2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Copyright (c) 2012 Konstantin Belousov <kib@FreeBSD.org>
13 * Copyright (c) 2013, 2014 The FreeBSD Foundation
15 * Portions of this software were developed by Konstantin Belousov
16 * under sponsorship from the FreeBSD Foundation.
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 * 3. Neither the name of the University nor the names of its contributors
27 * may be used to endorse or promote products derived from this software
28 * without specific prior written permission.
30 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 * @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
48 #include "opt_hwpmc_hooks.h"
50 #include <sys/param.h>
51 #include <sys/systm.h>
54 #include <sys/fcntl.h>
60 #include <sys/limits.h>
63 #include <sys/mount.h>
64 #include <sys/mutex.h>
65 #include <sys/namei.h>
66 #include <sys/vnode.h>
69 #include <sys/filio.h>
70 #include <sys/resourcevar.h>
71 #include <sys/rwlock.h>
73 #include <sys/sysctl.h>
74 #include <sys/ttycom.h>
76 #include <sys/syslog.h>
77 #include <sys/unistd.h>
80 #include <security/audit/audit.h>
81 #include <security/mac/mac_framework.h>
84 #include <vm/vm_extern.h>
86 #include <vm/vm_map.h>
87 #include <vm/vm_object.h>
88 #include <vm/vm_page.h>
89 #include <vm/vnode_pager.h>
92 #include <sys/pmckern.h>
95 static fo_rdwr_t vn_read;
96 static fo_rdwr_t vn_write;
97 static fo_rdwr_t vn_io_fault;
98 static fo_truncate_t vn_truncate;
99 static fo_ioctl_t vn_ioctl;
100 static fo_poll_t vn_poll;
101 static fo_kqfilter_t vn_kqfilter;
102 static fo_stat_t vn_statfile;
103 static fo_close_t vn_closefile;
104 static fo_mmap_t vn_mmap;
106 struct fileops vnops = {
107 .fo_read = vn_io_fault,
108 .fo_write = vn_io_fault,
109 .fo_truncate = vn_truncate,
110 .fo_ioctl = vn_ioctl,
112 .fo_kqfilter = vn_kqfilter,
113 .fo_stat = vn_statfile,
114 .fo_close = vn_closefile,
115 .fo_chmod = vn_chmod,
116 .fo_chown = vn_chown,
117 .fo_sendfile = vn_sendfile,
119 .fo_fill_kinfo = vn_fill_kinfo,
121 .fo_flags = DFLAG_PASSABLE | DFLAG_SEEKABLE
124 static const int io_hold_cnt = 16;
125 static int vn_io_fault_enable = 1;
126 SYSCTL_INT(_debug, OID_AUTO, vn_io_fault_enable, CTLFLAG_RW,
127 &vn_io_fault_enable, 0, "Enable vn_io_fault lock avoidance");
128 static int vn_io_fault_prefault = 0;
129 SYSCTL_INT(_debug, OID_AUTO, vn_io_fault_prefault, CTLFLAG_RW,
130 &vn_io_fault_prefault, 0, "Enable vn_io_fault prefaulting");
131 static u_long vn_io_faults_cnt;
132 SYSCTL_ULONG(_debug, OID_AUTO, vn_io_faults, CTLFLAG_RD,
133 &vn_io_faults_cnt, 0, "Count of vn_io_fault lock avoidance triggers");
136 * Returns true if vn_io_fault mode of handling the i/o request should
140 do_vn_io_fault(struct vnode *vp, struct uio *uio)
144 return (uio->uio_segflg == UIO_USERSPACE && vp->v_type == VREG &&
145 (mp = vp->v_mount) != NULL &&
146 (mp->mnt_kern_flag & MNTK_NO_IOPF) != 0 && vn_io_fault_enable);
150 * Structure used to pass arguments to vn_io_fault1(), to do either
151 * file- or vnode-based I/O calls.
153 struct vn_io_fault_args {
161 struct fop_args_tag {
165 struct vop_args_tag {
171 static int vn_io_fault1(struct vnode *vp, struct uio *uio,
172 struct vn_io_fault_args *args, struct thread *td);
175 vn_open(struct nameidata *ndp, int *flagp, int cmode, struct file *fp)
177 struct thread *td = ndp->ni_cnd.cn_thread;
179 return (vn_open_cred(ndp, flagp, cmode, 0, td->td_ucred, fp));
183 * Common code for vnode open operations via a name lookup.
184 * Lookup the vnode and invoke VOP_CREATE if needed.
185 * Check permissions, and call the VOP_OPEN or VOP_CREATE routine.
187 * Note that this does NOT free nameidata for the successful case,
188 * due to the NDINIT being done elsewhere.
191 vn_open_cred(struct nameidata *ndp, int *flagp, int cmode, u_int vn_open_flags,
192 struct ucred *cred, struct file *fp)
196 struct thread *td = ndp->ni_cnd.cn_thread;
198 struct vattr *vap = &vat;
203 if ((fmode & (O_CREAT | O_EXCL | O_DIRECTORY)) == (O_CREAT |
204 O_EXCL | O_DIRECTORY))
206 else if ((fmode & (O_CREAT | O_DIRECTORY)) == O_CREAT) {
207 ndp->ni_cnd.cn_nameiop = CREATE;
209 * Set NOCACHE to avoid flushing the cache when
210 * rolling in many files at once.
212 ndp->ni_cnd.cn_flags = ISOPEN | LOCKPARENT | LOCKLEAF | NOCACHE;
213 if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0)
214 ndp->ni_cnd.cn_flags |= FOLLOW;
215 if ((fmode & O_BENEATH) != 0)
216 ndp->ni_cnd.cn_flags |= BENEATH;
217 if (!(vn_open_flags & VN_OPEN_NOAUDIT))
218 ndp->ni_cnd.cn_flags |= AUDITVNODE1;
219 if (vn_open_flags & VN_OPEN_NOCAPCHECK)
220 ndp->ni_cnd.cn_flags |= NOCAPCHECK;
222 if ((error = namei(ndp)) != 0)
224 if (ndp->ni_vp == NULL) {
227 vap->va_mode = cmode;
229 vap->va_vaflags |= VA_EXCLUSIVE;
230 if (vn_start_write(ndp->ni_dvp, &mp, V_NOWAIT) != 0) {
231 NDFREE(ndp, NDF_ONLY_PNBUF);
233 if ((error = vn_start_write(NULL, &mp,
234 V_XSLEEP | PCATCH)) != 0)
238 if ((vn_open_flags & VN_OPEN_NAMECACHE) != 0)
239 ndp->ni_cnd.cn_flags |= MAKEENTRY;
241 error = mac_vnode_check_create(cred, ndp->ni_dvp,
245 error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp,
248 vn_finished_write(mp);
250 NDFREE(ndp, NDF_ONLY_PNBUF);
256 if (ndp->ni_dvp == ndp->ni_vp)
262 if (fmode & O_EXCL) {
269 ndp->ni_cnd.cn_nameiop = LOOKUP;
270 ndp->ni_cnd.cn_flags = ISOPEN |
271 ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) | LOCKLEAF;
272 if (!(fmode & FWRITE))
273 ndp->ni_cnd.cn_flags |= LOCKSHARED;
274 if ((fmode & O_BENEATH) != 0)
275 ndp->ni_cnd.cn_flags |= BENEATH;
276 if (!(vn_open_flags & VN_OPEN_NOAUDIT))
277 ndp->ni_cnd.cn_flags |= AUDITVNODE1;
278 if (vn_open_flags & VN_OPEN_NOCAPCHECK)
279 ndp->ni_cnd.cn_flags |= NOCAPCHECK;
280 if ((error = namei(ndp)) != 0)
284 error = vn_open_vnode(vp, fmode, cred, td, fp);
290 NDFREE(ndp, NDF_ONLY_PNBUF);
298 * Common code for vnode open operations once a vnode is located.
299 * Check permissions, and call the VOP_OPEN routine.
