp->d_namlen;
3978 dstdp.d_fileno = dp->d_fileno; /* truncate */
3979 if (dstdp.d_fileno != dp->d_fileno) {
3980 switch (ino64_trunc_error) {
3988 dstdp.d_fileno = UINT32_MAX;
3992 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) +
3993 ((dp->d_namlen + 1 + 3) &~ 3);
3994 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
3995 bzero(dstdp.d_name + dstdp.d_namlen,
3996 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) -
3998 MPASS(dstdp.d_reclen <= dp->d_reclen);
3999 MPASS(ucount + dstdp.d_reclen <= count);
4002 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen);
4005 dp = (struct dirent *)((char *)dp + dp->d_reclen);
4006 ucount += dstdp.d_reclen;
4010 free(dirbuf, M_TEMP);
4012 td->td_retval[0] = ucount;
4019 ogetdirentries_cvt(struct freebsd11_dirent *dp)
4021 #if (BYTE_ORDER == LITTLE_ENDIAN)
4023 * The expected low byte of dp->d_namlen is our dp->d_type.
4024 * The high MBZ byte of dp->d_namlen is our dp->d_namlen.
4026 dp->d_type = dp->d_namlen;
4030 * The dp->d_type is the high byte of the expected dp->d_namlen,
4031 * so must be zero'ed.
4038 * Read a block of directory entries in a filesystem independent format.
4040 #ifndef _SYS_SYSPROTO_H_
4041 struct ogetdirentries_args {
4049 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
4054 error = kern_ogetdirentries(td, uap, &loff);
4056 error = copyout(&loff, uap->basep, sizeof(long));
4061 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
4067 /* XXX arbitrary sanity limit on `count'. */
4068 if (uap->count > 64 * 1024)
4071 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4072 &base, ogetdirentries_cvt);
4074 if (error == 0 && uap->basep != NULL)
4075 error = copyout(&base, uap->basep, sizeof(long));
4079 #endif /* COMPAT_43 */
4081 #if defined(COMPAT_FREEBSD11)
4082 #ifndef _SYS_SYSPROTO_H_
4083 struct freebsd11_getdirentries_args {
4091 freebsd11_getdirentries(struct thread *td,
4092 struct freebsd11_getdirentries_args *uap)
4097 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4100 if (error == 0 && uap->basep != NULL)
4101 error = copyout(&base, uap->basep, sizeof(long));
4106 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap)
4108 struct freebsd11_getdirentries_args ap;
4112 ap.count = uap->count;
4114 return (freebsd11_getdirentries(td, &ap));
4116 #endif /* COMPAT_FREEBSD11 */
4119 * Read a block of directory entries in a filesystem independent format.
4122 sys_getdirentries(struct thread *td, struct getdirentries_args *uap)
4127 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
4128 NULL, UIO_USERSPACE);
4131 if (uap->basep != NULL)
4132 error = copyout(&base, uap->basep, sizeof(off_t));
4137 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count,
4138 off_t *basep, ssize_t *residp, enum uio_seg bufseg)
4149 if (count > IOSIZE_MAX)
4151 auio.uio_resid = count;
4152 error = getvnode(td, fd, &cap_read_rights, &fp);
4155 if ((fp->f_flag & FREAD) == 0) {
4160 foffset = foffset_lock(fp, 0);
4162 if (vp->v_type != VDIR) {
4166 if (__predict_false((vp->v_vflag & VV_UNLINKED) != 0)) {
4170 aiov.iov_base = buf;
4171 aiov.iov_len = count;
4172 auio.uio_iov = &aiov;
4173 auio.uio_iovcnt = 1;
4174 auio.uio_rw = UIO_READ;
4175 auio.uio_segflg = bufseg;
4177 vn_lock(vp, LK_SHARED | LK_RETRY);
4178 AUDIT_ARG_VNODE1(vp);
4179 loff = auio.uio_offset = foffset;
4181 error = mac_vnode_check_readdir(td->td_ucred, vp);
4184 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4186 foffset = auio.uio_offset;
4191 if (count == auio.uio_resid &&
4192 (vp->v_vflag & VV_ROOT) &&
4193 (vp->v_mount->mnt_flag & MNT_UNION)) {
4194 struct vnode *tvp = vp;
4196 vp = vp->v_mount->mnt_vnodecovered;
4206 *residp = auio.uio_resid;
4207 td->td_retval[0] = count - auio.uio_resid;
4209 foffset_unlock(fp, foffset, 0);
4215 * Set the mode mask for creation of filesystem nodes.
