2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_capsicum.h"
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #ifdef COMPAT_FREEBSD11
48 #include <sys/abi_compat.h>
52 #include <sys/capsicum.h>
54 #include <sys/malloc.h>
55 #include <sys/mount.h>
56 #include <sys/mutex.h>
57 #include <sys/sysproto.h>
58 #include <sys/namei.h>
59 #include <sys/filedesc.h>
60 #include <sys/kernel.h>
61 #include <sys/fcntl.h>
63 #include <sys/filio.h>
64 #include <sys/limits.h>
65 #include <sys/linker.h>
66 #include <sys/rwlock.h>
70 #include <sys/unistd.h>
71 #include <sys/vnode.h>
74 #include <sys/dirent.h>
76 #include <sys/syscallsubr.h>
77 #include <sys/sysctl.h>
79 #include <sys/ktrace.h>
82 #include <machine/stdarg.h>
84 #include <security/audit/audit.h>
85 #include <security/mac/mac_framework.h>
88 #include <vm/vm_object.h>
89 #include <vm/vm_page.h>
92 #include <fs/devfs/devfs.h>
94 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
96 static int kern_chflagsat(struct thread *td, int fd, const char *path,
97 enum uio_seg pathseg, u_long flags, int atflag);
98 static int setfflags(struct thread *td, struct vnode *, u_long);
99 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
100 static int getutimens(const struct timespec *, enum uio_seg,
101 struct timespec *, int *);
102 static int setutimes(struct thread *td, struct vnode *,
103 const struct timespec *, int, int);
104 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
106 static int kern_fhlinkat(struct thread *td, int fd, const char *path,
107 enum uio_seg pathseg, fhandle_t *fhp);
108 static int kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg,
109 size_t count, struct thread *td);
110 static int kern_linkat_vp(struct thread *td, struct vnode *vp, int fd,
111 const char *path, enum uio_seg segflag);
114 at2cnpflags(u_int at_flags, u_int mask)
118 MPASS((at_flags & (AT_SYMLINK_FOLLOW | AT_SYMLINK_NOFOLLOW)) !=
119 (AT_SYMLINK_FOLLOW | AT_SYMLINK_NOFOLLOW));
123 if ((at_flags & AT_RESOLVE_BENEATH) != 0)
125 if ((at_flags & AT_SYMLINK_FOLLOW) != 0)
127 /* NOFOLLOW is pseudo flag */
128 if ((mask & AT_SYMLINK_NOFOLLOW) != 0) {
129 res |= (at_flags & AT_SYMLINK_NOFOLLOW) != 0 ? NOFOLLOW :
132 if ((mask & AT_EMPTY_PATH) != 0 && (at_flags & AT_EMPTY_PATH) != 0)
138 kern_sync(struct thread *td)
140 struct mount *mp, *nmp;
143 mtx_lock(&mountlist_mtx);
144 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
145 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
146 nmp = TAILQ_NEXT(mp, mnt_list);
149 if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
150 vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
151 save = curthread_pflags_set(TDP_SYNCIO);
152 vfs_periodic(mp, MNT_NOWAIT);
153 VFS_SYNC(mp, MNT_NOWAIT);
154 curthread_pflags_restore(save);
155 vn_finished_write(mp);
157 mtx_lock(&mountlist_mtx);
158 nmp = TAILQ_NEXT(mp, mnt_list);
161 mtx_unlock(&mountlist_mtx);
166 * Sync each mounted filesystem.
168 #ifndef _SYS_SYSPROTO_H_
175 sys_sync(struct thread *td, struct sync_args *uap)
178 return (kern_sync(td));
182 * Change filesystem quotas.
184 #ifndef _SYS_SYSPROTO_H_
185 struct quotactl_args {
193 sys_quotactl(struct thread *td, struct quotactl_args *uap)
200 AUDIT_ARG_CMD(uap->cmd);
201 AUDIT_ARG_UID(uap->uid);
202 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
204 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
206 if ((error = namei(&nd)) != 0)
209 mp = nd.ni_vp->v_mount;
212 error = vfs_busy(mp, 0);
218 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg, &mp_busy);
221 * Since quota on/off operations typically need to open quota
222 * files, the implementation may need to unbusy the mount point
223 * before calling into namei. Otherwise, unmount might be
224 * started between two vfs_busy() invocations (first is ours,
225 * second is from mount point cross-walk code in lookup()),
228 * Avoid unbusying mp if the implementation indicates it has
238 * Used by statfs conversion routines to scale the block size up if
239 * necessary so that all of the block counts are <= 'max_size'. Note
240 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
244 statfs_scale_blocks(struct statfs *sf, long max_size)
249 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
252 * Attempt to scale the block counts to give a more accurate
253 * overview to userland of the ratio of free space to used
254 * space. To do this, find the largest block count and compute
255 * a divisor that lets it fit into a signed integer <= max_size.
257 if (sf->f_bavail < 0)
258 count = -sf->f_bavail;
260 count = sf->f_bavail;
261 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
262 if (count <= max_size)
265 count >>= flsl(max_size);
272 sf->f_bsize <<= shift;
273 sf->f_blocks >>= shift;
274 sf->f_bfree >>= shift;
275 sf->f_bavail >>= shift;
279 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
285 error = vfs_busy(mp, 0);
290 error = mac_mount_check_stat(td->td_ucred, mp);
294 error = VFS_STATFS(mp, buf);
297 if (priv_check_cred_vfs_generation(td->td_ucred)) {
298 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
299 prison_enforce_statfs(td->td_ucred, mp, buf);
307 * Get filesystem statistics.
309 #ifndef _SYS_SYSPROTO_H_
316 sys_statfs(struct thread *td, struct statfs_args *uap)
321 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
322 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
324 error = copyout(sfp, uap->buf, sizeof(struct statfs));
330 kern_statfs(struct thread *td, const char *path, enum uio_seg pathseg,
337 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path);
342 mp = vfs_ref_from_vp(nd.ni_vp);
344 return (kern_do_statfs(td, mp, buf));
348 * Get filesystem statistics.
350 #ifndef _SYS_SYSPROTO_H_
351 struct fstatfs_args {
357 sys_fstatfs(struct thread *td, struct fstatfs_args *uap)
362 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
363 error = kern_fstatfs(td, uap->fd, sfp);
365 error = copyout(sfp, uap->buf, sizeof(struct statfs));
371 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
379 error = getvnode_path(td, fd, &cap_fstatfs_rights, &fp);
384 if (AUDITING_TD(td)) {
385 vn_lock(vp, LK_SHARED | LK_RETRY);
386 AUDIT_ARG_VNODE1(vp);
390 mp = vfs_ref_from_vp(vp);
392 return (kern_do_statfs(td, mp, buf));
396 * Get statistics on all filesystems.
398 #ifndef _SYS_SYSPROTO_H_
399 struct getfsstat_args {
406 sys_getfsstat(struct thread *td, struct getfsstat_args *uap)
411 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
413 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
414 UIO_USERSPACE, uap->mode);
416 td->td_retval[0] = count;
421 * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
422 * The caller is responsible for freeing memory which will be allocated
426 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
427 size_t *countp, enum uio_seg bufseg, int mode)
429 struct mount *mp, *nmp;
430 struct statfs *sfsp, *sp, *sptmp, *tofree;
431 size_t count, maxcount;
439 if (bufseg == UIO_SYSSPACE)
444 maxcount = bufsize / sizeof(struct statfs);
448 } else if (bufseg == UIO_USERSPACE) {
451 } else /* if (bufseg == UIO_SYSSPACE) */ {
453 mtx_lock(&mountlist_mtx);
454 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
457 mtx_unlock(&mountlist_mtx);
458 if (maxcount > count)
460 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs),
467 * If there is no target buffer they only want the count.
469 * This could be TAILQ_FOREACH but it is open-coded to match the original
473 mtx_lock(&mountlist_mtx);
474 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
475 if (prison_canseemount(td->td_ucred, mp) != 0) {
476 nmp = TAILQ_NEXT(mp, mnt_list);
480 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
481 nmp = TAILQ_NEXT(mp, mnt_list);
486 nmp = TAILQ_NEXT(mp, mnt_list);
488 mtx_unlock(&mountlist_mtx);
494 * They want the entire thing.
496 * Short-circuit the corner case of no room for anything, avoids
503 mtx_lock(&mountlist_mtx);
504 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
505 if (prison_canseemount(td->td_ucred, mp) != 0) {
506 nmp = TAILQ_NEXT(mp, mnt_list);
510 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
511 nmp = TAILQ_NEXT(mp, mnt_list);
515 if (mode == MNT_WAIT) {
516 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) {
518 * If vfs_busy() failed, and MBF_NOWAIT
519 * wasn't passed, then the mp is gone.
520 * Furthermore, because of MBF_MNTLSTLOCK,
521 * the mountlist_mtx was dropped. We have
522 * no other choice than to start over.
524 mtx_unlock(&mountlist_mtx);
525 free(tofree, M_STATFS);
529 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) {
530 nmp = TAILQ_NEXT(mp, mnt_list);
536 * If MNT_NOWAIT is specified, do not refresh
539 if (mode != MNT_NOWAIT) {
540 error = VFS_STATFS(mp, sp);
542 mtx_lock(&mountlist_mtx);
543 nmp = TAILQ_NEXT(mp, mnt_list);
548 if (priv_check_cred_vfs_generation(td->td_ucred)) {
549 sptmp = malloc(sizeof(struct statfs), M_STATFS,
552 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
553 prison_enforce_statfs(td->td_ucred, mp, sptmp);
557 if (bufseg == UIO_SYSSPACE) {
558 bcopy(sp, sfsp, sizeof(*sp));
559 free(sptmp, M_STATFS);
560 } else /* if (bufseg == UIO_USERSPACE) */ {
561 error = copyout(sp, sfsp, sizeof(*sp));
562 free(sptmp, M_STATFS);
571 if (count == maxcount) {
576 mtx_lock(&mountlist_mtx);
577 nmp = TAILQ_NEXT(mp, mnt_list);
580 mtx_unlock(&mountlist_mtx);
586 #ifdef COMPAT_FREEBSD4
588 * Get old format filesystem statistics.
590 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *);
592 #ifndef _SYS_SYSPROTO_H_
593 struct freebsd4_statfs_args {
599 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap)
605 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
606 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
608 freebsd4_cvtstatfs(sfp, &osb);
609 error = copyout(&osb, uap->buf, sizeof(osb));
616 * Get filesystem statistics.
618 #ifndef _SYS_SYSPROTO_H_
619 struct freebsd4_fstatfs_args {
625 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap)
631 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
632 error = kern_fstatfs(td, uap->fd, sfp);
634 freebsd4_cvtstatfs(sfp, &osb);
635 error = copyout(&osb, uap->buf, sizeof(osb));
642 * Get statistics on all filesystems.
644 #ifndef _SYS_SYSPROTO_H_
645 struct freebsd4_getfsstat_args {
652 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
654 struct statfs *buf, *sp;
659 if (uap->bufsize < 0)
661 count = uap->bufsize / sizeof(struct ostatfs);
662 if (count > SIZE_MAX / sizeof(struct statfs))
664 size = count * sizeof(struct statfs);
665 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
668 td->td_retval[0] = count;
671 while (count != 0 && error == 0) {
672 freebsd4_cvtstatfs(sp, &osb);
673 error = copyout(&osb, uap->buf, sizeof(osb));
684 * Implement fstatfs() for (NFS) file handles.