302 vn_open_vnode(struct vnode *vp, int fmode, struct ucred *cred,
303 struct thread *td, struct file *fp)
307 int error, lock_flags, type;
309 if (vp->v_type == VLNK)
311 if (vp->v_type == VSOCK)
313 if (vp->v_type != VDIR && fmode & O_DIRECTORY)
316 if (fmode & (FWRITE | O_TRUNC)) {
317 if (vp->v_type == VDIR)
325 if ((fmode & O_APPEND) && (fmode & FWRITE))
330 if (fmode & O_VERIFY)
332 error = mac_vnode_check_open(cred, vp, accmode);
336 accmode &= ~(VCREAT | VVERIFY);
338 if ((fmode & O_CREAT) == 0) {
339 if (accmode & VWRITE) {
340 error = vn_writechk(vp);
345 error = VOP_ACCESS(vp, accmode, cred, td);
350 if (vp->v_type == VFIFO && VOP_ISLOCKED(vp) != LK_EXCLUSIVE)
351 vn_lock(vp, LK_UPGRADE | LK_RETRY);
352 if ((error = VOP_OPEN(vp, fmode, cred, td, fp)) != 0)
355 while ((fmode & (O_EXLOCK | O_SHLOCK)) != 0) {
356 KASSERT(fp != NULL, ("open with flock requires fp"));
357 if (fp->f_type != DTYPE_NONE && fp->f_type != DTYPE_VNODE) {
361 lock_flags = VOP_ISLOCKED(vp);
363 lf.l_whence = SEEK_SET;
366 if (fmode & O_EXLOCK)
371 if ((fmode & FNONBLOCK) == 0)
373 error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type);
375 fp->f_flag |= FHASLOCK;
376 vn_lock(vp, lock_flags | LK_RETRY);
379 if ((vp->v_iflag & VI_DOOMED) != 0) {
385 * Another thread might have used this vnode as an
386 * executable while the vnode lock was dropped.
387 * Ensure the vnode is still able to be opened for
388 * writing after the lock has been obtained.
390 if ((accmode & VWRITE) != 0)
391 error = vn_writechk(vp);
396 fp->f_flag |= FOPENFAILED;
398 if (fp->f_ops == &badfileops) {
399 fp->f_type = DTYPE_VNODE;
403 } else if ((fmode & FWRITE) != 0) {
404 VOP_ADD_WRITECOUNT(vp, 1);
405 CTR3(KTR_VFS, "%s: vp %p v_writecount increased to %d",
406 __func__, vp, vp->v_writecount);
408 ASSERT_VOP_LOCKED(vp, "vn_open_vnode");
413 * Check for write permissions on the specified vnode.
414 * Prototype text segments cannot be written.
417 vn_writechk(struct vnode *vp)
420 ASSERT_VOP_LOCKED(vp, "vn_writechk");
422 * If there's shared text associated with
423 * the vnode, try to free it up once. If
424 * we fail, we can't allow writing.
436 vn_close1(struct vnode *vp, int flags, struct ucred *file_cred,
437 struct thread *td, bool keep_ref)
440 int error, lock_flags;
442 if (vp->v_type != VFIFO && (flags & FWRITE) == 0 &&
443 MNT_EXTENDED_SHARED(vp->v_mount))
444 lock_flags = LK_SHARED;
446 lock_flags = LK_EXCLUSIVE;
448 vn_start_write(vp, &mp, V_WAIT);
449 vn_lock(vp, lock_flags | LK_RETRY);
450 AUDIT_ARG_VNODE1(vp);
451 if ((flags & (FWRITE | FOPENFAILED)) == FWRITE) {
452 VNASSERT(vp->v_writecount > 0, vp,
453 ("vn_close: negative writecount"));
454 VOP_ADD_WRITECOUNT(vp, -1);
455 CTR3(KTR_VFS, "%s: vp %p v_writecount decreased to %d",
456 __func__, vp, vp->v_writecount);
458 error = VOP_CLOSE(vp, flags, file_cred, td);
463 vn_finished_write(mp);
468 vn_close(struct vnode *vp, int flags, struct ucred *file_cred,
472 return (vn_close1(vp, flags, file_cred, td, false));
476 * Heuristic to detect sequential operation.
479 sequential_heuristic(struct uio *uio, struct file *fp)
482 ASSERT_VOP_LOCKED(fp->f_vnode, __func__);
483 if (fp->f_flag & FRDAHEAD)
484 return (fp->f_seqcount << IO_SEQSHIFT);
487 * Offset 0 is handled specially. open() sets f_seqcount to 1 so
488 * that the first I/O is normally considered to be slightly
489 * sequential. Seeking to offset 0 doesn't change sequentiality
490 * unless previous seeks have reduced f_seqcount to 0, in which
491 * case offset 0 is not special.
493 if ((uio->uio_offset == 0 && fp->f_seqcount > 0) ||
494 uio->uio_offset == fp->f_nextoff) {
496 * f_seqcount is in units of fixed-size blocks so that it
497 * depends mainly on the amount of sequential I/O and not
498 * much on the number of sequential I/O's. The fixed size
499 * of 16384 is hard-coded here since it is (not quite) just
500 * a magic size that works well here. This size is more
501 * closely related to the best I/O size for real disks than
502 * to any block size used by software.
504 fp->f_seqcount += howmany(uio->uio_resid, 16384);
505 if (fp->f_seqcount > IO_SEQMAX)
506 fp->f_seqcount = IO_SEQMAX;
507 return (fp->f_seqcount << IO_SEQSHIFT);
510 /* Not sequential. Quickly draw-down sequentiality. */
511 if (fp->f_seqcount > 1)
519 * Package up an I/O request on a vnode into a uio and do it.
522 vn_rdwr(enum uio_rw rw, struct vnode *vp, void *base, int len, off_t offset,
523 enum uio_seg segflg, int ioflg, struct ucred *active_cred,
524 struct ucred *file_cred, ssize_t *aresid, struct thread *td)
531 struct vn_io_fault_args args;
532 int error, lock_flags;
534 if (offset < 0 && vp->v_type != VCHR)
536 auio.uio_iov = &aiov;
538 aiov.iov_base = base;
540 auio.uio_resid = len;
541 auio.uio_offset = offset;
542 auio.uio_segflg = segflg;
547 if ((ioflg & IO_NODELOCKED) == 0) {
548 if ((ioflg & IO_RANGELOCKED) == 0) {
549 if (rw == UIO_READ) {
550 rl_cookie = vn_rangelock_rlock(vp, offset,
553 rl_cookie = vn_rangelock_wlock(vp, offset,
559 if (rw == UIO_WRITE) {
560 if (vp->v_type != VCHR &&
561 (error = vn_start_write(vp, &mp, V_WAIT | PCATCH))
564 if (MNT_SHARED_WRITES(mp) ||
565 ((mp == NULL) && MNT_SHARED_WRITES(vp->v_mount)))
566 lock_flags = LK_SHARED;
568 lock_flags = LK_EXCLUSIVE;
570 lock_flags = LK_SHARED;
571 vn_lock(vp, lock_flags | LK_RETRY);
575 ASSERT_VOP_LOCKED(vp, "IO_NODELOCKED with no vp lock held");
577 if ((ioflg & IO_NOMACCHECK) == 0) {
579 error = mac_vnode_check_read(active_cred, file_cred,
582 error = mac_vnode_check_write(active_cred, file_cred,
587 if (file_cred != NULL)
591 if (do_vn_io_fault(vp, &auio)) {
592 args.kind = VN_IO_FAULT_VOP;
595 args.args.vop_args.vp = vp;
596 error = vn_io_fault1(vp, &auio, &args, td);
597 } else if (rw == UIO_READ) {
598 error = VOP_READ(vp, &auio, ioflg, cred);
599 } else /* if (rw == UIO_WRITE) */ {
600 error = VOP_WRITE(vp, &auio, ioflg, cred);
604 *aresid = auio.uio_resid;
606 if (auio.uio_resid && error == 0)
608 if ((ioflg & IO_NODELOCKED) == 0) {
611 vn_finished_write(mp);
614 if (rl_cookie != NULL)
615 vn_rangelock_unlock(vp, rl_cookie);
620 * Package up an I/O request on a vnode into a uio and do it. The I/O
621 * request is split up into smaller chunks and we try to avoid saturating
622 * the buffer cache while potentially holding a vnode locked, so we
623 * check bwillwrite() before calling vn_rdwr(). We also call kern_yield()
624 * to give other processes a chance to lock the vnode (either other processes
625 * core'ing the same binary, or unrelated processes scanning the directory).
628 vn_rdwr_inchunks(enum uio_rw rw, struct vnode *vp, void *base, size_t len,
629 off_t offset, enum uio_seg segflg, int ioflg, struct ucred *active_cred,
630 struct ucred *file_cred, size_t *aresid, struct thread *td)
639 * Force `offset' to a multiple of MAXBSIZE except possibly
640 * for the first chunk, so that filesystems only need to
641 * write full blocks except possibly for the first and last
644 chunk = MAXBSIZE - (uoff_t)offset % MAXBSIZE;
648 if (rw != UIO_READ && vp->v_type == VREG)
651 error = vn_rdwr(rw, vp, base, chunk, offset, segflg,
652 ioflg, active_cred, file_cred, &iaresid, td);
653 len -= chunk; /* aresid calc already includes length */
657 base = (char *)base + chunk;
658 kern_yield(PRI_USER);
661 *aresid = len + iaresid;
666 foffset_lock(struct file *fp, int flags)
671 KASSERT((flags & FOF_OFFSET) == 0, ("FOF_OFFSET passed"));
673 #if OFF_MAX <= LONG_MAX
675 * Caller only wants the current f_offset value. Assume that
676 * the long and shorter integer types reads are atomic.