4217 #ifndef _SYS_SYSPROTO_H_
4223 sys_umask(struct thread *td, struct umask_args *uap)
4225 struct pwddesc *pdp;
4227 pdp = td->td_proc->p_pd;
4229 td->td_retval[0] = pdp->pd_cmask;
4230 pdp->pd_cmask = uap->newmask & ALLPERMS;
4231 PWDDESC_XUNLOCK(pdp);
4236 * Void all references to file by ripping underlying filesystem away from
4239 #ifndef _SYS_SYSPROTO_H_
4240 struct revoke_args {
4245 sys_revoke(struct thread *td, struct revoke_args *uap)
4249 struct nameidata nd;
4252 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4254 if ((error = namei(&nd)) != 0)
4257 NDFREE_NOTHING(&nd);
4258 if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4263 error = mac_vnode_check_revoke(td->td_ucred, vp);
4267 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4270 if (td->td_ucred->cr_uid != vattr.va_uid) {
4271 error = priv_check(td, PRIV_VFS_ADMIN);
4275 if (devfs_usecount(vp) > 0)
4276 VOP_REVOKE(vp, REVOKEALL);
4283 * This variant of getvnode() allows O_PATH files. Caller should
4284 * ensure that returned file and vnode are only used for compatible
4288 getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
4294 error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp);
4299 * The file could be not of the vnode type, or it may be not
4300 * yet fully initialized, in which case the f_vnode pointer
4301 * may be set, but f_ops is still badfileops. E.g.,
4302 * devfs_open() transiently create such situation to
4303 * facilitate csw d_fdopen().
4305 * Dupfdopen() handling in kern_openat() installs the
4306 * half-baked file into the process descriptor table, allowing
4307 * other thread to dereference it. Guard against the race by
4310 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) {
4321 * Convert a user file descriptor to a kernel file entry and check
4322 * that, if it is a capability, the correct rights are present.
4323 * A reference on the file entry is held upon returning.
4326 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
4330 error = getvnode_path(td, fd, rightsp, fpp);
4333 * Filter out O_PATH file descriptors, most getvnode() callers
4334 * do not call fo_ methods.
4336 if (error == 0 && (*fpp)->f_ops == &path_fileops) {
4346 * Get an (NFS) file handle.
4348 #ifndef _SYS_SYSPROTO_H_
4349 struct lgetfh_args {
4355 sys_lgetfh(struct thread *td, struct lgetfh_args *uap)
4358 return (kern_getfhat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->fname,
4359 UIO_USERSPACE, uap->fhp, UIO_USERSPACE));
4362 #ifndef _SYS_SYSPROTO_H_
4369 sys_getfh(struct thread *td, struct getfh_args *uap)
4372 return (kern_getfhat(td, 0, AT_FDCWD, uap->fname, UIO_USERSPACE,
4373 uap->fhp, UIO_USERSPACE));
4377 * syscall for the rpc.lockd to use to translate an open descriptor into
4378 * a NFS file handle.