686 #ifndef _SYS_SYSPROTO_H_
687 struct freebsd4_fhstatfs_args {
688 struct fhandle *u_fhp;
693 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap)
700 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
703 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
704 error = kern_fhstatfs(td, fh, sfp);
706 freebsd4_cvtstatfs(sfp, &osb);
707 error = copyout(&osb, uap->buf, sizeof(osb));
714 * Convert a new format statfs structure to an old format statfs structure.
717 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp)
720 statfs_scale_blocks(nsp, LONG_MAX);
721 bzero(osp, sizeof(*osp));
722 osp->f_bsize = nsp->f_bsize;
723 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
724 osp->f_blocks = nsp->f_blocks;
725 osp->f_bfree = nsp->f_bfree;
726 osp->f_bavail = nsp->f_bavail;
727 osp->f_files = MIN(nsp->f_files, LONG_MAX);
728 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
729 osp->f_owner = nsp->f_owner;
730 osp->f_type = nsp->f_type;
731 osp->f_flags = nsp->f_flags;
732 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
733 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
734 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
735 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
736 strlcpy(osp->f_fstypename, nsp->f_fstypename,
737 MIN(MFSNAMELEN, OMFSNAMELEN));
738 strlcpy(osp->f_mntonname, nsp->f_mntonname,
739 MIN(MNAMELEN, OMNAMELEN));
740 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
741 MIN(MNAMELEN, OMNAMELEN));
742 osp->f_fsid = nsp->f_fsid;
744 #endif /* COMPAT_FREEBSD4 */
746 #if defined(COMPAT_FREEBSD11)
748 * Get old format filesystem statistics.
750 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *);
753 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap)
755 struct freebsd11_statfs osb;
759 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
760 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
762 freebsd11_cvtstatfs(sfp, &osb);
763 error = copyout(&osb, uap->buf, sizeof(osb));
770 * Get filesystem statistics.
773 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap)
775 struct freebsd11_statfs osb;
779 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
780 error = kern_fstatfs(td, uap->fd, sfp);
782 freebsd11_cvtstatfs(sfp, &osb);
783 error = copyout(&osb, uap->buf, sizeof(osb));
790 * Get statistics on all filesystems.
793 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap)
795 return (kern_freebsd11_getfsstat(td, uap->buf, uap->bufsize, uap->mode));
799 kern_freebsd11_getfsstat(struct thread *td, struct freebsd11_statfs * ubuf,
800 long bufsize, int mode)
802 struct freebsd11_statfs osb;
803 struct statfs *buf, *sp;
810 count = bufsize / sizeof(struct ostatfs);
811 size = count * sizeof(struct statfs);
812 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, mode);
814 td->td_retval[0] = count;
817 while (count > 0 && error == 0) {
818 freebsd11_cvtstatfs(sp, &osb);
819 error = copyout(&osb, ubuf, sizeof(osb));
830 * Implement fstatfs() for (NFS) file handles.
833 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap)
835 struct freebsd11_statfs osb;
840 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
843 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
844 error = kern_fhstatfs(td, fh, sfp);
846 freebsd11_cvtstatfs(sfp, &osb);
847 error = copyout(&osb, uap->buf, sizeof(osb));
854 * Convert a new format statfs structure to an old format statfs structure.
857 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp)
860 bzero(osp, sizeof(*osp));
861 osp->f_version = FREEBSD11_STATFS_VERSION;
862 osp->f_type = nsp->f_type;
863 osp->f_flags = nsp->f_flags;
864 osp->f_bsize = nsp->f_bsize;
865 osp->f_iosize = nsp->f_iosize;
866 osp->f_blocks = nsp->f_blocks;
867 osp->f_bfree = nsp->f_bfree;
868 osp->f_bavail = nsp->f_bavail;
869 osp->f_files = nsp->f_files;
870 osp->f_ffree = nsp->f_ffree;
871 osp->f_syncwrites = nsp->f_syncwrites;
872 osp->f_asyncwrites = nsp->f_asyncwrites;
873 osp->f_syncreads = nsp->f_syncreads;
874 osp->f_asyncreads = nsp->f_asyncreads;
875 osp->f_namemax = nsp->f_namemax;
876 osp->f_owner = nsp->f_owner;
877 osp->f_fsid = nsp->f_fsid;
878 strlcpy(osp->f_fstypename, nsp->f_fstypename,
879 MIN(MFSNAMELEN, sizeof(osp->f_fstypename)));
880 strlcpy(osp->f_mntonname, nsp->f_mntonname,
881 MIN(MNAMELEN, sizeof(osp->f_mntonname)));
882 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
883 MIN(MNAMELEN, sizeof(osp->f_mntfromname)));
885 #endif /* COMPAT_FREEBSD11 */
888 * Change current working directory to a given file descriptor.
890 #ifndef _SYS_SYSPROTO_H_
896 sys_fchdir(struct thread *td, struct fchdir_args *uap)
898 struct vnode *vp, *tdp;
903 AUDIT_ARG_FD(uap->fd);
904 error = getvnode_path(td, uap->fd, &cap_fchdir_rights,
911 vn_lock(vp, LK_SHARED | LK_RETRY);
912 AUDIT_ARG_VNODE1(vp);
913 error = change_dir(vp, td);
914 while (!error && (mp = vp->v_mountedhere) != NULL) {
917 error = VFS_ROOT(mp, LK_SHARED, &tdp);
934 * Change current working directory (``.'').
936 #ifndef _SYS_SYSPROTO_H_
942 sys_chdir(struct thread *td, struct chdir_args *uap)
945 return (kern_chdir(td, uap->path, UIO_USERSPACE));
949 kern_chdir(struct thread *td, const char *path, enum uio_seg pathseg)
954 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
956 if ((error = namei(&nd)) != 0)
958 if ((error = change_dir(nd.ni_vp, td)) != 0) {
963 VOP_UNLOCK(nd.ni_vp);
965 pwd_chdir(td, nd.ni_vp);
969 static int unprivileged_chroot = 0;
970 SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_chroot, CTLFLAG_RW,
971 &unprivileged_chroot, 0,
972 "Unprivileged processes can use chroot(2)");
974 * Change notion of root (``/'') directory.
976 #ifndef _SYS_SYSPROTO_H_
982 sys_chroot(struct thread *td, struct chroot_args *uap)
988 error = priv_check(td, PRIV_VFS_CHROOT);
992 if (unprivileged_chroot == 0 ||
993 (p->p_flag2 & P2_NO_NEW_PRIVS) == 0) {
999 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
1000 UIO_USERSPACE, uap->path);
1005 error = change_dir(nd.ni_vp, td);
1009 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
1013 VOP_UNLOCK(nd.ni_vp);
1014 error = pwd_chroot(td, nd.ni_vp);
1023 * Common routine for chroot and chdir. Callers must provide a locked vnode
1027 change_dir(struct vnode *vp, struct thread *td)
1033 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
1034 if (vp->v_type != VDIR)
1037 error = mac_vnode_check_chdir(td->td_ucred, vp);
1041 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
1044 static __inline void
1045 flags_to_rights(int flags, cap_rights_t *rightsp)
1047 if (flags & O_EXEC) {
1048 cap_rights_set_one(rightsp, CAP_FEXECVE);
1052 switch ((flags & O_ACCMODE)) {
1054 cap_rights_set_one(rightsp, CAP_READ);
1057 cap_rights_set_one(rightsp, CAP_READ);
1060 cap_rights_set_one(rightsp, CAP_WRITE);
1061 if (!(flags & (O_APPEND | O_TRUNC)))
1062 cap_rights_set_one(rightsp, CAP_SEEK);
1067 if (flags & O_CREAT)
1068 cap_rights_set_one(rightsp, CAP_CREATE);
1070 if (flags & O_TRUNC)
1071 cap_rights_set_one(rightsp, CAP_FTRUNCATE);
1073 if (flags & (O_SYNC | O_FSYNC))
1074 cap_rights_set_one(rightsp, CAP_FSYNC);
1076 if (flags & (O_EXLOCK | O_SHLOCK))
1077 cap_rights_set_one(rightsp, CAP_FLOCK);
1081 * Check permissions, allocate an open file structure, and call the device
1082 * open routine if any.
1084 #ifndef _SYS_SYSPROTO_H_
1092 sys_open(struct thread *td, struct open_args *uap)
1095 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1096 uap->flags, uap->mode));
1099 #ifndef _SYS_SYSPROTO_H_
1100 struct openat_args {
1108 sys_openat(struct thread *td, struct openat_args *uap)
1111 AUDIT_ARG_FD(uap->fd);
1112 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1117 kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1118 int flags, int mode)
1120 struct proc *p = td->td_proc;
1121 struct filedesc *fdp;
1122 struct pwddesc *pdp;
1125 struct nameidata nd;
1126 cap_rights_t rights;
1127 int cmode, error, indx;
1133 AUDIT_ARG_FFLAGS(flags);
1134 AUDIT_ARG_MODE(mode);
1135 cap_rights_init_one(&rights, CAP_LOOKUP);
1136 flags_to_rights(flags, &rights);
1139 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
1140 * may be specified. On the other hand, for O_PATH any mode
1141 * except O_EXEC is ignored.
1143 if ((flags & O_PATH) != 0) {
1144 flags &= ~(O_CREAT | O_ACCMODE);
1145 } else if ((flags & O_EXEC) != 0) {
1146 if (flags & O_ACCMODE)
1148 } else if ((flags & O_ACCMODE) == O_ACCMODE) {
1151 flags = FFLAGS(flags);
1155 * Allocate a file structure. The descriptor to reference it
1156 * is allocated and used by finstall_refed() below.
1158 error = falloc_noinstall(td, &fp);
1161 /* Set the flags early so the finit in devfs can pick them up. */
1162 fp->f_flag = flags & FMASK;
1163 cmode = ((mode & ~pdp->pd_cmask) & ALLPERMS) & ~S_ISTXT;
1164 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1 | WANTIOCTLCAPS,
1165 pathseg, path, fd, &rights);
1166 td->td_dupfd = -1; /* XXX check for fdopen */
1167 error = vn_open_cred(&nd, &flags, cmode, VN_OPEN_WANTIOCTLCAPS,
1171 * If the vn_open replaced the method vector, something
1172 * wonderous happened deep below and we just pass it up
1173 * pretending we know what we do.
1175 if (error == ENXIO && fp->f_ops != &badfileops) {
1176 MPASS((flags & O_PATH) == 0);
1181 * Handle special fdopen() case. bleh.
1183 * Don't do this for relative (capability) lookups; we don't
1184 * understand exactly what would happen, and we don't think
1185 * that it ever should.
1187 if ((nd.ni_resflags & NIRES_STRICTREL) == 0 &&
1188 (error == ENODEV || error == ENXIO) &&
1189 td->td_dupfd >= 0) {
1190 error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1203 * Store the vnode, for any f_type. Typically, the vnode use
1204 * count is decremented by direct call to vn_closefile() for
1205 * files that switched type in the cdevsw fdopen() method.
