2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_capsicum.h"
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
49 #include <sys/capsicum.h>
51 #include <sys/sysent.h>
52 #include <sys/malloc.h>
53 #include <sys/mount.h>
54 #include <sys/mutex.h>
55 #include <sys/sysproto.h>
56 #include <sys/namei.h>
57 #include <sys/filedesc.h>
58 #include <sys/kernel.h>
59 #include <sys/fcntl.h>
61 #include <sys/filio.h>
62 #include <sys/limits.h>
63 #include <sys/linker.h>
64 #include <sys/rwlock.h>
68 #include <sys/unistd.h>
69 #include <sys/vnode.h>
72 #include <sys/dirent.h>
74 #include <sys/syscallsubr.h>
75 #include <sys/sysctl.h>
77 #include <sys/ktrace.h>
80 #include <machine/stdarg.h>
82 #include <security/audit/audit.h>
83 #include <security/mac/mac_framework.h>
86 #include <vm/vm_object.h>
87 #include <vm/vm_page.h>
90 #include <ufs/ufs/quota.h>
92 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
94 static int kern_chflagsat(struct thread *td, int fd, const char *path,
95 enum uio_seg pathseg, u_long flags, int atflag);
96 static int setfflags(struct thread *td, struct vnode *, u_long);
97 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
98 static int getutimens(const struct timespec *, enum uio_seg,
99 struct timespec *, int *);
100 static int setutimes(struct thread *td, struct vnode *,
101 const struct timespec *, int, int);
102 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
104 static int kern_fhlinkat(struct thread *td, int fd, const char *path,
105 enum uio_seg pathseg, fhandle_t *fhp);
106 static int kern_getfhat(struct thread *td, int flags, int fd,
107 const char *path, enum uio_seg pathseg, fhandle_t *fhp);
108 static int kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg,
109 size_t count, struct thread *td);
110 static int kern_linkat_vp(struct thread *td, struct vnode *vp, int fd,
111 const char *path, enum uio_seg segflag);
114 kern_sync(struct thread *td)
116 struct mount *mp, *nmp;
119 mtx_lock(&mountlist_mtx);
120 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
121 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
122 nmp = TAILQ_NEXT(mp, mnt_list);
125 if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
126 vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
127 save = curthread_pflags_set(TDP_SYNCIO);
128 vfs_periodic(mp, MNT_NOWAIT);
129 VFS_SYNC(mp, MNT_NOWAIT);
130 curthread_pflags_restore(save);
131 vn_finished_write(mp);
133 mtx_lock(&mountlist_mtx);
134 nmp = TAILQ_NEXT(mp, mnt_list);
137 mtx_unlock(&mountlist_mtx);
142 * Sync each mounted filesystem.
144 #ifndef _SYS_SYSPROTO_H_
151 sys_sync(struct thread *td, struct sync_args *uap)
154 return (kern_sync(td));
158 * Change filesystem quotas.
160 #ifndef _SYS_SYSPROTO_H_
161 struct quotactl_args {
169 sys_quotactl(struct thread *td, struct quotactl_args *uap)
175 AUDIT_ARG_CMD(uap->cmd);
176 AUDIT_ARG_UID(uap->uid);
177 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
179 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
181 if ((error = namei(&nd)) != 0)
183 NDFREE(&nd, NDF_ONLY_PNBUF);
184 mp = nd.ni_vp->v_mount;
187 error = vfs_busy(mp, 0);
192 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg);
195 * Since quota on operation typically needs to open quota
196 * file, the Q_QUOTAON handler needs to unbusy the mount point
197 * before calling into namei. Otherwise, unmount might be
198 * started between two vfs_busy() invocations (first is our,
199 * second is from mount point cross-walk code in lookup()),
202 * Require that Q_QUOTAON handles the vfs_busy() reference on
203 * its own, always returning with ubusied mount point.
205 if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON &&
206 (uap->cmd >> SUBCMDSHIFT) != Q_QUOTAOFF)
213 * Used by statfs conversion routines to scale the block size up if
214 * necessary so that all of the block counts are <= 'max_size'. Note
215 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
219 statfs_scale_blocks(struct statfs *sf, long max_size)
224 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
227 * Attempt to scale the block counts to give a more accurate
228 * overview to userland of the ratio of free space to used
229 * space. To do this, find the largest block count and compute
230 * a divisor that lets it fit into a signed integer <= max_size.
232 if (sf->f_bavail < 0)
233 count = -sf->f_bavail;
235 count = sf->f_bavail;
236 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
237 if (count <= max_size)
240 count >>= flsl(max_size);
247 sf->f_bsize <<= shift;
248 sf->f_blocks >>= shift;
249 sf->f_bfree >>= shift;
250 sf->f_bavail >>= shift;
254 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
260 error = vfs_busy(mp, 0);
265 error = mac_mount_check_stat(td->td_ucred, mp);
269 error = VFS_STATFS(mp, buf);
272 if (priv_check_cred_vfs_generation(td->td_ucred)) {
273 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
274 prison_enforce_statfs(td->td_ucred, mp, buf);
282 * Get filesystem statistics.
284 #ifndef _SYS_SYSPROTO_H_
291 sys_statfs(struct thread *td, struct statfs_args *uap)
296 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
297 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
299 error = copyout(sfp, uap->buf, sizeof(struct statfs));
305 kern_statfs(struct thread *td, const char *path, enum uio_seg pathseg,
312 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
317 mp = nd.ni_vp->v_mount;
319 NDFREE(&nd, NDF_ONLY_PNBUF);
321 return (kern_do_statfs(td, mp, buf));
325 * Get filesystem statistics.
327 #ifndef _SYS_SYSPROTO_H_
328 struct fstatfs_args {
334 sys_fstatfs(struct thread *td, struct fstatfs_args *uap)
339 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
340 error = kern_fstatfs(td, uap->fd, sfp);
342 error = copyout(sfp, uap->buf, sizeof(struct statfs));
348 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
356 error = getvnode(td, fd, &cap_fstatfs_rights, &fp);
360 vn_lock(vp, LK_SHARED | LK_RETRY);
362 AUDIT_ARG_VNODE1(vp);
369 return (kern_do_statfs(td, mp, buf));
373 * Get statistics on all filesystems.
375 #ifndef _SYS_SYSPROTO_H_
376 struct getfsstat_args {
383 sys_getfsstat(struct thread *td, struct getfsstat_args *uap)
388 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
390 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
391 UIO_USERSPACE, uap->mode);
393 td->td_retval[0] = count;
398 * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
399 * The caller is responsible for freeing memory which will be allocated
403 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
404 size_t *countp, enum uio_seg bufseg, int mode)
406 struct mount *mp, *nmp;
407 struct statfs *sfsp, *sp, *sptmp, *tofree;
408 size_t count, maxcount;
416 if (bufseg == UIO_SYSSPACE)
421 maxcount = bufsize / sizeof(struct statfs);
425 } else if (bufseg == UIO_USERSPACE) {
428 } else /* if (bufseg == UIO_SYSSPACE) */ {
430 mtx_lock(&mountlist_mtx);
431 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
434 mtx_unlock(&mountlist_mtx);
435 if (maxcount > count)
437 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs),
444 * If there is no target buffer they only want the count.
446 * This could be TAILQ_FOREACH but it is open-coded to match the original
450 mtx_lock(&mountlist_mtx);
451 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
452 if (prison_canseemount(td->td_ucred, mp) != 0) {
453 nmp = TAILQ_NEXT(mp, mnt_list);
457 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
458 nmp = TAILQ_NEXT(mp, mnt_list);
463 nmp = TAILQ_NEXT(mp, mnt_list);
465 mtx_unlock(&mountlist_mtx);
471 * They want the entire thing.
473 * Short-circuit the corner case of no room for anything, avoids
480 mtx_lock(&mountlist_mtx);
481 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
482 if (prison_canseemount(td->td_ucred, mp) != 0) {
483 nmp = TAILQ_NEXT(mp, mnt_list);
487 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
488 nmp = TAILQ_NEXT(mp, mnt_list);
492 if (mode == MNT_WAIT) {
493 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) {
495 * If vfs_busy() failed, and MBF_NOWAIT
496 * wasn't passed, then the mp is gone.
497 * Furthermore, because of MBF_MNTLSTLOCK,
498 * the mountlist_mtx was dropped. We have
499 * no other choice than to start over.
501 mtx_unlock(&mountlist_mtx);
502 free(tofree, M_STATFS);
506 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) {
507 nmp = TAILQ_NEXT(mp, mnt_list);
513 * If MNT_NOWAIT is specified, do not refresh
516 if (mode != MNT_NOWAIT) {
517 error = VFS_STATFS(mp, sp);
519 mtx_lock(&mountlist_mtx);
520 nmp = TAILQ_NEXT(mp, mnt_list);
525 if (priv_check_cred_vfs_generation(td->td_ucred)) {
526 sptmp = malloc(sizeof(struct statfs), M_STATFS,
529 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
530 prison_enforce_statfs(td->td_ucred, mp, sptmp);
534 if (bufseg == UIO_SYSSPACE) {
535 bcopy(sp, sfsp, sizeof(*sp));
536 free(sptmp, M_STATFS);
537 } else /* if (bufseg == UIO_USERSPACE) */ {
538 error = copyout(sp, sfsp, sizeof(*sp));
539 free(sptmp, M_STATFS);
548 if (count == maxcount) {
553 mtx_lock(&mountlist_mtx);
554 nmp = TAILQ_NEXT(mp, mnt_list);
557 mtx_unlock(&mountlist_mtx);
563 #ifdef COMPAT_FREEBSD4
565 * Get old format filesystem statistics.
567 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *);
569 #ifndef _SYS_SYSPROTO_H_
570 struct freebsd4_statfs_args {
576 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap)
582 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
583 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
585 freebsd4_cvtstatfs(sfp, &osb);
586 error = copyout(&osb, uap->buf, sizeof(osb));
593 * Get filesystem statistics.
595 #ifndef _SYS_SYSPROTO_H_
596 struct freebsd4_fstatfs_args {
602 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap)
608 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
609 error = kern_fstatfs(td, uap->fd, sfp);
611 freebsd4_cvtstatfs(sfp, &osb);
612 error = copyout(&osb, uap->buf, sizeof(osb));
619 * Get statistics on all filesystems.
621 #ifndef _SYS_SYSPROTO_H_
622 struct freebsd4_getfsstat_args {
629 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
631 struct statfs *buf, *sp;
636 if (uap->bufsize < 0)
638 count = uap->bufsize / sizeof(struct ostatfs);
639 if (count > SIZE_MAX / sizeof(struct statfs))
641 size = count * sizeof(struct statfs);
642 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
645 td->td_retval[0] = count;
648 while (count != 0 && error == 0) {
649 freebsd4_cvtstatfs(sp, &osb);
650 error = copyout(&osb, uap->buf, sizeof(osb));
661 * Implement fstatfs() for (NFS) file handles.
