2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_capsicum.h"
43 #include "opt_ktrace.h"
45 #include <sys/param.h>
46 #include <sys/systm.h>
49 #include <sys/capsicum.h>
51 #include <sys/sysent.h>
52 #include <sys/malloc.h>
53 #include <sys/mount.h>
54 #include <sys/mutex.h>
55 #include <sys/sysproto.h>
56 #include <sys/namei.h>
57 #include <sys/filedesc.h>
58 #include <sys/kernel.h>
59 #include <sys/fcntl.h>
61 #include <sys/filio.h>
62 #include <sys/limits.h>
63 #include <sys/linker.h>
64 #include <sys/rwlock.h>
68 #include <sys/unistd.h>
69 #include <sys/vnode.h>
72 #include <sys/dirent.h>
74 #include <sys/syscallsubr.h>
75 #include <sys/sysctl.h>
77 #include <sys/ktrace.h>
80 #include <machine/stdarg.h>
82 #include <security/audit/audit.h>
83 #include <security/mac/mac_framework.h>
86 #include <vm/vm_object.h>
87 #include <vm/vm_page.h>
90 #include <fs/devfs/devfs.h>
92 MALLOC_DEFINE(M_FADVISE, "fadvise", "posix_fadvise(2) information");
94 static int kern_chflagsat(struct thread *td, int fd, const char *path,
95 enum uio_seg pathseg, u_long flags, int atflag);
96 static int setfflags(struct thread *td, struct vnode *, u_long);
97 static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
98 static int getutimens(const struct timespec *, enum uio_seg,
99 struct timespec *, int *);
100 static int setutimes(struct thread *td, struct vnode *,
101 const struct timespec *, int, int);
102 static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
104 static int kern_fhlinkat(struct thread *td, int fd, const char *path,
105 enum uio_seg pathseg, fhandle_t *fhp);
106 static int kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg,
107 size_t count, struct thread *td);
108 static int kern_linkat_vp(struct thread *td, struct vnode *vp, int fd,
109 const char *path, enum uio_seg segflag);
112 at2cnpflags(u_int at_flags, u_int mask)
116 MPASS((at_flags & (AT_SYMLINK_FOLLOW | AT_SYMLINK_NOFOLLOW)) !=
117 (AT_SYMLINK_FOLLOW | AT_SYMLINK_NOFOLLOW));
121 if ((at_flags & AT_RESOLVE_BENEATH) != 0)
123 if ((at_flags & AT_SYMLINK_FOLLOW) != 0)
125 /* NOFOLLOW is pseudo flag */
126 if ((mask & AT_SYMLINK_NOFOLLOW) != 0) {
127 res |= (at_flags & AT_SYMLINK_NOFOLLOW) != 0 ? NOFOLLOW :
130 if ((mask & AT_EMPTY_PATH) != 0 && (at_flags & AT_EMPTY_PATH) != 0)
136 kern_sync(struct thread *td)
138 struct mount *mp, *nmp;
141 mtx_lock(&mountlist_mtx);
142 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
143 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK)) {
144 nmp = TAILQ_NEXT(mp, mnt_list);
147 if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
148 vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
149 save = curthread_pflags_set(TDP_SYNCIO);
150 vfs_periodic(mp, MNT_NOWAIT);
151 VFS_SYNC(mp, MNT_NOWAIT);
152 curthread_pflags_restore(save);
153 vn_finished_write(mp);
155 mtx_lock(&mountlist_mtx);
156 nmp = TAILQ_NEXT(mp, mnt_list);
159 mtx_unlock(&mountlist_mtx);
164 * Sync each mounted filesystem.
166 #ifndef _SYS_SYSPROTO_H_
173 sys_sync(struct thread *td, struct sync_args *uap)
176 return (kern_sync(td));
180 * Change filesystem quotas.
182 #ifndef _SYS_SYSPROTO_H_
183 struct quotactl_args {
191 sys_quotactl(struct thread *td, struct quotactl_args *uap)
198 AUDIT_ARG_CMD(uap->cmd);
199 AUDIT_ARG_UID(uap->uid);
200 if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS))
202 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
204 if ((error = namei(&nd)) != 0)
206 NDFREE(&nd, NDF_ONLY_PNBUF);
207 mp = nd.ni_vp->v_mount;
210 error = vfs_busy(mp, 0);
216 error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg, &mp_busy);
219 * Since quota on/off operations typically need to open quota
220 * files, the implementation may need to unbusy the mount point
221 * before calling into namei. Otherwise, unmount might be
222 * started between two vfs_busy() invocations (first is ours,
223 * second is from mount point cross-walk code in lookup()),
226 * Avoid unbusying mp if the implementation indicates it has
236 * Used by statfs conversion routines to scale the block size up if
237 * necessary so that all of the block counts are <= 'max_size'. Note
238 * that 'max_size' should be a bitmask, i.e. 2^n - 1 for some non-zero
242 statfs_scale_blocks(struct statfs *sf, long max_size)
247 KASSERT(powerof2(max_size + 1), ("%s: invalid max_size", __func__));
250 * Attempt to scale the block counts to give a more accurate
251 * overview to userland of the ratio of free space to used
252 * space. To do this, find the largest block count and compute
253 * a divisor that lets it fit into a signed integer <= max_size.
255 if (sf->f_bavail < 0)
256 count = -sf->f_bavail;
258 count = sf->f_bavail;
259 count = MAX(sf->f_blocks, MAX(sf->f_bfree, count));
260 if (count <= max_size)
263 count >>= flsl(max_size);
270 sf->f_bsize <<= shift;
271 sf->f_blocks >>= shift;
272 sf->f_bfree >>= shift;
273 sf->f_bavail >>= shift;
277 kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
283 error = vfs_busy(mp, 0);
288 error = mac_mount_check_stat(td->td_ucred, mp);
292 error = VFS_STATFS(mp, buf);
295 if (priv_check_cred_vfs_generation(td->td_ucred)) {
296 buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
297 prison_enforce_statfs(td->td_ucred, mp, buf);
305 * Get filesystem statistics.
307 #ifndef _SYS_SYSPROTO_H_
314 sys_statfs(struct thread *td, struct statfs_args *uap)
319 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
320 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
322 error = copyout(sfp, uap->buf, sizeof(struct statfs));
328 kern_statfs(struct thread *td, const char *path, enum uio_seg pathseg,
335 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
339 mp = vfs_ref_from_vp(nd.ni_vp);
342 return (kern_do_statfs(td, mp, buf));
346 * Get filesystem statistics.
348 #ifndef _SYS_SYSPROTO_H_
349 struct fstatfs_args {
355 sys_fstatfs(struct thread *td, struct fstatfs_args *uap)
360 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
361 error = kern_fstatfs(td, uap->fd, sfp);
363 error = copyout(sfp, uap->buf, sizeof(struct statfs));
369 kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
377 error = getvnode_path(td, fd, &cap_fstatfs_rights, &fp);
382 if (AUDITING_TD(td)) {
383 vn_lock(vp, LK_SHARED | LK_RETRY);
384 AUDIT_ARG_VNODE1(vp);
388 mp = vfs_ref_from_vp(vp);
390 return (kern_do_statfs(td, mp, buf));
394 * Get statistics on all filesystems.
396 #ifndef _SYS_SYSPROTO_H_
397 struct getfsstat_args {
404 sys_getfsstat(struct thread *td, struct getfsstat_args *uap)
409 if (uap->bufsize < 0 || uap->bufsize > SIZE_MAX)
411 error = kern_getfsstat(td, &uap->buf, uap->bufsize, &count,
412 UIO_USERSPACE, uap->mode);
414 td->td_retval[0] = count;
419 * If (bufsize > 0 && bufseg == UIO_SYSSPACE)
420 * The caller is responsible for freeing memory which will be allocated
424 kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
425 size_t *countp, enum uio_seg bufseg, int mode)
427 struct mount *mp, *nmp;
428 struct statfs *sfsp, *sp, *sptmp, *tofree;
429 size_t count, maxcount;
437 if (bufseg == UIO_SYSSPACE)
442 maxcount = bufsize / sizeof(struct statfs);
446 } else if (bufseg == UIO_USERSPACE) {
449 } else /* if (bufseg == UIO_SYSSPACE) */ {
451 mtx_lock(&mountlist_mtx);
452 TAILQ_FOREACH(mp, &mountlist, mnt_list) {
455 mtx_unlock(&mountlist_mtx);
456 if (maxcount > count)
458 tofree = sfsp = *buf = malloc(maxcount * sizeof(struct statfs),
465 * If there is no target buffer they only want the count.
467 * This could be TAILQ_FOREACH but it is open-coded to match the original
471 mtx_lock(&mountlist_mtx);
472 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
473 if (prison_canseemount(td->td_ucred, mp) != 0) {
474 nmp = TAILQ_NEXT(mp, mnt_list);
478 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
479 nmp = TAILQ_NEXT(mp, mnt_list);
484 nmp = TAILQ_NEXT(mp, mnt_list);
486 mtx_unlock(&mountlist_mtx);
492 * They want the entire thing.
494 * Short-circuit the corner case of no room for anything, avoids
501 mtx_lock(&mountlist_mtx);
502 for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
503 if (prison_canseemount(td->td_ucred, mp) != 0) {
504 nmp = TAILQ_NEXT(mp, mnt_list);
508 if (mac_mount_check_stat(td->td_ucred, mp) != 0) {
509 nmp = TAILQ_NEXT(mp, mnt_list);
513 if (mode == MNT_WAIT) {
514 if (vfs_busy(mp, MBF_MNTLSTLOCK) != 0) {
516 * If vfs_busy() failed, and MBF_NOWAIT
517 * wasn't passed, then the mp is gone.
518 * Furthermore, because of MBF_MNTLSTLOCK,
519 * the mountlist_mtx was dropped. We have
520 * no other choice than to start over.
522 mtx_unlock(&mountlist_mtx);
523 free(tofree, M_STATFS);
527 if (vfs_busy(mp, MBF_NOWAIT | MBF_MNTLSTLOCK) != 0) {
528 nmp = TAILQ_NEXT(mp, mnt_list);
534 * If MNT_NOWAIT is specified, do not refresh
537 if (mode != MNT_NOWAIT) {
538 error = VFS_STATFS(mp, sp);
540 mtx_lock(&mountlist_mtx);
541 nmp = TAILQ_NEXT(mp, mnt_list);
546 if (priv_check_cred_vfs_generation(td->td_ucred)) {
547 sptmp = malloc(sizeof(struct statfs), M_STATFS,
550 sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
551 prison_enforce_statfs(td->td_ucred, mp, sptmp);
555 if (bufseg == UIO_SYSSPACE) {
556 bcopy(sp, sfsp, sizeof(*sp));
557 free(sptmp, M_STATFS);
558 } else /* if (bufseg == UIO_USERSPACE) */ {
559 error = copyout(sp, sfsp, sizeof(*sp));
560 free(sptmp, M_STATFS);
569 if (count == maxcount) {
574 mtx_lock(&mountlist_mtx);
575 nmp = TAILQ_NEXT(mp, mnt_list);
578 mtx_unlock(&mountlist_mtx);
584 #ifdef COMPAT_FREEBSD4
586 * Get old format filesystem statistics.
588 static void freebsd4_cvtstatfs(struct statfs *, struct ostatfs *);
590 #ifndef _SYS_SYSPROTO_H_
591 struct freebsd4_statfs_args {
597 freebsd4_statfs(struct thread *td, struct freebsd4_statfs_args *uap)
603 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
604 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
606 freebsd4_cvtstatfs(sfp, &osb);
607 error = copyout(&osb, uap->buf, sizeof(osb));
614 * Get filesystem statistics.
616 #ifndef _SYS_SYSPROTO_H_
617 struct freebsd4_fstatfs_args {
623 freebsd4_fstatfs(struct thread *td, struct freebsd4_fstatfs_args *uap)
629 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
630 error = kern_fstatfs(td, uap->fd, sfp);
632 freebsd4_cvtstatfs(sfp, &osb);
633 error = copyout(&osb, uap->buf, sizeof(osb));
640 * Get statistics on all filesystems.
642 #ifndef _SYS_SYSPROTO_H_
643 struct freebsd4_getfsstat_args {
650 freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
652 struct statfs *buf, *sp;
657 if (uap->bufsize < 0)
659 count = uap->bufsize / sizeof(struct ostatfs);
660 if (count > SIZE_MAX / sizeof(struct statfs))
662 size = count * sizeof(struct statfs);
663 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
666 td->td_retval[0] = count;
669 while (count != 0 && error == 0) {
670 freebsd4_cvtstatfs(sp, &osb);
671 error = copyout(&osb, uap->buf, sizeof(osb));
682 * Implement fstatfs() for (NFS) file handles.