678 if ((flags & FOF_NOLOCK) != 0)
679 return (fp->f_offset);
683 * According to McKusick the vn lock was protecting f_offset here.
684 * It is now protected by the FOFFSET_LOCKED flag.
686 mtxp = mtx_pool_find(mtxpool_sleep, fp);
688 if ((flags & FOF_NOLOCK) == 0) {
689 while (fp->f_vnread_flags & FOFFSET_LOCKED) {
690 fp->f_vnread_flags |= FOFFSET_LOCK_WAITING;
691 msleep(&fp->f_vnread_flags, mtxp, PUSER -1,
694 fp->f_vnread_flags |= FOFFSET_LOCKED;
702 foffset_unlock(struct file *fp, off_t val, int flags)
706 KASSERT((flags & FOF_OFFSET) == 0, ("FOF_OFFSET passed"));
708 #if OFF_MAX <= LONG_MAX
709 if ((flags & FOF_NOLOCK) != 0) {
710 if ((flags & FOF_NOUPDATE) == 0)
712 if ((flags & FOF_NEXTOFF) != 0)
718 mtxp = mtx_pool_find(mtxpool_sleep, fp);
720 if ((flags & FOF_NOUPDATE) == 0)
722 if ((flags & FOF_NEXTOFF) != 0)
724 if ((flags & FOF_NOLOCK) == 0) {
725 KASSERT((fp->f_vnread_flags & FOFFSET_LOCKED) != 0,
726 ("Lost FOFFSET_LOCKED"));
727 if (fp->f_vnread_flags & FOFFSET_LOCK_WAITING)
728 wakeup(&fp->f_vnread_flags);
729 fp->f_vnread_flags = 0;
735 foffset_lock_uio(struct file *fp, struct uio *uio, int flags)
738 if ((flags & FOF_OFFSET) == 0)
739 uio->uio_offset = foffset_lock(fp, flags);
743 foffset_unlock_uio(struct file *fp, struct uio *uio, int flags)
746 if ((flags & FOF_OFFSET) == 0)
747 foffset_unlock(fp, uio->uio_offset, flags);
751 get_advice(struct file *fp, struct uio *uio)
756 ret = POSIX_FADV_NORMAL;
757 if (fp->f_advice == NULL || fp->f_vnode->v_type != VREG)
760 mtxp = mtx_pool_find(mtxpool_sleep, fp);
762 if (fp->f_advice != NULL &&
763 uio->uio_offset >= fp->f_advice->fa_start &&
764 uio->uio_offset + uio->uio_resid <= fp->f_advice->fa_end)
765 ret = fp->f_advice->fa_advice;
771 * File table vnode read routine.
774 vn_read(struct file *fp, struct uio *uio, struct ucred *active_cred, int flags,
782 KASSERT(uio->uio_td == td, ("uio_td %p is not td %p",
784 KASSERT(flags & FOF_OFFSET, ("No FOF_OFFSET"));
787 if (fp->f_flag & FNONBLOCK)
789 if (fp->f_flag & O_DIRECT)
791 advice = get_advice(fp, uio);
792 vn_lock(vp, LK_SHARED | LK_RETRY);
795 case POSIX_FADV_NORMAL:
796 case POSIX_FADV_SEQUENTIAL:
797 case POSIX_FADV_NOREUSE:
798 ioflag |= sequential_heuristic(uio, fp);
800 case POSIX_FADV_RANDOM:
801 /* Disable read-ahead for random I/O. */
804 orig_offset = uio->uio_offset;
807 error = mac_vnode_check_read(active_cred, fp->f_cred, vp);
810 error = VOP_READ(vp, uio, ioflag, fp->f_cred);
811 fp->f_nextoff = uio->uio_offset;
813 if (error == 0 && advice == POSIX_FADV_NOREUSE &&
814 orig_offset != uio->uio_offset)
816 * Use POSIX_FADV_DONTNEED to flush pages and buffers
817 * for the backing file after a POSIX_FADV_NOREUSE
820 error = VOP_ADVISE(vp, orig_offset, uio->uio_offset - 1,
821 POSIX_FADV_DONTNEED);
826 * File table vnode write routine.
829 vn_write(struct file *fp, struct uio *uio, struct ucred *active_cred, int flags,
835 int error, ioflag, lock_flags;
838 KASSERT(uio->uio_td == td, ("uio_td %p is not td %p",
840 KASSERT(flags & FOF_OFFSET, ("No FOF_OFFSET"));
842 if (vp->v_type == VREG)
845 if (vp->v_type == VREG && (fp->f_flag & O_APPEND))
847 if (fp->f_flag & FNONBLOCK)
849 if (fp->f_flag & O_DIRECT)
851 if ((fp->f_flag & O_FSYNC) ||
852 (vp->v_mount && (vp->v_mount->mnt_flag & MNT_SYNCHRONOUS)))
855 if (vp->v_type != VCHR &&
856 (error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
859 advice = get_advice(fp, uio);
861 if (MNT_SHARED_WRITES(mp) ||
862 (mp == NULL && MNT_SHARED_WRITES(vp->v_mount))) {
863 lock_flags = LK_SHARED;
865 lock_flags = LK_EXCLUSIVE;
868 vn_lock(vp, lock_flags | LK_RETRY);
870 case POSIX_FADV_NORMAL:
871 case POSIX_FADV_SEQUENTIAL:
872 case POSIX_FADV_NOREUSE:
873 ioflag |= sequential_heuristic(uio, fp);
875 case POSIX_FADV_RANDOM:
876 /* XXX: Is this correct? */
879 orig_offset = uio->uio_offset;
882 error = mac_vnode_check_write(active_cred, fp->f_cred, vp);
885 error = VOP_WRITE(vp, uio, ioflag, fp->f_cred);
886 fp->f_nextoff = uio->uio_offset;
888 if (vp->v_type != VCHR)
889 vn_finished_write(mp);
890 if (error == 0 && advice == POSIX_FADV_NOREUSE &&
891 orig_offset != uio->uio_offset)
893 * Use POSIX_FADV_DONTNEED to flush pages and buffers
894 * for the backing file after a POSIX_FADV_NOREUSE
897 error = VOP_ADVISE(vp, orig_offset, uio->uio_offset - 1,
898 POSIX_FADV_DONTNEED);
904 * The vn_io_fault() is a wrapper around vn_read() and vn_write() to
905 * prevent the following deadlock:
907 * Assume that the thread A reads from the vnode vp1 into userspace
908 * buffer buf1 backed by the pages of vnode vp2. If a page in buf1 is
909 * currently not resident, then system ends up with the call chain
910 * vn_read() -> VOP_READ(vp1) -> uiomove() -> [Page Fault] ->
911 * vm_fault(buf1) -> vnode_pager_getpages(vp2) -> VOP_GETPAGES(vp2)
912 * which establishes lock order vp1->vn_lock, then vp2->vn_lock.
913 * If, at the same time, thread B reads from vnode vp2 into buffer buf2
914 * backed by the pages of vnode vp1, and some page in buf2 is not
915 * resident, we get a reversed order vp2->vn_lock, then vp1->vn_lock.
917 * To prevent the lock order reversal and deadlock, vn_io_fault() does
918 * not allow page faults to happen during VOP_READ() or VOP_WRITE().
919 * Instead, it first tries to do the whole range i/o with pagefaults
920 * disabled. If all pages in the i/o buffer are resident and mapped,
921 * VOP will succeed (ignoring the genuine filesystem errors).
922 * Otherwise, we get back EFAULT, and vn_io_fault() falls back to do
923 * i/o in chunks, with all pages in the chunk prefaulted and held
924 * using vm_fault_quick_hold_pages().
926 * Filesystems using this deadlock avoidance scheme should use the
927 * array of the held pages from uio, saved in the curthread->td_ma,
928 * instead of doing uiomove(). A helper function
929 * vn_io_fault_uiomove() converts uiomove request into
930 * uiomove_fromphys() over td_ma array.
932 * Since vnode locks do not cover the whole i/o anymore, rangelocks
933 * make the current i/o request atomic with respect to other i/os and
938 * Decode vn_io_fault_args and perform the corresponding i/o.