4380 * warning: do not remove the priv_check() call or this becomes one giant
4383 #ifndef _SYS_SYSPROTO_H_
4384 struct getfhat_args {
4392 sys_getfhat(struct thread *td, struct getfhat_args *uap)
4395 return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
4396 uap->fhp, UIO_USERSPACE));
4400 kern_getfhat(struct thread *td, int flags, int fd, const char *path,
4401 enum uio_seg pathseg, fhandle_t *fhp, enum uio_seg fhseg)
4403 struct nameidata nd;
4408 if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
4410 error = priv_check(td, PRIV_VFS_GETFH);
4413 NDINIT_AT(&nd, LOOKUP, at2cnpflags(flags, AT_SYMLINK_NOFOLLOW |
4414 AT_RESOLVE_BENEATH) | LOCKLEAF | AUDITVNODE1, pathseg, path,
4419 NDFREE_NOTHING(&nd);
4421 bzero(&fh, sizeof(fh));
4422 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4423 error = VOP_VPTOFH(vp, &fh.fh_fid);
4426 if (fhseg == UIO_USERSPACE)
4427 error = copyout(&fh, fhp, sizeof (fh));
4429 memcpy(fhp, &fh, sizeof(fh));
4434 #ifndef _SYS_SYSPROTO_H_
4435 struct fhlink_args {
4441 sys_fhlink(struct thread *td, struct fhlink_args *uap)
4444 return (kern_fhlinkat(td, AT_FDCWD, uap->to, UIO_USERSPACE, uap->fhp));
4447 #ifndef _SYS_SYSPROTO_H_
4448 struct fhlinkat_args {
4455 sys_fhlinkat(struct thread *td, struct fhlinkat_args *uap)
4458 return (kern_fhlinkat(td, uap->tofd, uap->to, UIO_USERSPACE, uap->fhp));
4462 kern_fhlinkat(struct thread *td, int fd, const char *path,
4463 enum uio_seg pathseg, fhandle_t *fhp)
4470 error = priv_check(td, PRIV_VFS_GETFH);
4473 error = copyin(fhp, &fh, sizeof(fh));
4478 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4480 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4485 error = kern_linkat_vp(td, vp, fd, path, pathseg);
4486 } while (error == EAGAIN || error == ERELOOKUP);
4490 #ifndef _SYS_SYSPROTO_H_
4491 struct fhreadlink_args {
4498 sys_fhreadlink(struct thread *td, struct fhreadlink_args *uap)
4505 error = priv_check(td, PRIV_VFS_GETFH);
4508 if (uap->bufsize > IOSIZE_MAX)
4510 error = copyin(uap->fhp, &fh, sizeof(fh));
4513 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4515 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4519 error = kern_readlink_vp(vp, uap->buf, UIO_USERSPACE, uap->bufsize, td);
4525 * syscall for the rpc.lockd to use to translate a NFS file handle into an
4528 * warning: do not remove the priv_check() call or this becomes one giant
4531 #ifndef _SYS_SYSPROTO_H_
4532 struct fhopen_args {
4533 const struct fhandle *u_fhp;
4538 sys_fhopen(struct thread *td, struct fhopen_args *uap)
4540 return (kern_fhopen(td, uap->u_fhp, uap->flags));
4544 kern_fhopen(struct thread *td, const struct fhandle *u_fhp, int flags)
4553 error = priv_check(td, PRIV_VFS_FHOPEN);
4557 fmode = FFLAGS(flags);
4558 /* why not allow a non-read/write open for our lockd? */
4559 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4561 error = copyin(u_fhp, &fhp, sizeof(fhp));
4564 /* find the mount point */
4565 mp = vfs_busyfs(&fhp.fh_fsid);
4568 /* now give me my vnode, it gets returned to me locked */
4569 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4574 error = falloc_noinstall(td, &fp);
4580 * An extra reference on `fp' has been held for us by
4581 * falloc_noinstall().
4587 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4589 KASSERT(fp->f_ops == &badfileops,
4590 ("VOP_OPEN in fhopen() set f_ops"));
4591 KASSERT(td->td_dupfd < 0,
4592 ("fhopen() encountered fdopen()"));
4601 finit_vnode(fp, fmode, NULL, &vnops);
4603 if ((fmode & O_TRUNC) != 0) {
4604 error = fo_truncate(fp, 0, td->td_ucred, td);
4609 error = finstall(td, fp, &indx, fmode, NULL);
4612 td->td_retval[0] = indx;
4617 * Stat an (NFS) file handle.