684 #ifndef _SYS_SYSPROTO_H_
685 struct freebsd4_fhstatfs_args {
686 struct fhandle *u_fhp;
691 freebsd4_fhstatfs(struct thread *td, struct freebsd4_fhstatfs_args *uap)
698 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
701 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
702 error = kern_fhstatfs(td, fh, sfp);
704 freebsd4_cvtstatfs(sfp, &osb);
705 error = copyout(&osb, uap->buf, sizeof(osb));
712 * Convert a new format statfs structure to an old format statfs structure.
715 freebsd4_cvtstatfs(struct statfs *nsp, struct ostatfs *osp)
718 statfs_scale_blocks(nsp, LONG_MAX);
719 bzero(osp, sizeof(*osp));
720 osp->f_bsize = nsp->f_bsize;
721 osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
722 osp->f_blocks = nsp->f_blocks;
723 osp->f_bfree = nsp->f_bfree;
724 osp->f_bavail = nsp->f_bavail;
725 osp->f_files = MIN(nsp->f_files, LONG_MAX);
726 osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
727 osp->f_owner = nsp->f_owner;
728 osp->f_type = nsp->f_type;
729 osp->f_flags = nsp->f_flags;
730 osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
731 osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
732 osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
733 osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
734 strlcpy(osp->f_fstypename, nsp->f_fstypename,
735 MIN(MFSNAMELEN, OMFSNAMELEN));
736 strlcpy(osp->f_mntonname, nsp->f_mntonname,
737 MIN(MNAMELEN, OMNAMELEN));
738 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
739 MIN(MNAMELEN, OMNAMELEN));
740 osp->f_fsid = nsp->f_fsid;
742 #endif /* COMPAT_FREEBSD4 */
744 #if defined(COMPAT_FREEBSD11)
746 * Get old format filesystem statistics.
748 static void freebsd11_cvtstatfs(struct statfs *, struct freebsd11_statfs *);
751 freebsd11_statfs(struct thread *td, struct freebsd11_statfs_args *uap)
753 struct freebsd11_statfs osb;
757 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
758 error = kern_statfs(td, uap->path, UIO_USERSPACE, sfp);
760 freebsd11_cvtstatfs(sfp, &osb);
761 error = copyout(&osb, uap->buf, sizeof(osb));
768 * Get filesystem statistics.
771 freebsd11_fstatfs(struct thread *td, struct freebsd11_fstatfs_args *uap)
773 struct freebsd11_statfs osb;
777 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
778 error = kern_fstatfs(td, uap->fd, sfp);
780 freebsd11_cvtstatfs(sfp, &osb);
781 error = copyout(&osb, uap->buf, sizeof(osb));
788 * Get statistics on all filesystems.
791 freebsd11_getfsstat(struct thread *td, struct freebsd11_getfsstat_args *uap)
793 struct freebsd11_statfs osb;
794 struct statfs *buf, *sp;
798 count = uap->bufsize / sizeof(struct ostatfs);
799 size = count * sizeof(struct statfs);
800 error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
803 td->td_retval[0] = count;
806 while (count > 0 && error == 0) {
807 freebsd11_cvtstatfs(sp, &osb);
808 error = copyout(&osb, uap->buf, sizeof(osb));
819 * Implement fstatfs() for (NFS) file handles.
822 freebsd11_fhstatfs(struct thread *td, struct freebsd11_fhstatfs_args *uap)
824 struct freebsd11_statfs osb;
829 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
832 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
833 error = kern_fhstatfs(td, fh, sfp);
835 freebsd11_cvtstatfs(sfp, &osb);
836 error = copyout(&osb, uap->buf, sizeof(osb));
843 * Convert a new format statfs structure to an old format statfs structure.
846 freebsd11_cvtstatfs(struct statfs *nsp, struct freebsd11_statfs *osp)
849 bzero(osp, sizeof(*osp));
850 osp->f_version = FREEBSD11_STATFS_VERSION;
851 osp->f_type = nsp->f_type;
852 osp->f_flags = nsp->f_flags;
853 osp->f_bsize = nsp->f_bsize;
854 osp->f_iosize = nsp->f_iosize;
855 osp->f_blocks = nsp->f_blocks;
856 osp->f_bfree = nsp->f_bfree;
857 osp->f_bavail = nsp->f_bavail;
858 osp->f_files = nsp->f_files;
859 osp->f_ffree = nsp->f_ffree;
860 osp->f_syncwrites = nsp->f_syncwrites;
861 osp->f_asyncwrites = nsp->f_asyncwrites;
862 osp->f_syncreads = nsp->f_syncreads;
863 osp->f_asyncreads = nsp->f_asyncreads;
864 osp->f_namemax = nsp->f_namemax;
865 osp->f_owner = nsp->f_owner;
866 osp->f_fsid = nsp->f_fsid;
867 strlcpy(osp->f_fstypename, nsp->f_fstypename,
868 MIN(MFSNAMELEN, sizeof(osp->f_fstypename)));
869 strlcpy(osp->f_mntonname, nsp->f_mntonname,
870 MIN(MNAMELEN, sizeof(osp->f_mntonname)));
871 strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
872 MIN(MNAMELEN, sizeof(osp->f_mntfromname)));
874 #endif /* COMPAT_FREEBSD11 */
877 * Change current working directory to a given file descriptor.
879 #ifndef _SYS_SYSPROTO_H_
885 sys_fchdir(struct thread *td, struct fchdir_args *uap)
887 struct vnode *vp, *tdp;
892 AUDIT_ARG_FD(uap->fd);
893 error = getvnode_path(td, uap->fd, &cap_fchdir_rights,
900 vn_lock(vp, LK_SHARED | LK_RETRY);
901 AUDIT_ARG_VNODE1(vp);
902 error = change_dir(vp, td);
903 while (!error && (mp = vp->v_mountedhere) != NULL) {
906 error = VFS_ROOT(mp, LK_SHARED, &tdp);
923 * Change current working directory (``.'').
925 #ifndef _SYS_SYSPROTO_H_
931 sys_chdir(struct thread *td, struct chdir_args *uap)
934 return (kern_chdir(td, uap->path, UIO_USERSPACE));
938 kern_chdir(struct thread *td, const char *path, enum uio_seg pathseg)
943 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
945 if ((error = namei(&nd)) != 0)
947 if ((error = change_dir(nd.ni_vp, td)) != 0) {
952 VOP_UNLOCK(nd.ni_vp);
954 pwd_chdir(td, nd.ni_vp);
959 * Change notion of root (``/'') directory.
961 #ifndef _SYS_SYSPROTO_H_
967 sys_chroot(struct thread *td, struct chroot_args *uap)
972 error = priv_check(td, PRIV_VFS_CHROOT);
975 NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
976 UIO_USERSPACE, uap->path, td);
980 error = change_dir(nd.ni_vp, td);
984 error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp);
988 VOP_UNLOCK(nd.ni_vp);
989 error = pwd_chroot(td, nd.ni_vp);
1001 * Common routine for chroot and chdir. Callers must provide a locked vnode
1005 change_dir(struct vnode *vp, struct thread *td)
1011 ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
1012 if (vp->v_type != VDIR)
1015 error = mac_vnode_check_chdir(td->td_ucred, vp);
1019 return (VOP_ACCESS(vp, VEXEC, td->td_ucred, td));
1022 static __inline void
1023 flags_to_rights(int flags, cap_rights_t *rightsp)
1025 if (flags & O_EXEC) {
1026 cap_rights_set_one(rightsp, CAP_FEXECVE);
1030 switch ((flags & O_ACCMODE)) {
1032 cap_rights_set_one(rightsp, CAP_READ);
1035 cap_rights_set_one(rightsp, CAP_READ);
1038 cap_rights_set_one(rightsp, CAP_WRITE);
1039 if (!(flags & (O_APPEND | O_TRUNC)))
1040 cap_rights_set_one(rightsp, CAP_SEEK);
1045 if (flags & O_CREAT)
1046 cap_rights_set_one(rightsp, CAP_CREATE);
1048 if (flags & O_TRUNC)
1049 cap_rights_set_one(rightsp, CAP_FTRUNCATE);
1051 if (flags & (O_SYNC | O_FSYNC))
1052 cap_rights_set_one(rightsp, CAP_FSYNC);
1054 if (flags & (O_EXLOCK | O_SHLOCK))
1055 cap_rights_set_one(rightsp, CAP_FLOCK);
1059 * Check permissions, allocate an open file structure, and call the device
1060 * open routine if any.
1062 #ifndef _SYS_SYSPROTO_H_
1070 sys_open(struct thread *td, struct open_args *uap)
1073 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1074 uap->flags, uap->mode));
1077 #ifndef _SYS_SYSPROTO_H_
1078 struct openat_args {
1086 sys_openat(struct thread *td, struct openat_args *uap)
1089 AUDIT_ARG_FD(uap->fd);
1090 return (kern_openat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
1095 kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1096 int flags, int mode)
1098 struct proc *p = td->td_proc;
1099 struct filedesc *fdp;
1100 struct pwddesc *pdp;
1103 struct nameidata nd;
1104 cap_rights_t rights;
1105 int cmode, error, indx;
1111 AUDIT_ARG_FFLAGS(flags);
1112 AUDIT_ARG_MODE(mode);
1113 cap_rights_init_one(&rights, CAP_LOOKUP);
1114 flags_to_rights(flags, &rights);
1117 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
1118 * may be specified. On the other hand, for O_PATH any mode
1119 * except O_EXEC is ignored.
1121 if ((flags & O_PATH) != 0) {
1122 flags &= ~(O_CREAT | O_ACCMODE);
1123 } else if ((flags & O_EXEC) != 0) {
1124 if (flags & O_ACCMODE)
1126 } else if ((flags & O_ACCMODE) == O_ACCMODE) {
1129 flags = FFLAGS(flags);
1133 * Allocate a file structure. The descriptor to reference it
1134 * is allocated and used by finstall_refed() below.
1136 error = falloc_noinstall(td, &fp);
1139 /* Set the flags early so the finit in devfs can pick them up. */
1140 fp->f_flag = flags & FMASK;
1141 cmode = ((mode & ~pdp->pd_cmask) & ALLPERMS) & ~S_ISTXT;
1142 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
1144 td->td_dupfd = -1; /* XXX check for fdopen */
1145 error = vn_open(&nd, &flags, cmode, fp);
1148 * If the vn_open replaced the method vector, something
1149 * wonderous happened deep below and we just pass it up
1150 * pretending we know what we do.
1152 if (error == ENXIO && fp->f_ops != &badfileops) {
1153 MPASS((flags & O_PATH) == 0);
1158 * Handle special fdopen() case. bleh.
1160 * Don't do this for relative (capability) lookups; we don't
1161 * understand exactly what would happen, and we don't think
1162 * that it ever should.
1164 if ((nd.ni_resflags & NIRES_STRICTREL) == 0 &&
1165 (error == ENODEV || error == ENXIO) &&
1166 td->td_dupfd >= 0) {
1167 error = dupfdopen(td, fdp, td->td_dupfd, flags, error,
1176 NDFREE(&nd, NDF_ONLY_PNBUF);
1180 * Store the vnode, for any f_type. Typically, the vnode use
1181 * count is decremented by direct call to vn_closefile() for
1182 * files that switched type in the cdevsw fdopen() method.
1187 * If the file wasn't claimed by devfs bind it to the normal
1188 * vnode operations here.
1190 if (fp->f_ops == &badfileops) {
1191 KASSERT(vp->v_type != VFIFO || (flags & O_PATH) != 0,
1192 ("Unexpected fifo fp %p vp %p", fp, vp));
1193 if ((flags & O_PATH) != 0) {
1194 finit(fp, (flags & FMASK) | (fp->f_flag & FKQALLOWED),
1195 DTYPE_VNODE, NULL, &path_fileops);
1199 finit_vnode(fp, flags, NULL, &vnops);
1204 if (flags & O_TRUNC) {
1205 error = fo_truncate(fp, 0, td->td_ucred, td);
1211 * If we haven't already installed the FD (for dupfdopen), do so now.
1214 struct filecaps *fcaps;
1217 if ((nd.ni_resflags & NIRES_STRICTREL) != 0)
1218 fcaps = &nd.ni_filecaps;
1222 error = finstall_refed(td, fp, &indx, flags, fcaps);
1223 /* On success finstall_refed() consumes fcaps. */
1225 filecaps_free(&nd.ni_filecaps);
1229 filecaps_free(&nd.ni_filecaps);
1230 falloc_abort(td, fp);
1233 td->td_retval[0] = indx;
1236 KASSERT(indx == -1, ("indx=%d, should be -1", indx));
1237 falloc_abort(td, fp);
1245 #ifndef _SYS_SYSPROTO_H_
1246 struct ocreat_args {
1252 ocreat(struct thread *td, struct ocreat_args *uap)
1255 return (kern_openat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1256 O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
1258 #endif /* COMPAT_43 */
1261 * Create a special file.