941 vn_io_fault_doio(struct vn_io_fault_args *args, struct uio *uio,
947 save = vm_fault_disable_pagefaults();
948 switch (args->kind) {
949 case VN_IO_FAULT_FOP:
950 error = (args->args.fop_args.doio)(args->args.fop_args.fp,
951 uio, args->cred, args->flags, td);
953 case VN_IO_FAULT_VOP:
954 if (uio->uio_rw == UIO_READ) {
955 error = VOP_READ(args->args.vop_args.vp, uio,
956 args->flags, args->cred);
957 } else if (uio->uio_rw == UIO_WRITE) {
958 error = VOP_WRITE(args->args.vop_args.vp, uio,
959 args->flags, args->cred);
963 panic("vn_io_fault_doio: unknown kind of io %d %d",
964 args->kind, uio->uio_rw);
966 vm_fault_enable_pagefaults(save);
971 vn_io_fault_touch(char *base, const struct uio *uio)
976 if (r == -1 || (uio->uio_rw == UIO_READ && subyte(base, r) == -1))
982 vn_io_fault_prefault_user(const struct uio *uio)
985 const struct iovec *iov;
990 KASSERT(uio->uio_segflg == UIO_USERSPACE,
991 ("vn_io_fault_prefault userspace"));
995 resid = uio->uio_resid;
996 base = iov->iov_base;
999 error = vn_io_fault_touch(base, uio);
1002 if (len < PAGE_SIZE) {
1004 error = vn_io_fault_touch(base + len - 1, uio);
1009 if (++i >= uio->uio_iovcnt)
1011 iov = uio->uio_iov + i;
1012 base = iov->iov_base;
1024 * Common code for vn_io_fault(), agnostic to the kind of i/o request.
1025 * Uses vn_io_fault_doio() to make the call to an actual i/o function.
1026 * Used from vn_rdwr() and vn_io_fault(), which encode the i/o request
1027 * into args and call vn_io_fault1() to handle faults during the user
1028 * mode buffer accesses.
1031 vn_io_fault1(struct vnode *vp, struct uio *uio, struct vn_io_fault_args *args,
1034 vm_page_t ma[io_hold_cnt + 2];
1035 struct uio *uio_clone, short_uio;
1036 struct iovec short_iovec[1];
1037 vm_page_t *prev_td_ma;
1039 vm_offset_t addr, end;
1042 int error, cnt, saveheld, prev_td_ma_cnt;
1044 if (vn_io_fault_prefault) {
1045 error = vn_io_fault_prefault_user(uio);
1047 return (error); /* Or ignore ? */
1050 prot = uio->uio_rw == UIO_READ ? VM_PROT_WRITE : VM_PROT_READ;
1053 * The UFS follows IO_UNIT directive and replays back both
1054 * uio_offset and uio_resid if an error is encountered during the
1055 * operation. But, since the iovec may be already advanced,
1056 * uio is still in an inconsistent state.
1058 * Cache a copy of the original uio, which is advanced to the redo
1059 * point using UIO_NOCOPY below.
1061 uio_clone = cloneuio(uio);
1062 resid = uio->uio_resid;
1064 short_uio.uio_segflg = UIO_USERSPACE;
1065 short_uio.uio_rw = uio->uio_rw;
1066 short_uio.uio_td = uio->uio_td;
1068 error = vn_io_fault_doio(args, uio, td);
1069 if (error != EFAULT)
1072 atomic_add_long(&vn_io_faults_cnt, 1);
1073 uio_clone->uio_segflg = UIO_NOCOPY;
1074 uiomove(NULL, resid - uio->uio_resid, uio_clone);
1075 uio_clone->uio_segflg = uio->uio_segflg;
1077 saveheld = curthread_pflags_set(TDP_UIOHELD);
1078 prev_td_ma = td->td_ma;
1079 prev_td_ma_cnt = td->td_ma_cnt;
1081 while (uio_clone->uio_resid != 0) {
1082 len = uio_clone->uio_iov->iov_len;
1084 KASSERT(uio_clone->uio_iovcnt >= 1,
1085 ("iovcnt underflow"));
1086 uio_clone->uio_iov++;
1087 uio_clone->uio_iovcnt--;
1090 if (len > io_hold_cnt * PAGE_SIZE)
1091 len = io_hold_cnt * PAGE_SIZE;
1092 addr = (uintptr_t)uio_clone->uio_iov->iov_base;
1093 end = round_page(addr + len);
1098 cnt = atop(end - trunc_page(addr));
1100 * A perfectly misaligned address and length could cause
1101 * both the start and the end of the chunk to use partial
1102 * page. +2 accounts for such a situation.
1104 cnt = vm_fault_quick_hold_pages(&td->td_proc->p_vmspace->vm_map,
1105 addr, len, prot, ma, io_hold_cnt + 2);
1110 short_uio.uio_iov = &short_iovec[0];
1111 short_iovec[0].iov_base = (void *)addr;
1112 short_uio.uio_iovcnt = 1;
1113 short_uio.uio_resid = short_iovec[0].iov_len = len;
1114 short_uio.uio_offset = uio_clone->uio_offset;
1116 td->td_ma_cnt = cnt;
1118 error = vn_io_fault_doio(args, &short_uio, td);
1119 vm_page_unhold_pages(ma, cnt);
1120 adv = len - short_uio.uio_resid;
1122 uio_clone->uio_iov->iov_base =
1123 (char *)uio_clone->uio_iov->iov_base + adv;
1124 uio_clone->uio_iov->iov_len -= adv;
1125 uio_clone->uio_resid -= adv;
1126 uio_clone->uio_offset += adv;
1128 uio->uio_resid -= adv;
1129 uio->uio_offset += adv;
1131 if (error != 0 || adv == 0)
1134 td->td_ma = prev_td_ma;
1135 td->td_ma_cnt = prev_td_ma_cnt;
1136 curthread_pflags_restore(saveheld);
1138 free(uio_clone, M_IOV);
1143 vn_io_fault(struct file *fp, struct uio *uio, struct ucred *active_cred,
1144 int flags, struct thread *td)
1149 struct vn_io_fault_args args;
1152 doio = uio->uio_rw == UIO_READ ? vn_read : vn_write;
1154 foffset_lock_uio(fp, uio, flags);
1155 if (do_vn_io_fault(vp, uio)) {
1156 args.kind = VN_IO_FAULT_FOP;
1157 args.args.fop_args.fp = fp;
1158 args.args.fop_args.doio = doio;
1159 args.cred = active_cred;
1160 args.flags = flags | FOF_OFFSET;
1161 if (uio->uio_rw == UIO_READ) {
1162 rl_cookie = vn_rangelock_rlock(vp, uio->uio_offset,
1163 uio->uio_offset + uio->uio_resid);
1164 } else if ((fp->f_flag & O_APPEND) != 0 ||
1165 (flags & FOF_OFFSET) == 0) {
1166 /* For appenders, punt and lock the whole range. */
1167 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
1169 rl_cookie = vn_rangelock_wlock(vp, uio->uio_offset,
1170 uio->uio_offset + uio->uio_resid);
1172 error = vn_io_fault1(vp, uio, &args, td);
1173 vn_rangelock_unlock(vp, rl_cookie);
1175 error = doio(fp, uio, active_cred, flags | FOF_OFFSET, td);
1177 foffset_unlock_uio(fp, uio, flags);
1182 * Helper function to perform the requested uiomove operation using
1183 * the held pages for io->uio_iov[0].iov_base buffer instead of
1184 * copyin/copyout. Access to the pages with uiomove_fromphys()
1185 * instead of iov_base prevents page faults that could occur due to
1186 * pmap_collect() invalidating the mapping created by
1187 * vm_fault_quick_hold_pages(), or pageout daemon, page laundry or
1188 * object cleanup revoking the write access from page mappings.
1190 * Filesystems specified MNTK_NO_IOPF shall use vn_io_fault_uiomove()
1191 * instead of plain uiomove().
1194 vn_io_fault_uiomove(char *data, int xfersize, struct uio *uio)
1196 struct uio transp_uio;
1197 struct iovec transp_iov[1];
1203 if ((td->td_pflags & TDP_UIOHELD) == 0 ||
1204 uio->uio_segflg != UIO_USERSPACE)
1205 return (uiomove(data, xfersize, uio));
1207 KASSERT(uio->uio_iovcnt == 1, ("uio_iovcnt %d", uio->uio_iovcnt));
1208 transp_iov[0].iov_base = data;
1209 transp_uio.uio_iov = &transp_iov[0];
1210 transp_uio.uio_iovcnt = 1;
1211 if (xfersize > uio->uio_resid)
1212 xfersize = uio->uio_resid;
1213 transp_uio.uio_resid = transp_iov[0].iov_len = xfersize;
1214 transp_uio.uio_offset = 0;
1215 transp_uio.uio_segflg = UIO_SYSSPACE;
1217 * Since transp_iov points to data, and td_ma page array
1218 * corresponds to original uio->uio_iov, we need to invert the
1219 * direction of the i/o operation as passed to
1220 * uiomove_fromphys().