1210 * If the file wasn't claimed by devfs bind it to the normal
1211 * vnode operations here.
1213 if (fp->f_ops == &badfileops) {
1214 KASSERT(vp->v_type != VFIFO || (flags & O_PATH) != 0,
1215 ("Unexpected fifo fp %p vp %p", fp, vp));
1216 if ((flags & O_PATH) != 0) {
1217 finit(fp, (flags & FMASK) | (fp->f_flag & FKQALLOWED),
1218 DTYPE_VNODE, NULL, &path_fileops);
1220 finit_vnode(fp, flags, NULL, &vnops);
1225 if (flags & O_TRUNC) {
1226 error = fo_truncate(fp, 0, td->td_ucred, td);
1232 * If we haven't already installed the FD (for dupfdopen), do so now.
1235 struct filecaps *fcaps;
1238 if ((nd.ni_resflags & NIRES_STRICTREL) != 0)
1239 fcaps = &nd.ni_filecaps;
1243 error = finstall_refed(td, fp, &indx, flags, fcaps);
1244 /* On success finstall_refed() consumes fcaps. */
1249 NDFREE_IOCTLCAPS(&nd);
1250 falloc_abort(td, fp);
1253 td->td_retval[0] = indx;
1256 KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1257 NDFREE_IOCTLCAPS(&nd);
1258 falloc_abort(td, fp);
1266 #ifndef _SYS_SYSPROTO_H_
1267 struct ocreat_args {
1273 ocreat(struct thread *td, struct ocreat_args *uap)
1276 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1277 O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1279 #endif /* COMPAT_43 */
1282 * Create a special file.
1284 #ifndef _SYS_SYSPROTO_H_
1285 struct mknodat_args {
1293 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1296 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1300 #if defined(COMPAT_FREEBSD11)
1302 freebsd11_mknod(struct thread *td,
1303 struct freebsd11_mknod_args *uap)
1306 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1307 uap->mode, uap->dev));
1311 freebsd11_mknodat(struct thread *td,
1312 struct freebsd11_mknodat_args *uap)
1315 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1318 #endif /* COMPAT_FREEBSD11 */
1321 kern_mknodat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1322 int mode, dev_t dev)
1327 struct nameidata nd;
1328 int error, whiteout = 0;
1330 AUDIT_ARG_MODE(mode);
1332 switch (mode & S_IFMT) {
1335 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1336 if (error == 0 && dev == VNOVAL)
1340 error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1344 return (kern_mkfifoat(td, fd, path, pathseg, mode));
1355 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | AUDITVNODE1 | NOCACHE,
1356 pathseg, path, fd, &cap_mknodat_rights);
1357 if ((error = namei(&nd)) != 0)
1362 if (vp == nd.ni_dvp)
1370 vattr.va_mode = (mode & ALLPERMS) &
1371 ~td->td_proc->p_pd->pd_cmask;
1372 vattr.va_rdev = dev;
1375 switch (mode & S_IFMT) {
1377 vattr.va_type = VCHR;
1380 vattr.va_type = VBLK;
1386 panic("kern_mknod: invalid mode");
1389 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1392 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH)) != 0)
1397 if (error == 0 && !whiteout)
1398 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1399 &nd.ni_cnd, &vattr);
1403 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1405 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1406 &nd.ni_cnd, &vattr);
1409 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 && !whiteout ? &nd.ni_vp : NULL,
1411 vn_finished_write(mp);
1413 if (error == ERELOOKUP)
1419 * Create a named pipe.
1421 #ifndef _SYS_SYSPROTO_H_
1422 struct mkfifo_args {
1428 sys_mkfifo(struct thread *td, struct mkfifo_args *uap)
1431 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1435 #ifndef _SYS_SYSPROTO_H_
1436 struct mkfifoat_args {
1443 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1446 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1451 kern_mkfifoat(struct thread *td, int fd, const char *path,
1452 enum uio_seg pathseg, int mode)
1456 struct nameidata nd;
1459 AUDIT_ARG_MODE(mode);
1463 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | AUDITVNODE1 | NOCACHE,
1464 pathseg, path, fd, &cap_mkfifoat_rights);
1465 if ((error = namei(&nd)) != 0)
1467 if (nd.ni_vp != NULL) {
1469 if (nd.ni_vp == nd.ni_dvp)
1476 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1479 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH)) != 0)
1484 vattr.va_type = VFIFO;
1485 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_pd->pd_cmask;
1487 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1492 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1496 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
1497 vn_finished_write(mp);
1499 if (error == ERELOOKUP)
1505 * Make a hard file link.
1507 #ifndef _SYS_SYSPROTO_H_
1514 sys_link(struct thread *td, struct link_args *uap)
1517 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link,
1518 UIO_USERSPACE, AT_SYMLINK_FOLLOW));
1521 #ifndef _SYS_SYSPROTO_H_
1522 struct linkat_args {
1531 sys_linkat(struct thread *td, struct linkat_args *uap)
1534 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1535 UIO_USERSPACE, uap->flag));
1538 int hardlink_check_uid = 0;
1539 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1540 &hardlink_check_uid, 0,
1541 "Unprivileged processes cannot create hard links to files owned by other "
1543 static int hardlink_check_gid = 0;
1544 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1545 &hardlink_check_gid, 0,
1546 "Unprivileged processes cannot create hard links to files owned by other "
1550 can_hardlink(struct vnode *vp, struct ucred *cred)
1555 if (!hardlink_check_uid && !hardlink_check_gid)
1558 error = VOP_GETATTR(vp, &va, cred);
1562 if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1563 error = priv_check_cred(cred, PRIV_VFS_LINK);
1568 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1569 error = priv_check_cred(cred, PRIV_VFS_LINK);
1578 kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
1579 const char *path2, enum uio_seg segflag, int flag)
1581 struct nameidata nd;
1584 if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
1585 AT_EMPTY_PATH)) != 0)
1591 NDINIT_ATRIGHTS(&nd, LOOKUP, AUDITVNODE1 | at2cnpflags(flag,
1592 AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH | AT_EMPTY_PATH),
1593 segflag, path1, fd1, &cap_linkat_source_rights);
1594 if ((error = namei(&nd)) != 0)
1597 if ((nd.ni_resflags & NIRES_EMPTYPATH) != 0) {
1598 error = priv_check(td, PRIV_VFS_FHOPEN);
1604 error = kern_linkat_vp(td, nd.ni_vp, fd2, path2, segflag);
1605 } while (error == EAGAIN || error == ERELOOKUP);
1610 kern_linkat_vp(struct thread *td, struct vnode *vp, int fd, const char *path,
1611 enum uio_seg segflag)
1613 struct nameidata nd;
1617 if (vp->v_type == VDIR) {
1619 return (EPERM); /* POSIX */
1621 NDINIT_ATRIGHTS(&nd, CREATE,
1622 LOCKPARENT | AUDITVNODE2 | NOCACHE, segflag, path, fd,
1623 &cap_linkat_target_rights);
1624 if ((error = namei(&nd)) == 0) {
1625 if (nd.ni_vp != NULL) {
1627 if (nd.ni_dvp == nd.ni_vp)
1634 } else if (nd.ni_dvp->v_mount != vp->v_mount) {
1636 * Cross-device link. No need to recheck
1637 * vp->v_type, since it cannot change, except
1644 } else if (vn_lock(vp, LK_EXCLUSIVE) == 0) {
1645 error = can_hardlink(vp, td->td_ucred);
1648 error = mac_vnode_check_link(td->td_ucred,
1649 nd.ni_dvp, vp, &nd.ni_cnd);
1657 error = vn_start_write(vp, &mp, V_NOWAIT);
1662 error = vn_start_write(NULL, &mp,
1663 V_XSLEEP | V_PCATCH);
1668 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1669 VOP_VPUT_PAIR(nd.ni_dvp, &vp, true);
1670 vn_finished_write(mp);
1686 * Make a symbolic link.
1688 #ifndef _SYS_SYSPROTO_H_
1689 struct symlink_args {
1695 sys_symlink(struct thread *td, struct symlink_args *uap)
1698 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link,
1702 #ifndef _SYS_SYSPROTO_H_
1703 struct symlinkat_args {
1710 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1713 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1718 kern_symlinkat(struct thread *td, const char *path1, int fd, const char *path2,
1719 enum uio_seg segflg)
1723 const char *syspath;
1725 struct nameidata nd;
1728 if (segflg == UIO_SYSSPACE) {
1731 tmppath = uma_zalloc(namei_zone, M_WAITOK);
1732 if ((error = copyinstr(path1, tmppath, MAXPATHLEN, NULL)) != 0)
1736 AUDIT_ARG_TEXT(syspath);
1740 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | AUDITVNODE1 | NOCACHE, segflg,
1741 path2, fd, &cap_symlinkat_rights);
1742 if ((error = namei(&nd)) != 0)
1746 if (nd.ni_vp == nd.ni_dvp)
1755 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1758 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH)) != 0)
1763 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_pd->pd_cmask;
1765 vattr.va_type = VLNK;
1766 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1771 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1775 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
1776 vn_finished_write(mp);
1778 if (error == ERELOOKUP)
1781 if (segflg != UIO_SYSSPACE)
1782 uma_zfree(namei_zone, tmppath);
1787 * Delete a whiteout from the filesystem.
1789 #ifndef _SYS_SYSPROTO_H_
1790 struct undelete_args {
1795 sys_undelete(struct thread *td, struct undelete_args *uap)
1798 struct nameidata nd;
1804 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1805 UIO_USERSPACE, uap->path);
1810 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1812 if (nd.ni_vp == nd.ni_dvp)
1820 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1823 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH)) != 0)
1827 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1830 vn_finished_write(mp);
1831 if (error == ERELOOKUP)
1837 * Delete a name from the filesystem.
1839 #ifndef _SYS_SYSPROTO_H_
1840 struct unlink_args {
1845 sys_unlink(struct thread *td, struct unlink_args *uap)
1848 return (kern_funlinkat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
1853 kern_funlinkat_ex(struct thread *td, int dfd, const char *path, int fd,
1854 int flag, enum uio_seg pathseg, ino_t oldinum)
1857 if ((flag & ~(AT_REMOVEDIR | AT_RESOLVE_BENEATH)) != 0)
1860 if ((flag & AT_REMOVEDIR) != 0)
1861 return (kern_frmdirat(td, dfd, path, fd, UIO_USERSPACE, 0));
1863 return (kern_funlinkat(td, dfd, path, fd, UIO_USERSPACE, 0, 0));
1866 #ifndef _SYS_SYSPROTO_H_
1867 struct unlinkat_args {
1874 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1877 return (kern_funlinkat_ex(td, uap->fd, uap->path, FD_NONE, uap->flag,
1881 #ifndef _SYS_SYSPROTO_H_
1882 struct funlinkat_args {
1890 sys_funlinkat(struct thread *td, struct funlinkat_args *uap)
1893 return (kern_funlinkat_ex(td, uap->dfd, uap->path, uap->fd, uap->flag,
1898 kern_funlinkat(struct thread *td, int dfd, const char *path, int fd,
1899 enum uio_seg pathseg, int flag, ino_t oldinum)
1904 struct nameidata nd;
1909 if (fd != FD_NONE) {
1910 error = getvnode_path(td, fd, &cap_no_rights, &fp);
1918 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
1919 at2cnpflags(flag, AT_RESOLVE_BENEATH),
1920 pathseg, path, dfd, &cap_unlinkat_rights);
1921 if ((error = namei(&nd)) != 0) {
1922 if (error == EINVAL)
1927 if (vp->v_type == VDIR && oldinum == 0) {
1928 error = EPERM; /* POSIX */
1929 } else if (oldinum != 0 &&
1930 ((error = VOP_STAT(vp, &sb, td->td_ucred, NOCRED)) == 0) &&
1931 sb.st_ino != oldinum) {
1932 error = EIDRM; /* Identifier removed */
1933 } else if (fp != NULL && fp->f_vnode != vp) {
1934 if (VN_IS_DOOMED(fp->f_vnode))
1940 * The root of a mounted filesystem cannot be deleted.