1263 #ifndef _SYS_SYSPROTO_H_
1264 struct mknodat_args {
1272 sys_mknodat(struct thread *td, struct mknodat_args *uap)
1275 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1279 #if defined(COMPAT_FREEBSD11)
1281 freebsd11_mknod(struct thread *td,
1282 struct freebsd11_mknod_args *uap)
1285 return (kern_mknodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1286 uap->mode, uap->dev));
1290 freebsd11_mknodat(struct thread *td,
1291 struct freebsd11_mknodat_args *uap)
1294 return (kern_mknodat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode,
1297 #endif /* COMPAT_FREEBSD11 */
1300 kern_mknodat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
1301 int mode, dev_t dev)
1306 struct nameidata nd;
1307 int error, whiteout = 0;
1309 AUDIT_ARG_MODE(mode);
1311 switch (mode & S_IFMT) {
1314 error = priv_check(td, PRIV_VFS_MKNOD_DEV);
1315 if (error == 0 && dev == VNOVAL)
1319 error = priv_check(td, PRIV_VFS_MKNOD_WHT);
1323 return (kern_mkfifoat(td, fd, path, pathseg, mode));
1334 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1335 NOCACHE, pathseg, path, fd, &cap_mknodat_rights,
1337 if ((error = namei(&nd)) != 0)
1341 NDFREE(&nd, NDF_ONLY_PNBUF);
1342 if (vp == nd.ni_dvp)
1350 vattr.va_mode = (mode & ALLPERMS) &
1351 ~td->td_proc->p_pd->pd_cmask;
1352 vattr.va_rdev = dev;
1355 switch (mode & S_IFMT) {
1357 vattr.va_type = VCHR;
1360 vattr.va_type = VBLK;
1366 panic("kern_mknod: invalid mode");
1369 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1370 NDFREE(&nd, NDF_ONLY_PNBUF);
1372 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1377 if (error == 0 && !whiteout)
1378 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp,
1379 &nd.ni_cnd, &vattr);
1383 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
1385 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1386 &nd.ni_cnd, &vattr);
1389 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 && !whiteout ? &nd.ni_vp : NULL,
1391 vn_finished_write(mp);
1392 NDFREE(&nd, NDF_ONLY_PNBUF);
1393 if (error == ERELOOKUP)
1399 * Create a named pipe.
1401 #ifndef _SYS_SYSPROTO_H_
1402 struct mkfifo_args {
1408 sys_mkfifo(struct thread *td, struct mkfifo_args *uap)
1411 return (kern_mkfifoat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
1415 #ifndef _SYS_SYSPROTO_H_
1416 struct mkfifoat_args {
1423 sys_mkfifoat(struct thread *td, struct mkfifoat_args *uap)
1426 return (kern_mkfifoat(td, uap->fd, uap->path, UIO_USERSPACE,
1431 kern_mkfifoat(struct thread *td, int fd, const char *path,
1432 enum uio_seg pathseg, int mode)
1436 struct nameidata nd;
1439 AUDIT_ARG_MODE(mode);
1443 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1444 NOCACHE, pathseg, path, fd, &cap_mkfifoat_rights,
1446 if ((error = namei(&nd)) != 0)
1448 if (nd.ni_vp != NULL) {
1449 NDFREE(&nd, NDF_ONLY_PNBUF);
1450 if (nd.ni_vp == nd.ni_dvp)
1457 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1458 NDFREE(&nd, NDF_ONLY_PNBUF);
1460 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1465 vattr.va_type = VFIFO;
1466 vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_pd->pd_cmask;
1468 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1473 error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1477 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
1478 vn_finished_write(mp);
1479 NDFREE(&nd, NDF_ONLY_PNBUF);
1480 if (error == ERELOOKUP)
1486 * Make a hard file link.
1488 #ifndef _SYS_SYSPROTO_H_
1495 sys_link(struct thread *td, struct link_args *uap)
1498 return (kern_linkat(td, AT_FDCWD, AT_FDCWD, uap->path, uap->link,
1499 UIO_USERSPACE, AT_SYMLINK_FOLLOW));
1502 #ifndef _SYS_SYSPROTO_H_
1503 struct linkat_args {
1512 sys_linkat(struct thread *td, struct linkat_args *uap)
1517 if ((flag & ~(AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH |
1518 AT_EMPTY_PATH)) != 0)
1521 return (kern_linkat(td, uap->fd1, uap->fd2, uap->path1, uap->path2,
1522 UIO_USERSPACE, flag));
1525 int hardlink_check_uid = 0;
1526 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
1527 &hardlink_check_uid, 0,
1528 "Unprivileged processes cannot create hard links to files owned by other "
1530 static int hardlink_check_gid = 0;
1531 SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
1532 &hardlink_check_gid, 0,
1533 "Unprivileged processes cannot create hard links to files owned by other "
1537 can_hardlink(struct vnode *vp, struct ucred *cred)
1542 if (!hardlink_check_uid && !hardlink_check_gid)
1545 error = VOP_GETATTR(vp, &va, cred);
1549 if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
1550 error = priv_check_cred(cred, PRIV_VFS_LINK);
1555 if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
1556 error = priv_check_cred(cred, PRIV_VFS_LINK);
1565 kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
1566 const char *path2, enum uio_seg segflag, int flag)
1568 struct nameidata nd;
1574 NDINIT_ATRIGHTS(&nd, LOOKUP, AUDITVNODE1 | at2cnpflags(flag,
1575 AT_SYMLINK_FOLLOW | AT_RESOLVE_BENEATH | AT_EMPTY_PATH),
1576 segflag, path1, fd1, &cap_linkat_source_rights, td);
1577 if ((error = namei(&nd)) != 0)
1579 NDFREE(&nd, NDF_ONLY_PNBUF);
1580 if ((nd.ni_resflags & NIRES_EMPTYPATH) != 0) {
1581 error = priv_check(td, PRIV_VFS_FHOPEN);
1587 error = kern_linkat_vp(td, nd.ni_vp, fd2, path2, segflag);
1588 } while (error == EAGAIN || error == ERELOOKUP);
1593 kern_linkat_vp(struct thread *td, struct vnode *vp, int fd, const char *path,
1594 enum uio_seg segflag)
1596 struct nameidata nd;
1600 if (vp->v_type == VDIR) {
1602 return (EPERM); /* POSIX */
1604 NDINIT_ATRIGHTS(&nd, CREATE,
1605 LOCKPARENT | SAVENAME | AUDITVNODE2 | NOCACHE, segflag, path, fd,
1606 &cap_linkat_target_rights, td);
1607 if ((error = namei(&nd)) == 0) {
1608 if (nd.ni_vp != NULL) {
1609 NDFREE(&nd, NDF_ONLY_PNBUF);
1610 if (nd.ni_dvp == nd.ni_vp)
1617 } else if (nd.ni_dvp->v_mount != vp->v_mount) {
1619 * Cross-device link. No need to recheck
1620 * vp->v_type, since it cannot change, except
1623 NDFREE(&nd, NDF_ONLY_PNBUF);
1627 } else if ((error = vn_lock(vp, LK_EXCLUSIVE)) == 0) {
1628 error = can_hardlink(vp, td->td_ucred);
1631 error = mac_vnode_check_link(td->td_ucred,
1632 nd.ni_dvp, vp, &nd.ni_cnd);
1637 NDFREE(&nd, NDF_ONLY_PNBUF);
1640 error = vn_start_write(vp, &mp, V_NOWAIT);
1644 NDFREE(&nd, NDF_ONLY_PNBUF);
1645 error = vn_start_write(NULL, &mp,
1651 error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1652 VOP_VPUT_PAIR(nd.ni_dvp, &vp, true);
1653 vn_finished_write(mp);
1654 NDFREE(&nd, NDF_ONLY_PNBUF);
1658 NDFREE(&nd, NDF_ONLY_PNBUF);
1669 * Make a symbolic link.
1671 #ifndef _SYS_SYSPROTO_H_
1672 struct symlink_args {
1678 sys_symlink(struct thread *td, struct symlink_args *uap)
1681 return (kern_symlinkat(td, uap->path, AT_FDCWD, uap->link,
1685 #ifndef _SYS_SYSPROTO_H_
1686 struct symlinkat_args {
1693 sys_symlinkat(struct thread *td, struct symlinkat_args *uap)
1696 return (kern_symlinkat(td, uap->path1, uap->fd, uap->path2,
1701 kern_symlinkat(struct thread *td, const char *path1, int fd, const char *path2,
1702 enum uio_seg segflg)
1706 const char *syspath;
1708 struct nameidata nd;
1711 if (segflg == UIO_SYSSPACE) {
1714 tmppath = uma_zalloc(namei_zone, M_WAITOK);
1715 if ((error = copyinstr(path1, tmppath, MAXPATHLEN, NULL)) != 0)
1719 AUDIT_ARG_TEXT(syspath);
1723 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
1724 NOCACHE, segflg, path2, fd, &cap_symlinkat_rights,
1726 if ((error = namei(&nd)) != 0)
1729 NDFREE(&nd, NDF_ONLY_PNBUF);
1730 if (nd.ni_vp == nd.ni_dvp)
1739 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1740 NDFREE(&nd, NDF_ONLY_PNBUF);
1742 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1747 vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_pd->pd_cmask;
1749 vattr.va_type = VLNK;
1750 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
1755 error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1759 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
1760 vn_finished_write(mp);
1761 NDFREE(&nd, NDF_ONLY_PNBUF);
1762 if (error == ERELOOKUP)
1765 if (segflg != UIO_SYSSPACE)
1766 uma_zfree(namei_zone, tmppath);
1771 * Delete a whiteout from the filesystem.
1773 #ifndef _SYS_SYSPROTO_H_
1774 struct undelete_args {
1779 sys_undelete(struct thread *td, struct undelete_args *uap)
1782 struct nameidata nd;
1788 NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | AUDITVNODE1,
1789 UIO_USERSPACE, uap->path, td);
1794 if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
1795 NDFREE(&nd, NDF_ONLY_PNBUF);
1796 if (nd.ni_vp == nd.ni_dvp)
1804 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1805 NDFREE(&nd, NDF_ONLY_PNBUF);
1807 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
1811 error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
1812 NDFREE(&nd, NDF_ONLY_PNBUF);
1814 vn_finished_write(mp);
1815 if (error == ERELOOKUP)
1821 * Delete a name from the filesystem.
1823 #ifndef _SYS_SYSPROTO_H_
1824 struct unlink_args {
1829 sys_unlink(struct thread *td, struct unlink_args *uap)
1832 return (kern_funlinkat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
1837 kern_funlinkat_ex(struct thread *td, int dfd, const char *path, int fd,
1838 int flag, enum uio_seg pathseg, ino_t oldinum)
1841 if ((flag & ~(AT_REMOVEDIR | AT_RESOLVE_BENEATH)) != 0)
1844 if ((flag & AT_REMOVEDIR) != 0)
1845 return (kern_frmdirat(td, dfd, path, fd, UIO_USERSPACE, 0));
1847 return (kern_funlinkat(td, dfd, path, fd, UIO_USERSPACE, 0, 0));
1850 #ifndef _SYS_SYSPROTO_H_
1851 struct unlinkat_args {
1858 sys_unlinkat(struct thread *td, struct unlinkat_args *uap)
1861 return (kern_funlinkat_ex(td, uap->fd, uap->path, FD_NONE, uap->flag,
1865 #ifndef _SYS_SYSPROTO_H_
1866 struct funlinkat_args {
1874 sys_funlinkat(struct thread *td, struct funlinkat_args *uap)
1877 return (kern_funlinkat_ex(td, uap->dfd, uap->path, uap->fd, uap->flag,
1882 kern_funlinkat(struct thread *td, int dfd, const char *path, int fd,
1883 enum uio_seg pathseg, int flag, ino_t oldinum)
1888 struct nameidata nd;
1893 if (fd != FD_NONE) {
1894 error = getvnode_path(td, fd, &cap_no_rights, &fp);
1902 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
1903 at2cnpflags(flag, AT_RESOLVE_BENEATH),
1904 pathseg, path, dfd, &cap_unlinkat_rights, td);
1905 if ((error = namei(&nd)) != 0) {
1906 if (error == EINVAL)
1911 if (vp->v_type == VDIR && oldinum == 0) {
1912 error = EPERM; /* POSIX */
1913 } else if (oldinum != 0 &&
1914 ((error = VOP_STAT(vp, &sb, td->td_ucred, NOCRED, td)) == 0) &&
1915 sb.st_ino != oldinum) {
1916 error = EIDRM; /* Identifier removed */
1917 } else if (fp != NULL && fp->f_vnode != vp) {
1918 if (VN_IS_DOOMED(fp->f_vnode))
1924 * The root of a mounted filesystem cannot be deleted.
1926 * XXX: can this only be a VDIR case?