1222 switch (uio->uio_rw) {
1224 transp_uio.uio_rw = UIO_READ;
1227 transp_uio.uio_rw = UIO_WRITE;
1230 transp_uio.uio_td = uio->uio_td;
1231 error = uiomove_fromphys(td->td_ma,
1232 ((vm_offset_t)uio->uio_iov->iov_base) & PAGE_MASK,
1233 xfersize, &transp_uio);
1234 adv = xfersize - transp_uio.uio_resid;
1236 (((vm_offset_t)uio->uio_iov->iov_base + adv) >> PAGE_SHIFT) -
1237 (((vm_offset_t)uio->uio_iov->iov_base) >> PAGE_SHIFT);
1239 KASSERT(td->td_ma_cnt >= pgadv, ("consumed pages %d %d", td->td_ma_cnt,
1241 td->td_ma_cnt -= pgadv;
1242 uio->uio_iov->iov_base = (char *)uio->uio_iov->iov_base + adv;
1243 uio->uio_iov->iov_len -= adv;
1244 uio->uio_resid -= adv;
1245 uio->uio_offset += adv;
1250 vn_io_fault_pgmove(vm_page_t ma[], vm_offset_t offset, int xfersize,
1254 vm_offset_t iov_base;
1258 if ((td->td_pflags & TDP_UIOHELD) == 0 ||
1259 uio->uio_segflg != UIO_USERSPACE)
1260 return (uiomove_fromphys(ma, offset, xfersize, uio));
1262 KASSERT(uio->uio_iovcnt == 1, ("uio_iovcnt %d", uio->uio_iovcnt));
1263 cnt = xfersize > uio->uio_resid ? uio->uio_resid : xfersize;
1264 iov_base = (vm_offset_t)uio->uio_iov->iov_base;
1265 switch (uio->uio_rw) {
1267 pmap_copy_pages(td->td_ma, iov_base & PAGE_MASK, ma,
1271 pmap_copy_pages(ma, offset, td->td_ma, iov_base & PAGE_MASK,
1275 pgadv = ((iov_base + cnt) >> PAGE_SHIFT) - (iov_base >> PAGE_SHIFT);
1277 KASSERT(td->td_ma_cnt >= pgadv, ("consumed pages %d %d", td->td_ma_cnt,
1279 td->td_ma_cnt -= pgadv;
1280 uio->uio_iov->iov_base = (char *)(iov_base + cnt);
1281 uio->uio_iov->iov_len -= cnt;
1282 uio->uio_resid -= cnt;
1283 uio->uio_offset += cnt;
1289 * File table truncate routine.
1292 vn_truncate(struct file *fp, off_t length, struct ucred *active_cred,
1304 * Lock the whole range for truncation. Otherwise split i/o
1305 * might happen partly before and partly after the truncation.
1307 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
1308 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
1311 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1312 AUDIT_ARG_VNODE1(vp);
1313 if (vp->v_type == VDIR) {
1318 error = mac_vnode_check_write(active_cred, fp->f_cred, vp);
1322 error = vn_writechk(vp);
1325 vattr.va_size = length;
1326 if ((fp->f_flag & O_FSYNC) != 0)
1327 vattr.va_vaflags |= VA_SYNC;
1328 error = VOP_SETATTR(vp, &vattr, fp->f_cred);
1332 vn_finished_write(mp);
1334 vn_rangelock_unlock(vp, rl_cookie);
1339 * File table vnode stat routine.
1342 vn_statfile(struct file *fp, struct stat *sb, struct ucred *active_cred,
1345 struct vnode *vp = fp->f_vnode;
1348 vn_lock(vp, LK_SHARED | LK_RETRY);
1349 error = vn_stat(vp, sb, active_cred, fp->f_cred, td);
1356 * Stat a vnode; implementation for the stat syscall
1359 vn_stat(struct vnode *vp, struct stat *sb, struct ucred *active_cred,
1360 struct ucred *file_cred, struct thread *td)
1367 AUDIT_ARG_VNODE1(vp);
1369 error = mac_vnode_check_stat(active_cred, file_cred, vp);
1377 * Initialize defaults for new and unusual fields, so that file
1378 * systems which don't support these fields don't need to know
1381 vap->va_birthtime.tv_sec = -1;
1382 vap->va_birthtime.tv_nsec = 0;
1383 vap->va_fsid = VNOVAL;
1384 vap->va_rdev = NODEV;
1386 error = VOP_GETATTR(vp, vap, active_cred);
1391 * Zero the spare stat fields
1393 bzero(sb, sizeof *sb);
1396 * Copy from vattr table
1398 if (vap->va_fsid != VNOVAL)
1399 sb->st_dev = vap->va_fsid;
1401 sb->st_dev = vp->v_mount->mnt_stat.f_fsid.val[0];
1402 sb->st_ino = vap->va_fileid;
1403 mode = vap->va_mode;
1404 switch (vap->va_type) {
1430 sb->st_nlink = vap->va_nlink;
1431 sb->st_uid = vap->va_uid;
1432 sb->st_gid = vap->va_gid;
1433 sb->st_rdev = vap->va_rdev;
1434 if (vap->va_size > OFF_MAX)
1436 sb->st_size = vap->va_size;
1437 sb->st_atim = vap->va_atime;
1438 sb->st_mtim = vap->va_mtime;
1439 sb->st_ctim = vap->va_ctime;
1440 sb->st_birthtim = vap->va_birthtime;
1443 * According to www.opengroup.org, the meaning of st_blksize is
1444 * "a filesystem-specific preferred I/O block size for this
1445 * object. In some filesystem types, this may vary from file
1447 * Use miminum/default of PAGE_SIZE (e.g. for VCHR).
1450 sb->st_blksize = max(PAGE_SIZE, vap->va_blocksize);
1452 sb->st_flags = vap->va_flags;
1453 if (priv_check(td, PRIV_VFS_GENERATION))
1456 sb->st_gen = vap->va_gen;
1458 sb->st_blocks = vap->va_bytes / S_BLKSIZE;
1463 * File table vnode ioctl routine.
1466 vn_ioctl(struct file *fp, u_long com, void *data, struct ucred *active_cred,
1474 switch (vp->v_type) {
1479 vn_lock(vp, LK_SHARED | LK_RETRY);
1480 error = VOP_GETATTR(vp, &vattr, active_cred);
1483 *(int *)data = vattr.va_size - fp->f_offset;
1489 return (VOP_IOCTL(vp, com, data, fp->f_flag,
1494 return (VOP_IOCTL(vp, com, data, fp->f_flag,
1502 * File table vnode poll routine.
1505 vn_poll(struct file *fp, int events, struct ucred *active_cred,
1513 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1514 AUDIT_ARG_VNODE1(vp);
1515 error = mac_vnode_check_poll(active_cred, fp->f_cred, vp);
1520 error = VOP_POLL(vp, events, fp->f_cred, td);
1525 * Acquire the requested lock and then check for validity. LK_RETRY
1526 * permits vn_lock to return doomed vnodes.
1529 _vn_lock(struct vnode *vp, int flags, char *file, int line)
1533 VNASSERT((flags & LK_TYPE_MASK) != 0, vp,
1534 ("vn_lock: no locktype"));
1535 VNASSERT(vp->v_holdcnt != 0, vp, ("vn_lock: zero hold count"));
1537 error = VOP_LOCK1(vp, flags, file, line);
1538 flags &= ~LK_INTERLOCK; /* Interlock is always dropped. */
1539 KASSERT((flags & LK_RETRY) == 0 || error == 0,
1540 ("vn_lock: error %d incompatible with flags %#x", error, flags));
1542 if ((flags & LK_RETRY) == 0) {
1543 if (error == 0 && (vp->v_iflag & VI_DOOMED) != 0) {
1547 } else if (error != 0)
1553 * File table vnode close routine.
1556 vn_closefile(struct file *fp, struct thread *td)
1564 fp->f_ops = &badfileops;
1565 ref= (fp->f_flag & FHASLOCK) != 0 && fp->f_type == DTYPE_VNODE;
1567 error = vn_close1(vp, fp->f_flag, fp->f_cred, td, ref);
1569 if (__predict_false(ref)) {
1570 lf.l_whence = SEEK_SET;
1573 lf.l_type = F_UNLCK;
1574 (void) VOP_ADVLOCK(vp, fp, F_UNLCK, &lf, F_FLOCK);
1581 vn_suspendable(struct mount *mp)
1584 return (mp->mnt_op->vfs_susp_clean != NULL);
1588 * Preparing to start a filesystem write operation. If the operation is
1589 * permitted, then we bump the count of operations in progress and
1590 * proceed. If a suspend request is in progress, we wait until the
1591 * suspension is over, and then proceed.
1594 vn_start_write_locked(struct mount *mp, int flags)
1598 mtx_assert(MNT_MTX(mp), MA_OWNED);
1602 * Check on status of suspension.