663 #ifndef _SYS_SYSPROTO_H_
664 struct freebsd4_fhstatfs_args {
665 struct fhandle *u_fhp;
670 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap)
677 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
680 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
681 error = kern_fhstatfs(td, fh, sfp);
683 freebsd4_cvtstatfs(sfp, &osb);
684 error = copyout(&osb, uap->buf, sizeof(osb));
691 * Convert a new format statfs structure to an old format statfs structure.
694 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp)
697 statfs_scale_blocks(nsp, LONG_MAX);
698 bzero(osp, sizeof(*osp));
699 osp->f_bsize = nsp->f_bsize;
700 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
701 osp->f_blocks = nsp->f_blocks;
702 osp->f_bfree = nsp->f_bfree;
703 osp->f_bavail = nsp->f_bavail;
704 osp->f_files = MIN(nsp->f_files, LONG_MAX);
705 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
706 osp->f_owner = nsp->f_owner;
707 osp->f_type = nsp->f_type;
708 osp->f_flags = nsp->f_flags;
709 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
710 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
711 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
712 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
713 strlcpy(osp->f_fstypename, nsp->f_fstypename,
714 MIN(MFSNAMELEN, OMFSNAMELEN));
715 strlcpy(osp->f_mntonname, nsp->f_mntonname,
716 MIN(MNAMELEN, OMNAMELEN));
717 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
718 MIN(MNAMELEN, OMNAMELEN));
719 osp->f_fsid = nsp->f_fsid;
721 #endif /* COMPAT_FREEBSD4 */
723 #if defined(COMPAT_FREEBSD11)
725 * Get old format filesystem statistics.
727 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *);
730 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap)
732 struct freebsd11_statfs osb;
736 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
737 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
739 freebsd11_cvtstatfs(sfp, &osb);
740 error = copyout(&osb, uap->buf, sizeof(osb));
747 * Get filesystem statistics.
750 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap)
752 struct freebsd11_statfs osb;
756 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
757 error = kern_fstatfs(td, uap->fd, sfp);
759 freebsd11_cvtstatfs(sfp, &osb);
760 error = copyout(&osb, uap->buf, sizeof(osb));
767 * Get statistics on all filesystems.
770 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap)
772 struct freebsd11_statfs osb;
773 struct statfs *buf, *sp;
777 count = uap->bufsize / sizeof(struct ostatfs);
778 size = count * sizeof(struct statfs);
779 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
782 td->td_retval[0] = count;
785 while (count > 0 && error == 0) {
786 freebsd11_cvtstatfs(sp, &osb);
787 error = copyout(&osb, uap->buf, sizeof(osb));
798 * Implement fstatfs() for (NFS) file handles.
801 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap)
803 struct freebsd11_statfs osb;
808 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
811 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
812 error = kern_fhstatfs(td, fh, sfp);
814 freebsd11_cvtstatfs(sfp, &osb);
815 error = copyout(&osb, uap->buf, sizeof(osb));
822 * Convert a new format statfs structure to an old format statfs structure.
825 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp)
828 bzero(osp, sizeof(*osp));
829 osp->f_version = FREEBSD11_STATFS_VERSION;
830 osp->f_type = nsp->f_type;
831 osp->f_flags = nsp->f_flags;
832 osp->f_bsize = nsp->f_bsize;
833 osp->f_iosize = nsp->f_iosize;
834 osp->f_blocks = nsp->f_blocks;
835 osp->f_bfree = nsp->f_bfree;
836 osp->f_bavail = nsp->f_bavail;
837 osp->f_files = nsp->f_files;
838 osp->f_ffree = nsp->f_ffree;
839 osp->f_syncwrites = nsp->f_syncwrites;
840 osp->f_asyncwrites = nsp->f_asyncwrites;
841 osp->f_syncreads = nsp->f_syncreads;
842 osp->f_asyncreads = nsp->f_asyncreads;
843 osp->f_namemax = nsp->f_namemax;
844 osp->f_owner = nsp->f_owner;
845 osp->f_fsid = nsp->f_fsid;
846 strlcpy(osp->f_fstypename, nsp->f_fstypename,
847 MIN(MFSNAMELEN, sizeof(osp->f_fstypename)));
848 strlcpy(osp->f_mntonname, nsp->f_mntonname,
849 MIN(MNAMELEN, sizeof(osp->f_mntonname)));
850 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
851 MIN(MNAMELEN, sizeof(osp->f_mntfromname)));
853 #endif /* COMPAT_FREEBSD11 */
856 * Change current working directory to a given file descriptor.
858 #ifndef _SYS_SYSPROTO_H_
864 sys_fchdir(struct thread *td, struct fchdir_args *uap)
866 struct vnode *vp, *tdp;
871 AUDIT_ARG_FD(uap->fd);
872 error = getvnode(td, uap->fd, &cap_fchdir_rights,
879 vn_lock(vp, LK_SHARED | LK_RETRY);
880 AUDIT_ARG_VNODE1(vp);
881 error = change_dir(vp, td);
882 while (!error && (mp = vp->v_mountedhere) != NULL) {
885 error = VFS_ROOT(mp, LK_SHARED, &tdp);
902 * Change current working directory (``.'').
904 #ifndef _SYS_SYSPROTO_H_
910 sys_chdir(struct thread *td, struct chdir_args *uap)
913 return (kern_chdir(td, uap->path, UIO_USERSPACE));
917 kern_chdir(struct thread *td, const char *path, enum uio_seg pathseg)
922 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
924 if ((error = namei(&nd)) != 0)
926 if ((error = change_dir(nd.ni_vp, td)) != 0) {
928 NDFREE(&nd, NDF_ONLY_PNBUF);
931 VOP_UNLOCK(nd.ni_vp);
932 NDFREE(&nd, NDF_ONLY_PNBUF);
933 pwd_chdir(td, nd.ni_vp);
938 * Change notion of root (``/'') directory.
940 #ifndef _SYS_SYSPROTO_H_
946 sys_chroot(struct thread *td, struct chroot_args *uap)
951 error = priv_check(td, PRIV_VFS_CHROOT);
954 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
955 UIO_USERSPACE, uap->path, td);
959 error = change_dir(nd.ni_vp, td);
963 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
967 VOP_UNLOCK(nd.ni_vp);
968 error = pwd_chroot(td, nd.ni_vp);
970 NDFREE(&nd, NDF_ONLY_PNBUF);
975 NDFREE(&nd, NDF_ONLY_PNBUF);
980 * Common routine for chroot and chdir. Callers must provide a locked vnode
984 change_dir(struct vnode *vp, struct thread *td)
990 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
991 if (vp->v_type != VDIR)
994 error = mac_vnode_check_chdir(td->td_ucred, vp);
998 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
1001 static __inline void
1002 flags_to_rights(int flags, cap_rights_t *rightsp)
1005 if (flags & O_EXEC) {
1006 cap_rights_set_one(rightsp, CAP_FEXECVE);
1008 switch ((flags & O_ACCMODE)) {
1010 cap_rights_set_one(rightsp, CAP_READ);
1013 cap_rights_set_one(rightsp, CAP_READ);
1016 cap_rights_set_one(rightsp, CAP_WRITE);
1017 if (!(flags & (O_APPEND | O_TRUNC)))
1018 cap_rights_set_one(rightsp, CAP_SEEK);
1023 if (flags & O_CREAT)
1024 cap_rights_set_one(rightsp, CAP_CREATE);
1026 if (flags & O_TRUNC)
1027 cap_rights_set_one(rightsp, CAP_FTRUNCATE);
1029 if (flags & (O_SYNC | O_FSYNC))
1030 cap_rights_set_one(rightsp, CAP_FSYNC);
1032 if (flags & (O_EXLOCK | O_SHLOCK))
1033 cap_rights_set_one(rightsp, CAP_FLOCK);
1037 * Check permissions, allocate an open file structure, and call the device
1038 * open routine if any.
1040 #ifndef _SYS_SYSPROTO_H_
1048 sys_open(struct thread *td, struct open_args *uap)
1051 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1052 uap->flags, uap->mode));
1055 #ifndef _SYS_SYSPROTO_H_
1056 struct openat_args {
1064 sys_openat(struct thread *td, struct openat_args *uap)
1067 AUDIT_ARG_FD(uap->fd);
1068 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1073 kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1074 int flags, int mode)
1076 struct proc *p = td->td_proc;
1077 struct filedesc *fdp = p->p_fd;
1080 struct nameidata nd;
1081 cap_rights_t rights;
1082 int cmode, error, indx;
1086 AUDIT_ARG_FFLAGS(flags);
1087 AUDIT_ARG_MODE(mode);
1088 cap_rights_init_one(&rights, CAP_LOOKUP);
1089 flags_to_rights(flags, &rights);
1091 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
1094 if (flags & O_EXEC) {
1095 if (flags & O_ACCMODE)
1097 } else if ((flags & O_ACCMODE) == O_ACCMODE) {
1100 flags = FFLAGS(flags);
1104 * Allocate a file structure. The descriptor to reference it
1105 * is allocated and set by finstall() below.
1107 error = falloc_noinstall(td, &fp);
1111 * An extra reference on `fp' has been held for us by
1112 * falloc_noinstall().
1114 /* Set the flags early so the finit in devfs can pick them up. */
1115 fp->f_flag = flags & FMASK;
1116 cmode = ((mode & ~fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
1117 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
1119 td->td_dupfd = -1; /* XXX check for fdopen */
1120 error = vn_open(&nd, &flags, cmode, fp);
1123 * If the vn_open replaced the method vector, something
1124 * wonderous happened deep below and we just pass it up
1125 * pretending we know what we do.
1127 if (error == ENXIO && fp->f_ops != &badfileops)
1131 * Handle special fdopen() case. bleh.
1133 * Don't do this for relative (capability) lookups; we don't
1134 * understand exactly what would happen, and we don't think
1135 * that it ever should.
1137 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) == 0 &&
1138 (error == ENODEV || error == ENXIO) &&
1139 td->td_dupfd >= 0) {
1140 error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1149 NDFREE(&nd, NDF_ONLY_PNBUF);
1153 * Store the vnode, for any f_type. Typically, the vnode use
1154 * count is decremented by direct call to vn_closefile() for
1155 * files that switched type in the cdevsw fdopen() method.
1159 * If the file wasn't claimed by devfs bind it to the normal
1160 * vnode operations here.
1162 if (fp->f_ops == &badfileops) {
1163 KASSERT(vp->v_type != VFIFO, ("Unexpected fifo."));
1164 fp->f_seqcount[UIO_READ] = 1;
1165 fp->f_seqcount[UIO_WRITE] = 1;
1166 finit(fp, (flags & FMASK) | (fp->f_flag & FHASLOCK),
1167 DTYPE_VNODE, vp, &vnops);
1171 if (flags & O_TRUNC) {
1172 error = fo_truncate(fp, 0, td->td_ucred, td);
1178 * If we haven't already installed the FD (for dupfdopen), do so now.
1181 struct filecaps *fcaps;
1184 if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) != 0)
1185 fcaps = &nd.ni_filecaps;
1189 error = finstall(td, fp, &indx, flags, fcaps);
1190 /* On success finstall() consumes fcaps. */
1192 filecaps_free(&nd.ni_filecaps);
1196 filecaps_free(&nd.ni_filecaps);
1200 * Release our private reference, leaving the one associated with
1201 * the descriptor table intact.