1942 * XXX: can this only be a VDIR case?
1944 if (vp->v_vflag & VV_ROOT)
1948 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1951 if (vp == nd.ni_dvp)
1955 if ((error = vn_start_write(NULL, &mp,
1956 V_XSLEEP | V_PCATCH)) != 0) {
1962 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1967 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1968 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1972 vn_finished_write(mp);
1976 if (vp == nd.ni_dvp)
1980 if (error == ERELOOKUP)
1989 * Reposition read/write file offset.
1991 #ifndef _SYS_SYSPROTO_H_
2000 sys_lseek(struct thread *td, struct lseek_args *uap)
2003 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2007 kern_lseek(struct thread *td, int fd, off_t offset, int whence)
2013 error = fget(td, fd, &cap_seek_rights, &fp);
2016 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
2017 fo_seek(fp, offset, whence, td) : ESPIPE;
2022 #if defined(COMPAT_43)
2024 * Reposition read/write file offset.
2026 #ifndef _SYS_SYSPROTO_H_
2027 struct olseek_args {
2034 olseek(struct thread *td, struct olseek_args *uap)
2037 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2039 #endif /* COMPAT_43 */
2041 #if defined(COMPAT_FREEBSD6)
2042 /* Version with the 'pad' argument */
2044 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap)
2047 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2052 * Check access permissions using passed credentials.
2055 vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
2061 /* Flags == 0 means only check for existence. */
2062 if (user_flags == 0)
2066 if (user_flags & R_OK)
2068 if (user_flags & W_OK)
2070 if (user_flags & X_OK)
2073 error = mac_vnode_check_access(cred, vp, accmode);
2077 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
2078 error = VOP_ACCESS(vp, accmode, cred, td);
2083 * Check access permissions using "real" credentials.
2085 #ifndef _SYS_SYSPROTO_H_
2086 struct access_args {
2092 sys_access(struct thread *td, struct access_args *uap)
2095 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2099 #ifndef _SYS_SYSPROTO_H_
2100 struct faccessat_args {
2108 sys_faccessat(struct thread *td, struct faccessat_args *uap)
2111 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
2116 kern_accessat(struct thread *td, int fd, const char *path,
2117 enum uio_seg pathseg, int flag, int amode)
2119 struct ucred *cred, *usecred;
2121 struct nameidata nd;
2124 if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH)) != 0)
2126 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
2130 * Create and modify a temporary credential instead of one that
2131 * is potentially shared (if we need one).
2133 cred = td->td_ucred;
2134 if ((flag & AT_EACCESS) == 0 &&
2135 ((cred->cr_uid != cred->cr_ruid ||
2136 cred->cr_rgid != cred->cr_groups[0]))) {
2137 usecred = crdup(cred);
2138 usecred->cr_uid = cred->cr_ruid;
2139 usecred->cr_groups[0] = cred->cr_rgid;
2140 td->td_ucred = usecred;
2143 AUDIT_ARG_VALUE(amode);
2144 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
2145 AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH |
2146 AT_EMPTY_PATH), pathseg, path, fd, &cap_fstat_rights);
2147 if ((error = namei(&nd)) != 0)
2151 error = vn_access(vp, amode, usecred, td);
2155 if (usecred != cred) {
2156 td->td_ucred = cred;
2163 * Check access permissions using "effective" credentials.
2165 #ifndef _SYS_SYSPROTO_H_
2166 struct eaccess_args {
2172 sys_eaccess(struct thread *td, struct eaccess_args *uap)
2175 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2176 AT_EACCESS, uap->amode));
2179 #if defined(COMPAT_43)
2181 * Get file status; this version follows links.
2183 #ifndef _SYS_SYSPROTO_H_
2190 ostat(struct thread *td, struct ostat_args *uap)
2196 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2201 return (copyout(&osb, uap->ub, sizeof (osb)));
2205 * Get file status; this version does not follow links.
2207 #ifndef _SYS_SYSPROTO_H_
2208 struct olstat_args {
2214 olstat(struct thread *td, struct olstat_args *uap)
2220 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2221 UIO_USERSPACE, &sb, NULL);
2225 return (copyout(&osb, uap->ub, sizeof (osb)));
2229 * Convert from an old to a new stat structure.
2230 * XXX: many values are blindly truncated.
2233 cvtstat(struct stat *st, struct ostat *ost)
2236 bzero(ost, sizeof(*ost));
2237 ost->st_dev = st->st_dev;
2238 ost->st_ino = st->st_ino;
2239 ost->st_mode = st->st_mode;
2240 ost->st_nlink = st->st_nlink;
2241 ost->st_uid = st->st_uid;
2242 ost->st_gid = st->st_gid;
2243 ost->st_rdev = st->st_rdev;
2244 ost->st_size = MIN(st->st_size, INT32_MAX);
2245 ost->st_atim = st->st_atim;
2246 ost->st_mtim = st->st_mtim;
2247 ost->st_ctim = st->st_ctim;
2248 ost->st_blksize = st->st_blksize;
2249 ost->st_blocks = st->st_blocks;
2250 ost->st_flags = st->st_flags;
2251 ost->st_gen = st->st_gen;
2253 #endif /* COMPAT_43 */
2255 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
2256 int ino64_trunc_error;
2257 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW,
2258 &ino64_trunc_error, 0,
2259 "Error on truncation of device, file or inode number, or link count");
2262 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost)
2265 ost->st_dev = st->st_dev;
2266 if (ost->st_dev != st->st_dev) {
2267 switch (ino64_trunc_error) {
2270 * Since dev_t is almost raw, don't clamp to the
2271 * maximum for case 2, but ignore the error.
2278 ost->st_ino = st->st_ino;
2279 if (ost->st_ino != st->st_ino) {
2280 switch (ino64_trunc_error) {
2287 ost->st_ino = UINT32_MAX;
2291 ost->st_mode = st->st_mode;
2292 ost->st_nlink = st->st_nlink;
2293 if (ost->st_nlink != st->st_nlink) {
2294 switch (ino64_trunc_error) {
2301 ost->st_nlink = UINT16_MAX;
2305 ost->st_uid = st->st_uid;
2306 ost->st_gid = st->st_gid;
2307 ost->st_rdev = st->st_rdev;
2308 if (ost->st_rdev != st->st_rdev) {
2309 switch (ino64_trunc_error) {
2316 ost->st_atim = st->st_atim;
2317 ost->st_mtim = st->st_mtim;
2318 ost->st_ctim = st->st_ctim;
2319 ost->st_size = st->st_size;
2320 ost->st_blocks = st->st_blocks;
2321 ost->st_blksize = st->st_blksize;
2322 ost->st_flags = st->st_flags;
2323 ost->st_gen = st->st_gen;
2325 ost->st_birthtim = st->st_birthtim;
2326 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim),
2327 sizeof(*ost) - offsetof(struct freebsd11_stat,
2328 st_birthtim) - sizeof(ost->st_birthtim));
2333 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap)
2336 struct freebsd11_stat osb;
2339 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2343 error = freebsd11_cvtstat(&sb, &osb);
2345 error = copyout(&osb, uap->ub, sizeof(osb));
2350 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap)
2353 struct freebsd11_stat osb;
2356 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2357 UIO_USERSPACE, &sb, NULL);
2360 error = freebsd11_cvtstat(&sb, &osb);
2362 error = copyout(&osb, uap->ub, sizeof(osb));
2367 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap)
2371 struct freebsd11_stat osb;
2374 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
2377 error = kern_fhstat(td, fh, &sb);
2380 error = freebsd11_cvtstat(&sb, &osb);
2382 error = copyout(&osb, uap->sb, sizeof(osb));
2387 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap)
2390 struct freebsd11_stat osb;
2393 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2394 UIO_USERSPACE, &sb, NULL);
2397 error = freebsd11_cvtstat(&sb, &osb);
2399 error = copyout(&osb, uap->buf, sizeof(osb));
2402 #endif /* COMPAT_FREEBSD11 */
2407 #ifndef _SYS_SYSPROTO_H_
2408 struct fstatat_args {
2416 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2421 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2422 UIO_USERSPACE, &sb, NULL);
2424 error = copyout(&sb, uap->buf, sizeof (sb));
2429 kern_statat(struct thread *td, int flag, int fd, const char *path,
2430 enum uio_seg pathseg, struct stat *sbp,
2431 void (*hook)(struct vnode *vp, struct stat *sbp))
2433 struct nameidata nd;
2436 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2437 AT_EMPTY_PATH)) != 0)
2440 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_RESOLVE_BENEATH |
2441 AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH) | LOCKSHARED | LOCKLEAF |
2442 AUDITVNODE1, pathseg, path, fd, &cap_fstat_rights);
2444 if ((error = namei(&nd)) != 0) {
2445 if (error == ENOTDIR &&
2446 (nd.ni_resflags & NIRES_EMPTYPATH) != 0)
2447 error = kern_fstat(td, fd, sbp);
2450 error = VOP_STAT(nd.ni_vp, sbp, td->td_ucred, NOCRED);
2451 if (__predict_false(hook != NULL)) {
2453 hook(nd.ni_vp, sbp);
2458 #ifdef __STAT_TIME_T_EXT
2459 sbp->st_atim_ext = 0;
2460 sbp->st_mtim_ext = 0;
2461 sbp->st_ctim_ext = 0;
2462 sbp->st_btim_ext = 0;
2465 if (KTRPOINT(td, KTR_STRUCT))
2466 ktrstat_error(sbp, error);
2471 #if defined(COMPAT_FREEBSD11)
2473 * Implementation of the NetBSD [l]stat() functions.