1604 if ((curthread->td_pflags & TDP_IGNSUSP) == 0 ||
1605 mp->mnt_susp_owner != curthread) {
1606 mflags = ((mp->mnt_vfc->vfc_flags & VFCF_SBDRY) != 0 ?
1607 (flags & PCATCH) : 0) | (PUSER - 1);
1608 while ((mp->mnt_kern_flag & MNTK_SUSPEND) != 0) {
1609 if (flags & V_NOWAIT) {
1610 error = EWOULDBLOCK;
1613 error = msleep(&mp->mnt_flag, MNT_MTX(mp), mflags,
1619 if (flags & V_XSLEEP)
1621 mp->mnt_writeopcount++;
1623 if (error != 0 || (flags & V_XSLEEP) != 0)
1630 vn_start_write(struct vnode *vp, struct mount **mpp, int flags)
1635 KASSERT((flags & V_MNTREF) == 0 || (*mpp != NULL && vp == NULL),
1636 ("V_MNTREF requires mp"));
1640 * If a vnode is provided, get and return the mount point that
1641 * to which it will write.
1644 if ((error = VOP_GETWRITEMOUNT(vp, mpp)) != 0) {
1646 if (error != EOPNOTSUPP)
1651 if ((mp = *mpp) == NULL)
1654 if (!vn_suspendable(mp)) {
1655 if (vp != NULL || (flags & V_MNTREF) != 0)
1661 * VOP_GETWRITEMOUNT() returns with the mp refcount held through
1663 * As long as a vnode is not provided we need to acquire a
1664 * refcount for the provided mountpoint too, in order to
1665 * emulate a vfs_ref().
1668 if (vp == NULL && (flags & V_MNTREF) == 0)
1671 return (vn_start_write_locked(mp, flags));
1675 * Secondary suspension. Used by operations such as vop_inactive
1676 * routines that are needed by the higher level functions. These
1677 * are allowed to proceed until all the higher level functions have
1678 * completed (indicated by mnt_writeopcount dropping to zero). At that
1679 * time, these operations are halted until the suspension is over.
1682 vn_start_secondary_write(struct vnode *vp, struct mount **mpp, int flags)
1687 KASSERT((flags & V_MNTREF) == 0 || (*mpp != NULL && vp == NULL),
1688 ("V_MNTREF requires mp"));
1692 if ((error = VOP_GETWRITEMOUNT(vp, mpp)) != 0) {
1694 if (error != EOPNOTSUPP)
1700 * If we are not suspended or have not yet reached suspended
1701 * mode, then let the operation proceed.
1703 if ((mp = *mpp) == NULL)
1706 if (!vn_suspendable(mp)) {
1707 if (vp != NULL || (flags & V_MNTREF) != 0)
1713 * VOP_GETWRITEMOUNT() returns with the mp refcount held through
1715 * As long as a vnode is not provided we need to acquire a
1716 * refcount for the provided mountpoint too, in order to
1717 * emulate a vfs_ref().
1720 if (vp == NULL && (flags & V_MNTREF) == 0)
1722 if ((mp->mnt_kern_flag & (MNTK_SUSPENDED | MNTK_SUSPEND2)) == 0) {
1723 mp->mnt_secondary_writes++;
1724 mp->mnt_secondary_accwrites++;
1728 if (flags & V_NOWAIT) {
1731 return (EWOULDBLOCK);
1734 * Wait for the suspension to finish.
1736 error = msleep(&mp->mnt_flag, MNT_MTX(mp), (PUSER - 1) | PDROP |
1737 ((mp->mnt_vfc->vfc_flags & VFCF_SBDRY) != 0 ? (flags & PCATCH) : 0),
1746 * Filesystem write operation has completed. If we are suspending and this
1747 * operation is the last one, notify the suspender that the suspension is
1751 vn_finished_write(struct mount *mp)
1753 if (mp == NULL || !vn_suspendable(mp))
1757 mp->mnt_writeopcount--;
1758 if (mp->mnt_writeopcount < 0)
1759 panic("vn_finished_write: neg cnt");
1760 if ((mp->mnt_kern_flag & MNTK_SUSPEND) != 0 &&
1761 mp->mnt_writeopcount <= 0)
1762 wakeup(&mp->mnt_writeopcount);
1768 * Filesystem secondary write operation has completed. If we are
1769 * suspending and this operation is the last one, notify the suspender
1770 * that the suspension is now in effect.
1773 vn_finished_secondary_write(struct mount *mp)
1775 if (mp == NULL || !vn_suspendable(mp))
1779 mp->mnt_secondary_writes--;
1780 if (mp->mnt_secondary_writes < 0)
1781 panic("vn_finished_secondary_write: neg cnt");
1782 if ((mp->mnt_kern_flag & MNTK_SUSPEND) != 0 &&
1783 mp->mnt_secondary_writes <= 0)
1784 wakeup(&mp->mnt_secondary_writes);
1791 * Request a filesystem to suspend write operations.
1794 vfs_write_suspend(struct mount *mp, int flags)
1798 MPASS(vn_suspendable(mp));
1801 if (mp->mnt_susp_owner == curthread) {
1805 while (mp->mnt_kern_flag & MNTK_SUSPEND)
1806 msleep(&mp->mnt_flag, MNT_MTX(mp), PUSER - 1, "wsuspfs", 0);
1809 * Unmount holds a write reference on the mount point. If we
1810 * own busy reference and drain for writers, we deadlock with
1811 * the reference draining in the unmount path. Callers of
1812 * vfs_write_suspend() must specify VS_SKIP_UNMOUNT if
1813 * vfs_busy() reference is owned and caller is not in the
1816 if ((flags & VS_SKIP_UNMOUNT) != 0 &&
1817 (mp->mnt_kern_flag & MNTK_UNMOUNT) != 0) {
1822 mp->mnt_kern_flag |= MNTK_SUSPEND;
1823 mp->mnt_susp_owner = curthread;
1824 if (mp->mnt_writeopcount > 0)
1825 (void) msleep(&mp->mnt_writeopcount,
1826 MNT_MTX(mp), (PUSER - 1)|PDROP, "suspwt", 0);
1829 if ((error = VFS_SYNC(mp, MNT_SUSPEND)) != 0)
1830 vfs_write_resume(mp, 0);
1835 * Request a filesystem to resume write operations.
1838 vfs_write_resume(struct mount *mp, int flags)
1841 MPASS(vn_suspendable(mp));
1844 if ((mp->mnt_kern_flag & MNTK_SUSPEND) != 0) {
1845 KASSERT(mp->mnt_susp_owner == curthread, ("mnt_susp_owner"));
1846 mp->mnt_kern_flag &= ~(MNTK_SUSPEND | MNTK_SUSPEND2 |
1848 mp->mnt_susp_owner = NULL;
1849 wakeup(&mp->mnt_writeopcount);
1850 wakeup(&mp->mnt_flag);
1851 curthread->td_pflags &= ~TDP_IGNSUSP;
1852 if ((flags & VR_START_WRITE) != 0) {
1854 mp->mnt_writeopcount++;
1857 if ((flags & VR_NO_SUSPCLR) == 0)
1859 } else if ((flags & VR_START_WRITE) != 0) {
1861 vn_start_write_locked(mp, 0);
1868 * Helper loop around vfs_write_suspend() for filesystem unmount VFS
1872 vfs_write_suspend_umnt(struct mount *mp)
1876 MPASS(vn_suspendable(mp));
1877 KASSERT((curthread->td_pflags & TDP_IGNSUSP) == 0,
1878 ("vfs_write_suspend_umnt: recursed"));
1880 /* dounmount() already called vn_start_write(). */
1882 vn_finished_write(mp);
1883 error = vfs_write_suspend(mp, 0);
1885 vn_start_write(NULL, &mp, V_WAIT);
1889 if ((mp->mnt_kern_flag & MNTK_SUSPENDED) != 0)
1892 vn_start_write(NULL, &mp, V_WAIT);
1894 mp->mnt_kern_flag &= ~(MNTK_SUSPENDED | MNTK_SUSPEND2);
1895 wakeup(&mp->mnt_flag);
1897 curthread->td_pflags |= TDP_IGNSUSP;
1902 * Implement kqueues for files by translating it to vnode operation.
1905 vn_kqfilter(struct file *fp, struct knote *kn)
1908 return (VOP_KQFILTER(fp->f_vnode, kn));
1912 * Simplified in-kernel wrapper calls for extended attribute access.
1913 * Both calls pass in a NULL credential, authorizing as "kernel" access.
1914 * Set IO_NODELOCKED in ioflg if the vnode is already locked.