1204 td->td_retval[0] = indx;
1207 KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1216 #ifndef _SYS_SYSPROTO_H_
1217 struct ocreat_args {
1223 ocreat(struct thread *td, struct ocreat_args *uap)
1226 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1227 O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1229 #endif /* COMPAT_43 */
1232 * Create a special file.
1234 #ifndef _SYS_SYSPROTO_H_
1235 struct mknodat_args {
1243 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1246 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1250 #if defined(COMPAT_FREEBSD11)
1252 freebsd11_mknod(struct thread *td,
1253 struct freebsd11_mknod_args *uap)
1256 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1257 uap->mode, uap->dev));
1261 freebsd11_mknodat(struct thread *td,
1262 struct freebsd11_mknodat_args *uap)
1265 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1268 #endif /* COMPAT_FREEBSD11 */
1271 kern_mknodat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1272 int mode, dev_t dev)
1277 struct nameidata nd;
1278 int error, whiteout = 0;
1280 AUDIT_ARG_MODE(mode);
1282 switch (mode & S_IFMT) {
1285 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1286 if (error == 0 && dev == VNOVAL)
1290 error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1294 return (kern_mkfifoat(td, fd, path, pathseg, mode));
1304 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1305 NOCACHE, pathseg, path, fd, &cap_mknodat_rights,
1307 if ((error = namei(&nd)) != 0)
1311 NDFREE(&nd, NDF_ONLY_PNBUF);
1312 if (vp == nd.ni_dvp)
1320 vattr.va_mode = (mode & ALLPERMS) &
1321 ~td->td_proc->p_fd->fd_cmask;
1322 vattr.va_rdev = dev;
1325 switch (mode & S_IFMT) {
1327 vattr.va_type = VCHR;
1330 vattr.va_type = VBLK;
1336 panic("kern_mknod: invalid mode");
1339 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1340 NDFREE(&nd, NDF_ONLY_PNBUF);
1342 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1347 if (error == 0 && !whiteout)
1348 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1349 &nd.ni_cnd, &vattr);
1353 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1355 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1356 &nd.ni_cnd, &vattr);
1361 NDFREE(&nd, NDF_ONLY_PNBUF);
1363 vn_finished_write(mp);
1368 * Create a named pipe.
1370 #ifndef _SYS_SYSPROTO_H_
1371 struct mkfifo_args {
1377 sys_mkfifo(struct thread *td, struct mkfifo_args *uap)
1380 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1384 #ifndef _SYS_SYSPROTO_H_
1385 struct mkfifoat_args {
1392 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1395 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1400 kern_mkfifoat(struct thread *td, int fd, const char *path,
1401 enum uio_seg pathseg, int mode)
1405 struct nameidata nd;
1408 AUDIT_ARG_MODE(mode);
1411 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1412 NOCACHE, pathseg, path, fd, &cap_mkfifoat_rights,
1414 if ((error = namei(&nd)) != 0)
1416 if (nd.ni_vp != NULL) {
1417 NDFREE(&nd, NDF_ONLY_PNBUF);
1418 if (nd.ni_vp == nd.ni_dvp)
1425 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1426 NDFREE(&nd, NDF_ONLY_PNBUF);
1428 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1433 vattr.va_type = VFIFO;
1434 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask;
1436 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1441 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1448 vn_finished_write(mp);
1449 NDFREE(&nd, NDF_ONLY_PNBUF);
1454 * Make a hard file link.
1456 #ifndef _SYS_SYSPROTO_H_
1463 sys_link(struct thread *td, struct link_args *uap)
1466 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link,
1467 UIO_USERSPACE, FOLLOW));
1470 #ifndef _SYS_SYSPROTO_H_
1471 struct linkat_args {
1480 sys_linkat(struct thread *td, struct linkat_args *uap)
1485 if ((flag & ~(AT_SYMLINK_FOLLOW | AT_BENEATH)) != 0)
1488 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1489 UIO_USERSPACE, ((flag & AT_SYMLINK_FOLLOW) != 0 ? FOLLOW :
1490 NOFOLLOW) | ((flag & AT_BENEATH) != 0 ? BENEATH : 0)));
1493 int hardlink_check_uid = 0;
1494 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1495 &hardlink_check_uid, 0,
1496 "Unprivileged processes cannot create hard links to files owned by other "
1498 static int hardlink_check_gid = 0;
1499 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1500 &hardlink_check_gid, 0,
1501 "Unprivileged processes cannot create hard links to files owned by other "
1505 can_hardlink(struct vnode *vp, struct ucred *cred)
1510 if (!hardlink_check_uid && !hardlink_check_gid)
1513 error = VOP_GETATTR(vp, &va, cred);
1517 if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1518 error = priv_check_cred(cred, PRIV_VFS_LINK);
1523 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1524 error = priv_check_cred(cred, PRIV_VFS_LINK);
1533 kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
1534 const char *path2, enum uio_seg segflag, int follow)
1536 struct nameidata nd;
1541 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, segflag,
1542 path1, fd1, &cap_linkat_source_rights, td);
1543 if ((error = namei(&nd)) != 0)
1545 NDFREE(&nd, NDF_ONLY_PNBUF);
1546 error = kern_linkat_vp(td, nd.ni_vp, fd2, path2, segflag);
1547 } while (error == EAGAIN);
1552 kern_linkat_vp(struct thread *td, struct vnode *vp, int fd, const char *path,
1553 enum uio_seg segflag)
1555 struct nameidata nd;
1559 if (vp->v_type == VDIR) {
1561 return (EPERM); /* POSIX */
1563 NDINIT_ATRIGHTS(&nd, CREATE,
1564 LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflag, path, fd,
1565 &cap_linkat_target_rights, td);
1566 if ((error = namei(&nd)) == 0) {
1567 if (nd.ni_vp != NULL) {
1568 NDFREE(&nd, NDF_ONLY_PNBUF);
1569 if (nd.ni_dvp == nd.ni_vp)
1576 } else if (nd.ni_dvp->v_mount != vp->v_mount) {
1578 * Cross-device link. No need to recheck
1579 * vp->v_type, since it cannot change, except
1582 NDFREE(&nd, NDF_ONLY_PNBUF);
1586 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) {
1587 error = can_hardlink(vp, td->td_ucred);
1590 error = mac_vnode_check_link(td->td_ucred,
1591 nd.ni_dvp, vp, &nd.ni_cnd);
1596 NDFREE(&nd, NDF_ONLY_PNBUF);
1599 error = vn_start_write(vp, &mp, V_NOWAIT);
1603 NDFREE(&nd, NDF_ONLY_PNBUF);
1604 error = vn_start_write(NULL, &mp,
1610 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1613 vn_finished_write(mp);
1614 NDFREE(&nd, NDF_ONLY_PNBUF);
1617 NDFREE(&nd, NDF_ONLY_PNBUF);
1627 * Make a symbolic link.
1629 #ifndef _SYS_SYSPROTO_H_
1630 struct symlink_args {
1636 sys_symlink(struct thread *td, struct symlink_args *uap)
1639 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link,
1643 #ifndef _SYS_SYSPROTO_H_
1644 struct symlinkat_args {
1651 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1654 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1659 kern_symlinkat(struct thread *td, const char *path1, int fd, const char *path2,
1660 enum uio_seg segflg)
1664 const char *syspath;
1666 struct nameidata nd;
1669 if (segflg == UIO_SYSSPACE) {
1672 tmppath = uma_zalloc(namei_zone, M_WAITOK);
1673 if ((error = copyinstr(path1, tmppath, MAXPATHLEN, NULL)) != 0)
1677 AUDIT_ARG_TEXT(syspath);
1680 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1681 NOCACHE, segflg, path2, fd, &cap_symlinkat_rights,
1683 if ((error = namei(&nd)) != 0)
1686 NDFREE(&nd, NDF_ONLY_PNBUF);
1687 if (nd.ni_vp == nd.ni_dvp)
1695 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1696 NDFREE(&nd, NDF_ONLY_PNBUF);
1698 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1703 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask;
1705 vattr.va_type = VLNK;
1706 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1711 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1717 NDFREE(&nd, NDF_ONLY_PNBUF);
1719 vn_finished_write(mp);
1721 if (segflg != UIO_SYSSPACE)
1722 uma_zfree(namei_zone, tmppath);
1727 * Delete a whiteout from the filesystem.
1729 #ifndef _SYS_SYSPROTO_H_
1730 struct undelete_args {
1735 sys_undelete(struct thread *td, struct undelete_args *uap)
1738 struct nameidata nd;
1743 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1744 UIO_USERSPACE, uap->path, td);
1749 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1750 NDFREE(&nd, NDF_ONLY_PNBUF);
1751 if (nd.ni_vp == nd.ni_dvp)
1759 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1760 NDFREE(&nd, NDF_ONLY_PNBUF);
1762 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1766 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1767 NDFREE(&nd, NDF_ONLY_PNBUF);
1769 vn_finished_write(mp);
1774 * Delete a name from the filesystem.
1776 #ifndef _SYS_SYSPROTO_H_
1777 struct unlink_args {
1782 sys_unlink(struct thread *td, struct unlink_args *uap)
1785 return (kern_funlinkat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
1790 kern_funlinkat_ex(struct thread *td, int dfd, const char *path, int fd,
1791 int flag, enum uio_seg pathseg, ino_t oldinum)
1794 if ((flag & ~AT_REMOVEDIR) != 0)
1797 if ((flag & AT_REMOVEDIR) != 0)
1798 return (kern_frmdirat(td, dfd, path, fd, UIO_USERSPACE, 0));
1800 return (kern_funlinkat(td, dfd, path, fd, UIO_USERSPACE, 0, 0));
1803 #ifndef _SYS_SYSPROTO_H_
1804 struct unlinkat_args {
1811 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1814 return (kern_funlinkat_ex(td, uap->fd, uap->path, FD_NONE, uap->flag,
1818 #ifndef _SYS_SYSPROTO_H_
1819 struct funlinkat_args {
1827 sys_funlinkat(struct thread *td, struct funlinkat_args *uap)
1830 return (kern_funlinkat_ex(td, uap->dfd, uap->path, uap->fd, uap->flag,
1835 kern_funlinkat(struct thread *td, int dfd, const char *path, int fd,
1836 enum uio_seg pathseg, int flag, ino_t oldinum)
1841 struct nameidata nd;
1846 if (fd != FD_NONE) {
1847 error = getvnode(td, fd, &cap_no_rights, &fp);
1854 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
1855 ((flag & AT_BENEATH) != 0 ? BENEATH : 0),
1856 pathseg, path, dfd, &cap_unlinkat_rights, td);
1857 if ((error = namei(&nd)) != 0) {
1858 if (error == EINVAL)
1863 if (vp->v_type == VDIR && oldinum == 0) {
1864 error = EPERM; /* POSIX */
1865 } else if (oldinum != 0 &&
1866 ((error = VOP_STAT(vp, &sb, td->td_ucred, NOCRED, td)) == 0) &&
1867 sb.st_ino != oldinum) {
1868 error = EIDRM; /* Identifier removed */
1869 } else if (fp != NULL && fp->f_vnode != vp) {
1870 if (VN_IS_DOOMED(fp->f_vnode))
1876 * The root of a mounted filesystem cannot be deleted.