1928 if (vp->v_vflag & VV_ROOT)
1932 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
1933 NDFREE(&nd, NDF_ONLY_PNBUF);
1935 if (vp == nd.ni_dvp)
1939 if ((error = vn_start_write(NULL, &mp,
1940 V_XSLEEP | PCATCH)) != 0) {
1946 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
1951 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
1952 error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1956 vn_finished_write(mp);
1958 NDFREE(&nd, NDF_ONLY_PNBUF);
1960 if (vp == nd.ni_dvp)
1964 if (error == ERELOOKUP)
1973 * Reposition read/write file offset.
1975 #ifndef _SYS_SYSPROTO_H_
1984 sys_lseek(struct thread *td, struct lseek_args *uap)
1987 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
1991 kern_lseek(struct thread *td, int fd, off_t offset, int whence)
1997 error = fget(td, fd, &cap_seek_rights, &fp);
2000 error = (fp->f_ops->fo_flags & DFLAG_SEEKABLE) != 0 ?
2001 fo_seek(fp, offset, whence, td) : ESPIPE;
2006 #if defined(COMPAT_43)
2008 * Reposition read/write file offset.
2010 #ifndef _SYS_SYSPROTO_H_
2011 struct olseek_args {
2018 olseek(struct thread *td, struct olseek_args *uap)
2021 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2023 #endif /* COMPAT_43 */
2025 #if defined(COMPAT_FREEBSD6)
2026 /* Version with the 'pad' argument */
2028 freebsd6_lseek(struct thread *td, struct freebsd6_lseek_args *uap)
2031 return (kern_lseek(td, uap->fd, uap->offset, uap->whence));
2036 * Check access permissions using passed credentials.
2039 vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
2045 /* Flags == 0 means only check for existence. */
2046 if (user_flags == 0)
2050 if (user_flags & R_OK)
2052 if (user_flags & W_OK)
2054 if (user_flags & X_OK)
2057 error = mac_vnode_check_access(cred, vp, accmode);
2061 if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
2062 error = VOP_ACCESS(vp, accmode, cred, td);
2067 * Check access permissions using "real" credentials.
2069 #ifndef _SYS_SYSPROTO_H_
2070 struct access_args {
2076 sys_access(struct thread *td, struct access_args *uap)
2079 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2083 #ifndef _SYS_SYSPROTO_H_
2084 struct faccessat_args {
2092 sys_faccessat(struct thread *td, struct faccessat_args *uap)
2095 return (kern_accessat(td, uap->fd, uap->path, UIO_USERSPACE, uap->flag,
2100 kern_accessat(struct thread *td, int fd, const char *path,
2101 enum uio_seg pathseg, int flag, int amode)
2103 struct ucred *cred, *usecred;
2105 struct nameidata nd;
2108 if ((flag & ~(AT_EACCESS | AT_RESOLVE_BENEATH | AT_EMPTY_PATH)) != 0)
2110 if (amode != F_OK && (amode & ~(R_OK | W_OK | X_OK)) != 0)
2114 * Create and modify a temporary credential instead of one that
2115 * is potentially shared (if we need one).
2117 cred = td->td_ucred;
2118 if ((flag & AT_EACCESS) == 0 &&
2119 ((cred->cr_uid != cred->cr_ruid ||
2120 cred->cr_rgid != cred->cr_groups[0]))) {
2121 usecred = crdup(cred);
2122 usecred->cr_uid = cred->cr_ruid;
2123 usecred->cr_groups[0] = cred->cr_rgid;
2124 td->td_ucred = usecred;
2127 AUDIT_ARG_VALUE(amode);
2128 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF |
2129 AUDITVNODE1 | at2cnpflags(flag, AT_RESOLVE_BENEATH |
2130 AT_EMPTY_PATH), pathseg, path, fd, &cap_fstat_rights, td);
2131 if ((error = namei(&nd)) != 0)
2135 error = vn_access(vp, amode, usecred, td);
2136 NDFREE_NOTHING(&nd);
2139 if (usecred != cred) {
2140 td->td_ucred = cred;
2147 * Check access permissions using "effective" credentials.
2149 #ifndef _SYS_SYSPROTO_H_
2150 struct eaccess_args {
2156 sys_eaccess(struct thread *td, struct eaccess_args *uap)
2159 return (kern_accessat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2160 AT_EACCESS, uap->amode));
2163 #if defined(COMPAT_43)
2165 * Get file status; this version follows links.
2167 #ifndef _SYS_SYSPROTO_H_
2174 ostat(struct thread *td, struct ostat_args *uap)
2180 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2185 return (copyout(&osb, uap->ub, sizeof (osb)));
2189 * Get file status; this version does not follow links.
2191 #ifndef _SYS_SYSPROTO_H_
2192 struct olstat_args {
2198 olstat(struct thread *td, struct olstat_args *uap)
2204 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2205 UIO_USERSPACE, &sb, NULL);
2209 return (copyout(&osb, uap->ub, sizeof (osb)));
2213 * Convert from an old to a new stat structure.
2214 * XXX: many values are blindly truncated.
2217 cvtstat(struct stat *st, struct ostat *ost)
2220 bzero(ost, sizeof(*ost));
2221 ost->st_dev = st->st_dev;
2222 ost->st_ino = st->st_ino;
2223 ost->st_mode = st->st_mode;
2224 ost->st_nlink = st->st_nlink;
2225 ost->st_uid = st->st_uid;
2226 ost->st_gid = st->st_gid;
2227 ost->st_rdev = st->st_rdev;
2228 ost->st_size = MIN(st->st_size, INT32_MAX);
2229 ost->st_atim = st->st_atim;
2230 ost->st_mtim = st->st_mtim;
2231 ost->st_ctim = st->st_ctim;
2232 ost->st_blksize = st->st_blksize;
2233 ost->st_blocks = st->st_blocks;
2234 ost->st_flags = st->st_flags;
2235 ost->st_gen = st->st_gen;
2237 #endif /* COMPAT_43 */
2239 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
2240 int ino64_trunc_error;
2241 SYSCTL_INT(_vfs, OID_AUTO, ino64_trunc_error, CTLFLAG_RW,
2242 &ino64_trunc_error, 0,
2243 "Error on truncation of device, file or inode number, or link count");
2246 freebsd11_cvtstat(struct stat *st, struct freebsd11_stat *ost)
2249 ost->st_dev = st->st_dev;
2250 if (ost->st_dev != st->st_dev) {
2251 switch (ino64_trunc_error) {
2254 * Since dev_t is almost raw, don't clamp to the
2255 * maximum for case 2, but ignore the error.
2262 ost->st_ino = st->st_ino;
2263 if (ost->st_ino != st->st_ino) {
2264 switch (ino64_trunc_error) {
2271 ost->st_ino = UINT32_MAX;
2275 ost->st_mode = st->st_mode;
2276 ost->st_nlink = st->st_nlink;
2277 if (ost->st_nlink != st->st_nlink) {
2278 switch (ino64_trunc_error) {
2285 ost->st_nlink = UINT16_MAX;
2289 ost->st_uid = st->st_uid;
2290 ost->st_gid = st->st_gid;
2291 ost->st_rdev = st->st_rdev;
2292 if (ost->st_rdev != st->st_rdev) {
2293 switch (ino64_trunc_error) {
2300 ost->st_atim = st->st_atim;
2301 ost->st_mtim = st->st_mtim;
2302 ost->st_ctim = st->st_ctim;
2303 ost->st_size = st->st_size;
2304 ost->st_blocks = st->st_blocks;
2305 ost->st_blksize = st->st_blksize;
2306 ost->st_flags = st->st_flags;
2307 ost->st_gen = st->st_gen;
2309 ost->st_birthtim = st->st_birthtim;
2310 bzero((char *)&ost->st_birthtim + sizeof(ost->st_birthtim),
2311 sizeof(*ost) - offsetof(struct freebsd11_stat,
2312 st_birthtim) - sizeof(ost->st_birthtim));
2317 freebsd11_stat(struct thread *td, struct freebsd11_stat_args* uap)
2320 struct freebsd11_stat osb;
2323 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2327 error = freebsd11_cvtstat(&sb, &osb);
2329 error = copyout(&osb, uap->ub, sizeof(osb));
2334 freebsd11_lstat(struct thread *td, struct freebsd11_lstat_args* uap)
2337 struct freebsd11_stat osb;
2340 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2341 UIO_USERSPACE, &sb, NULL);
2344 error = freebsd11_cvtstat(&sb, &osb);
2346 error = copyout(&osb, uap->ub, sizeof(osb));
2351 freebsd11_fhstat(struct thread *td, struct freebsd11_fhstat_args* uap)
2355 struct freebsd11_stat osb;
2358 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
2361 error = kern_fhstat(td, fh, &sb);
2364 error = freebsd11_cvtstat(&sb, &osb);
2366 error = copyout(&osb, uap->sb, sizeof(osb));
2371 freebsd11_fstatat(struct thread *td, struct freebsd11_fstatat_args* uap)
2374 struct freebsd11_stat osb;
2377 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2378 UIO_USERSPACE, &sb, NULL);
2381 error = freebsd11_cvtstat(&sb, &osb);
2383 error = copyout(&osb, uap->buf, sizeof(osb));
2386 #endif /* COMPAT_FREEBSD11 */
2391 #ifndef _SYS_SYSPROTO_H_
2392 struct fstatat_args {
2400 sys_fstatat(struct thread *td, struct fstatat_args *uap)
2405 error = kern_statat(td, uap->flag, uap->fd, uap->path,
2406 UIO_USERSPACE, &sb, NULL);
2408 error = copyout(&sb, uap->buf, sizeof (sb));
2413 kern_statat(struct thread *td, int flag, int fd, const char *path,
2414 enum uio_seg pathseg, struct stat *sbp,
2415 void (*hook)(struct vnode *vp, struct stat *sbp))
2417 struct nameidata nd;
2420 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2421 AT_EMPTY_PATH)) != 0)
2424 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_RESOLVE_BENEATH |
2425 AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH) | LOCKSHARED | LOCKLEAF |
2426 AUDITVNODE1, pathseg, path, fd, &cap_fstat_rights, td);
2428 if ((error = namei(&nd)) != 0)
2430 error = VOP_STAT(nd.ni_vp, sbp, td->td_ucred, NOCRED, td);
2432 if (__predict_false(hook != NULL))
2433 hook(nd.ni_vp, sbp);
2435 NDFREE_NOTHING(&nd);
2437 #ifdef __STAT_TIME_T_EXT
2438 sbp->st_atim_ext = 0;
2439 sbp->st_mtim_ext = 0;
2440 sbp->st_ctim_ext = 0;
2441 sbp->st_btim_ext = 0;
2444 if (KTRPOINT(td, KTR_STRUCT))
2445 ktrstat_error(sbp, error);
2450 #if defined(COMPAT_FREEBSD11)
2452 * Implementation of the NetBSD [l]stat() functions.
2455 freebsd11_cvtnstat(struct stat *sb, struct nstat *nsb)
2458 bzero(nsb, sizeof(*nsb));
2459 nsb->st_dev = sb->st_dev;
2460 nsb->st_ino = sb->st_ino;
2461 nsb->st_mode = sb->st_mode;
2462 nsb->st_nlink = sb->st_nlink;
2463 nsb->st_uid = sb->st_uid;
2464 nsb->st_gid = sb->st_gid;
2465 nsb->st_rdev = sb->st_rdev;
2466 nsb->st_atim = sb->st_atim;
2467 nsb->st_mtim = sb->st_mtim;
2468 nsb->st_ctim = sb->st_ctim;
2469 nsb->st_size = sb->st_size;
2470 nsb->st_blocks = sb->st_blocks;
2471 nsb->st_blksize = sb->st_blksize;
2472 nsb->st_flags = sb->st_flags;
2473 nsb->st_gen = sb->st_gen;
2474 nsb->st_birthtim = sb->st_birthtim;
2477 #ifndef _SYS_SYSPROTO_H_
2478 struct freebsd11_nstat_args {
2484 freebsd11_nstat(struct thread *td, struct freebsd11_nstat_args *uap)
2490 error = kern_statat(td, 0, AT_FDCWD, uap->path, UIO_USERSPACE,
2494 freebsd11_cvtnstat(&sb, &nsb);
2495 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2499 * NetBSD lstat. Get file status; this version does not follow links.
2501 #ifndef _SYS_SYSPROTO_H_
2502 struct freebsd11_nlstat_args {
2508 freebsd11_nlstat(struct thread *td, struct freebsd11_nlstat_args *uap)
2514 error = kern_statat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->path,
2515 UIO_USERSPACE, &sb, NULL);
2518 freebsd11_cvtnstat(&sb, &nsb);
2519 return (copyout(&nsb, uap->ub, sizeof (nsb)));
2521 #endif /* COMPAT_FREEBSD11 */
2524 * Get configurable pathname variables.