2476 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb)
2478 struct freebsd11_stat sb11;
2481 error = freebsd11_cvtstat(sb, &sb11);
2485 bzero(nsb, sizeof(*nsb));
2486 CP(sb11, *nsb, st_dev);
2487 CP(sb11, *nsb, st_ino);
2488 CP(sb11, *nsb, st_mode);
2489 CP(sb11, *nsb, st_nlink);
2490 CP(sb11, *nsb, st_uid);
2491 CP(sb11, *nsb, st_gid);
2492 CP(sb11, *nsb, st_rdev);
2493 CP(sb11, *nsb, st_atim);
2494 CP(sb11, *nsb, st_mtim);
2495 CP(sb11, *nsb, st_ctim);
2496 CP(sb11, *nsb, st_size);
2497 CP(sb11, *nsb, st_blocks);
2498 CP(sb11, *nsb, st_blksize);
2499 CP(sb11, *nsb, st_flags);
2500 CP(sb11, *nsb, st_gen);
2501 CP(sb11, *nsb, st_birthtim);
2505 #ifndef _SYS_SYSPROTO_H_
2506 struct freebsd11_nstat_args {
2512 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap)
2518 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2522 error = freebsd11_cvtnstat(&sb, &nsb);
2524 error = copyout(&nsb, uap->ub, sizeof (nsb));
2529 * NetBSD lstat. Get file status; this version does not follow links.
2531 #ifndef _SYS_SYSPROTO_H_
2532 struct freebsd11_nlstat_args {
2538 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap)
2544 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2545 UIO_USERSPACE, &sb, NULL);
2548 error = freebsd11_cvtnstat(&sb, &nsb);
2550 error = copyout(&nsb, uap->ub, sizeof (nsb));
2553 #endif /* COMPAT_FREEBSD11 */
2556 * Get configurable pathname variables.
2558 #ifndef _SYS_SYSPROTO_H_
2559 struct pathconf_args {
2565 sys_pathconf(struct thread *td, struct pathconf_args *uap)
2570 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW,
2573 td->td_retval[0] = value;
2577 #ifndef _SYS_SYSPROTO_H_
2578 struct lpathconf_args {
2584 sys_lpathconf(struct thread *td, struct lpathconf_args *uap)
2589 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2592 td->td_retval[0] = value;
2597 kern_pathconf(struct thread *td, const char *path, enum uio_seg pathseg,
2598 int name, u_long flags, long *valuep)
2600 struct nameidata nd;
2603 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2605 if ((error = namei(&nd)) != 0)
2609 error = VOP_PATHCONF(nd.ni_vp, name, valuep);
2615 * Return target name of a symbolic link.
2617 #ifndef _SYS_SYSPROTO_H_
2618 struct readlink_args {
2625 sys_readlink(struct thread *td, struct readlink_args *uap)
2628 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2629 uap->buf, UIO_USERSPACE, uap->count));
2631 #ifndef _SYS_SYSPROTO_H_
2632 struct readlinkat_args {
2640 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2643 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2644 uap->buf, UIO_USERSPACE, uap->bufsize));
2648 kern_readlinkat(struct thread *td, int fd, const char *path,
2649 enum uio_seg pathseg, char *buf, enum uio_seg bufseg, size_t count)
2652 struct nameidata nd;
2655 if (count > IOSIZE_MAX)
2658 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1 |
2659 EMPTYPATH, pathseg, path, fd);
2661 if ((error = namei(&nd)) != 0)
2666 error = kern_readlink_vp(vp, buf, bufseg, count, td);
2673 * Helper function to readlink from a vnode
2676 kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg, size_t count,
2683 ASSERT_VOP_LOCKED(vp, "kern_readlink_vp(): vp not locked");
2685 error = mac_vnode_check_readlink(td->td_ucred, vp);
2689 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0)
2692 aiov.iov_base = buf;
2693 aiov.iov_len = count;
2694 auio.uio_iov = &aiov;
2695 auio.uio_iovcnt = 1;
2696 auio.uio_offset = 0;
2697 auio.uio_rw = UIO_READ;
2698 auio.uio_segflg = bufseg;
2700 auio.uio_resid = count;
2701 error = VOP_READLINK(vp, &auio, td->td_ucred);
2702 td->td_retval[0] = count - auio.uio_resid;
2707 * Common implementation code for chflags() and fchflags().
2710 setfflags(struct thread *td, struct vnode *vp, u_long flags)
2716 /* We can't support the value matching VNOVAL. */
2717 if (flags == VNOVAL)
2718 return (EOPNOTSUPP);
2721 * Prevent non-root users from setting flags on devices. When
2722 * a device is reused, users can retain ownership of the device
2723 * if they are allowed to set flags and programs assume that
2724 * chown can't fail when done as root.
2726 if (vp->v_type == VCHR || vp->v_type == VBLK) {
2727 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2732 if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0)
2735 vattr.va_flags = flags;
2736 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2738 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2741 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2743 vn_finished_write(mp);
2748 * Change flags of a file given a path name.
2750 #ifndef _SYS_SYSPROTO_H_
2751 struct chflags_args {
2757 sys_chflags(struct thread *td, struct chflags_args *uap)
2760 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2764 #ifndef _SYS_SYSPROTO_H_
2765 struct chflagsat_args {
2773 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2776 return (kern_chflagsat(td, uap->fd, uap->path, UIO_USERSPACE,
2777 uap->flags, uap->atflag));
2781 * Same as chflags() but doesn't follow symlinks.
2783 #ifndef _SYS_SYSPROTO_H_
2784 struct lchflags_args {
2790 sys_lchflags(struct thread *td, struct lchflags_args *uap)
2793 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2794 uap->flags, AT_SYMLINK_NOFOLLOW));
2798 kern_chflagsat(struct thread *td, int fd, const char *path,
2799 enum uio_seg pathseg, u_long flags, int atflag)
2801 struct nameidata nd;
2804 if ((atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2805 AT_EMPTY_PATH)) != 0)
2808 AUDIT_ARG_FFLAGS(flags);
2809 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(atflag, AT_SYMLINK_NOFOLLOW |
2810 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
2811 fd, &cap_fchflags_rights);
2812 if ((error = namei(&nd)) != 0)
2815 error = setfflags(td, nd.ni_vp, flags);
2821 * Change flags of a file given a file descriptor.
2823 #ifndef _SYS_SYSPROTO_H_
2824 struct fchflags_args {
2830 sys_fchflags(struct thread *td, struct fchflags_args *uap)
2835 AUDIT_ARG_FD(uap->fd);
2836 AUDIT_ARG_FFLAGS(uap->flags);
2837 error = getvnode(td, uap->fd, &cap_fchflags_rights,
2842 if (AUDITING_TD(td)) {
2843 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2844 AUDIT_ARG_VNODE1(fp->f_vnode);
2845 VOP_UNLOCK(fp->f_vnode);
2848 error = setfflags(td, fp->f_vnode, uap->flags);
2854 * Common implementation code for chmod(), lchmod() and fchmod().
2857 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode)
2863 if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0)
2865 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2867 vattr.va_mode = mode & ALLPERMS;
2869 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2872 error = VOP_SETATTR(vp, &vattr, cred);
2874 vn_finished_write(mp);
2879 * Change mode of a file given path name.
2881 #ifndef _SYS_SYSPROTO_H_
2888 sys_chmod(struct thread *td, struct chmod_args *uap)
2891 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2895 #ifndef _SYS_SYSPROTO_H_
2896 struct fchmodat_args {
2904 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2907 return (kern_fchmodat(td, uap->fd, uap->path, UIO_USERSPACE,
2908 uap->mode, uap->flag));
2912 * Change mode of a file given path name (don't follow links.)
2914 #ifndef _SYS_SYSPROTO_H_
2915 struct lchmod_args {
2921 sys_lchmod(struct thread *td, struct lchmod_args *uap)
2924 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2925 uap->mode, AT_SYMLINK_NOFOLLOW));
2929 kern_fchmodat(struct thread *td, int fd, const char *path,
2930 enum uio_seg pathseg, mode_t mode, int flag)
2932 struct nameidata nd;
2935 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2936 AT_EMPTY_PATH)) != 0)
2939 AUDIT_ARG_MODE(mode);
2940 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
2941 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
2942 fd, &cap_fchmod_rights);
2943 if ((error = namei(&nd)) != 0)
2946 error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2952 * Change mode of a file given a file descriptor.
2954 #ifndef _SYS_SYSPROTO_H_
2955 struct fchmod_args {
2961 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2966 AUDIT_ARG_FD(uap->fd);
2967 AUDIT_ARG_MODE(uap->mode);
2969 error = fget(td, uap->fd, &cap_fchmod_rights, &fp);
2972 error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2978 * Common implementation for chown(), lchown(), and fchown()
2981 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid,
2988 if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0)
2990 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2995 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2999 error = VOP_SETATTR(vp, &vattr, cred);
3001 vn_finished_write(mp);
3006 * Set ownership given a path name.
3008 #ifndef _SYS_SYSPROTO_H_
3016 sys_chown(struct thread *td, struct chown_args *uap)
3019 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid,
3023 #ifndef _SYS_SYSPROTO_H_
3024 struct fchownat_args {
3033 sys_fchownat(struct thread *td, struct fchownat_args *uap)
3036 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
3037 uap->gid, uap->flag));
3041 kern_fchownat(struct thread *td, int fd, const char *path,
3042 enum uio_seg pathseg, int uid, int gid, int flag)
3044 struct nameidata nd;
3047 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
3048 AT_EMPTY_PATH)) != 0)
3051 AUDIT_ARG_OWNER(uid, gid);
3052 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
3053 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
3054 fd, &cap_fchown_rights);
3056 if ((error = namei(&nd)) != 0)
3059 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
3065 * Set ownership given a path name, do not cross symlinks.
3067 #ifndef _SYS_SYSPROTO_H_
3068 struct lchown_args {
3075 sys_lchown(struct thread *td, struct lchown_args *uap)
3078 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3079 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW));
3083 * Set ownership given a file descriptor.
3085 #ifndef _SYS_SYSPROTO_H_
3086 struct fchown_args {
3093 sys_fchown(struct thread *td, struct fchown_args *uap)
3098 AUDIT_ARG_FD(uap->fd);
3099 AUDIT_ARG_OWNER(uap->uid, uap->gid);
3100 error = fget(td, uap->fd, &cap_fchown_rights, &fp);
3103 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
3109 * Common implementation code for utimes(), lutimes(), and futimes().
3112 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg,
3113 struct timespec *tsp)
3115 struct timeval tv[2];
3116 const struct timeval *tvp;
3119 if (usrtvp == NULL) {
3120 vfs_timestamp(&tsp[0]);
3123 if (tvpseg == UIO_SYSSPACE) {
3126 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
3131 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
3132 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
3134 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3135 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3141 * Common implementation code for futimens(), utimensat().
3143 #define UTIMENS_NULL 0x1
3144 #define UTIMENS_EXIT 0x2
3146 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
3147 struct timespec *tsp, int *retflags)
3149 struct timespec tsnow;
3152 vfs_timestamp(&tsnow);
3154 if (usrtsp == NULL) {
3157 *retflags |= UTIMENS_NULL;
3160 if (tspseg == UIO_SYSSPACE) {
3163 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
3165 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
3166 *retflags |= UTIMENS_EXIT;
3167 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
3168 *retflags |= UTIMENS_NULL;
3169 if (tsp[0].tv_nsec == UTIME_OMIT)
3170 tsp[0].tv_sec = VNOVAL;
3171 else if (tsp[0].tv_nsec == UTIME_NOW)
3173 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
3175 if (tsp[1].tv_nsec == UTIME_OMIT)
3176 tsp[1].tv_sec = VNOVAL;
3177 else if (tsp[1].tv_nsec == UTIME_NOW)
3179 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
3186 * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
3190 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts,
3191 int numtimes, int nullflag)
3198 setbirthtime = false;
3199 vattr.va_birthtime.tv_sec = VNOVAL;
3200 vattr.va_birthtime.tv_nsec = 0;
3202 if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0)
3204 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3205 if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred) == 0 &&
3206 timespeccmp(&ts[1], &vattr.va_birthtime, < ))
3207 setbirthtime = true;
3209 vattr.va_atime = ts[0];
3210 vattr.va_mtime = ts[1];
3212 vattr.va_birthtime = ts[1];
3214 vattr.va_birthtime = ts[2];
3216 vattr.va_vaflags |= VA_UTIMES_NULL;
3218 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3222 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3224 vn_finished_write(mp);
3229 * Set the access and modification times of a file.