1878 * XXX: can this only be a VDIR case?
1880 if (vp->v_vflag & VV_ROOT)
1884 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1885 NDFREE(&nd, NDF_ONLY_PNBUF);
1887 if (vp == nd.ni_dvp)
1891 if ((error = vn_start_write(NULL, &mp,
1892 V_XSLEEP | PCATCH)) != 0) {
1898 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1903 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1904 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1908 vn_finished_write(mp);
1910 NDFREE(&nd, NDF_ONLY_PNBUF);
1912 if (vp == nd.ni_dvp)
1923 * Reposition read/write file offset.
1925 #ifndef _SYS_SYSPROTO_H_
1934 sys_lseek(struct thread *td, struct lseek_args *uap)
1937 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1941 kern_lseek(struct thread *td, int fd, off_t offset, int whence)
1947 error = fget(td, fd, &cap_seek_rights, &fp);
1950 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
1951 fo_seek(fp, offset, whence, td) : ESPIPE;
1956 #if defined(COMPAT_43)
1958 * Reposition read/write file offset.
1960 #ifndef _SYS_SYSPROTO_H_
1961 struct olseek_args {
1968 olseek(struct thread *td, struct olseek_args *uap)
1971 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1973 #endif /* COMPAT_43 */
1975 #if defined(COMPAT_FREEBSD6)
1976 /* Version with the 'pad' argument */
1978 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap)
1981 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1986 * Check access permissions using passed credentials.
1989 vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
1995 /* Flags == 0 means only check for existence. */
1996 if (user_flags == 0)
2000 if (user_flags & R_OK)
2002 if (user_flags & W_OK)
2004 if (user_flags & X_OK)
2007 error = mac_vnode_check_access(cred, vp, accmode);
2011 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
2012 error = VOP_ACCESS(vp, accmode, cred, td);
2017 * Check access permissions using "real" credentials.
2019 #ifndef _SYS_SYSPROTO_H_
2020 struct access_args {
2026 sys_access(struct thread *td, struct access_args *uap)
2029 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2033 #ifndef _SYS_SYSPROTO_H_
2034 struct faccessat_args {
2042 sys_faccessat(struct thread *td, struct faccessat_args *uap)
2045 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
2050 kern_accessat(struct thread *td, int fd, const char *path,
2051 enum uio_seg pathseg, int flag, int amode)
2053 struct ucred *cred, *usecred;
2055 struct nameidata nd;
2058 if ((flag & ~(AT_EACCESS | AT_BENEATH)) != 0)
2060 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
2064 * Create and modify a temporary credential instead of one that
2065 * is potentially shared (if we need one).
2067 cred = td->td_ucred;
2068 if ((flag & AT_EACCESS) == 0 &&
2069 ((cred->cr_uid != cred->cr_ruid ||
2070 cred->cr_rgid != cred->cr_groups[0]))) {
2071 usecred = crdup(cred);
2072 usecred->cr_uid = cred->cr_ruid;
2073 usecred->cr_groups[0] = cred->cr_rgid;
2074 td->td_ucred = usecred;
2077 AUDIT_ARG_VALUE(amode);
2078 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
2079 AUDITVNODE1 | ((flag & AT_BENEATH) != 0 ? BENEATH : 0),
2080 pathseg, path, fd, &cap_fstat_rights, td);
2081 if ((error = namei(&nd)) != 0)
2085 error = vn_access(vp, amode, usecred, td);
2086 NDFREE(&nd, NDF_ONLY_PNBUF);
2089 if (usecred != cred) {
2090 td->td_ucred = cred;
2097 * Check access permissions using "effective" credentials.
2099 #ifndef _SYS_SYSPROTO_H_
2100 struct eaccess_args {
2106 sys_eaccess(struct thread *td, struct eaccess_args *uap)
2109 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2110 AT_EACCESS, uap->amode));
2113 #if defined(COMPAT_43)
2115 * Get file status; this version follows links.
2117 #ifndef _SYS_SYSPROTO_H_
2124 ostat(struct thread *td, struct ostat_args *uap)
2130 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2135 return (copyout(&osb, uap->ub, sizeof (osb)));
2139 * Get file status; this version does not follow links.
2141 #ifndef _SYS_SYSPROTO_H_
2142 struct olstat_args {
2148 olstat(struct thread *td, struct olstat_args *uap)
2154 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2155 UIO_USERSPACE, &sb, NULL);
2159 return (copyout(&osb, uap->ub, sizeof (osb)));
2163 * Convert from an old to a new stat structure.
2164 * XXX: many values are blindly truncated.
2167 cvtstat(struct stat *st, struct ostat *ost)
2170 bzero(ost, sizeof(*ost));
2171 ost->st_dev = st->st_dev;
2172 ost->st_ino = st->st_ino;
2173 ost->st_mode = st->st_mode;
2174 ost->st_nlink = st->st_nlink;
2175 ost->st_uid = st->st_uid;
2176 ost->st_gid = st->st_gid;
2177 ost->st_rdev = st->st_rdev;
2178 ost->st_size = MIN(st->st_size, INT32_MAX);
2179 ost->st_atim = st->st_atim;
2180 ost->st_mtim = st->st_mtim;
2181 ost->st_ctim = st->st_ctim;
2182 ost->st_blksize = st->st_blksize;
2183 ost->st_blocks = st->st_blocks;
2184 ost->st_flags = st->st_flags;
2185 ost->st_gen = st->st_gen;
2187 #endif /* COMPAT_43 */
2189 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
2190 int ino64_trunc_error;
2191 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW,
2192 &ino64_trunc_error, 0,
2193 "Error on truncation of device, file or inode number, or link count");
2196 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost)
2199 ost->st_dev = st->st_dev;
2200 if (ost->st_dev != st->st_dev) {
2201 switch (ino64_trunc_error) {
2204 * Since dev_t is almost raw, don't clamp to the
2205 * maximum for case 2, but ignore the error.
2212 ost->st_ino = st->st_ino;
2213 if (ost->st_ino != st->st_ino) {
2214 switch (ino64_trunc_error) {
2221 ost->st_ino = UINT32_MAX;
2225 ost->st_mode = st->st_mode;
2226 ost->st_nlink = st->st_nlink;
2227 if (ost->st_nlink != st->st_nlink) {
2228 switch (ino64_trunc_error) {
2235 ost->st_nlink = UINT16_MAX;
2239 ost->st_uid = st->st_uid;
2240 ost->st_gid = st->st_gid;
2241 ost->st_rdev = st->st_rdev;
2242 if (ost->st_rdev != st->st_rdev) {
2243 switch (ino64_trunc_error) {
2250 ost->st_atim = st->st_atim;
2251 ost->st_mtim = st->st_mtim;
2252 ost->st_ctim = st->st_ctim;
2253 ost->st_size = st->st_size;
2254 ost->st_blocks = st->st_blocks;
2255 ost->st_blksize = st->st_blksize;
2256 ost->st_flags = st->st_flags;
2257 ost->st_gen = st->st_gen;
2259 ost->st_birthtim = st->st_birthtim;
2260 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim),
2261 sizeof(*ost) - offsetof(struct freebsd11_stat,
2262 st_birthtim) - sizeof(ost->st_birthtim));
2267 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap)
2270 struct freebsd11_stat osb;
2273 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2277 error = freebsd11_cvtstat(&sb, &osb);
2279 error = copyout(&osb, uap->ub, sizeof(osb));
2284 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap)
2287 struct freebsd11_stat osb;
2290 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2291 UIO_USERSPACE, &sb, NULL);
2294 error = freebsd11_cvtstat(&sb, &osb);
2296 error = copyout(&osb, uap->ub, sizeof(osb));
2301 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap)
2305 struct freebsd11_stat osb;
2308 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
2311 error = kern_fhstat(td, fh, &sb);
2314 error = freebsd11_cvtstat(&sb, &osb);
2316 error = copyout(&osb, uap->sb, sizeof(osb));
2321 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap)
2324 struct freebsd11_stat osb;
2327 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2328 UIO_USERSPACE, &sb, NULL);
2331 error = freebsd11_cvtstat(&sb, &osb);
2333 error = copyout(&osb, uap->buf, sizeof(osb));
2336 #endif /* COMPAT_FREEBSD11 */
2341 #ifndef _SYS_SYSPROTO_H_
2342 struct fstatat_args {
2350 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2355 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2356 UIO_USERSPACE, &sb, NULL);
2358 error = copyout(&sb, uap->buf, sizeof (sb));
2363 kern_statat(struct thread *td, int flag, int fd, const char *path,
2364 enum uio_seg pathseg, struct stat *sbp,
2365 void (*hook)(struct vnode *vp, struct stat *sbp))
2367 struct nameidata nd;
2370 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_BENEATH)) != 0)
2373 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) != 0 ?
2374 NOFOLLOW : FOLLOW) | ((flag & AT_BENEATH) != 0 ? BENEATH : 0) |
2375 LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd,
2376 &cap_fstat_rights, td);
2378 if ((error = namei(&nd)) != 0)
2380 error = VOP_STAT(nd.ni_vp, sbp, td->td_ucred, NOCRED, td);
2382 if (__predict_false(hook != NULL))
2383 hook(nd.ni_vp, sbp);
2385 NDFREE(&nd, NDF_ONLY_PNBUF);
2387 #ifdef __STAT_TIME_T_EXT
2388 sbp->st_atim_ext = 0;
2389 sbp->st_mtim_ext = 0;
2390 sbp->st_ctim_ext = 0;
2391 sbp->st_btim_ext = 0;
2394 if (KTRPOINT(td, KTR_STRUCT))
2395 ktrstat_error(sbp, error);
2400 #if defined(COMPAT_FREEBSD11)
2402 * Implementation of the NetBSD [l]stat() functions.
2405 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb)
2408 bzero(nsb, sizeof(*nsb));
2409 nsb->st_dev = sb->st_dev;
2410 nsb->st_ino = sb->st_ino;
2411 nsb->st_mode = sb->st_mode;
2412 nsb->st_nlink = sb->st_nlink;
2413 nsb->st_uid = sb->st_uid;
2414 nsb->st_gid = sb->st_gid;
2415 nsb->st_rdev = sb->st_rdev;
2416 nsb->st_atim = sb->st_atim;
2417 nsb->st_mtim = sb->st_mtim;
2418 nsb->st_ctim = sb->st_ctim;
2419 nsb->st_size = sb->st_size;
2420 nsb->st_blocks = sb->st_blocks;
2421 nsb->st_blksize = sb->st_blksize;
2422 nsb->st_flags = sb->st_flags;
2423 nsb->st_gen = sb->st_gen;
2424 nsb->st_birthtim = sb->st_birthtim;
2427 #ifndef _SYS_SYSPROTO_H_
2428 struct freebsd11_nstat_args {
2434 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap)
2440 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2444 freebsd11_cvtnstat(&sb, &nsb);
2445 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2449 * NetBSD lstat. Get file status; this version does not follow links.