2526 #ifndef _SYS_SYSPROTO_H_
2527 struct pathconf_args {
2533 sys_pathconf(struct thread *td, struct pathconf_args *uap)
2538 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name, FOLLOW,
2541 td->td_retval[0] = value;
2545 #ifndef _SYS_SYSPROTO_H_
2546 struct lpathconf_args {
2552 sys_lpathconf(struct thread *td, struct lpathconf_args *uap)
2557 error = kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name,
2560 td->td_retval[0] = value;
2565 kern_pathconf(struct thread *td, const char *path, enum uio_seg pathseg,
2566 int name, u_long flags, long *valuep)
2568 struct nameidata nd;
2571 NDINIT(&nd, LOOKUP, LOCKSHARED | LOCKLEAF | AUDITVNODE1 | flags,
2573 if ((error = namei(&nd)) != 0)
2575 NDFREE_NOTHING(&nd);
2577 error = VOP_PATHCONF(nd.ni_vp, name, valuep);
2583 * Return target name of a symbolic link.
2585 #ifndef _SYS_SYSPROTO_H_
2586 struct readlink_args {
2593 sys_readlink(struct thread *td, struct readlink_args *uap)
2596 return (kern_readlinkat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2597 uap->buf, UIO_USERSPACE, uap->count));
2599 #ifndef _SYS_SYSPROTO_H_
2600 struct readlinkat_args {
2608 sys_readlinkat(struct thread *td, struct readlinkat_args *uap)
2611 return (kern_readlinkat(td, uap->fd, uap->path, UIO_USERSPACE,
2612 uap->buf, UIO_USERSPACE, uap->bufsize));
2616 kern_readlinkat(struct thread *td, int fd, const char *path,
2617 enum uio_seg pathseg, char *buf, enum uio_seg bufseg, size_t count)
2620 struct nameidata nd;
2623 if (count > IOSIZE_MAX)
2626 NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1,
2627 pathseg, path, fd, td);
2629 if ((error = namei(&nd)) != 0)
2631 NDFREE_NOTHING(&nd);
2634 error = kern_readlink_vp(vp, buf, bufseg, count, td);
2641 * Helper function to readlink from a vnode
2644 kern_readlink_vp(struct vnode *vp, char *buf, enum uio_seg bufseg, size_t count,
2651 ASSERT_VOP_LOCKED(vp, "kern_readlink_vp(): vp not locked");
2653 error = mac_vnode_check_readlink(td->td_ucred, vp);
2657 if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0)
2660 aiov.iov_base = buf;
2661 aiov.iov_len = count;
2662 auio.uio_iov = &aiov;
2663 auio.uio_iovcnt = 1;
2664 auio.uio_offset = 0;
2665 auio.uio_rw = UIO_READ;
2666 auio.uio_segflg = bufseg;
2668 auio.uio_resid = count;
2669 error = VOP_READLINK(vp, &auio, td->td_ucred);
2670 td->td_retval[0] = count - auio.uio_resid;
2675 * Common implementation code for chflags() and fchflags().
2678 setfflags(struct thread *td, struct vnode *vp, u_long flags)
2684 /* We can't support the value matching VNOVAL. */
2685 if (flags == VNOVAL)
2686 return (EOPNOTSUPP);
2689 * Prevent non-root users from setting flags on devices. When
2690 * a device is reused, users can retain ownership of the device
2691 * if they are allowed to set flags and programs assume that
2692 * chown can't fail when done as root.
2694 if (vp->v_type == VCHR || vp->v_type == VBLK) {
2695 error = priv_check(td, PRIV_VFS_CHFLAGS_DEV);
2700 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2703 vattr.va_flags = flags;
2704 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2706 error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags);
2709 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
2711 vn_finished_write(mp);
2716 * Change flags of a file given a path name.
2718 #ifndef _SYS_SYSPROTO_H_
2719 struct chflags_args {
2725 sys_chflags(struct thread *td, struct chflags_args *uap)
2728 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2732 #ifndef _SYS_SYSPROTO_H_
2733 struct chflagsat_args {
2741 sys_chflagsat(struct thread *td, struct chflagsat_args *uap)
2744 if ((uap->atflag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2745 AT_EMPTY_PATH)) != 0)
2748 return (kern_chflagsat(td, uap->fd, uap->path, UIO_USERSPACE,
2749 uap->flags, uap->atflag));
2753 * Same as chflags() but doesn't follow symlinks.
2755 #ifndef _SYS_SYSPROTO_H_
2756 struct lchflags_args {
2762 sys_lchflags(struct thread *td, struct lchflags_args *uap)
2765 return (kern_chflagsat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2766 uap->flags, AT_SYMLINK_NOFOLLOW));
2770 kern_chflagsat(struct thread *td, int fd, const char *path,
2771 enum uio_seg pathseg, u_long flags, int atflag)
2773 struct nameidata nd;
2776 AUDIT_ARG_FFLAGS(flags);
2777 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(atflag, AT_SYMLINK_NOFOLLOW |
2778 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
2779 fd, &cap_fchflags_rights, td);
2780 if ((error = namei(&nd)) != 0)
2782 NDFREE_NOTHING(&nd);
2783 error = setfflags(td, nd.ni_vp, flags);
2789 * Change flags of a file given a file descriptor.
2791 #ifndef _SYS_SYSPROTO_H_
2792 struct fchflags_args {
2798 sys_fchflags(struct thread *td, struct fchflags_args *uap)
2803 AUDIT_ARG_FD(uap->fd);
2804 AUDIT_ARG_FFLAGS(uap->flags);
2805 error = getvnode(td, uap->fd, &cap_fchflags_rights,
2810 if (AUDITING_TD(td)) {
2811 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
2812 AUDIT_ARG_VNODE1(fp->f_vnode);
2813 VOP_UNLOCK(fp->f_vnode);
2816 error = setfflags(td, fp->f_vnode, uap->flags);
2822 * Common implementation code for chmod(), lchmod() and fchmod().
2825 setfmode(struct thread *td, struct ucred *cred, struct vnode *vp, int mode)
2831 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2833 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2835 vattr.va_mode = mode & ALLPERMS;
2837 error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
2840 error = VOP_SETATTR(vp, &vattr, cred);
2842 vn_finished_write(mp);
2847 * Change mode of a file given path name.
2849 #ifndef _SYS_SYSPROTO_H_
2856 sys_chmod(struct thread *td, struct chmod_args *uap)
2859 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2863 #ifndef _SYS_SYSPROTO_H_
2864 struct fchmodat_args {
2872 sys_fchmodat(struct thread *td, struct fchmodat_args *uap)
2875 if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
2876 AT_EMPTY_PATH)) != 0)
2879 return (kern_fchmodat(td, uap->fd, uap->path, UIO_USERSPACE,
2880 uap->mode, uap->flag));
2884 * Change mode of a file given path name (don't follow links.)
2886 #ifndef _SYS_SYSPROTO_H_
2887 struct lchmod_args {
2893 sys_lchmod(struct thread *td, struct lchmod_args *uap)
2896 return (kern_fchmodat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
2897 uap->mode, AT_SYMLINK_NOFOLLOW));
2901 kern_fchmodat(struct thread *td, int fd, const char *path,
2902 enum uio_seg pathseg, mode_t mode, int flag)
2904 struct nameidata nd;
2907 AUDIT_ARG_MODE(mode);
2908 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
2909 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
2910 fd, &cap_fchmod_rights, td);
2911 if ((error = namei(&nd)) != 0)
2913 NDFREE_NOTHING(&nd);
2914 error = setfmode(td, td->td_ucred, nd.ni_vp, mode);
2920 * Change mode of a file given a file descriptor.
2922 #ifndef _SYS_SYSPROTO_H_
2923 struct fchmod_args {
2929 sys_fchmod(struct thread *td, struct fchmod_args *uap)
2934 AUDIT_ARG_FD(uap->fd);
2935 AUDIT_ARG_MODE(uap->mode);
2937 error = fget(td, uap->fd, &cap_fchmod_rights, &fp);
2940 error = fo_chmod(fp, uap->mode, td->td_ucred, td);
2946 * Common implementation for chown(), lchown(), and fchown()
2949 setfown(struct thread *td, struct ucred *cred, struct vnode *vp, uid_t uid,
2956 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
2958 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2963 error = mac_vnode_check_setowner(cred, vp, vattr.va_uid,
2967 error = VOP_SETATTR(vp, &vattr, cred);
2969 vn_finished_write(mp);
2974 * Set ownership given a path name.
2976 #ifndef _SYS_SYSPROTO_H_
2984 sys_chown(struct thread *td, struct chown_args *uap)
2987 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE, uap->uid,
2991 #ifndef _SYS_SYSPROTO_H_
2992 struct fchownat_args {
3001 sys_fchownat(struct thread *td, struct fchownat_args *uap)
3004 if ((uap->flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
3005 AT_EMPTY_PATH)) != 0)
3008 return (kern_fchownat(td, uap->fd, uap->path, UIO_USERSPACE, uap->uid,
3009 uap->gid, uap->flag));
3013 kern_fchownat(struct thread *td, int fd, const char *path,
3014 enum uio_seg pathseg, int uid, int gid, int flag)
3016 struct nameidata nd;
3019 AUDIT_ARG_OWNER(uid, gid);
3020 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
3021 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1, pathseg, path,
3022 fd, &cap_fchown_rights, td);
3024 if ((error = namei(&nd)) != 0)
3026 NDFREE_NOTHING(&nd);
3027 error = setfown(td, td->td_ucred, nd.ni_vp, uid, gid);
3033 * Set ownership given a path name, do not cross symlinks.
3035 #ifndef _SYS_SYSPROTO_H_
3036 struct lchown_args {
3043 sys_lchown(struct thread *td, struct lchown_args *uap)
3046 return (kern_fchownat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3047 uap->uid, uap->gid, AT_SYMLINK_NOFOLLOW));
3051 * Set ownership given a file descriptor.
3053 #ifndef _SYS_SYSPROTO_H_
3054 struct fchown_args {
3061 sys_fchown(struct thread *td, struct fchown_args *uap)
3066 AUDIT_ARG_FD(uap->fd);
3067 AUDIT_ARG_OWNER(uap->uid, uap->gid);
3068 error = fget(td, uap->fd, &cap_fchown_rights, &fp);
3071 error = fo_chown(fp, uap->uid, uap->gid, td->td_ucred, td);
3077 * Common implementation code for utimes(), lutimes(), and futimes().
3080 getutimes(const struct timeval *usrtvp, enum uio_seg tvpseg,
3081 struct timespec *tsp)
3083 struct timeval tv[2];
3084 const struct timeval *tvp;
3087 if (usrtvp == NULL) {
3088 vfs_timestamp(&tsp[0]);
3091 if (tvpseg == UIO_SYSSPACE) {
3094 if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
3099 if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
3100 tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
3102 TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
3103 TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
3109 * Common implementation code for futimens(), utimensat().
3111 #define UTIMENS_NULL 0x1
3112 #define UTIMENS_EXIT 0x2
3114 getutimens(const struct timespec *usrtsp, enum uio_seg tspseg,
3115 struct timespec *tsp, int *retflags)
3117 struct timespec tsnow;
3120 vfs_timestamp(&tsnow);
3122 if (usrtsp == NULL) {
3125 *retflags |= UTIMENS_NULL;
3128 if (tspseg == UIO_SYSSPACE) {
3131 } else if ((error = copyin(usrtsp, tsp, sizeof(*tsp) * 2)) != 0)
3133 if (tsp[0].tv_nsec == UTIME_OMIT && tsp[1].tv_nsec == UTIME_OMIT)
3134 *retflags |= UTIMENS_EXIT;
3135 if (tsp[0].tv_nsec == UTIME_NOW && tsp[1].tv_nsec == UTIME_NOW)
3136 *retflags |= UTIMENS_NULL;
3137 if (tsp[0].tv_nsec == UTIME_OMIT)
3138 tsp[0].tv_sec = VNOVAL;
3139 else if (tsp[0].tv_nsec == UTIME_NOW)
3141 else if (tsp[0].tv_nsec < 0 || tsp[0].tv_nsec >= 1000000000L)
3143 if (tsp[1].tv_nsec == UTIME_OMIT)
3144 tsp[1].tv_sec = VNOVAL;
3145 else if (tsp[1].tv_nsec == UTIME_NOW)
3147 else if (tsp[1].tv_nsec < 0 || tsp[1].tv_nsec >= 1000000000L)
3154 * Common implementation code for utimes(), lutimes(), futimes(), futimens(),
3158 setutimes(struct thread *td, struct vnode *vp, const struct timespec *ts,
3159 int numtimes, int nullflag)
3163 int error, setbirthtime;
3165 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
3167 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3169 if (numtimes < 3 && !VOP_GETATTR(vp, &vattr, td->td_ucred) &&
3170 timespeccmp(&ts[1], &vattr.va_birthtime, < ))
3173 vattr.va_atime = ts[0];
3174 vattr.va_mtime = ts[1];
3176 vattr.va_birthtime = ts[1];
3178 vattr.va_birthtime = ts[2];
3180 vattr.va_vaflags |= VA_UTIMES_NULL;
3182 error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime,
3186 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3188 vn_finished_write(mp);
3193 * Set the access and modification times of a file.