4619 #ifndef _SYS_SYSPROTO_H_
4620 struct fhstat_args {
4621 struct fhandle *u_fhp;
4626 sys_fhstat(struct thread *td, struct fhstat_args *uap)
4632 error = copyin(uap->u_fhp, &fh, sizeof(fh));
4635 error = kern_fhstat(td, fh, &sb);
4637 error = copyout(&sb, uap->sb, sizeof(sb));
4642 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4648 error = priv_check(td, PRIV_VFS_FHSTAT);
4651 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4653 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4657 error = VOP_STAT(vp, sb, td->td_ucred, NOCRED, td);
4663 * Implement fstatfs() for (NFS) file handles.
4665 #ifndef _SYS_SYSPROTO_H_
4666 struct fhstatfs_args {
4667 struct fhandle *u_fhp;
4672 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap)
4678 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4681 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
4682 error = kern_fhstatfs(td, fh, sfp);
4684 error = copyout(sfp, uap->buf, sizeof(*sfp));
4685 free(sfp, M_STATFS);
4690 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4696 error = priv_check(td, PRIV_VFS_FHSTATFS);
4699 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4701 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4707 error = prison_canseemount(td->td_ucred, mp);
4711 error = mac_mount_check_stat(td->td_ucred, mp);
4715 error = VFS_STATFS(mp, buf);
4722 * Unlike madvise(2), we do not make a best effort to remember every
4723 * possible caching hint. Instead, we remember the last setting with
4724 * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4725 * region of any current setting.
4728 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4731 struct fadvise_info *fa, *new;
4737 if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4739 AUDIT_ARG_VALUE(advice);
4741 case POSIX_FADV_SEQUENTIAL:
4742 case POSIX_FADV_RANDOM:
4743 case POSIX_FADV_NOREUSE:
4744 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4746 case POSIX_FADV_NORMAL:
4747 case POSIX_FADV_WILLNEED:
4748 case POSIX_FADV_DONTNEED:
4754 /* XXX: CAP_POSIX_FADVISE? */
4756 error = fget(td, fd, &cap_no_rights, &fp);
4759 AUDIT_ARG_FILE(td->td_proc, fp);
4760 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4764 if (fp->f_type != DTYPE_VNODE) {
4769 if (vp->v_type != VREG) {
4776 end = offset + len - 1;
4778 case POSIX_FADV_SEQUENTIAL:
4779 case POSIX_FADV_RANDOM:
4780 case POSIX_FADV_NOREUSE:
4782 * Try to merge any existing non-standard region with
4783 * this new region if possible, otherwise create a new
4784 * non-standard region for this request.
4786 mtx_pool_lock(mtxpool_sleep, fp);
4788 if (fa != NULL && fa->fa_advice == advice &&
4789 ((fa->fa_start <= end && fa->fa_end >= offset) ||
4790 (end != OFF_MAX && fa->fa_start == end + 1) ||
4791 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4792 if (offset < fa->fa_start)
4793 fa->fa_start = offset;
4794 if (end > fa->fa_end)
4797 new->fa_advice = advice;
4798 new->fa_start = offset;
4803 mtx_pool_unlock(mtxpool_sleep, fp);
4805 case POSIX_FADV_NORMAL:
4807 * If a the "normal" region overlaps with an existing
4808 * non-standard region, trim or remove the
4809 * non-standard region.
4811 mtx_pool_lock(mtxpool_sleep, fp);
4814 if (offset <= fa->fa_start && end >= fa->fa_end) {
4816 fp->f_advice = NULL;
4817 } else if (offset <= fa->fa_start &&
4818 end >= fa->fa_start)
4819 fa->fa_start = end + 1;
4820 else if (offset <= fa->fa_end && end >= fa->fa_end)
4821 fa->fa_end = offset - 1;
4822 else if (offset >= fa->fa_start && end <= fa->fa_end) {
4824 * If the "normal" region is a middle
4825 * portion of the existing
4826 * non-standard region, just remove
4827 * the whole thing rather than picking
4828 * one side or the other to
4832 fp->f_advice = NULL;
4835 mtx_pool_unlock(mtxpool_sleep, fp);
4837 case POSIX_FADV_WILLNEED:
4838 case POSIX_FADV_DONTNEED:
4839 error = VOP_ADVISE(vp, offset, end, advice);
4845 free(new, M_FADVISE);
4850 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4854 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len,
4856 return (kern_posix_error(td, error));
4860 kern_copy_file_range(struct thread *td, int infd, off_t *inoffp, int outfd,
4861 off_t *outoffp, size_t len, unsigned int flags)
4863 struct file *infp, *outfp;
4864 struct vnode *invp, *outvp;
4867 void *rl_rcookie, *rl_wcookie;
4868 off_t savinoff, savoutoff;
4870 infp = outfp = NULL;
4871 rl_rcookie = rl_wcookie = NULL;
4880 if (len > SSIZE_MAX)
4882 * Although the len argument is size_t, the return argument
4883 * is ssize_t (which is signed). Therefore a size that won't
4884 * fit in ssize_t can't be returned.