2451 #ifndef _SYS_SYSPROTO_H_
2452 struct freebsd11_nlstat_args {
2458 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap)
2464 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2465 UIO_USERSPACE, &sb, NULL);
2468 freebsd11_cvtnstat(&sb, &nsb);
2469 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2471 #endif /* COMPAT_FREEBSD11 */
2474 * Get configurable pathname variables.
2476 #ifndef _SYS_SYSPROTO_H_
2477 struct pathconf_args {
2483 sys_pathconf(struct thread *td, struct pathconf_args *uap)
2488 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW,
2491 td->td_retval[0] = value;
2495 #ifndef _SYS_SYSPROTO_H_
2496 struct lpathconf_args {
2502 sys_lpathconf(struct thread *td, struct lpathconf_args *uap)
2507 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2510 td->td_retval[0] = value;
2515 kern_pathconf(struct thread *td, const char *path, enum uio_seg pathseg,
2516 int name, u_long flags, long *valuep)
2518 struct nameidata nd;
2521 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2523 if ((error = namei(&nd)) != 0)
2525 NDFREE(&nd, NDF_ONLY_PNBUF);
2527 error = VOP_PATHCONF(nd.ni_vp, name, valuep);
2533 * Return target name of a symbolic link.
2535 #ifndef _SYS_SYSPROTO_H_
2536 struct readlink_args {
2543 sys_readlink(struct thread *td, struct readlink_args *uap)
2546 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2547 uap->buf, UIO_USERSPACE, uap->count));
2549 #ifndef _SYS_SYSPROTO_H_
2550 struct readlinkat_args {
2558 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2561 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2562 uap->buf, UIO_USERSPACE, uap->bufsize));
2566 kern_readlinkat(struct thread *td, int fd, const char *path,
2567 enum uio_seg pathseg, char *buf, enum uio_seg bufseg, size_t count)
2570 struct nameidata nd;
2573 if (count > IOSIZE_MAX)
2576 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
2577 pathseg, path, fd, td);
2579 if ((error = namei(&nd)) != 0)
2581 NDFREE(&nd, NDF_ONLY_PNBUF);
2584 error = kern_readlink_vp(vp, buf, bufseg, count, td);
2591 * Helper function to readlink from a vnode
2594 kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg, size_t count,
2601 ASSERT_VOP_LOCKED(vp, "kern_readlink_vp(): vp not locked");
2603 error = mac_vnode_check_readlink(td->td_ucred, vp);
2607 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0)
2610 aiov.iov_base = buf;
2611 aiov.iov_len = count;
2612 auio.uio_iov = &aiov;
2613 auio.uio_iovcnt = 1;
2614 auio.uio_offset = 0;
2615 auio.uio_rw = UIO_READ;
2616 auio.uio_segflg = bufseg;
2618 auio.uio_resid = count;
2619 error = VOP_READLINK(vp, &auio, td->td_ucred);
2620 td->td_retval[0] = count - auio.uio_resid;
2625 * Common implementation code for chflags() and fchflags().
2628 setfflags(struct thread *td, struct vnode *vp, u_long flags)
2634 /* We can't support the value matching VNOVAL. */
2635 if (flags == VNOVAL)
2636 return (EOPNOTSUPP);
2639 * Prevent non-root users from setting flags on devices. When
2640 * a device is reused, users can retain ownership of the device
2641 * if they are allowed to set flags and programs assume that
2642 * chown can't fail when done as root.
2644 if (vp->v_type == VCHR || vp->v_type == VBLK) {
2645 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2650 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2653 vattr.va_flags = flags;
2654 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2656 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2659 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2661 vn_finished_write(mp);
2666 * Change flags of a file given a path name.
2668 #ifndef _SYS_SYSPROTO_H_
2669 struct chflags_args {
2675 sys_chflags(struct thread *td, struct chflags_args *uap)
2678 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2682 #ifndef _SYS_SYSPROTO_H_
2683 struct chflagsat_args {
2691 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2694 if ((uap->atflag & ~(AT_SYMLINK_NOFOLLOW | AT_BENEATH)) != 0)
2697 return (kern_chflagsat(td, uap->fd, uap->path, UIO_USERSPACE,
2698 uap->flags, uap->atflag));
2702 * Same as chflags() but doesn't follow symlinks.
2704 #ifndef _SYS_SYSPROTO_H_
2705 struct lchflags_args {
2711 sys_lchflags(struct thread *td, struct lchflags_args *uap)
2714 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2715 uap->flags, AT_SYMLINK_NOFOLLOW));
2719 kern_chflagsat(struct thread *td, int fd, const char *path,
2720 enum uio_seg pathseg, u_long flags, int atflag)
2722 struct nameidata nd;
2725 AUDIT_ARG_FFLAGS(flags);
2726 follow = (atflag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2727 follow |= (atflag & AT_BENEATH) != 0 ? BENEATH : 0;
2728 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2729 &cap_fchflags_rights, td);
2730 if ((error = namei(&nd)) != 0)
2732 NDFREE(&nd, NDF_ONLY_PNBUF);
2733 error = setfflags(td, nd.ni_vp, flags);
2739 * Change flags of a file given a file descriptor.
2741 #ifndef _SYS_SYSPROTO_H_
2742 struct fchflags_args {
2748 sys_fchflags(struct thread *td, struct fchflags_args *uap)
2753 AUDIT_ARG_FD(uap->fd);
2754 AUDIT_ARG_FFLAGS(uap->flags);
2755 error = getvnode(td, uap->fd, &cap_fchflags_rights,
2760 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2761 AUDIT_ARG_VNODE1(fp->f_vnode);
2762 VOP_UNLOCK(fp->f_vnode);
2764 error = setfflags(td, fp->f_vnode, uap->flags);
2770 * Common implementation code for chmod(), lchmod() and fchmod().
2773 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode)
2779 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2781 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2783 vattr.va_mode = mode & ALLPERMS;
2785 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2788 error = VOP_SETATTR(vp, &vattr, cred);
2790 vn_finished_write(mp);
2795 * Change mode of a file given path name.
2797 #ifndef _SYS_SYSPROTO_H_
2804 sys_chmod(struct thread *td, struct chmod_args *uap)
2807 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2811 #ifndef _SYS_SYSPROTO_H_
2812 struct fchmodat_args {
2820 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2823 if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_BENEATH)) != 0)
2826 return (kern_fchmodat(td, uap->fd, uap->path, UIO_USERSPACE,
2827 uap->mode, uap->flag));
2831 * Change mode of a file given path name (don't follow links.)
2833 #ifndef _SYS_SYSPROTO_H_
2834 struct lchmod_args {
2840 sys_lchmod(struct thread *td, struct lchmod_args *uap)
2843 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2844 uap->mode, AT_SYMLINK_NOFOLLOW));
2848 kern_fchmodat(struct thread *td, int fd, const char *path,
2849 enum uio_seg pathseg, mode_t mode, int flag)
2851 struct nameidata nd;
2854 AUDIT_ARG_MODE(mode);
2855 follow = (flag & AT_SYMLINK_NOFOLLOW) != 0 ? NOFOLLOW : FOLLOW;
2856 follow |= (flag & AT_BENEATH) != 0 ? BENEATH : 0;
2857 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2858 &cap_fchmod_rights, td);
2859 if ((error = namei(&nd)) != 0)
2861 NDFREE(&nd, NDF_ONLY_PNBUF);
2862 error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2868 * Change mode of a file given a file descriptor.
2870 #ifndef _SYS_SYSPROTO_H_
2871 struct fchmod_args {
2877 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2882 AUDIT_ARG_FD(uap->fd);
2883 AUDIT_ARG_MODE(uap->mode);
2885 error = fget(td, uap->fd, &cap_fchmod_rights, &fp);
2888 error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2894 * Common implementation for chown(), lchown(), and fchown()
2897 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid,
2904 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2906 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2911 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2915 error = VOP_SETATTR(vp, &vattr, cred);
2917 vn_finished_write(mp);
2922 * Set ownership given a path name.
2924 #ifndef _SYS_SYSPROTO_H_
2932 sys_chown(struct thread *td, struct chown_args *uap)
2935 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid,
2939 #ifndef _SYS_SYSPROTO_H_
2940 struct fchownat_args {
2949 sys_fchownat(struct thread *td, struct fchownat_args *uap)
2952 if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_BENEATH)) != 0)
2955 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
2956 uap->gid, uap->flag));
2960 kern_fchownat(struct thread *td, int fd, const char *path,
2961 enum uio_seg pathseg, int uid, int gid, int flag)
2963 struct nameidata nd;
2966 AUDIT_ARG_OWNER(uid, gid);
2967 follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
2968 follow |= (flag & AT_BENEATH) != 0 ? BENEATH : 0;
2969 NDINIT_ATRIGHTS(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path, fd,
2970 &cap_fchown_rights, td);
2972 if ((error = namei(&nd)) != 0)
2974 NDFREE(&nd, NDF_ONLY_PNBUF);
2975 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
2981 * Set ownership given a path name, do not cross symlinks.
2983 #ifndef _SYS_SYSPROTO_H_
2984 struct lchown_args {
2991 sys_lchown(struct thread *td, struct lchown_args *uap)
2994 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2995 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW));
2999 * Set ownership given a file descriptor.
3001 #ifndef _SYS_SYSPROTO_H_
3002 struct fchown_args {
3009 sys_fchown(struct thread *td, struct fchown_args *uap)
3014 AUDIT_ARG_FD(uap->fd);
3015 AUDIT_ARG_OWNER(uap->uid, uap->gid);
3016 error = fget(td, uap->fd, &cap_fchown_rights, &fp);
3019 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
3025 * Common implementation code for utimes(), lutimes(), and futimes().
3028 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg,
3029 struct timespec *tsp)
3031 struct timeval tv[2];
3032 const struct timeval *tvp;
3035 if (usrtvp == NULL) {
3036 vfs_timestamp(&tsp[0]);
3039 if (tvpseg == UIO_SYSSPACE) {
3042 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
3047 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
3048 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
3050 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3051 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3057 * Common implementation code for futimens(), utimensat().
3059 #define UTIMENS_NULL 0x1
3060 #define UTIMENS_EXIT 0x2
3062 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
3063 struct timespec *tsp, int *retflags)
3065 struct timespec tsnow;
3068 vfs_timestamp(&tsnow);
3070 if (usrtsp == NULL) {
3073 *retflags |= UTIMENS_NULL;
3076 if (tspseg == UIO_SYSSPACE) {
3079 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
3081 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
3082 *retflags |= UTIMENS_EXIT;
3083 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
3084 *retflags |= UTIMENS_NULL;
3085 if (tsp[0].tv_nsec == UTIME_OMIT)
3086 tsp[0].tv_sec = VNOVAL;
3087 else if (tsp[0].tv_nsec == UTIME_NOW)
3089 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
3091 if (tsp[1].tv_nsec == UTIME_OMIT)
3092 tsp[1].tv_sec = VNOVAL;
3093 else if (tsp[1].tv_nsec == UTIME_NOW)
3095 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
3102 * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
3106 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts,
3107 int numtimes, int nullflag)
3111 int error, setbirthtime;
3113 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
3115 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3117 if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) &&
3118 timespeccmp(&ts[1], &vattr.va_birthtime, < ))
3121 vattr.va_atime = ts[0];
3122 vattr.va_mtime = ts[1];
3124 vattr.va_birthtime = ts[1];
3126 vattr.va_birthtime = ts[2];
3128 vattr.va_vaflags |= VA_UTIMES_NULL;
3130 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3134 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3136 vn_finished_write(mp);
3141 * Set the access and modification times of a file.