3195 #ifndef _SYS_SYSPROTO_H_
3196 struct utimes_args {
3198 struct timeval *tptr;
3202 sys_utimes(struct thread *td, struct utimes_args *uap)
3205 return (kern_utimesat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3206 uap->tptr, UIO_USERSPACE));
3209 #ifndef _SYS_SYSPROTO_H_
3210 struct futimesat_args {
3213 const struct timeval * times;
3217 sys_futimesat(struct thread *td, struct futimesat_args *uap)
3220 return (kern_utimesat(td, uap->fd, uap->path, UIO_USERSPACE,
3221 uap->times, UIO_USERSPACE));
3225 kern_utimesat(struct thread *td, int fd, const char *path,
3226 enum uio_seg pathseg, struct timeval *tptr, enum uio_seg tptrseg)
3228 struct nameidata nd;
3229 struct timespec ts[2];
3232 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3234 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, fd,
3235 &cap_futimes_rights, td);
3237 if ((error = namei(&nd)) != 0)
3239 NDFREE_NOTHING(&nd);
3240 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3246 * Set the access and modification times of a file.
3248 #ifndef _SYS_SYSPROTO_H_
3249 struct lutimes_args {
3251 struct timeval *tptr;
3255 sys_lutimes(struct thread *td, struct lutimes_args *uap)
3258 return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
3263 kern_lutimes(struct thread *td, const char *path, enum uio_seg pathseg,
3264 struct timeval *tptr, enum uio_seg tptrseg)
3266 struct timespec ts[2];
3267 struct nameidata nd;
3270 if ((error = getutimes(tptr, tptrseg, ts)) != 0)
3272 NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, pathseg, path, td);
3273 if ((error = namei(&nd)) != 0)
3275 NDFREE_NOTHING(&nd);
3276 error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
3282 * Set the access and modification times of a file.
3284 #ifndef _SYS_SYSPROTO_H_
3285 struct futimes_args {
3287 struct timeval *tptr;
3291 sys_futimes(struct thread *td, struct futimes_args *uap)
3294 return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
3298 kern_futimes(struct thread *td, int fd, struct timeval *tptr,
3299 enum uio_seg tptrseg)
3301 struct timespec ts[2];
3306 error = getutimes(tptr, tptrseg, ts);
3309 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3313 if (AUDITING_TD(td)) {
3314 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3315 AUDIT_ARG_VNODE1(fp->f_vnode);
3316 VOP_UNLOCK(fp->f_vnode);
3319 error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
3325 sys_futimens(struct thread *td, struct futimens_args *uap)
3328 return (kern_futimens(td, uap->fd, uap->times, UIO_USERSPACE));
3332 kern_futimens(struct thread *td, int fd, struct timespec *tptr,
3333 enum uio_seg tptrseg)
3335 struct timespec ts[2];
3340 error = getutimens(tptr, tptrseg, ts, &flags);
3343 if (flags & UTIMENS_EXIT)
3345 error = getvnode(td, fd, &cap_futimes_rights, &fp);
3349 if (AUDITING_TD(td)) {
3350 vn_lock(fp->f_vnode, LK_SHARED | LK_RETRY);
3351 AUDIT_ARG_VNODE1(fp->f_vnode);
3352 VOP_UNLOCK(fp->f_vnode);
3355 error = setutimes(td, fp->f_vnode, ts, 2, flags & UTIMENS_NULL);
3361 sys_utimensat(struct thread *td, struct utimensat_args *uap)
3364 return (kern_utimensat(td, uap->fd, uap->path, UIO_USERSPACE,
3365 uap->times, UIO_USERSPACE, uap->flag));
3369 kern_utimensat(struct thread *td, int fd, const char *path,
3370 enum uio_seg pathseg, struct timespec *tptr, enum uio_seg tptrseg,
3373 struct nameidata nd;
3374 struct timespec ts[2];
3377 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH |
3378 AT_EMPTY_PATH)) != 0)
3381 if ((error = getutimens(tptr, tptrseg, ts, &flags)) != 0)
3383 NDINIT_ATRIGHTS(&nd, LOOKUP, at2cnpflags(flag, AT_SYMLINK_NOFOLLOW |
3384 AT_RESOLVE_BENEATH | AT_EMPTY_PATH) | AUDITVNODE1,
3385 pathseg, path, fd, &cap_futimes_rights, td);
3386 if ((error = namei(&nd)) != 0)
3389 * We are allowed to call namei() regardless of 2xUTIME_OMIT.
3391 * "If both tv_nsec fields are UTIME_OMIT... EACCESS may be detected."
3392 * "Search permission is denied by a component of the path prefix."
3394 NDFREE_NOTHING(&nd);
3395 if ((flags & UTIMENS_EXIT) == 0)
3396 error = setutimes(td, nd.ni_vp, ts, 2, flags & UTIMENS_NULL);
3402 * Truncate a file given its path name.
3404 #ifndef _SYS_SYSPROTO_H_
3405 struct truncate_args {
3412 sys_truncate(struct thread *td, struct truncate_args *uap)
3415 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3419 kern_truncate(struct thread *td, const char *path, enum uio_seg pathseg,
3426 struct nameidata nd;
3433 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td);
3434 if ((error = namei(&nd)) != 0)
3437 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
3438 if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
3439 vn_rangelock_unlock(vp, rl_cookie);
3443 NDFREE(&nd, NDF_ONLY_PNBUF);
3444 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
3445 if (vp->v_type == VDIR)
3448 else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) {
3451 else if ((error = vn_writechk(vp)) == 0 &&
3452 (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
3454 vattr.va_size = length;
3455 error = VOP_SETATTR(vp, &vattr, td->td_ucred);
3458 vn_finished_write(mp);
3459 vn_rangelock_unlock(vp, rl_cookie);
3461 if (error == ERELOOKUP)
3466 #if defined(COMPAT_43)
3468 * Truncate a file given its path name.
3470 #ifndef _SYS_SYSPROTO_H_
3471 struct otruncate_args {
3477 otruncate(struct thread *td, struct otruncate_args *uap)
3480 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3482 #endif /* COMPAT_43 */
3484 #if defined(COMPAT_FREEBSD6)
3485 /* Versions with the pad argument */
3487 freebsd6_truncate(struct thread *td, struct freebsd6_truncate_args *uap)
3490 return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
3494 freebsd6_ftruncate(struct thread *td, struct freebsd6_ftruncate_args *uap)
3497 return (kern_ftruncate(td, uap->fd, uap->length));
3502 kern_fsync(struct thread *td, int fd, bool fullsync)
3507 int error, lock_flags;
3510 error = getvnode(td, fd, &cap_fsync_rights, &fp);
3516 /* XXXKIB: compete outstanding aio writes */;
3519 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3522 if (MNT_SHARED_WRITES(mp) ||
3523 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount))) {
3524 lock_flags = LK_SHARED;
3526 lock_flags = LK_EXCLUSIVE;
3528 vn_lock(vp, lock_flags | LK_RETRY);
3529 AUDIT_ARG_VNODE1(vp);
3530 if (vp->v_object != NULL) {
3531 VM_OBJECT_WLOCK(vp->v_object);
3532 vm_object_page_clean(vp->v_object, 0, 0, 0);
3533 VM_OBJECT_WUNLOCK(vp->v_object);
3535 error = fullsync ? VOP_FSYNC(vp, MNT_WAIT, td) : VOP_FDATASYNC(vp, td);
3537 vn_finished_write(mp);
3538 if (error == ERELOOKUP)
3546 * Sync an open file.
3548 #ifndef _SYS_SYSPROTO_H_
3554 sys_fsync(struct thread *td, struct fsync_args *uap)
3557 return (kern_fsync(td, uap->fd, true));
3561 sys_fdatasync(struct thread *td, struct fdatasync_args *uap)
3564 return (kern_fsync(td, uap->fd, false));
3568 * Rename files. Source and destination must either both be directories, or
3569 * both not be directories. If target is a directory, it must be empty.
3571 #ifndef _SYS_SYSPROTO_H_
3572 struct rename_args {
3578 sys_rename(struct thread *td, struct rename_args *uap)
3581 return (kern_renameat(td, AT_FDCWD, uap->from, AT_FDCWD,
3582 uap->to, UIO_USERSPACE));
3585 #ifndef _SYS_SYSPROTO_H_
3586 struct renameat_args {
3594 sys_renameat(struct thread *td, struct renameat_args *uap)
3597 return (kern_renameat(td, uap->oldfd, uap->old, uap->newfd, uap->new,
3603 kern_renameat_mac(struct thread *td, int oldfd, const char *old, int newfd,
3604 const char *new, enum uio_seg pathseg, struct nameidata *fromnd)
3608 NDINIT_ATRIGHTS(fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
3609 AUDITVNODE1, pathseg, old, oldfd, &cap_renameat_source_rights, td);
3610 if ((error = namei(fromnd)) != 0)
3612 error = mac_vnode_check_rename_from(td->td_ucred, fromnd->ni_dvp,
3613 fromnd->ni_vp, &fromnd->ni_cnd);
3614 VOP_UNLOCK(fromnd->ni_dvp);
3615 if (fromnd->ni_dvp != fromnd->ni_vp)
3616 VOP_UNLOCK(fromnd->ni_vp);
3618 NDFREE(fromnd, NDF_ONLY_PNBUF);
3619 vrele(fromnd->ni_dvp);
3620 vrele(fromnd->ni_vp);
3621 if (fromnd->ni_startdir)
3622 vrele(fromnd->ni_startdir);
3629 kern_renameat(struct thread *td, int oldfd, const char *old, int newfd,
3630 const char *new, enum uio_seg pathseg)
3632 struct mount *mp = NULL;
3633 struct vnode *tvp, *fvp, *tdvp;
3634 struct nameidata fromnd, tond;
3635 u_int64_t tondflags;
3641 if (mac_vnode_check_rename_from_enabled()) {
3642 error = kern_renameat_mac(td, oldfd, old, newfd, new, pathseg,
3648 NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | AUDITVNODE1,
3649 pathseg, old, oldfd, &cap_renameat_source_rights, td);
3650 if ((error = namei(&fromnd)) != 0)
3656 tondflags = LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | AUDITVNODE2;
3657 if (fromnd.ni_vp->v_type == VDIR)
3658 tondflags |= WILLBEDIR;
3659 NDINIT_ATRIGHTS(&tond, RENAME, tondflags, pathseg, new, newfd,
3660 &cap_renameat_target_rights, td);
3661 if ((error = namei(&tond)) != 0) {
3662 /* Translate error code for rename("dir1", "dir2/."). */
3663 if (error == EISDIR && fvp->v_type == VDIR)
3665 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3666 vrele(fromnd.ni_dvp);
3672 error = vn_start_write(fvp, &mp, V_NOWAIT);
3674 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3675 NDFREE(&tond, NDF_ONLY_PNBUF);
3682 vrele(fromnd.ni_dvp);
3684 vrele(tond.ni_startdir);
3685 if (fromnd.ni_startdir != NULL)
3686 vrele(fromnd.ni_startdir);
3687 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
3693 if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
3696 } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
3701 if (newfd != AT_FDCWD && (tond.ni_resflags & NIRES_ABS) == 0) {
3703 * If the target already exists we require CAP_UNLINKAT
3704 * from 'newfd', when newfd was used for the lookup.
3706 error = cap_check(&tond.ni_filecaps.fc_rights,
3707 &cap_unlinkat_rights);
3718 * If the source is the same as the destination (that is, if they
3719 * are links to the same vnode), then there is nothing to do.
3725 error = mac_vnode_check_rename_to(td->td_ucred, tdvp,
3726 tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
3730 error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
3731 tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
3732 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3733 NDFREE(&tond, NDF_ONLY_PNBUF);
3735 NDFREE(&fromnd, NDF_ONLY_PNBUF);
3736 NDFREE(&tond, NDF_ONLY_PNBUF);
3743 vrele(fromnd.ni_dvp);
3746 vrele(tond.ni_startdir);
3747 vn_finished_write(mp);
3749 if (fromnd.ni_startdir)
3750 vrele(fromnd.ni_startdir);
3751 if (error == ERESTART)
3753 if (error == ERELOOKUP)
3759 * Make a directory file.