3231 #ifndef _SYS_SYSPROTO_H_
3232 struct utimes_args {
3234 struct timeval *tptr;
3238 sys_utimes(struct thread *td, struct utimes_args *uap)
3241 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3242 uap->tptr, UIO_USERSPACE));
3245 #ifndef _SYS_SYSPROTO_H_
3246 struct futimesat_args {
3249 const struct timeval * times;
3253 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3256 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3257 uap->times, UIO_USERSPACE));
3261 kern_utimesat(struct thread *td, int fd, const char *path,
3262 enum uio_seg pathseg, const struct timeval *tptr, enum uio_seg tptrseg)
3264 struct nameidata nd;
3265 struct timespec ts[2];
3268 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3270 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3271 &cap_futimes_rights);
3273 if ((error = namei(&nd)) != 0)
3276 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3282 * Set the access and modification times of a file.
3284 #ifndef _SYS_SYSPROTO_H_
3285 struct lutimes_args {
3287 struct timeval *tptr;
3291 sys_lutimes(struct thread *td, struct lutimes_args *uap)
3294 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3299 kern_lutimes(struct thread *td, const char *path, enum uio_seg pathseg,
3300 const struct timeval *tptr, enum uio_seg tptrseg)
3302 struct timespec ts[2];
3303 struct nameidata nd;
3306 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3308 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path);
3309 if ((error = namei(&nd)) != 0)
3312 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3318 * Set the access and modification times of a file.
3320 #ifndef _SYS_SYSPROTO_H_
3321 struct futimes_args {
3323 struct timeval *tptr;
3327 sys_futimes(struct thread *td, struct futimes_args *uap)
3330 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3334 kern_futimes(struct thread *td, int fd, const struct timeval *tptr,
3335 enum uio_seg tptrseg)
3337 struct timespec ts[2];
3342 error = getutimes(tptr, tptrseg, ts);
3345 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3349 if (AUDITING_TD(td)) {
3350 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3351 AUDIT_ARG_VNODE1(fp->f_vnode);
3352 VOP_UNLOCK(fp->f_vnode);
3355 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3361 sys_futimens(struct thread *td, struct futimens_args *uap)
3364 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3368 kern_futimens(struct thread *td, int fd, const struct timespec *tptr,
3369 enum uio_seg tptrseg)
3371 struct timespec ts[2];
3376 error = getutimens(tptr, tptrseg, ts, &flags);
3379 if (flags & UTIMENS_EXIT)
3381 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3385 if (AUDITING_TD(td)) {
3386 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3387 AUDIT_ARG_VNODE1(fp->f_vnode);
3388 VOP_UNLOCK(fp->f_vnode);
3391 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3397 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3400 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3401 uap->times, UIO_USERSPACE, uap->flag));
3405 kern_utimensat(struct thread *td, int fd, const char *path,
3406 enum uio_seg pathseg, const struct timespec *tptr, enum uio_seg tptrseg,
3409 struct nameidata nd;
3410 struct timespec ts[2];
3413 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
3414 AT_EMPTY_PATH)) != 0)
3417 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3419 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
3420 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1,
3421 pathseg, path, fd, &cap_futimes_rights);
3422 if ((error = namei(&nd)) != 0)
3425 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3427 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3428 * "Search permission is denied by a component of the path prefix."
3431 if ((flags & UTIMENS_EXIT) == 0)
3432 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3438 * Truncate a file given its path name.
3440 #ifndef _SYS_SYSPROTO_H_
3441 struct truncate_args {
3448 sys_truncate(struct thread *td, struct truncate_args *uap)
3451 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3455 kern_truncate(struct thread *td, const char *path, enum uio_seg pathseg,
3461 struct nameidata nd;
3468 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path);
3469 if ((error = namei(&nd)) != 0)
3473 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3474 if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0) {
3475 vn_rangelock_unlock(vp, rl_cookie);
3479 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3480 if (vp->v_type == VDIR) {
3485 error = mac_vnode_check_write(td->td_ucred, NOCRED, vp);
3489 error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td);
3493 error = vn_truncate_locked(vp, length, false, td->td_ucred);
3496 vn_finished_write(mp);
3497 vn_rangelock_unlock(vp, rl_cookie);
3499 if (error == ERELOOKUP)
3504 #if defined(COMPAT_43)
3506 * Truncate a file given its path name.
3508 #ifndef _SYS_SYSPROTO_H_
3509 struct otruncate_args {
3515 otruncate(struct thread *td, struct otruncate_args *uap)
3518 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3520 #endif /* COMPAT_43 */
3522 #if defined(COMPAT_FREEBSD6)
3523 /* Versions with the pad argument */
3525 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3528 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3532 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3535 return (kern_ftruncate(td, uap->fd, uap->length));
3540 kern_fsync(struct thread *td, int fd, bool fullsync)
3548 error = getvnode(td, fd, &cap_fsync_rights, &fp);
3554 /* XXXKIB: compete outstanding aio writes */;
3557 error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH);
3560 vn_lock(vp, vn_lktype_write(mp, vp) | LK_RETRY);
3561 AUDIT_ARG_VNODE1(vp);
3562 if (vp->v_object != NULL) {
3563 VM_OBJECT_WLOCK(vp->v_object);
3564 vm_object_page_clean(vp->v_object, 0, 0, 0);
3565 VM_OBJECT_WUNLOCK(vp->v_object);
3567 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td);
3569 vn_finished_write(mp);
3570 if (error == ERELOOKUP)
3578 * Sync an open file.
3580 #ifndef _SYS_SYSPROTO_H_
3586 sys_fsync(struct thread *td, struct fsync_args *uap)
3589 return (kern_fsync(td, uap->fd, true));
3593 sys_fdatasync(struct thread *td, struct fdatasync_args *uap)
3596 return (kern_fsync(td, uap->fd, false));
3600 * Rename files. Source and destination must either both be directories, or
3601 * both not be directories. If target is a directory, it must be empty.
3603 #ifndef _SYS_SYSPROTO_H_
3604 struct rename_args {
3610 sys_rename(struct thread *td, struct rename_args *uap)
3613 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD,
3614 uap->to, UIO_USERSPACE));
3617 #ifndef _SYS_SYSPROTO_H_
3618 struct renameat_args {
3626 sys_renameat(struct thread *td, struct renameat_args *uap)
3629 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3635 kern_renameat_mac(struct thread *td, int oldfd, const char *old, int newfd,
3636 const char *new, enum uio_seg pathseg, struct nameidata *fromnd)
3640 NDINIT_ATRIGHTS(fromnd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1,
3641 pathseg, old, oldfd, &cap_renameat_source_rights);
3642 if ((error = namei(fromnd)) != 0)
3644 error = mac_vnode_check_rename_from(td->td_ucred, fromnd->ni_dvp,
3645 fromnd->ni_vp, &fromnd->ni_cnd);
3646 VOP_UNLOCK(fromnd->ni_dvp);
3647 if (fromnd->ni_dvp != fromnd->ni_vp)
3648 VOP_UNLOCK(fromnd->ni_vp);
3650 NDFREE_PNBUF(fromnd);
3651 vrele(fromnd->ni_dvp);
3652 vrele(fromnd->ni_vp);
3659 kern_renameat(struct thread *td, int oldfd, const char *old, int newfd,
3660 const char *new, enum uio_seg pathseg)
3662 struct mount *mp = NULL;
3663 struct vnode *tvp, *fvp, *tdvp;
3664 struct nameidata fromnd, tond;
3671 if (mac_vnode_check_rename_from_enabled()) {
3672 error = kern_renameat_mac(td, oldfd, old, newfd, new, pathseg,
3678 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | AUDITVNODE1,
3679 pathseg, old, oldfd, &cap_renameat_source_rights);
3680 if ((error = namei(&fromnd)) != 0)
3686 tondflags = LOCKPARENT | LOCKLEAF | NOCACHE | AUDITVNODE2;
3687 if (fromnd.ni_vp->v_type == VDIR)
3688 tondflags |= WILLBEDIR;
3689 NDINIT_ATRIGHTS(&tond, RENAME, tondflags, pathseg, new, newfd,
3690 &cap_renameat_target_rights);
3691 if ((error = namei(&tond)) != 0) {
3692 /* Translate error code for rename("dir1", "dir2/."). */
3693 if (error == EISDIR && fvp->v_type == VDIR)
3695 NDFREE_PNBUF(&fromnd);
3696 vrele(fromnd.ni_dvp);
3702 error = vn_start_write(fvp, &mp, V_NOWAIT);
3704 NDFREE_PNBUF(&fromnd);
3705 NDFREE_PNBUF(&tond);
3712 vrele(fromnd.ni_dvp);
3714 error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH);
3720 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3723 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3728 if (newfd != AT_FDCWD && (tond.ni_resflags & NIRES_ABS) == 0) {
3730 * If the target already exists we require CAP_UNLINKAT
3731 * from 'newfd', when newfd was used for the lookup.
3733 error = cap_check(&tond.ni_filecaps.fc_rights,
3734 &cap_unlinkat_rights);
3745 * If the source is the same as the destination (that is, if they
3746 * are links to the same vnode), then there is nothing to do.
3752 error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3753 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3757 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3758 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3759 NDFREE_PNBUF(&fromnd);
3760 NDFREE_PNBUF(&tond);
3762 NDFREE_PNBUF(&fromnd);
3763 NDFREE_PNBUF(&tond);
3770 vrele(fromnd.ni_dvp);
3773 vn_finished_write(mp);
3775 if (error == ERESTART)
3777 if (error == ERELOOKUP)
3783 * Make a directory file.
3785 #ifndef _SYS_SYSPROTO_H_
3792 sys_mkdir(struct thread *td, struct mkdir_args *uap)
3795 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3799 #ifndef _SYS_SYSPROTO_H_
3800 struct mkdirat_args {
3807 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3810 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3814 kern_mkdirat(struct thread *td, int fd, const char *path, enum uio_seg segflg,
3819 struct nameidata nd;
3822 AUDIT_ARG_MODE(mode);
3826 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | AUDITVNODE1 |
3827 NC_NOMAKEENTRY | NC_KEEPPOSENTRY | FAILIFEXISTS | WILLBEDIR,
3828 segflg, path, fd, &cap_mkdirat_rights);
3829 if ((error = namei(&nd)) != 0)
3831 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3834 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH)) != 0)
3839 vattr.va_type = VDIR;
3840 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_pd->pd_cmask;
3842 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3847 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3852 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
3853 vn_finished_write(mp);
3854 if (error == ERELOOKUP)
3860 * Remove a directory file.