3143 #ifndef _SYS_SYSPROTO_H_
3144 struct utimes_args {
3146 struct timeval *tptr;
3150 sys_utimes(struct thread *td, struct utimes_args *uap)
3153 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3154 uap->tptr, UIO_USERSPACE));
3157 #ifndef _SYS_SYSPROTO_H_
3158 struct futimesat_args {
3161 const struct timeval * times;
3165 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3168 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3169 uap->times, UIO_USERSPACE));
3173 kern_utimesat(struct thread *td, int fd, const char *path,
3174 enum uio_seg pathseg, struct timeval *tptr, enum uio_seg tptrseg)
3176 struct nameidata nd;
3177 struct timespec ts[2];
3180 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3182 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3183 &cap_futimes_rights, td);
3185 if ((error = namei(&nd)) != 0)
3187 NDFREE(&nd, NDF_ONLY_PNBUF);
3188 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3194 * Set the access and modification times of a file.
3196 #ifndef _SYS_SYSPROTO_H_
3197 struct lutimes_args {
3199 struct timeval *tptr;
3203 sys_lutimes(struct thread *td, struct lutimes_args *uap)
3206 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3211 kern_lutimes(struct thread *td, const char *path, enum uio_seg pathseg,
3212 struct timeval *tptr, enum uio_seg tptrseg)
3214 struct timespec ts[2];
3215 struct nameidata nd;
3218 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3220 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td);
3221 if ((error = namei(&nd)) != 0)
3223 NDFREE(&nd, NDF_ONLY_PNBUF);
3224 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3230 * Set the access and modification times of a file.
3232 #ifndef _SYS_SYSPROTO_H_
3233 struct futimes_args {
3235 struct timeval *tptr;
3239 sys_futimes(struct thread *td, struct futimes_args *uap)
3242 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3246 kern_futimes(struct thread *td, int fd, struct timeval *tptr,
3247 enum uio_seg tptrseg)
3249 struct timespec ts[2];
3254 error = getutimes(tptr, tptrseg, ts);
3257 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3261 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3262 AUDIT_ARG_VNODE1(fp->f_vnode);
3263 VOP_UNLOCK(fp->f_vnode);
3265 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3271 sys_futimens(struct thread *td, struct futimens_args *uap)
3274 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3278 kern_futimens(struct thread *td, int fd, struct timespec *tptr,
3279 enum uio_seg tptrseg)
3281 struct timespec ts[2];
3286 error = getutimens(tptr, tptrseg, ts, &flags);
3289 if (flags & UTIMENS_EXIT)
3291 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3295 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3296 AUDIT_ARG_VNODE1(fp->f_vnode);
3297 VOP_UNLOCK(fp->f_vnode);
3299 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3305 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3308 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3309 uap->times, UIO_USERSPACE, uap->flag));
3313 kern_utimensat(struct thread *td, int fd, const char *path,
3314 enum uio_seg pathseg, struct timespec *tptr, enum uio_seg tptrseg,
3317 struct nameidata nd;
3318 struct timespec ts[2];
3321 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_BENEATH)) != 0)
3324 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3326 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
3327 FOLLOW) | ((flag & AT_BENEATH) != 0 ? BENEATH : 0) | AUDITVNODE1,
3328 pathseg, path, fd, &cap_futimes_rights, td);
3329 if ((error = namei(&nd)) != 0)
3332 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3334 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3335 * "Search permission is denied by a component of the path prefix."
3337 NDFREE(&nd, NDF_ONLY_PNBUF);
3338 if ((flags & UTIMENS_EXIT) == 0)
3339 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3345 * Truncate a file given its path name.
3347 #ifndef _SYS_SYSPROTO_H_
3348 struct truncate_args {
3355 sys_truncate(struct thread *td, struct truncate_args *uap)
3358 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3362 kern_truncate(struct thread *td, const char *path, enum uio_seg pathseg,
3369 struct nameidata nd;
3374 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
3375 if ((error = namei(&nd)) != 0)
3378 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3379 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
3380 vn_rangelock_unlock(vp, rl_cookie);
3384 NDFREE(&nd, NDF_ONLY_PNBUF);
3385 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3386 if (vp->v_type == VDIR)
3389 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) {
3392 else if ((error = vn_writechk(vp)) == 0 &&
3393 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
3395 vattr.va_size = length;
3396 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3399 vn_finished_write(mp);
3400 vn_rangelock_unlock(vp, rl_cookie);
3405 #if defined(COMPAT_43)
3407 * Truncate a file given its path name.
3409 #ifndef _SYS_SYSPROTO_H_
3410 struct otruncate_args {
3416 otruncate(struct thread *td, struct otruncate_args *uap)
3419 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3421 #endif /* COMPAT_43 */
3423 #if defined(COMPAT_FREEBSD6)
3424 /* Versions with the pad argument */
3426 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3429 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3433 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3436 return (kern_ftruncate(td, uap->fd, uap->length));
3441 kern_fsync(struct thread *td, int fd, bool fullsync)
3446 int error, lock_flags;
3449 error = getvnode(td, fd, &cap_fsync_rights, &fp);
3455 /* XXXKIB: compete outstanding aio writes */;
3457 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3460 if (MNT_SHARED_WRITES(mp) ||
3461 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) {
3462 lock_flags = LK_SHARED;
3464 lock_flags = LK_EXCLUSIVE;
3466 vn_lock(vp, lock_flags | LK_RETRY);
3467 AUDIT_ARG_VNODE1(vp);
3468 if (vp->v_object != NULL) {
3469 VM_OBJECT_WLOCK(vp->v_object);
3470 vm_object_page_clean(vp->v_object, 0, 0, 0);
3471 VM_OBJECT_WUNLOCK(vp->v_object);
3473 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td);
3475 vn_finished_write(mp);
3482 * Sync an open file.
3484 #ifndef _SYS_SYSPROTO_H_
3490 sys_fsync(struct thread *td, struct fsync_args *uap)
3493 return (kern_fsync(td, uap->fd, true));
3497 sys_fdatasync(struct thread *td, struct fdatasync_args *uap)
3500 return (kern_fsync(td, uap->fd, false));
3504 * Rename files. Source and destination must either both be directories, or
3505 * both not be directories. If target is a directory, it must be empty.
3507 #ifndef _SYS_SYSPROTO_H_
3508 struct rename_args {
3514 sys_rename(struct thread *td, struct rename_args *uap)
3517 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD,
3518 uap->to, UIO_USERSPACE));
3521 #ifndef _SYS_SYSPROTO_H_
3522 struct renameat_args {
3530 sys_renameat(struct thread *td, struct renameat_args *uap)
3533 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3539 kern_renameat_mac(struct thread *td, int oldfd, const char *old, int newfd,
3540 const char *new, enum uio_seg pathseg, struct nameidata *fromnd)
3544 NDINIT_ATRIGHTS(fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
3545 AUDITVNODE1, pathseg, old, oldfd, &cap_renameat_source_rights, td);
3546 if ((error = namei(fromnd)) != 0)
3548 error = mac_vnode_check_rename_from(td->td_ucred, fromnd->ni_dvp,
3549 fromnd->ni_vp, &fromnd->ni_cnd);
3550 VOP_UNLOCK(fromnd->ni_dvp);
3551 if (fromnd->ni_dvp != fromnd->ni_vp)
3552 VOP_UNLOCK(fromnd->ni_vp);
3554 NDFREE(fromnd, NDF_ONLY_PNBUF);
3555 vrele(fromnd->ni_dvp);
3556 vrele(fromnd->ni_vp);
3557 if (fromnd->ni_startdir)
3558 vrele(fromnd->ni_startdir);
3565 kern_renameat(struct thread *td, int oldfd, const char *old, int newfd,
3566 const char *new, enum uio_seg pathseg)
3568 struct mount *mp = NULL;
3569 struct vnode *tvp, *fvp, *tdvp;
3570 struct nameidata fromnd, tond;
3576 if (mac_vnode_check_rename_from_enabled()) {
3577 error = kern_renameat_mac(td, oldfd, old, newfd, new, pathseg,
3583 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1,
3584 pathseg, old, oldfd, &cap_renameat_source_rights, td);
3585 if ((error = namei(&fromnd)) != 0)
3591 NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE |
3592 SAVESTART | AUDITVNODE2, pathseg, new, newfd,
3593 &cap_renameat_target_rights, td);
3594 if (fromnd.ni_vp->v_type == VDIR)
3595 tond.ni_cnd.cn_flags |= WILLBEDIR;
3596 if ((error = namei(&tond)) != 0) {
3597 /* Translate error code for rename("dir1", "dir2/."). */
3598 if (error == EISDIR && fvp->v_type == VDIR)
3600 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3601 vrele(fromnd.ni_dvp);
3607 error = vn_start_write(fvp, &mp, V_NOWAIT);
3609 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3610 NDFREE(&tond, NDF_ONLY_PNBUF);
3617 vrele(fromnd.ni_dvp);
3619 vrele(tond.ni_startdir);
3620 if (fromnd.ni_startdir != NULL)
3621 vrele(fromnd.ni_startdir);
3622 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
3628 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3631 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3636 if (newfd != AT_FDCWD && (tond.ni_resflags & NIRES_ABS) == 0) {
3638 * If the target already exists we require CAP_UNLINKAT
3639 * from 'newfd', when newfd was used for the lookup.
3641 error = cap_check(&tond.ni_filecaps.fc_rights,
3642 &cap_unlinkat_rights);
3653 * If the source is the same as the destination (that is, if they
3654 * are links to the same vnode), then there is nothing to do.
3660 error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3661 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3665 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3666 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3667 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3668 NDFREE(&tond, NDF_ONLY_PNBUF);
3670 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3671 NDFREE(&tond, NDF_ONLY_PNBUF);
3678 vrele(fromnd.ni_dvp);
3681 vrele(tond.ni_startdir);
3682 vn_finished_write(mp);
3684 if (fromnd.ni_startdir)
3685 vrele(fromnd.ni_startdir);
3692 * Make a directory file.
3694 #ifndef _SYS_SYSPROTO_H_
3701 sys_mkdir(struct thread *td, struct mkdir_args *uap)
3704 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3708 #ifndef _SYS_SYSPROTO_H_
3709 struct mkdirat_args {
3716 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3719 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3723 kern_mkdirat(struct thread *td, int fd, const char *path, enum uio_seg segflg,
3729 struct nameidata nd;
3732 AUDIT_ARG_MODE(mode);
3735 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
3736 NOCACHE, segflg, path, fd, &cap_mkdirat_rights,
3738 nd.ni_cnd.cn_flags |= WILLBEDIR;
3739 if ((error = namei(&nd)) != 0)
3743 NDFREE(&nd, NDF_ONLY_PNBUF);
3745 * XXX namei called with LOCKPARENT but not LOCKLEAF has
3746 * the strange behaviour of leaving the vnode unlocked
3747 * if the target is the same vnode as the parent.