3761 #ifndef _SYS_SYSPROTO_H_
3768 sys_mkdir(struct thread *td, struct mkdir_args *uap)
3771 return (kern_mkdirat(td, AT_FDCWD, uap->path, UIO_USERSPACE,
3775 #ifndef _SYS_SYSPROTO_H_
3776 struct mkdirat_args {
3783 sys_mkdirat(struct thread *td, struct mkdirat_args *uap)
3786 return (kern_mkdirat(td, uap->fd, uap->path, UIO_USERSPACE, uap->mode));
3790 kern_mkdirat(struct thread *td, int fd, const char *path, enum uio_seg segflg,
3795 struct nameidata nd;
3798 AUDIT_ARG_MODE(mode);
3802 NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | AUDITVNODE1 |
3803 NC_NOMAKEENTRY | NC_KEEPPOSENTRY | FAILIFEXISTS | WILLBEDIR,
3804 segflg, path, fd, &cap_mkdirat_rights, td);
3805 if ((error = namei(&nd)) != 0)
3807 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3808 NDFREE(&nd, NDF_ONLY_PNBUF);
3810 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3815 vattr.va_type = VDIR;
3816 vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_pd->pd_cmask;
3818 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
3823 error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3827 NDFREE(&nd, NDF_ONLY_PNBUF);
3828 VOP_VPUT_PAIR(nd.ni_dvp, error == 0 ? &nd.ni_vp : NULL, true);
3829 vn_finished_write(mp);
3830 if (error == ERELOOKUP)
3836 * Remove a directory file.
3838 #ifndef _SYS_SYSPROTO_H_
3844 sys_rmdir(struct thread *td, struct rmdir_args *uap)
3847 return (kern_frmdirat(td, AT_FDCWD, uap->path, FD_NONE, UIO_USERSPACE,
3852 kern_frmdirat(struct thread *td, int dfd, const char *path, int fd,
3853 enum uio_seg pathseg, int flag)
3858 struct nameidata nd;
3859 cap_rights_t rights;
3863 if (fd != FD_NONE) {
3864 error = getvnode(td, fd, cap_rights_init_one(&rights,
3873 NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | AUDITVNODE1 |
3874 at2cnpflags(flag, AT_RESOLVE_BENEATH),
3875 pathseg, path, dfd, &cap_unlinkat_rights, td);
3876 if ((error = namei(&nd)) != 0)
3879 if (vp->v_type != VDIR) {
3884 * No rmdir "." please.
3886 if (nd.ni_dvp == vp) {
3891 * The root of a mounted filesystem cannot be deleted.
3893 if (vp->v_vflag & VV_ROOT) {
3898 if (fp != NULL && fp->f_vnode != vp) {
3899 if (VN_IS_DOOMED(fp->f_vnode))
3907 error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp,
3912 if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
3913 NDFREE(&nd, NDF_ONLY_PNBUF);
3915 if (nd.ni_dvp == vp)
3919 if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
3923 vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
3924 error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
3925 vn_finished_write(mp);
3927 NDFREE(&nd, NDF_ONLY_PNBUF);
3929 if (nd.ni_dvp == vp)
3933 if (error == ERELOOKUP)
3941 #if defined(COMPAT_43) || defined(COMPAT_FREEBSD11)
3943 freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count,
3944 long *basep, void (*func)(struct freebsd11_dirent *))
3946 struct freebsd11_dirent dstdp;
3947 struct dirent *dp, *edp;
3950 ssize_t resid, ucount;
3953 /* XXX arbitrary sanity limit on `count'. */
3954 count = min(count, 64 * 1024);
3956 dirbuf = malloc(count, M_TEMP, M_WAITOK);
3958 error = kern_getdirentries(td, fd, dirbuf, count, &base, &resid,
3966 for (dp = (struct dirent *)dirbuf,
3967 edp = (struct dirent *)&dirbuf[count - resid];
3968 ucount < count && dp < edp; ) {
3969 if (dp->d_reclen == 0)
3971 MPASS(dp->d_reclen >= _GENERIC_DIRLEN(0));
3972 if (dp->d_namlen >= sizeof(dstdp.d_name))
3974 dstdp.d_type = dp->d_type;
3975 dstdp.d_namlen = dp->d_namlen;
3976 dstdp.d_fileno = dp->d_fileno; /* truncate */
3977 if (dstdp.d_fileno != dp->d_fileno) {
3978 switch (ino64_trunc_error) {
3986 dstdp.d_fileno = UINT32_MAX;
3990 dstdp.d_reclen = sizeof(dstdp) - sizeof(dstdp.d_name) +
3991 ((dp->d_namlen + 1 + 3) &~ 3);
3992 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
3993 bzero(dstdp.d_name + dstdp.d_namlen,
3994 dstdp.d_reclen - offsetof(struct freebsd11_dirent, d_name) -
3996 MPASS(dstdp.d_reclen <= dp->d_reclen);
3997 MPASS(ucount + dstdp.d_reclen <= count);
4000 error = copyout(&dstdp, ubuf + ucount, dstdp.d_reclen);
4003 dp = (struct dirent *)((char *)dp + dp->d_reclen);
4004 ucount += dstdp.d_reclen;
4008 free(dirbuf, M_TEMP);
4010 td->td_retval[0] = ucount;
4017 ogetdirentries_cvt(struct freebsd11_dirent *dp)
4019 #if (BYTE_ORDER == LITTLE_ENDIAN)
4021 * The expected low byte of dp->d_namlen is our dp->d_type.
4022 * The high MBZ byte of dp->d_namlen is our dp->d_namlen.
4024 dp->d_type = dp->d_namlen;
4028 * The dp->d_type is the high byte of the expected dp->d_namlen,
4029 * so must be zero'ed.
4036 * Read a block of directory entries in a filesystem independent format.
4038 #ifndef _SYS_SYSPROTO_H_
4039 struct ogetdirentries_args {
4047 ogetdirentries(struct thread *td, struct ogetdirentries_args *uap)
4052 error = kern_ogetdirentries(td, uap, &loff);
4054 error = copyout(&loff, uap->basep, sizeof(long));
4059 kern_ogetdirentries(struct thread *td, struct ogetdirentries_args *uap,
4065 /* XXX arbitrary sanity limit on `count'. */
4066 if (uap->count > 64 * 1024)
4069 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4070 &base, ogetdirentries_cvt);
4072 if (error == 0 && uap->basep != NULL)
4073 error = copyout(&base, uap->basep, sizeof(long));
4077 #endif /* COMPAT_43 */
4079 #if defined(COMPAT_FREEBSD11)
4080 #ifndef _SYS_SYSPROTO_H_
4081 struct freebsd11_getdirentries_args {
4089 freebsd11_getdirentries(struct thread *td,
4090 struct freebsd11_getdirentries_args *uap)
4095 error = freebsd11_kern_getdirentries(td, uap->fd, uap->buf, uap->count,
4098 if (error == 0 && uap->basep != NULL)
4099 error = copyout(&base, uap->basep, sizeof(long));
4104 freebsd11_getdents(struct thread *td, struct freebsd11_getdents_args *uap)
4106 struct freebsd11_getdirentries_args ap;
4110 ap.count = uap->count;
4112 return (freebsd11_getdirentries(td, &ap));
4114 #endif /* COMPAT_FREEBSD11 */
4117 * Read a block of directory entries in a filesystem independent format.
4120 sys_getdirentries(struct thread *td, struct getdirentries_args *uap)
4125 error = kern_getdirentries(td, uap->fd, uap->buf, uap->count, &base,
4126 NULL, UIO_USERSPACE);
4129 if (uap->basep != NULL)
4130 error = copyout(&base, uap->basep, sizeof(off_t));
4135 kern_getdirentries(struct thread *td, int fd, char *buf, size_t count,
4136 off_t *basep, ssize_t *residp, enum uio_seg bufseg)
4147 if (count > IOSIZE_MAX)
4149 auio.uio_resid = count;
4150 error = getvnode(td, fd, &cap_read_rights, &fp);
4153 if ((fp->f_flag & FREAD) == 0) {
4158 foffset = foffset_lock(fp, 0);
4160 if (vp->v_type != VDIR) {
4164 aiov.iov_base = buf;
4165 aiov.iov_len = count;
4166 auio.uio_iov = &aiov;
4167 auio.uio_iovcnt = 1;
4168 auio.uio_rw = UIO_READ;
4169 auio.uio_segflg = bufseg;
4171 vn_lock(vp, LK_SHARED | LK_RETRY);
4172 AUDIT_ARG_VNODE1(vp);
4173 loff = auio.uio_offset = foffset;
4175 error = mac_vnode_check_readdir(td->td_ucred, vp);
4178 error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
4180 foffset = auio.uio_offset;
4185 if (count == auio.uio_resid &&
4186 (vp->v_vflag & VV_ROOT) &&
4187 (vp->v_mount->mnt_flag & MNT_UNION)) {
4188 struct vnode *tvp = vp;
4190 vp = vp->v_mount->mnt_vnodecovered;
4200 *residp = auio.uio_resid;
4201 td->td_retval[0] = count - auio.uio_resid;
4203 foffset_unlock(fp, foffset, 0);
4209 * Set the mode mask for creation of filesystem nodes.
4211 #ifndef _SYS_SYSPROTO_H_
4217 sys_umask(struct thread *td, struct umask_args *uap)
4219 struct pwddesc *pdp;
4221 pdp = td->td_proc->p_pd;
4223 td->td_retval[0] = pdp->pd_cmask;
4224 pdp->pd_cmask = uap->newmask & ALLPERMS;
4225 PWDDESC_XUNLOCK(pdp);
4230 * Void all references to file by ripping underlying filesystem away from
4233 #ifndef _SYS_SYSPROTO_H_
4234 struct revoke_args {
4239 sys_revoke(struct thread *td, struct revoke_args *uap)
4243 struct nameidata nd;
4246 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
4248 if ((error = namei(&nd)) != 0)
4251 NDFREE_NOTHING(&nd);
4252 if (vp->v_type != VCHR || vp->v_rdev == NULL) {
4257 error = mac_vnode_check_revoke(td->td_ucred, vp);
4261 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
4264 if (td->td_ucred->cr_uid != vattr.va_uid) {
4265 error = priv_check(td, PRIV_VFS_ADMIN);
4269 if (devfs_usecount(vp) > 0)
4270 VOP_REVOKE(vp, REVOKEALL);
4277 * This variant of getvnode() allows O_PATH files. Caller should
4278 * ensure that returned file and vnode are only used for compatible
4282 getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
4288 error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp);
4293 * The file could be not of the vnode type, or it may be not
4294 * yet fully initialized, in which case the f_vnode pointer
4295 * may be set, but f_ops is still badfileops. E.g.,
4296 * devfs_open() transiently create such situation to
4297 * facilitate csw d_fdopen().
4299 * Dupfdopen() handling in kern_openat() installs the
4300 * half-baked file into the process descriptor table, allowing
4301 * other thread to dereference it. Guard against the race by
4304 if (fp->f_vnode == NULL || fp->f_ops == &badfileops) {
4314 * Convert a user file descriptor to a kernel file entry and check
4315 * that, if it is a capability, the correct rights are present.
4316 * A reference on the file entry is held upon returning.
4319 getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
4323 error = getvnode_path(td, fd, rightsp, fpp);
4326 * Filter out O_PATH file descriptors, most getvnode() callers
4327 * do not call fo_ methods.
4329 if (error == 0 && (*fpp)->f_ops == &path_fileops) {
4338 * Get an (NFS) file handle.
4340 #ifndef _SYS_SYSPROTO_H_
4341 struct lgetfh_args {
4347 sys_lgetfh(struct thread *td, struct lgetfh_args *uap)
4350 return (kern_getfhat(td, AT_SYMLINK_NOFOLLOW, AT_FDCWD, uap->fname,
4351 UIO_USERSPACE, uap->fhp, UIO_USERSPACE));
4354 #ifndef _SYS_SYSPROTO_H_
4361 sys_getfh(struct thread *td, struct getfh_args *uap)
4364 return (kern_getfhat(td, 0, AT_FDCWD, uap->fname, UIO_USERSPACE,
4365 uap->fhp, UIO_USERSPACE));
4369 * syscall for the rpc.lockd to use to translate an open descriptor into
4370 * a NFS file handle.