1917 vn_extattr_get(struct vnode *vp, int ioflg, int attrnamespace,
1918 const char *attrname, int *buflen, char *buf, struct thread *td)
1924 iov.iov_len = *buflen;
1927 auio.uio_iov = &iov;
1928 auio.uio_iovcnt = 1;
1929 auio.uio_rw = UIO_READ;
1930 auio.uio_segflg = UIO_SYSSPACE;
1932 auio.uio_offset = 0;
1933 auio.uio_resid = *buflen;
1935 if ((ioflg & IO_NODELOCKED) == 0)
1936 vn_lock(vp, LK_SHARED | LK_RETRY);
1938 ASSERT_VOP_LOCKED(vp, "IO_NODELOCKED with no vp lock held");
1940 /* authorize attribute retrieval as kernel */
1941 error = VOP_GETEXTATTR(vp, attrnamespace, attrname, &auio, NULL, NULL,
1944 if ((ioflg & IO_NODELOCKED) == 0)
1948 *buflen = *buflen - auio.uio_resid;
1955 * XXX failure mode if partially written?
1958 vn_extattr_set(struct vnode *vp, int ioflg, int attrnamespace,
1959 const char *attrname, int buflen, char *buf, struct thread *td)
1966 iov.iov_len = buflen;
1969 auio.uio_iov = &iov;
1970 auio.uio_iovcnt = 1;
1971 auio.uio_rw = UIO_WRITE;
1972 auio.uio_segflg = UIO_SYSSPACE;
1974 auio.uio_offset = 0;
1975 auio.uio_resid = buflen;
1977 if ((ioflg & IO_NODELOCKED) == 0) {
1978 if ((error = vn_start_write(vp, &mp, V_WAIT)) != 0)
1980 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1983 ASSERT_VOP_LOCKED(vp, "IO_NODELOCKED with no vp lock held");
1985 /* authorize attribute setting as kernel */
1986 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio, NULL, td);
1988 if ((ioflg & IO_NODELOCKED) == 0) {
1989 vn_finished_write(mp);
1997 vn_extattr_rm(struct vnode *vp, int ioflg, int attrnamespace,
1998 const char *attrname, struct thread *td)
2003 if ((ioflg & IO_NODELOCKED) == 0) {
2004 if ((error = vn_start_write(vp, &mp, V_WAIT)) != 0)
2006 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
2009 ASSERT_VOP_LOCKED(vp, "IO_NODELOCKED with no vp lock held");
2011 /* authorize attribute removal as kernel */
2012 error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, NULL, td);
2013 if (error == EOPNOTSUPP)
2014 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
2017 if ((ioflg & IO_NODELOCKED) == 0) {
2018 vn_finished_write(mp);
2026 vn_get_ino_alloc_vget(struct mount *mp, void *arg, int lkflags,
2030 return (VFS_VGET(mp, *(ino_t *)arg, lkflags, rvp));
2034 vn_vget_ino(struct vnode *vp, ino_t ino, int lkflags, struct vnode **rvp)
2037 return (vn_vget_ino_gen(vp, vn_get_ino_alloc_vget, &ino,
2042 vn_vget_ino_gen(struct vnode *vp, vn_get_ino_t alloc, void *alloc_arg,
2043 int lkflags, struct vnode **rvp)
2048 ASSERT_VOP_LOCKED(vp, "vn_vget_ino_get");
2050 ltype = VOP_ISLOCKED(vp);
2051 KASSERT(ltype == LK_EXCLUSIVE || ltype == LK_SHARED,
2052 ("vn_vget_ino: vp not locked"));
2053 error = vfs_busy(mp, MBF_NOWAIT);
2057 error = vfs_busy(mp, 0);
2058 vn_lock(vp, ltype | LK_RETRY);
2062 if (vp->v_iflag & VI_DOOMED) {
2068 error = alloc(mp, alloc_arg, lkflags, rvp);
2071 vn_lock(vp, ltype | LK_RETRY);
2072 if (vp->v_iflag & VI_DOOMED) {
2085 vn_rlimit_fsize(const struct vnode *vp, const struct uio *uio,
2089 if (vp->v_type != VREG || td == NULL)
2091 if ((uoff_t)uio->uio_offset + uio->uio_resid >
2092 lim_cur(td, RLIMIT_FSIZE)) {
2093 PROC_LOCK(td->td_proc);
2094 kern_psignal(td->td_proc, SIGXFSZ);
2095 PROC_UNLOCK(td->td_proc);
2102 vn_chmod(struct file *fp, mode_t mode, struct ucred *active_cred,
2109 vn_lock(vp, LK_SHARED | LK_RETRY);
2110 AUDIT_ARG_VNODE1(vp);
2113 return (setfmode(td, active_cred, vp, mode));
2117 vn_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
2124 vn_lock(vp, LK_SHARED | LK_RETRY);
2125 AUDIT_ARG_VNODE1(vp);
2128 return (setfown(td, active_cred, vp, uid, gid));
2132 vn_pages_remove(struct vnode *vp, vm_pindex_t start, vm_pindex_t end)
2136 if ((object = vp->v_object) == NULL)
2138 VM_OBJECT_WLOCK(object);
2139 vm_object_page_remove(object, start, end, 0);
2140 VM_OBJECT_WUNLOCK(object);
2144 vn_bmap_seekhole(struct vnode *vp, u_long cmd, off_t *off, struct ucred *cred)
2152 KASSERT(cmd == FIOSEEKHOLE || cmd == FIOSEEKDATA,
2153 ("Wrong command %lu", cmd));
2155 if (vn_lock(vp, LK_SHARED) != 0)
2157 if (vp->v_type != VREG) {
2161 error = VOP_GETATTR(vp, &va, cred);
2165 if (noff >= va.va_size) {
2169 bsize = vp->v_mount->mnt_stat.f_iosize;
2170 for (bn = noff / bsize; noff < va.va_size; bn++, noff += bsize -
2172 error = VOP_BMAP(vp, bn, NULL, &bnp, NULL, NULL);
2173 if (error == EOPNOTSUPP) {
2177 if ((bnp == -1 && cmd == FIOSEEKHOLE) ||
2178 (bnp != -1 && cmd == FIOSEEKDATA)) {
2185 if (noff > va.va_size)
2187 /* noff == va.va_size. There is an implicit hole at the end of file. */
2188 if (cmd == FIOSEEKDATA)
2198 vn_seek(struct file *fp, off_t offset, int whence, struct thread *td)
2203 off_t foffset, size;
2206 cred = td->td_ucred;
2208 foffset = foffset_lock(fp, 0);
2209 noneg = (vp->v_type != VCHR);
2215 (offset > 0 && foffset > OFF_MAX - offset))) {
2222 vn_lock(vp, LK_SHARED | LK_RETRY);
2223 error = VOP_GETATTR(vp, &vattr, cred);
2229 * If the file references a disk device, then fetch
2230 * the media size and use that to determine the ending
2233 if (vattr.va_size == 0 && vp->v_type == VCHR &&
2234 fo_ioctl(fp, DIOCGMEDIASIZE, &size, cred, td) == 0)
2235 vattr.va_size = size;
2237 (vattr.va_size > OFF_MAX ||
2238 (offset > 0 && vattr.va_size > OFF_MAX - offset))) {
2242 offset += vattr.va_size;
2247 error = fo_ioctl(fp, FIOSEEKDATA, &offset, cred, td);
2250 error = fo_ioctl(fp, FIOSEEKHOLE, &offset, cred, td);
2255 if (error == 0 && noneg && offset < 0)
2259 VFS_KNOTE_UNLOCKED(vp, 0);
2260 td->td_uretoff.tdu_off = offset;
2262 foffset_unlock(fp, offset, error != 0 ? FOF_NOUPDATE : 0);
2267 vn_utimes_perm(struct vnode *vp, struct vattr *vap, struct ucred *cred,
2273 * Grant permission if the caller is the owner of the file, or
2274 * the super-user, or has ACL_WRITE_ATTRIBUTES permission on
2275 * on the file. If the time pointer is null, then write
2276 * permission on the file is also sufficient.
2278 * From NFSv4.1, draft 21, 6.2.1.3.1, Discussion of Mask Attributes:
2279 * A user having ACL_WRITE_DATA or ACL_WRITE_ATTRIBUTES
2280 * will be allowed to set the times [..] to the current
2283 error = VOP_ACCESSX(vp, VWRITE_ATTRIBUTES, cred, td);
2284 if (error != 0 && (vap->va_vaflags & VA_UTIMES_NULL) != 0)
2285 error = VOP_ACCESS(vp, VWRITE, cred, td);
2290 vn_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp)
2295 if (fp->f_type == DTYPE_FIFO)
2296 kif->kf_type = KF_TYPE_FIFO;
2298 kif->kf_type = KF_TYPE_VNODE;
2301 FILEDESC_SUNLOCK(fdp);
2302 error = vn_fill_kinfo_vnode(vp, kif);
2304 FILEDESC_SLOCK(fdp);
2309 vn_fill_junk(struct kinfo_file *kif)
2314 * Simulate vn_fullpath returning changing values for a given
2315 * vp during e.g. coredump.