3749 if (vp == nd.ni_dvp)
3756 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3757 NDFREE(&nd, NDF_ONLY_PNBUF);
3759 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3764 vattr.va_type = VDIR;
3765 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask;
3767 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3772 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3776 NDFREE(&nd, NDF_ONLY_PNBUF);
3780 vn_finished_write(mp);
3785 * Remove a directory file.
3787 #ifndef _SYS_SYSPROTO_H_
3793 sys_rmdir(struct thread *td, struct rmdir_args *uap)
3796 return (kern_frmdirat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
3801 kern_frmdirat(struct thread *td, int dfd, const char *path, int fd,
3802 enum uio_seg pathseg, int flag)
3807 struct nameidata nd;
3808 cap_rights_t rights;
3812 if (fd != FD_NONE) {
3813 error = getvnode(td, fd, cap_rights_init_one(&rights, CAP_LOOKUP),
3821 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
3822 ((flag & AT_BENEATH) != 0 ? BENEATH : 0),
3823 pathseg, path, dfd, &cap_unlinkat_rights, td);
3824 if ((error = namei(&nd)) != 0)
3827 if (vp->v_type != VDIR) {
3832 * No rmdir "." please.
3834 if (nd.ni_dvp == vp) {
3839 * The root of a mounted filesystem cannot be deleted.
3841 if (vp->v_vflag & VV_ROOT) {
3846 if (fp != NULL && fp->f_vnode != vp) {
3847 if (VN_IS_DOOMED(fp->f_vnode))
3855 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3860 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3861 NDFREE(&nd, NDF_ONLY_PNBUF);
3863 if (nd.ni_dvp == vp)
3867 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3871 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3872 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3873 vn_finished_write(mp);
3875 NDFREE(&nd, NDF_ONLY_PNBUF);
3877 if (nd.ni_dvp == vp)
3887 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
3889 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count,
3890 long *basep, void (*func)(struct freebsd11_dirent *))
3892 struct freebsd11_dirent dstdp;
3893 struct dirent *dp, *edp;
3896 ssize_t resid, ucount;
3899 /* XXX arbitrary sanity limit on `count'. */
3900 count = min(count, 64 * 1024);
3902 dirbuf = malloc(count, M_TEMP, M_WAITOK);
3904 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid,
3912 for (dp = (struct dirent *)dirbuf,
3913 edp = (struct dirent *)&dirbuf[count - resid];
3914 ucount < count && dp < edp; ) {
3915 if (dp->d_reclen == 0)
3917 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0));
3918 if (dp->d_namlen >= sizeof(dstdp.d_name))
3920 dstdp.d_type = dp->d_type;
3921 dstdp.d_namlen = dp->d_namlen;
3922 dstdp.d_fileno = dp->d_fileno; /* truncate */
3923 if (dstdp.d_fileno != dp->d_fileno) {
3924 switch (ino64_trunc_error) {
3932 dstdp.d_fileno = UINT32_MAX;
3936 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) +
3937 ((dp->d_namlen + 1 + 3) &~ 3);
3938 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
3939 bzero(dstdp.d_name + dstdp.d_namlen,
3940 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) -
3942 MPASS(dstdp.d_reclen <= dp->d_reclen);
3943 MPASS(ucount + dstdp.d_reclen <= count);
3946 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen);
3949 dp = (struct dirent *)((char *)dp + dp->d_reclen);
3950 ucount += dstdp.d_reclen;
3954 free(dirbuf, M_TEMP);
3956 td->td_retval[0] = ucount;
3963 ogetdirentries_cvt(struct freebsd11_dirent *dp)
3965 #if (BYTE_ORDER == LITTLE_ENDIAN)
3967 * The expected low byte of dp->d_namlen is our dp->d_type.
3968 * The high MBZ byte of dp->d_namlen is our dp->d_namlen.
3970 dp->d_type = dp->d_namlen;
3974 * The dp->d_type is the high byte of the expected dp->d_namlen,
3975 * so must be zero'ed.
3982 * Read a block of directory entries in a filesystem independent format.
3984 #ifndef _SYS_SYSPROTO_H_
3985 struct ogetdirentries_args {
3993 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
3998 error = kern_ogetdirentries(td, uap, &loff);
4000 error = copyout(&loff, uap->basep, sizeof(long));
4005 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
4011 /* XXX arbitrary sanity limit on `count'. */
4012 if (uap->count > 64 * 1024)
4015 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4016 &base, ogetdirentries_cvt);
4018 if (error == 0 && uap->basep != NULL)
4019 error = copyout(&base, uap->basep, sizeof(long));
4023 #endif /* COMPAT_43 */
4025 #if defined(COMPAT_FREEBSD11)
4026 #ifndef _SYS_SYSPROTO_H_
4027 struct freebsd11_getdirentries_args {
4035 freebsd11_getdirentries(struct thread *td,
4036 struct freebsd11_getdirentries_args *uap)
4041 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4044 if (error == 0 && uap->basep != NULL)
4045 error = copyout(&base, uap->basep, sizeof(long));
4050 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap)
4052 struct freebsd11_getdirentries_args ap;
4056 ap.count = uap->count;
4058 return (freebsd11_getdirentries(td, &ap));
4060 #endif /* COMPAT_FREEBSD11 */
4063 * Read a block of directory entries in a filesystem independent format.
4066 sys_getdirentries(struct thread *td, struct getdirentries_args *uap)
4071 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
4072 NULL, UIO_USERSPACE);
4075 if (uap->basep != NULL)
4076 error = copyout(&base, uap->basep, sizeof(off_t));
4081 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count,
4082 off_t *basep, ssize_t *residp, enum uio_seg bufseg)
4093 if (count > IOSIZE_MAX)
4095 auio.uio_resid = count;
4096 error = getvnode(td, fd, &cap_read_rights, &fp);
4099 if ((fp->f_flag & FREAD) == 0) {
4104 foffset = foffset_lock(fp, 0);
4106 if (vp->v_type != VDIR) {
4110 aiov.iov_base = buf;
4111 aiov.iov_len = count;
4112 auio.uio_iov = &aiov;
4113 auio.uio_iovcnt = 1;
4114 auio.uio_rw = UIO_READ;
4115 auio.uio_segflg = bufseg;
4117 vn_lock(vp, LK_SHARED | LK_RETRY);
4118 AUDIT_ARG_VNODE1(vp);
4119 loff = auio.uio_offset = foffset;
4121 error = mac_vnode_check_readdir(td->td_ucred, vp);
4124 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4126 foffset = auio.uio_offset;
4131 if (count == auio.uio_resid &&
4132 (vp->v_vflag & VV_ROOT) &&
4133 (vp->v_mount->mnt_flag & MNT_UNION)) {
4134 struct vnode *tvp = vp;
4136 vp = vp->v_mount->mnt_vnodecovered;
4147 *residp = auio.uio_resid;
4148 td->td_retval[0] = count - auio.uio_resid;
4150 foffset_unlock(fp, foffset, 0);
4156 * Set the mode mask for creation of filesystem nodes.
4158 #ifndef _SYS_SYSPROTO_H_
4164 sys_umask(struct thread *td, struct umask_args *uap)
4166 struct filedesc *fdp;
4168 fdp = td->td_proc->p_fd;
4169 FILEDESC_XLOCK(fdp);
4170 td->td_retval[0] = fdp->fd_cmask;
4171 fdp->fd_cmask = uap->newmask & ALLPERMS;
4172 FILEDESC_XUNLOCK(fdp);
4177 * Void all references to file by ripping underlying filesystem away from
4180 #ifndef _SYS_SYSPROTO_H_
4181 struct revoke_args {
4186 sys_revoke(struct thread *td, struct revoke_args *uap)
4190 struct nameidata nd;
4193 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4195 if ((error = namei(&nd)) != 0)
4198 NDFREE(&nd, NDF_ONLY_PNBUF);
4199 if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4204 error = mac_vnode_check_revoke(td->td_ucred, vp);
4208 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4211 if (td->td_ucred->cr_uid != vattr.va_uid) {
4212 error = priv_check(td, PRIV_VFS_ADMIN);
4216 if (vp->v_usecount > 1 || vcount(vp) > 1)
4217 VOP_REVOKE(vp, REVOKEALL);
4224 * Convert a user file descriptor to a kernel file entry and check that, if it
4225 * is a capability, the correct rights are present. A reference on the file
4226 * entry is held upon returning.
4229 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
4234 error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp);
4239 * The file could be not of the vnode type, or it may be not
4240 * yet fully initialized, in which case the f_vnode pointer
4241 * may be set, but f_ops is still badfileops. E.g.,
4242 * devfs_open() transiently create such situation to
4243 * facilitate csw d_fdopen().
4245 * Dupfdopen() handling in kern_openat() installs the
4246 * half-baked file into the process descriptor table, allowing
4247 * other thread to dereference it. Guard against the race by
4250 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) {
4259 * Get an (NFS) file handle.
4261 #ifndef _SYS_SYSPROTO_H_
4262 struct lgetfh_args {
4268 sys_lgetfh(struct thread *td, struct lgetfh_args *uap)
4271 return (kern_getfhat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->fname,
4272 UIO_USERSPACE, uap->fhp));
4275 #ifndef _SYS_SYSPROTO_H_
4282 sys_getfh(struct thread *td, struct getfh_args *uap)
4285 return (kern_getfhat(td, 0, AT_FDCWD, uap->fname, UIO_USERSPACE,
4290 * syscall for the rpc.lockd to use to translate an open descriptor into
4291 * a NFS file handle.