4372 * warning: do not remove the priv_check() call or this becomes one giant
4375 #ifndef _SYS_SYSPROTO_H_
4376 struct getfhat_args {
4384 sys_getfhat(struct thread *td, struct getfhat_args *uap)
4387 if ((uap->flags & ~(AT_SYMLINK_NOFOLLOW | AT_RESOLVE_BENEATH)) != 0)
4389 return (kern_getfhat(td, uap->flags, uap->fd, uap->path, UIO_USERSPACE,
4390 uap->fhp, UIO_USERSPACE));
4394 kern_getfhat(struct thread *td, int flags, int fd, const char *path,
4395 enum uio_seg pathseg, fhandle_t *fhp, enum uio_seg fhseg)
4397 struct nameidata nd;
4402 error = priv_check(td, PRIV_VFS_GETFH);
4405 NDINIT_AT(&nd, LOOKUP, at2cnpflags(flags, AT_SYMLINK_NOFOLLOW |
4406 AT_RESOLVE_BENEATH) | LOCKLEAF | AUDITVNODE1, pathseg, path,
4411 NDFREE_NOTHING(&nd);
4413 bzero(&fh, sizeof(fh));
4414 fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
4415 error = VOP_VPTOFH(vp, &fh.fh_fid);
4418 if (fhseg == UIO_USERSPACE)
4419 error = copyout(&fh, fhp, sizeof (fh));
4421 memcpy(fhp, &fh, sizeof(fh));
4426 #ifndef _SYS_SYSPROTO_H_
4427 struct fhlink_args {
4433 sys_fhlink(struct thread *td, struct fhlink_args *uap)
4436 return (kern_fhlinkat(td, AT_FDCWD, uap->to, UIO_USERSPACE, uap->fhp));
4439 #ifndef _SYS_SYSPROTO_H_
4440 struct fhlinkat_args {
4447 sys_fhlinkat(struct thread *td, struct fhlinkat_args *uap)
4450 return (kern_fhlinkat(td, uap->tofd, uap->to, UIO_USERSPACE, uap->fhp));
4454 kern_fhlinkat(struct thread *td, int fd, const char *path,
4455 enum uio_seg pathseg, fhandle_t *fhp)
4462 error = priv_check(td, PRIV_VFS_GETFH);
4465 error = copyin(fhp, &fh, sizeof(fh));
4470 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4472 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4477 error = kern_linkat_vp(td, vp, fd, path, pathseg);
4478 } while (error == EAGAIN || error == ERELOOKUP);
4482 #ifndef _SYS_SYSPROTO_H_
4483 struct fhreadlink_args {
4490 sys_fhreadlink(struct thread *td, struct fhreadlink_args *uap)
4497 error = priv_check(td, PRIV_VFS_GETFH);
4500 if (uap->bufsize > IOSIZE_MAX)
4502 error = copyin(uap->fhp, &fh, sizeof(fh));
4505 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4507 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_SHARED, &vp);
4511 error = kern_readlink_vp(vp, uap->buf, UIO_USERSPACE, uap->bufsize, td);
4517 * syscall for the rpc.lockd to use to translate a NFS file handle into an
4520 * warning: do not remove the priv_check() call or this becomes one giant
4523 #ifndef _SYS_SYSPROTO_H_
4524 struct fhopen_args {
4525 const struct fhandle *u_fhp;
4530 sys_fhopen(struct thread *td, struct fhopen_args *uap)
4532 return (kern_fhopen(td, uap->u_fhp, uap->flags));
4536 kern_fhopen(struct thread *td, const struct fhandle *u_fhp, int flags)
4545 error = priv_check(td, PRIV_VFS_FHOPEN);
4549 fmode = FFLAGS(flags);
4550 /* why not allow a non-read/write open for our lockd? */
4551 if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
4553 error = copyin(u_fhp, &fhp, sizeof(fhp));
4556 /* find the mount point */
4557 mp = vfs_busyfs(&fhp.fh_fsid);
4560 /* now give me my vnode, it gets returned to me locked */
4561 error = VFS_FHTOVP(mp, &fhp.fh_fid, LK_EXCLUSIVE, &vp);
4566 error = falloc_noinstall(td, &fp);
4572 * An extra reference on `fp' has been held for us by
4573 * falloc_noinstall().
4579 error = vn_open_vnode(vp, fmode, td->td_ucred, td, fp);
4581 KASSERT(fp->f_ops == &badfileops,
4582 ("VOP_OPEN in fhopen() set f_ops"));
4583 KASSERT(td->td_dupfd < 0,
4584 ("fhopen() encountered fdopen()"));
4593 finit_vnode(fp, fmode, NULL, &vnops);
4595 if ((fmode & O_TRUNC) != 0) {
4596 error = fo_truncate(fp, 0, td->td_ucred, td);
4601 error = finstall(td, fp, &indx, fmode, NULL);
4604 td->td_retval[0] = indx;
4609 * Stat an (NFS) file handle.
4611 #ifndef _SYS_SYSPROTO_H_
4612 struct fhstat_args {
4613 struct fhandle *u_fhp;
4618 sys_fhstat(struct thread *td, struct fhstat_args *uap)
4624 error = copyin(uap->u_fhp, &fh, sizeof(fh));
4627 error = kern_fhstat(td, fh, &sb);
4629 error = copyout(&sb, uap->sb, sizeof(sb));
4634 kern_fhstat(struct thread *td, struct fhandle fh, struct stat *sb)
4640 error = priv_check(td, PRIV_VFS_FHSTAT);
4643 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4645 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4649 error = VOP_STAT(vp, sb, td->td_ucred, NOCRED, td);
4655 * Implement fstatfs() for (NFS) file handles.
4657 #ifndef _SYS_SYSPROTO_H_
4658 struct fhstatfs_args {
4659 struct fhandle *u_fhp;
4664 sys_fhstatfs(struct thread *td, struct fhstatfs_args *uap)
4670 error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
4673 sfp = malloc(sizeof(struct statfs), M_STATFS, M_WAITOK);
4674 error = kern_fhstatfs(td, fh, sfp);
4676 error = copyout(sfp, uap->buf, sizeof(*sfp));
4677 free(sfp, M_STATFS);
4682 kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
4688 error = priv_check(td, PRIV_VFS_FHSTATFS);
4691 if ((mp = vfs_busyfs(&fh.fh_fsid)) == NULL)
4693 error = VFS_FHTOVP(mp, &fh.fh_fid, LK_EXCLUSIVE, &vp);
4699 error = prison_canseemount(td->td_ucred, mp);
4703 error = mac_mount_check_stat(td->td_ucred, mp);
4707 error = VFS_STATFS(mp, buf);
4714 * Unlike madvise(2), we do not make a best effort to remember every
4715 * possible caching hint. Instead, we remember the last setting with
4716 * the exception that we will allow POSIX_FADV_NORMAL to adjust the
4717 * region of any current setting.
4720 kern_posix_fadvise(struct thread *td, int fd, off_t offset, off_t len,
4723 struct fadvise_info *fa, *new;
4729 if (offset < 0 || len < 0 || offset > OFF_MAX - len)
4731 AUDIT_ARG_VALUE(advice);
4733 case POSIX_FADV_SEQUENTIAL:
4734 case POSIX_FADV_RANDOM:
4735 case POSIX_FADV_NOREUSE:
4736 new = malloc(sizeof(*fa), M_FADVISE, M_WAITOK);
4738 case POSIX_FADV_NORMAL:
4739 case POSIX_FADV_WILLNEED:
4740 case POSIX_FADV_DONTNEED:
4746 /* XXX: CAP_POSIX_FADVISE? */
4748 error = fget(td, fd, &cap_no_rights, &fp);
4751 AUDIT_ARG_FILE(td->td_proc, fp);
4752 if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {
4756 if (fp->f_type != DTYPE_VNODE) {
4761 if (vp->v_type != VREG) {
4768 end = offset + len - 1;
4770 case POSIX_FADV_SEQUENTIAL:
4771 case POSIX_FADV_RANDOM:
4772 case POSIX_FADV_NOREUSE:
4774 * Try to merge any existing non-standard region with
4775 * this new region if possible, otherwise create a new
4776 * non-standard region for this request.
4778 mtx_pool_lock(mtxpool_sleep, fp);
4780 if (fa != NULL && fa->fa_advice == advice &&
4781 ((fa->fa_start <= end && fa->fa_end >= offset) ||
4782 (end != OFF_MAX && fa->fa_start == end + 1) ||
4783 (fa->fa_end != OFF_MAX && fa->fa_end + 1 == offset))) {
4784 if (offset < fa->fa_start)
4785 fa->fa_start = offset;
4786 if (end > fa->fa_end)
4789 new->fa_advice = advice;
4790 new->fa_start = offset;
4795 mtx_pool_unlock(mtxpool_sleep, fp);
4797 case POSIX_FADV_NORMAL:
4799 * If a the "normal" region overlaps with an existing
4800 * non-standard region, trim or remove the
4801 * non-standard region.
4803 mtx_pool_lock(mtxpool_sleep, fp);
4806 if (offset <= fa->fa_start && end >= fa->fa_end) {
4808 fp->f_advice = NULL;
4809 } else if (offset <= fa->fa_start &&
4810 end >= fa->fa_start)
4811 fa->fa_start = end + 1;
4812 else if (offset <= fa->fa_end && end >= fa->fa_end)
4813 fa->fa_end = offset - 1;
4814 else if (offset >= fa->fa_start && end <= fa->fa_end) {
4816 * If the "normal" region is a middle
4817 * portion of the existing
4818 * non-standard region, just remove
4819 * the whole thing rather than picking
4820 * one side or the other to
4824 fp->f_advice = NULL;
4827 mtx_pool_unlock(mtxpool_sleep, fp);
4829 case POSIX_FADV_WILLNEED:
4830 case POSIX_FADV_DONTNEED:
4831 error = VOP_ADVISE(vp, offset, end, advice);
4837 free(new, M_FADVISE);
4842 sys_posix_fadvise(struct thread *td, struct posix_fadvise_args *uap)
4846 error = kern_posix_fadvise(td, uap->fd, uap->offset, uap->len,
4848 return (kern_posix_error(td, error));
4852 kern_copy_file_range(struct thread *td, int infd, off_t *inoffp, int outfd,
4853 off_t *outoffp, size_t len, unsigned int flags)
4855 struct file *infp, *outfp;
4856 struct vnode *invp, *outvp;
4859 void *rl_rcookie, *rl_wcookie;
4860 off_t savinoff, savoutoff;
4862 infp = outfp = NULL;
4863 rl_rcookie = rl_wcookie = NULL;
4872 if (len > SSIZE_MAX)
4874 * Although the len argument is size_t, the return argument
4875 * is ssize_t (which is signed). Therefore a size that won't
4876 * fit in ssize_t can't be returned.
4880 /* Get the file structures for the file descriptors. */
4881 error = fget_read(td, infd, &cap_read_rights, &infp);
4884 if (infp->f_ops == &badfileops) {
4888 if (infp->f_vnode == NULL) {
4892 error = fget_write(td, outfd, &cap_write_rights, &outfp);
4895 if (outfp->f_ops == &badfileops) {
4899 if (outfp->f_vnode == NULL) {
4904 /* Set the offset pointers to the correct place. */
4906 inoffp = &infp->f_offset;
4907 if (outoffp == NULL)
4908 outoffp = &outfp->f_offset;
4910 savoutoff = *outoffp;
4912 invp = infp->f_vnode;
4913 outvp = outfp->f_vnode;
4914 /* Sanity check the f_flag bits. */
4915 if ((outfp->f_flag & (FWRITE | FAPPEND)) != FWRITE ||
4916 (infp->f_flag & FREAD) == 0) {
4921 /* If len == 0, just return 0. */
4926 * If infp and outfp refer to the same file, the byte ranges cannot
4929 if (invp == outvp && ((savinoff <= savoutoff && savinoff + len >
4930 savoutoff) || (savinoff > savoutoff && savoutoff + len >
4936 /* Range lock the byte ranges for both invp and outvp. */
4938 rl_wcookie = vn_rangelock_wlock(outvp, *outoffp, *outoffp +
4940 rl_rcookie = vn_rangelock_tryrlock(invp, *inoffp, *inoffp +
4942 if (rl_rcookie != NULL)
4944 vn_rangelock_unlock(outvp, rl_wcookie);
4945 rl_rcookie = vn_rangelock_rlock(invp, *inoffp, *inoffp + len);
4946 vn_rangelock_unlock(invp, rl_rcookie);
4950 error = vn_copy_file_range(invp, inoffp, outvp, outoffp, &retlen,
4951 flags, infp->f_cred, outfp->f_cred, td);
4953 if (rl_rcookie != NULL)
4954 vn_rangelock_unlock(invp, rl_rcookie);
4955 if (rl_wcookie != NULL)
4956 vn_rangelock_unlock(outvp, rl_wcookie);
4957 if (savinoff != -1 && (error == EINTR || error == ERESTART)) {
4959 *outoffp = savoutoff;
4965 td->td_retval[0] = retlen;
4970 sys_copy_file_range(struct thread *td, struct copy_file_range_args *uap)
4972 off_t inoff, outoff, *inoffp, *outoffp;
4975 inoffp = outoffp = NULL;
4976 if (uap->inoffp != NULL) {
4977 error = copyin(uap->inoffp, &inoff, sizeof(off_t));
4982 if (uap->outoffp != NULL) {
4983 error = copyin(uap->outoffp, &outoff, sizeof(off_t));
4988 error = kern_copy_file_range(td, uap->infd, inoffp, uap->outfd,
4989 outoffp, uap->len, uap->flags);
4990 if (error == 0 && uap->inoffp != NULL)
4991 error = copyout(inoffp, uap->inoffp, sizeof(off_t));
4992 if (error == 0 && uap->outoffp != NULL)
4993 error = copyout(outoffp, uap->outoffp, sizeof(off_t));
projects / FreeBSD / FreeBSD.git / blob