2317 len = (arc4random() % (sizeof(kif->kf_path) - 2)) + 1;
2318 olen = strlen(kif->kf_path);
2320 strcpy(&kif->kf_path[len - 1], "$");
2322 for (; olen < len; olen++)
2323 strcpy(&kif->kf_path[olen], "A");
2327 vn_fill_kinfo_vnode(struct vnode *vp, struct kinfo_file *kif)
2330 char *fullpath, *freepath;
2333 kif->kf_un.kf_file.kf_file_type = vntype_to_kinfo(vp->v_type);
2336 error = vn_fullpath(curthread, vp, &fullpath, &freepath);
2338 strlcpy(kif->kf_path, fullpath, sizeof(kif->kf_path));
2340 if (freepath != NULL)
2341 free(freepath, M_TEMP);
2343 KFAIL_POINT_CODE(DEBUG_FP, fill_kinfo_vnode__random_path,
2348 * Retrieve vnode attributes.
2350 va.va_fsid = VNOVAL;
2352 vn_lock(vp, LK_SHARED | LK_RETRY);
2353 error = VOP_GETATTR(vp, &va, curthread->td_ucred);
2357 if (va.va_fsid != VNOVAL)
2358 kif->kf_un.kf_file.kf_file_fsid = va.va_fsid;
2360 kif->kf_un.kf_file.kf_file_fsid =
2361 vp->v_mount->mnt_stat.f_fsid.val[0];
2362 kif->kf_un.kf_file.kf_file_fsid_freebsd11 =
2363 kif->kf_un.kf_file.kf_file_fsid; /* truncate */
2364 kif->kf_un.kf_file.kf_file_fileid = va.va_fileid;
2365 kif->kf_un.kf_file.kf_file_mode = MAKEIMODE(va.va_type, va.va_mode);
2366 kif->kf_un.kf_file.kf_file_size = va.va_size;
2367 kif->kf_un.kf_file.kf_file_rdev = va.va_rdev;
2368 kif->kf_un.kf_file.kf_file_rdev_freebsd11 =
2369 kif->kf_un.kf_file.kf_file_rdev; /* truncate */
2374 vn_mmap(struct file *fp, vm_map_t map, vm_offset_t *addr, vm_size_t size,
2375 vm_prot_t prot, vm_prot_t cap_maxprot, int flags, vm_ooffset_t foff,
2379 struct pmckern_map_in pkm;
2385 boolean_t writecounted;
2388 #if defined(COMPAT_FREEBSD7) || defined(COMPAT_FREEBSD6) || \
2389 defined(COMPAT_FREEBSD5) || defined(COMPAT_FREEBSD4)
2391 * POSIX shared-memory objects are defined to have
2392 * kernel persistence, and are not defined to support
2393 * read(2)/write(2) -- or even open(2). Thus, we can
2394 * use MAP_ASYNC to trade on-disk coherence for speed.
2395 * The shm_open(3) library routine turns on the FPOSIXSHM
2396 * flag to request this behavior.
2398 if ((fp->f_flag & FPOSIXSHM) != 0)
2399 flags |= MAP_NOSYNC;
2404 * Ensure that file and memory protections are
2405 * compatible. Note that we only worry about
2406 * writability if mapping is shared; in this case,
2407 * current and max prot are dictated by the open file.
2408 * XXX use the vnode instead? Problem is: what
2409 * credentials do we use for determination? What if
2410 * proc does a setuid?
2413 if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
2414 maxprot = VM_PROT_NONE;
2415 if ((prot & VM_PROT_EXECUTE) != 0)
2418 maxprot = VM_PROT_EXECUTE;
2419 if ((fp->f_flag & FREAD) != 0)
2420 maxprot |= VM_PROT_READ;
2421 else if ((prot & VM_PROT_READ) != 0)
2425 * If we are sharing potential changes via MAP_SHARED and we
2426 * are trying to get write permission although we opened it
2427 * without asking for it, bail out.
2429 if ((flags & MAP_SHARED) != 0) {
2430 if ((fp->f_flag & FWRITE) != 0)
2431 maxprot |= VM_PROT_WRITE;
2432 else if ((prot & VM_PROT_WRITE) != 0)
2435 maxprot |= VM_PROT_WRITE;
2436 cap_maxprot |= VM_PROT_WRITE;
2438 maxprot &= cap_maxprot;
2441 * For regular files and shared memory, POSIX requires that
2442 * the value of foff be a legitimate offset within the data
2443 * object. In particular, negative offsets are invalid.
2444 * Blocking negative offsets and overflows here avoids
2445 * possible wraparound or user-level access into reserved
2446 * ranges of the data object later. In contrast, POSIX does
2447 * not dictate how offsets are used by device drivers, so in
2448 * the case of a device mapping a negative offset is passed
2455 foff < 0 || foff > OFF_MAX - size)
2458 writecounted = FALSE;
2459 error = vm_mmap_vnode(td, size, prot, &maxprot, &flags, vp,
2460 &foff, &object, &writecounted);
2463 error = vm_mmap_object(map, addr, size, prot, maxprot, flags, object,
2464 foff, writecounted, td);
2467 * If this mapping was accounted for in the vnode's
2468 * writecount, then undo that now.
2471 vnode_pager_release_writecount(object, 0, size);
2472 vm_object_deallocate(object);
2475 /* Inform hwpmc(4) if an executable is being mapped. */
2476 if (PMC_HOOK_INSTALLED(PMC_FN_MMAP)) {
2477 if ((prot & VM_PROT_EXECUTE) != 0 && error == 0) {
2479 pkm.pm_address = (uintptr_t) *addr;
2480 PMC_CALL_HOOK_UNLOCKED(td, PMC_FN_MMAP, (void *) &pkm);
2488 vn_fsid(struct vnode *vp, struct vattr *va)
2492 f = &vp->v_mount->mnt_stat.f_fsid;
2493 va->va_fsid = (uint32_t)f->val[1];
2494 va->va_fsid <<= sizeof(f->val[1]) * NBBY;
2495 va->va_fsid += (uint32_t)f->val[0];
2499 vn_fsync_buf(struct vnode *vp, int waitfor)
2501 struct buf *bp, *nbp;
2504 int error, maxretry;
2507 maxretry = 10000; /* large, arbitrarily chosen */
2509 if (vp->v_type == VCHR) {
2511 mp = vp->v_rdev->si_mountpt;
2518 * MARK/SCAN initialization to avoid infinite loops.
2520 TAILQ_FOREACH(bp, &bo->bo_dirty.bv_hd, b_bobufs) {
2521 bp->b_vflags &= ~BV_SCANNED;
2526 * Flush all dirty buffers associated with a vnode.
2529 TAILQ_FOREACH_SAFE(bp, &bo->bo_dirty.bv_hd, b_bobufs, nbp) {
2530 if ((bp->b_vflags & BV_SCANNED) != 0)
2532 bp->b_vflags |= BV_SCANNED;
2533 if (BUF_LOCK(bp, LK_EXCLUSIVE | LK_NOWAIT, NULL)) {
2534 if (waitfor != MNT_WAIT)
2537 LK_EXCLUSIVE | LK_INTERLOCK | LK_SLEEPFAIL,
2538 BO_LOCKPTR(bo)) != 0) {
2545 KASSERT(bp->b_bufobj == bo,
2546 ("bp %p wrong b_bufobj %p should be %p",
2547 bp, bp->b_bufobj, bo));
2548 if ((bp->b_flags & B_DELWRI) == 0)
2549 panic("fsync: not dirty");
2550 if ((vp->v_object != NULL) && (bp->b_flags & B_CLUSTEROK)) {
2556 if (maxretry < 1000)
2557 pause("dirty", hz < 1000 ? 1 : hz / 1000);
2563 * If synchronous the caller expects us to completely resolve all
2564 * dirty buffers in the system. Wait for in-progress I/O to
2565 * complete (which could include background bitmap writes), then
2566 * retry if dirty blocks still exist.
2568 if (waitfor == MNT_WAIT) {
2569 bufobj_wwait(bo, 0, 0);
2570 if (bo->bo_dirty.bv_cnt > 0) {
2572 * If we are unable to write any of these buffers
2573 * then we fail now rather than trying endlessly
2574 * to write them out.
2576 TAILQ_FOREACH(bp, &bo->bo_dirty.bv_hd, b_bobufs)
2577 if ((error = bp->b_error) != 0)
2579 if ((mp != NULL && mp->mnt_secondary_writes > 0) ||
2580 (error == 0 && --maxretry >= 0))
2588 vn_printf(vp, "fsync: giving up on dirty (error = %d) ", error);