3862 #ifndef _SYS_SYSPROTO_H_
3868 sys_rmdir(struct thread *td, struct rmdir_args *uap)
3871 return (kern_frmdirat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
3876 kern_frmdirat(struct thread *td, int dfd, const char *path, int fd,
3877 enum uio_seg pathseg, int flag)
3882 struct nameidata nd;
3883 cap_rights_t rights;
3887 if (fd != FD_NONE) {
3888 error = getvnode(td, fd, cap_rights_init_one(&rights,
3897 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
3898 at2cnpflags(flag, AT_RESOLVE_BENEATH),
3899 pathseg, path, dfd, &cap_unlinkat_rights);
3900 if ((error = namei(&nd)) != 0)
3903 if (vp->v_type != VDIR) {
3908 * No rmdir "." please.
3910 if (nd.ni_dvp == vp) {
3915 * The root of a mounted filesystem cannot be deleted.
3917 if (vp->v_vflag & VV_ROOT) {
3922 if (fp != NULL && fp->f_vnode != vp) {
3923 if (VN_IS_DOOMED(fp->f_vnode))
3931 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3936 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3939 if (nd.ni_dvp == vp)
3943 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | V_PCATCH)) != 0)
3947 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3948 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3949 vn_finished_write(mp);
3953 if (nd.ni_dvp == vp)
3957 if (error == ERELOOKUP)
3965 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
3967 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count,
3968 long *basep, void (*func)(struct freebsd11_dirent *))
3970 struct freebsd11_dirent dstdp;
3971 struct dirent *dp, *edp;
3974 ssize_t resid, ucount;
3977 /* XXX arbitrary sanity limit on `count'. */
3978 count = min(count, 64 * 1024);
3980 dirbuf = malloc(count, M_TEMP, M_WAITOK);
3982 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid,
3990 for (dp = (struct dirent *)dirbuf,
3991 edp = (struct dirent *)&dirbuf[count - resid];
3992 ucount < count && dp < edp; ) {
3993 if (dp->d_reclen == 0)
3995 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0));
3996 if (dp->d_namlen >= sizeof(dstdp.d_name))
3998 dstdp.d_type = dp->d_type;
3999 dstdp.d_namlen = dp->d_namlen;
4000 dstdp.d_fileno = dp->d_fileno; /* truncate */
4001 if (dstdp.d_fileno != dp->d_fileno) {
4002 switch (ino64_trunc_error) {
4010 dstdp.d_fileno = UINT32_MAX;
4014 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) +
4015 ((dp->d_namlen + 1 + 3) &~ 3);
4016 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
4017 bzero(dstdp.d_name + dstdp.d_namlen,
4018 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) -
4020 MPASS(dstdp.d_reclen <= dp->d_reclen);
4021 MPASS(ucount + dstdp.d_reclen <= count);
4024 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen);
4027 dp = (struct dirent *)((char *)dp + dp->d_reclen);
4028 ucount += dstdp.d_reclen;
4032 free(dirbuf, M_TEMP);
4034 td->td_retval[0] = ucount;
4041 ogetdirentries_cvt(struct freebsd11_dirent *dp)
4043 #if (BYTE_ORDER == LITTLE_ENDIAN)
4045 * The expected low byte of dp->d_namlen is our dp->d_type.
4046 * The high MBZ byte of dp->d_namlen is our dp->d_namlen.
4048 dp->d_type = dp->d_namlen;
4052 * The dp->d_type is the high byte of the expected dp->d_namlen,
4053 * so must be zero'ed.
4060 * Read a block of directory entries in a filesystem independent format.
4062 #ifndef _SYS_SYSPROTO_H_
4063 struct ogetdirentries_args {
4071 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
4076 error = kern_ogetdirentries(td, uap, &loff);
4078 error = copyout(&loff, uap->basep, sizeof(long));
4083 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
4089 /* XXX arbitrary sanity limit on `count'. */
4090 if (uap->count > 64 * 1024)
4093 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4094 &base, ogetdirentries_cvt);
4096 if (error == 0 && uap->basep != NULL)
4097 error = copyout(&base, uap->basep, sizeof(long));
4101 #endif /* COMPAT_43 */
4103 #if defined(COMPAT_FREEBSD11)
4104 #ifndef _SYS_SYSPROTO_H_
4105 struct freebsd11_getdirentries_args {
4113 freebsd11_getdirentries(struct thread *td,
4114 struct freebsd11_getdirentries_args *uap)
4119 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4122 if (error == 0 && uap->basep != NULL)
4123 error = copyout(&base, uap->basep, sizeof(long));
4128 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap)
4130 struct freebsd11_getdirentries_args ap;
4134 ap.count = uap->count;
4136 return (freebsd11_getdirentries(td, &ap));
4138 #endif /* COMPAT_FREEBSD11 */
4141 * Read a block of directory entries in a filesystem independent format.
4144 sys_getdirentries(struct thread *td, struct getdirentries_args *uap)
4149 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
4150 NULL, UIO_USERSPACE);
4153 if (uap->basep != NULL)
4154 error = copyout(&base, uap->basep, sizeof(off_t));
4159 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count,
4160 off_t *basep, ssize_t *residp, enum uio_seg bufseg)
4171 if (count > IOSIZE_MAX)
4173 auio.uio_resid = count;
4174 error = getvnode(td, fd, &cap_read_rights, &fp);
4177 if ((fp->f_flag & FREAD) == 0) {
4182 foffset = foffset_lock(fp, 0);
4184 if (vp->v_type != VDIR) {
4188 if (__predict_false((vp->v_vflag & VV_UNLINKED) != 0)) {
4192 aiov.iov_base = buf;
4193 aiov.iov_len = count;
4194 auio.uio_iov = &aiov;
4195 auio.uio_iovcnt = 1;
4196 auio.uio_rw = UIO_READ;
4197 auio.uio_segflg = bufseg;
4199 vn_lock(vp, LK_SHARED | LK_RETRY);
4200 AUDIT_ARG_VNODE1(vp);
4201 loff = auio.uio_offset = foffset;
4203 error = mac_vnode_check_readdir(td->td_ucred, vp);
4206 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4208 foffset = auio.uio_offset;
4213 if (count == auio.uio_resid &&
4214 (vp->v_vflag & VV_ROOT) &&
4215 (vp->v_mount->mnt_flag & MNT_UNION)) {
4216 struct vnode *tvp = vp;
4218 vp = vp->v_mount->mnt_vnodecovered;
4228 *residp = auio.uio_resid;
4229 td->td_retval[0] = count - auio.uio_resid;
4231 foffset_unlock(fp, foffset, 0);
4237 * Set the mode mask for creation of filesystem nodes.
4239 #ifndef _SYS_SYSPROTO_H_
4245 sys_umask(struct thread *td, struct umask_args *uap)
4247 struct pwddesc *pdp;
4249 pdp = td->td_proc->p_pd;
4251 td->td_retval[0] = pdp->pd_cmask;
4252 pdp->pd_cmask = uap->newmask & ALLPERMS;
4253 PWDDESC_XUNLOCK(pdp);
4258 * Void all references to file by ripping underlying filesystem away from
4261 #ifndef _SYS_SYSPROTO_H_
4262 struct revoke_args {
4267 sys_revoke(struct thread *td, struct revoke_args *uap)
4271 struct nameidata nd;
4274 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4276 if ((error = namei(&nd)) != 0)
4280 if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4285 error = mac_vnode_check_revoke(td->td_ucred, vp);
4289 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4292 if (td->td_ucred->cr_uid != vattr.va_uid) {
4293 error = priv_check(td, PRIV_VFS_ADMIN);
4297 if (devfs_usecount(vp) > 0)
4298 VOP_REVOKE(vp, REVOKEALL);
4305 * This variant of getvnode() allows O_PATH files. Caller should
4306 * ensure that returned file and vnode are only used for compatible
4310 getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
4316 error = fget_unlocked(td, fd, rightsp, &fp);
4321 * The file could be not of the vnode type, or it may be not
4322 * yet fully initialized, in which case the f_vnode pointer
4323 * may be set, but f_ops is still badfileops. E.g.,
4324 * devfs_open() transiently create such situation to
4325 * facilitate csw d_fdopen().
4327 * Dupfdopen() handling in kern_openat() installs the
4328 * half-baked file into the process descriptor table, allowing
4329 * other thread to dereference it. Guard against the race by
4332 if (__predict_false(fp->f_vnode == NULL || fp->f_ops == &badfileops)) {
4343 * Convert a user file descriptor to a kernel file entry and check
4344 * that, if it is a capability, the correct rights are present.
4345 * A reference on the file entry is held upon returning.
4348 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
4352 error = getvnode_path(td, fd, rightsp, fpp);
4353 if (__predict_false(error != 0))
4357 * Filter out O_PATH file descriptors, most getvnode() callers
4358 * do not call fo_ methods.
4360 if (__predict_false((*fpp)->f_ops == &path_fileops)) {
4370 * Get an (NFS) file handle.
4372 #ifndef _SYS_SYSPROTO_H_
4373 struct lgetfh_args {
4379 sys_lgetfh(struct thread *td, struct lgetfh_args *uap)
4382 return (kern_getfhat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->fname,
4383 UIO_USERSPACE, uap->fhp, UIO_USERSPACE));
4386 #ifndef _SYS_SYSPROTO_H_
4393 sys_getfh(struct thread *td, struct getfh_args *uap)
4396 return (kern_getfhat(td, 0, AT_FDCWD, uap->fname, UIO_USERSPACE,
4397 uap->fhp, UIO_USERSPACE));
4401 * syscall for the rpc.lockd to use to translate an open descriptor into
4402 * a NFS file handle.