4888 /* Get the file structures for the file descriptors. */
4889 error = fget_read(td, infd,
4890 inoffp != NULL ? &cap_pread_rights : &cap_read_rights, &infp);
4893 if (infp->f_ops == &badfileops) {
4897 if (infp->f_vnode == NULL) {
4901 error = fget_write(td, outfd,
4902 outoffp != NULL ? &cap_pwrite_rights : &cap_write_rights, &outfp);
4905 if (outfp->f_ops == &badfileops) {
4909 if (outfp->f_vnode == NULL) {
4914 /* Set the offset pointers to the correct place. */
4916 inoffp = &infp->f_offset;
4917 if (outoffp == NULL)
4918 outoffp = &outfp->f_offset;
4920 savoutoff = *outoffp;
4922 invp = infp->f_vnode;
4923 outvp = outfp->f_vnode;
4924 /* Sanity check the f_flag bits. */
4925 if ((outfp->f_flag & (FWRITE | FAPPEND)) != FWRITE ||
4926 (infp->f_flag & FREAD) == 0) {
4931 /* If len == 0, just return 0. */
4936 * If infp and outfp refer to the same file, the byte ranges cannot
4939 if (invp == outvp && ((savinoff <= savoutoff && savinoff + len >
4940 savoutoff) || (savinoff > savoutoff && savoutoff + len >
4946 /* Range lock the byte ranges for both invp and outvp. */
4948 rl_wcookie = vn_rangelock_wlock(outvp, *outoffp, *outoffp +
4950 rl_rcookie = vn_rangelock_tryrlock(invp, *inoffp, *inoffp +
4952 if (rl_rcookie != NULL)
4954 vn_rangelock_unlock(outvp, rl_wcookie);
4955 rl_rcookie = vn_rangelock_rlock(invp, *inoffp, *inoffp + len);
4956 vn_rangelock_unlock(invp, rl_rcookie);
4960 error = vn_copy_file_range(invp, inoffp, outvp, outoffp, &retlen,
4961 flags, infp->f_cred, outfp->f_cred, td);
4963 if (rl_rcookie != NULL)
4964 vn_rangelock_unlock(invp, rl_rcookie);
4965 if (rl_wcookie != NULL)
4966 vn_rangelock_unlock(outvp, rl_wcookie);
4967 if (savinoff != -1 && (error == EINTR || error == ERESTART)) {
4969 *outoffp = savoutoff;
4975 td->td_retval[0] = retlen;
4980 sys_copy_file_range(struct thread *td, struct copy_file_range_args *uap)
4982 off_t inoff, outoff, *inoffp, *outoffp;
4985 inoffp = outoffp = NULL;
4986 if (uap->inoffp != NULL) {
4987 error = copyin(uap->inoffp, &inoff, sizeof(off_t));
4992 if (uap->outoffp != NULL) {
4993 error = copyin(uap->outoffp, &outoff, sizeof(off_t));
4998 error = kern_copy_file_range(td, uap->infd, inoffp, uap->outfd,
4999 outoffp, uap->len, uap->flags);
5000 if (error == 0 && uap->inoffp != NULL)
5001 error = copyout(inoffp, uap->inoffp, sizeof(off_t));
5002 if (error == 0 && uap->outoffp != NULL)
5003 error = copyout(outoffp, uap->outoffp, sizeof(off_t));