4293 * warning: do not remove the priv_check() call or this becomes one giant
4296 #ifndef _SYS_SYSPROTO_H_
4297 struct getfhat_args {
4305 sys_getfhat(struct thread *td, struct getfhat_args *uap)
4308 if ((uap->flags & ~(AT_SYMLINK_NOFOLLOW | AT_BENEATH)) != 0)
4310 return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
4315 kern_getfhat(struct thread *td, int flags, int fd, const char *path,
4316 enum uio_seg pathseg, fhandle_t *fhp)
4318 struct nameidata nd;
4323 error = priv_check(td, PRIV_VFS_GETFH);
4326 NDINIT_AT(&nd, LOOKUP, ((flags & AT_SYMLINK_NOFOLLOW) != 0 ? NOFOLLOW :
4327 FOLLOW) | ((flags & AT_BENEATH) != 0 ? BENEATH : 0) | LOCKLEAF |
4328 AUDITVNODE1, pathseg, path, fd, td);
4332 NDFREE(&nd, NDF_ONLY_PNBUF);
4334 bzero(&fh, sizeof(fh));
4335 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4336 error = VOP_VPTOFH(vp, &fh.fh_fid);
4339 error = copyout(&fh, fhp, sizeof (fh));
4343 #ifndef _SYS_SYSPROTO_H_
4344 struct fhlink_args {
4350 sys_fhlink(struct thread *td, struct fhlink_args *uap)
4353 return (kern_fhlinkat(td, AT_FDCWD, uap->to, UIO_USERSPACE, uap->fhp));
4356 #ifndef _SYS_SYSPROTO_H_
4357 struct fhlinkat_args {
4364 sys_fhlinkat(struct thread *td, struct fhlinkat_args *uap)
4367 return (kern_fhlinkat(td, uap->tofd, uap->to, UIO_USERSPACE, uap->fhp));
4371 kern_fhlinkat(struct thread *td, int fd, const char *path,
4372 enum uio_seg pathseg, fhandle_t *fhp)
4379 error = priv_check(td, PRIV_VFS_GETFH);
4382 error = copyin(fhp, &fh, sizeof(fh));
4387 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4389 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4394 } while ((error = kern_linkat_vp(td, vp, fd, path, pathseg)) == EAGAIN);
4398 #ifndef _SYS_SYSPROTO_H_
4399 struct fhreadlink_args {
4406 sys_fhreadlink(struct thread *td, struct fhreadlink_args *uap)
4413 error = priv_check(td, PRIV_VFS_GETFH);
4416 if (uap->bufsize > IOSIZE_MAX)
4418 error = copyin(uap->fhp, &fh, sizeof(fh));
4421 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4423 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4427 error = kern_readlink_vp(vp, uap->buf, UIO_USERSPACE, uap->bufsize, td);
4433 * syscall for the rpc.lockd to use to translate a NFS file handle into an
4436 * warning: do not remove the priv_check() call or this becomes one giant
4439 #ifndef _SYS_SYSPROTO_H_
4440 struct fhopen_args {
4441 const struct fhandle *u_fhp;
4446 sys_fhopen(struct thread *td, struct fhopen_args *uap)
4455 error = priv_check(td, PRIV_VFS_FHOPEN);
4459 fmode = FFLAGS(uap->flags);
4460 /* why not allow a non-read/write open for our lockd? */
4461 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4463 error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
4466 /* find the mount point */
4467 mp = vfs_busyfs(&fhp.fh_fsid);
4470 /* now give me my vnode, it gets returned to me locked */
4471 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4476 error = falloc_noinstall(td, &fp);
4482 * An extra reference on `fp' has been held for us by
4483 * falloc_noinstall().
4489 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4491 KASSERT(fp->f_ops == &badfileops,
4492 ("VOP_OPEN in fhopen() set f_ops"));
4493 KASSERT(td->td_dupfd < 0,
4494 ("fhopen() encountered fdopen()"));
4503 fp->f_seqcount[UIO_READ] = 1;
4504 fp->f_seqcount[UIO_WRITE] = 1;
4505 finit(fp, (fmode & FMASK) | (fp->f_flag & FHASLOCK), DTYPE_VNODE, vp,
4508 if ((fmode & O_TRUNC) != 0) {
4509 error = fo_truncate(fp, 0, td->td_ucred, td);
4514 error = finstall(td, fp, &indx, fmode, NULL);
4517 td->td_retval[0] = indx;
4522 * Stat an (NFS) file handle.
4524 #ifndef _SYS_SYSPROTO_H_
4525 struct fhstat_args {
4526 struct fhandle *u_fhp;
4531 sys_fhstat(struct thread *td, struct fhstat_args *uap)
4537 error = copyin(uap->u_fhp, &fh, sizeof(fh));
4540 error = kern_fhstat(td, fh, &sb);
4542 error = copyout(&sb, uap->sb, sizeof(sb));
4547 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4553 error = priv_check(td, PRIV_VFS_FHSTAT);
4556 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4558 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4562 error = VOP_STAT(vp, sb, td->td_ucred, NOCRED, td);
4568 * Implement fstatfs() for (NFS) file handles.
4570 #ifndef _SYS_SYSPROTO_H_
4571 struct fhstatfs_args {
4572 struct fhandle *u_fhp;
4577 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap)
4583 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4586 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
4587 error = kern_fhstatfs(td, fh, sfp);
4589 error = copyout(sfp, uap->buf, sizeof(*sfp));
4590 free(sfp, M_STATFS);
4595 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4601 error = priv_check(td, PRIV_VFS_FHSTATFS);
4604 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4606 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4612 error = prison_canseemount(td->td_ucred, mp);
4616 error = mac_mount_check_stat(td->td_ucred, mp);
4620 error = VFS_STATFS(mp, buf);
4627 * Unlike madvise(2), we do not make a best effort to remember every
4628 * possible caching hint. Instead, we remember the last setting with
4629 * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4630 * region of any current setting.
4633 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4636 struct fadvise_info *fa, *new;
4642 if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4644 AUDIT_ARG_VALUE(advice);
4646 case POSIX_FADV_SEQUENTIAL:
4647 case POSIX_FADV_RANDOM:
4648 case POSIX_FADV_NOREUSE:
4649 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4651 case POSIX_FADV_NORMAL:
4652 case POSIX_FADV_WILLNEED:
4653 case POSIX_FADV_DONTNEED:
4659 /* XXX: CAP_POSIX_FADVISE? */
4661 error = fget(td, fd, &cap_no_rights, &fp);
4664 AUDIT_ARG_FILE(td->td_proc, fp);
4665 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4669 if (fp->f_type != DTYPE_VNODE) {
4674 if (vp->v_type != VREG) {
4681 end = offset + len - 1;
4683 case POSIX_FADV_SEQUENTIAL:
4684 case POSIX_FADV_RANDOM:
4685 case POSIX_FADV_NOREUSE:
4687 * Try to merge any existing non-standard region with
4688 * this new region if possible, otherwise create a new
4689 * non-standard region for this request.
4691 mtx_pool_lock(mtxpool_sleep, fp);
4693 if (fa != NULL && fa->fa_advice == advice &&
4694 ((fa->fa_start <= end && fa->fa_end >= offset) ||
4695 (end != OFF_MAX && fa->fa_start == end + 1) ||
4696 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4697 if (offset < fa->fa_start)
4698 fa->fa_start = offset;
4699 if (end > fa->fa_end)
4702 new->fa_advice = advice;
4703 new->fa_start = offset;
4708 mtx_pool_unlock(mtxpool_sleep, fp);
4710 case POSIX_FADV_NORMAL:
4712 * If a the "normal" region overlaps with an existing
4713 * non-standard region, trim or remove the
4714 * non-standard region.
4716 mtx_pool_lock(mtxpool_sleep, fp);
4719 if (offset <= fa->fa_start && end >= fa->fa_end) {
4721 fp->f_advice = NULL;
4722 } else if (offset <= fa->fa_start &&
4723 end >= fa->fa_start)
4724 fa->fa_start = end + 1;
4725 else if (offset <= fa->fa_end && end >= fa->fa_end)
4726 fa->fa_end = offset - 1;
4727 else if (offset >= fa->fa_start && end <= fa->fa_end) {
4729 * If the "normal" region is a middle
4730 * portion of the existing
4731 * non-standard region, just remove
4732 * the whole thing rather than picking
4733 * one side or the other to
4737 fp->f_advice = NULL;
4740 mtx_pool_unlock(mtxpool_sleep, fp);
4742 case POSIX_FADV_WILLNEED:
4743 case POSIX_FADV_DONTNEED:
4744 error = VOP_ADVISE(vp, offset, end, advice);
4750 free(new, M_FADVISE);
4755 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4759 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len,
4761 return (kern_posix_error(td, error));
4765 kern_copy_file_range(struct thread *td, int infd, off_t *inoffp, int outfd,
4766 off_t *outoffp, size_t len, unsigned int flags)
4768 struct file *infp, *outfp;
4769 struct vnode *invp, *outvp;
4772 void *rl_rcookie, *rl_wcookie;
4773 off_t savinoff, savoutoff;
4775 infp = outfp = NULL;
4776 rl_rcookie = rl_wcookie = NULL;
4785 if (len > SSIZE_MAX)
4787 * Although the len argument is size_t, the return argument
4788 * is ssize_t (which is signed). Therefore a size that won't
4789 * fit in ssize_t can't be returned.
4793 /* Get the file structures for the file descriptors. */
4794 error = fget_read(td, infd, &cap_read_rights, &infp);
4797 if (infp->f_ops == &badfileops) {
4801 if (infp->f_vnode == NULL) {
4805 error = fget_write(td, outfd, &cap_write_rights, &outfp);
4808 if (outfp->f_ops == &badfileops) {
4812 if (outfp->f_vnode == NULL) {
4817 /* Set the offset pointers to the correct place. */
4819 inoffp = &infp->f_offset;
4820 if (outoffp == NULL)
4821 outoffp = &outfp->f_offset;
4823 savoutoff = *outoffp;
4825 invp = infp->f_vnode;
4826 outvp = outfp->f_vnode;
4827 /* Sanity check the f_flag bits. */
4828 if ((outfp->f_flag & (FWRITE | FAPPEND)) != FWRITE ||
4829 (infp->f_flag & FREAD) == 0) {
4834 /* If len == 0, just return 0. */
4839 * If infp and outfp refer to the same file, the byte ranges cannot
4842 if (invp == outvp && ((savinoff <= savoutoff && savinoff + len >
4843 savoutoff) || (savinoff > savoutoff && savoutoff + len >
4849 /* Range lock the byte ranges for both invp and outvp. */
4851 rl_wcookie = vn_rangelock_wlock(outvp, *outoffp, *outoffp +
4853 rl_rcookie = vn_rangelock_tryrlock(invp, *inoffp, *inoffp +
4855 if (rl_rcookie != NULL)
4857 vn_rangelock_unlock(outvp, rl_wcookie);
4858 rl_rcookie = vn_rangelock_rlock(invp, *inoffp, *inoffp + len);
4859 vn_rangelock_unlock(invp, rl_rcookie);
4863 error = vn_copy_file_range(invp, inoffp, outvp, outoffp, &retlen,
4864 flags, infp->f_cred, outfp->f_cred, td);
4866 if (rl_rcookie != NULL)
4867 vn_rangelock_unlock(invp, rl_rcookie);
4868 if (rl_wcookie != NULL)
4869 vn_rangelock_unlock(outvp, rl_wcookie);
4870 if (savinoff != -1 && (error == EINTR || error == ERESTART)) {
4872 *outoffp = savoutoff;
4878 td->td_retval[0] = retlen;
4883 sys_copy_file_range(struct thread *td, struct copy_file_range_args *uap)
4885 off_t inoff, outoff, *inoffp, *outoffp;
4888 inoffp = outoffp = NULL;
4889 if (uap->inoffp != NULL) {
4890 error = copyin(uap->inoffp, &inoff, sizeof(off_t));
4895 if (uap->outoffp != NULL) {
4896 error = copyin(uap->outoffp, &outoff, sizeof(off_t));
4901 error = kern_copy_file_range(td, uap->infd, inoffp, uap->outfd,
4902 outoffp, uap->len, uap->flags);
4903 if (error == 0 && uap->inoffp != NULL)
4904 error = copyout(inoffp, uap->inoffp, sizeof(off_t));
4905 if (error == 0 && uap->outoffp != NULL)
4906 error = copyout(outoffp, uap->outoffp, sizeof(off_t));