4404 * warning: do not remove the priv_check() call or this becomes one giant
4407 #ifndef _SYS_SYSPROTO_H_
4408 struct getfhat_args {
4416 sys_getfhat(struct thread *td, struct getfhat_args *uap)
4419 return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
4420 uap->fhp, UIO_USERSPACE));
4424 kern_getfhat(struct thread *td, int flags, int fd, const char *path,
4425 enum uio_seg pathseg, fhandle_t *fhp, enum uio_seg fhseg)
4427 struct nameidata nd;
4432 if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
4434 error = priv_check(td, PRIV_VFS_GETFH);
4437 NDINIT_AT(&nd, LOOKUP, at2cnpflags(flags, AT_SYMLINK_NOFOLLOW |
4438 AT_RESOLVE_BENEATH) | LOCKLEAF | AUDITVNODE1, pathseg, path,
4445 bzero(&fh, sizeof(fh));
4446 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4447 error = VOP_VPTOFH(vp, &fh.fh_fid);
4450 if (fhseg == UIO_USERSPACE)
4451 error = copyout(&fh, fhp, sizeof (fh));
4453 memcpy(fhp, &fh, sizeof(fh));
4458 #ifndef _SYS_SYSPROTO_H_
4459 struct fhlink_args {
4465 sys_fhlink(struct thread *td, struct fhlink_args *uap)
4468 return (kern_fhlinkat(td, AT_FDCWD, uap->to, UIO_USERSPACE, uap->fhp));
4471 #ifndef _SYS_SYSPROTO_H_
4472 struct fhlinkat_args {
4479 sys_fhlinkat(struct thread *td, struct fhlinkat_args *uap)
4482 return (kern_fhlinkat(td, uap->tofd, uap->to, UIO_USERSPACE, uap->fhp));
4486 kern_fhlinkat(struct thread *td, int fd, const char *path,
4487 enum uio_seg pathseg, fhandle_t *fhp)
4494 error = priv_check(td, PRIV_VFS_GETFH);
4497 error = copyin(fhp, &fh, sizeof(fh));
4502 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4504 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4509 error = kern_linkat_vp(td, vp, fd, path, pathseg);
4510 } while (error == EAGAIN || error == ERELOOKUP);
4514 #ifndef _SYS_SYSPROTO_H_
4515 struct fhreadlink_args {
4522 sys_fhreadlink(struct thread *td, struct fhreadlink_args *uap)
4529 error = priv_check(td, PRIV_VFS_GETFH);
4532 if (uap->bufsize > IOSIZE_MAX)
4534 error = copyin(uap->fhp, &fh, sizeof(fh));
4537 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4539 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4543 error = kern_readlink_vp(vp, uap->buf, UIO_USERSPACE, uap->bufsize, td);
4549 * syscall for the rpc.lockd to use to translate a NFS file handle into an
4552 * warning: do not remove the priv_check() call or this becomes one giant
4555 #ifndef _SYS_SYSPROTO_H_
4556 struct fhopen_args {
4557 const struct fhandle *u_fhp;
4562 sys_fhopen(struct thread *td, struct fhopen_args *uap)
4564 return (kern_fhopen(td, uap->u_fhp, uap->flags));
4568 kern_fhopen(struct thread *td, const struct fhandle *u_fhp, int flags)
4577 error = priv_check(td, PRIV_VFS_FHOPEN);
4581 fmode = FFLAGS(flags);
4582 /* why not allow a non-read/write open for our lockd? */
4583 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4585 error = copyin(u_fhp, &fhp, sizeof(fhp));
4588 /* find the mount point */
4589 mp = vfs_busyfs(&fhp.fh_fsid);
4592 /* now give me my vnode, it gets returned to me locked */
4593 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4598 error = falloc_noinstall(td, &fp);
4604 * An extra reference on `fp' has been held for us by
4605 * falloc_noinstall().
4611 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4613 KASSERT(fp->f_ops == &badfileops,
4614 ("VOP_OPEN in fhopen() set f_ops"));
4615 KASSERT(td->td_dupfd < 0,
4616 ("fhopen() encountered fdopen()"));
4625 finit_vnode(fp, fmode, NULL, &vnops);
4627 if ((fmode & O_TRUNC) != 0) {
4628 error = fo_truncate(fp, 0, td->td_ucred, td);
4633 error = finstall(td, fp, &indx, fmode, NULL);
4636 td->td_retval[0] = indx;
4641 * Stat an (NFS) file handle.
4643 #ifndef _SYS_SYSPROTO_H_
4644 struct fhstat_args {
4645 struct fhandle *u_fhp;
4650 sys_fhstat(struct thread *td, struct fhstat_args *uap)
4656 error = copyin(uap->u_fhp, &fh, sizeof(fh));
4659 error = kern_fhstat(td, fh, &sb);
4661 error = copyout(&sb, uap->sb, sizeof(sb));
4666 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4672 error = priv_check(td, PRIV_VFS_FHSTAT);
4675 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4677 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4681 error = VOP_STAT(vp, sb, td->td_ucred, NOCRED);
4687 * Implement fstatfs() for (NFS) file handles.
4689 #ifndef _SYS_SYSPROTO_H_
4690 struct fhstatfs_args {
4691 struct fhandle *u_fhp;
4696 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap)
4702 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4705 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
4706 error = kern_fhstatfs(td, fh, sfp);
4708 error = copyout(sfp, uap->buf, sizeof(*sfp));
4709 free(sfp, M_STATFS);
4714 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4720 error = priv_check(td, PRIV_VFS_FHSTATFS);
4723 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4725 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4731 error = prison_canseemount(td->td_ucred, mp);
4735 error = mac_mount_check_stat(td->td_ucred, mp);
4739 error = VFS_STATFS(mp, buf);
4746 * Unlike madvise(2), we do not make a best effort to remember every
4747 * possible caching hint. Instead, we remember the last setting with
4748 * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4749 * region of any current setting.
4752 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4755 struct fadvise_info *fa, *new;
4761 if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4763 AUDIT_ARG_VALUE(advice);
4765 case POSIX_FADV_SEQUENTIAL:
4766 case POSIX_FADV_RANDOM:
4767 case POSIX_FADV_NOREUSE:
4768 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4770 case POSIX_FADV_NORMAL:
4771 case POSIX_FADV_WILLNEED:
4772 case POSIX_FADV_DONTNEED:
4778 /* XXX: CAP_POSIX_FADVISE? */
4780 error = fget(td, fd, &cap_no_rights, &fp);
4783 AUDIT_ARG_FILE(td->td_proc, fp);
4784 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4788 if (fp->f_type != DTYPE_VNODE) {
4793 if (vp->v_type != VREG) {
4800 end = offset + len - 1;
4802 case POSIX_FADV_SEQUENTIAL:
4803 case POSIX_FADV_RANDOM:
4804 case POSIX_FADV_NOREUSE:
4806 * Try to merge any existing non-standard region with
4807 * this new region if possible, otherwise create a new
4808 * non-standard region for this request.
4810 mtx_pool_lock(mtxpool_sleep, fp);
4812 if (fa != NULL && fa->fa_advice == advice &&
4813 ((fa->fa_start <= end && fa->fa_end >= offset) ||
4814 (end != OFF_MAX && fa->fa_start == end + 1) ||
4815 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4816 if (offset < fa->fa_start)
4817 fa->fa_start = offset;
4818 if (end > fa->fa_end)
4821 new->fa_advice = advice;
4822 new->fa_start = offset;
4827 mtx_pool_unlock(mtxpool_sleep, fp);
4829 case POSIX_FADV_NORMAL:
4831 * If a the "normal" region overlaps with an existing
4832 * non-standard region, trim or remove the
4833 * non-standard region.
4835 mtx_pool_lock(mtxpool_sleep, fp);
4838 if (offset <= fa->fa_start && end >= fa->fa_end) {
4840 fp->f_advice = NULL;
4841 } else if (offset <= fa->fa_start &&
4842 end >= fa->fa_start)
4843 fa->fa_start = end + 1;
4844 else if (offset <= fa->fa_end && end >= fa->fa_end)
4845 fa->fa_end = offset - 1;
4846 else if (offset >= fa->fa_start && end <= fa->fa_end) {
4848 * If the "normal" region is a middle
4849 * portion of the existing
4850 * non-standard region, just remove
4851 * the whole thing rather than picking
4852 * one side or the other to
4856 fp->f_advice = NULL;
4859 mtx_pool_unlock(mtxpool_sleep, fp);
4861 case POSIX_FADV_WILLNEED:
4862 case POSIX_FADV_DONTNEED:
4863 error = VOP_ADVISE(vp, offset, end, advice);
4869 free(new, M_FADVISE);
4874 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4878 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len,
4880 return (kern_posix_error(td, error));
4884 kern_copy_file_range(struct thread *td, int infd, off_t *inoffp, int outfd,
4885 off_t *outoffp, size_t len, unsigned int flags)
4887 struct file *infp, *outfp;
4888 struct vnode *invp, *outvp;
4891 void *rl_rcookie, *rl_wcookie;
4892 off_t savinoff, savoutoff;
4894 infp = outfp = NULL;
4895 rl_rcookie = rl_wcookie = NULL;
4904 if (len > SSIZE_MAX)
4906 * Although the len argument is size_t, the return argument
4907 * is ssize_t (which is signed). Therefore a size that won't
4908 * fit in ssize_t can't be returned.
4912 /* Get the file structures for the file descriptors. */
4913 error = fget_read(td, infd, &cap_read_rights, &infp);
4916 if (infp->f_ops == &badfileops) {
4920 if (infp->f_vnode == NULL) {
4924 error = fget_write(td, outfd, &cap_write_rights, &outfp);
4927 if (outfp->f_ops == &badfileops) {
4931 if (outfp->f_vnode == NULL) {
4936 /* Set the offset pointers to the correct place. */
4938 inoffp = &infp->f_offset;
4939 if (outoffp == NULL)
4940 outoffp = &outfp->f_offset;
4942 savoutoff = *outoffp;
4944 invp = infp->f_vnode;
4945 outvp = outfp->f_vnode;
4946 /* Sanity check the f_flag bits. */
4947 if ((outfp->f_flag & (FWRITE | FAPPEND)) != FWRITE ||
4948 (infp->f_flag & FREAD) == 0) {
4953 /* If len == 0, just return 0. */
4958 * If infp and outfp refer to the same file, the byte ranges cannot
4961 if (invp == outvp && ((savinoff <= savoutoff && savinoff + len >
4962 savoutoff) || (savinoff > savoutoff && savoutoff + len >
4968 /* Range lock the byte ranges for both invp and outvp. */
4970 rl_wcookie = vn_rangelock_wlock(outvp, *outoffp, *outoffp +
4972 rl_rcookie = vn_rangelock_tryrlock(invp, *inoffp, *inoffp +
4974 if (rl_rcookie != NULL)
4976 vn_rangelock_unlock(outvp, rl_wcookie);
4977 rl_rcookie = vn_rangelock_rlock(invp, *inoffp, *inoffp + len);
4978 vn_rangelock_unlock(invp, rl_rcookie);
4982 error = vn_copy_file_range(invp, inoffp, outvp, outoffp, &retlen,
4983 flags, infp->f_cred, outfp->f_cred, td);
4985 if (rl_rcookie != NULL)
4986 vn_rangelock_unlock(invp, rl_rcookie);
4987 if (rl_wcookie != NULL)
4988 vn_rangelock_unlock(outvp, rl_wcookie);
4989 if (savinoff != -1 && (error == EINTR || error == ERESTART)) {
4991 *outoffp = savoutoff;
4997 td->td_retval[0] = retlen;
5002 sys_copy_file_range(struct thread *td, struct copy_file_range_args *uap)
5004 off_t inoff, outoff, *inoffp, *outoffp;
5007 inoffp = outoffp = NULL;
5008 if (uap->inoffp != NULL) {
5009 error = copyin(uap->inoffp, &inoff, sizeof(off_t));
5014 if (uap->outoffp != NULL) {
5015 error = copyin(uap->outoffp, &outoff, sizeof(off_t));
5020 error = kern_copy_file_range(td, uap->infd, inoffp, uap->outfd,
5021 outoffp, uap->len, uap->flags);
5022 if (error == 0 && uap->inoffp != NULL)
5023 error = copyout(inoffp, uap->inoffp, sizeof(off_t));
5024 if (error == 0 && uap->outoffp != NULL)
5025 error = copyout(outoffp, uap->outoffp, sizeof(off_t));
projects / FreeBSD / FreeBSD.git / blob