2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_quota.h"
43 #include "opt_suiddir.h"
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/malloc.h>
50 #include <sys/namei.h>
51 #include <sys/kernel.h>
52 #include <sys/fcntl.h>
53 #include <sys/filio.h>
57 #include <sys/mount.h>
59 #include <sys/refcount.h>
60 #include <sys/unistd.h>
61 #include <sys/vnode.h>
62 #include <sys/dirent.h>
63 #include <sys/lockf.h>
68 #include <security/audit/audit.h>
69 #include <security/mac/mac_framework.h>
71 #include <sys/file.h> /* XXX */
74 #include <vm/vm_extern.h>
76 #include <ufs/ufs/acl.h>
77 #include <ufs/ufs/extattr.h>
78 #include <ufs/ufs/quota.h>
79 #include <ufs/ufs/inode.h>
80 #include <ufs/ufs/dir.h>
81 #include <ufs/ufs/ufsmount.h>
82 #include <ufs/ufs/ufs_extern.h>
84 #include <ufs/ufs/dirhash.h>
87 #include <ufs/ufs/gjournal.h>
88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS");
92 FEATURE(ufs_quota, "UFS disk quotas support");
93 FEATURE(ufs_quota64, "64bit UFS disk quotas support");
98 "Give all new files in directory the same ownership as the directory");
103 #include <ufs/ffs/ffs_extern.h>
105 static vop_accessx_t ufs_accessx;
106 static vop_fplookup_vexec_t ufs_fplookup_vexec;
107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
109 static vop_close_t ufs_close;
110 static vop_create_t ufs_create;
111 static vop_stat_t ufs_stat;
112 static vop_getattr_t ufs_getattr;
113 static vop_ioctl_t ufs_ioctl;
114 static vop_link_t ufs_link;
115 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *);
116 static vop_mmapped_t ufs_mmapped;
117 static vop_mkdir_t ufs_mkdir;
118 static vop_mknod_t ufs_mknod;
119 static vop_open_t ufs_open;
120 static vop_pathconf_t ufs_pathconf;
121 static vop_print_t ufs_print;
122 static vop_readlink_t ufs_readlink;
123 static vop_remove_t ufs_remove;
124 static vop_rename_t ufs_rename;
125 static vop_rmdir_t ufs_rmdir;
126 static vop_setattr_t ufs_setattr;
127 static vop_strategy_t ufs_strategy;
128 static vop_symlink_t ufs_symlink;
129 static vop_whiteout_t ufs_whiteout;
130 static vop_close_t ufsfifo_close;
131 static vop_kqfilter_t ufsfifo_kqfilter;
133 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
137 * A virgin directory (no blushing please).
139 static struct dirtemplate mastertemplate = {
140 0, 12, DT_DIR, 1, ".",
141 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
143 static struct odirtemplate omastertemplate = {
145 0, DIRBLKSIZ - 12, 2, ".."
149 ufs_itimes_locked(struct vnode *vp)
154 ASSERT_VI_LOCKED(vp, __func__);
159 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
162 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
163 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD);
164 else if (((vp->v_mount->mnt_kern_flag &
165 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
166 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
167 UFS_INODE_SET_FLAG(ip, IN_MODIFIED);
168 else if (ip->i_flag & IN_ACCESS)
169 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS);
171 if (ip->i_flag & IN_ACCESS) {
172 DIP_SET(ip, i_atime, ts.tv_sec);
173 DIP_SET(ip, i_atimensec, ts.tv_nsec);
175 if (ip->i_flag & IN_UPDATE) {
176 DIP_SET(ip, i_mtime, ts.tv_sec);
177 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
179 if (ip->i_flag & IN_CHANGE) {
180 DIP_SET(ip, i_ctime, ts.tv_sec);
181 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
182 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1);
186 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
190 ufs_itimes(struct vnode *vp)
194 ufs_itimes_locked(vp);
199 * Create a regular file
203 struct vop_create_args /* {
205 struct vnode **a_vpp;
206 struct componentname *a_cnp;
213 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
214 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create");
217 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0)
218 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp);
228 struct vop_mknod_args /* {
230 struct vnode **a_vpp;
231 struct componentname *a_cnp;
235 struct vattr *vap = ap->a_vap;
236 struct vnode **vpp = ap->a_vpp;
241 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
242 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod");
246 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
247 if (vap->va_rdev != VNOVAL) {
249 * Want to be able to use this to make badblock
250 * inodes, so don't truncate the dev number.
252 DIP_SET(ip, i_rdev, vap->va_rdev);
255 * Remove inode, then reload it through VFS_VGET so it is
256 * checked to see if it is an alias of an existing entry in
257 * the inode cache. XXX I don't believe this is necessary now.
259 (*vpp)->v_type = VNON;
260 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
263 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
276 ufs_open(struct vop_open_args *ap)
278 struct vnode *vp = ap->a_vp;
281 if (vp->v_type == VCHR || vp->v_type == VBLK)
285 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td);
286 if (vp->v_type == VREG && (vp->v_irflag & VIRF_PGREAD) == 0) {
288 vp->v_irflag |= VIRF_PGREAD;
293 * Files marked append-only must be opened for appending.
295 if ((ip->i_flags & APPEND) &&
296 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
305 * Update the times on the inode.
310 struct vop_close_args /* {
313 struct ucred *a_cred;
317 struct vnode *vp = ap->a_vp;
321 usecount = vp->v_usecount;
323 ufs_itimes_locked(vp);
330 struct vop_accessx_args /* {
333 struct ucred *a_cred;
337 struct vnode *vp = ap->a_vp;
338 struct inode *ip = VTOI(vp);
339 accmode_t accmode = ap->a_accmode;
347 * Disallow write attempts on read-only filesystems;
348 * unless the file is a socket, fifo, or a block or
349 * character device resident on the filesystem.
351 if (accmode & VMODIFY_PERMS) {
352 switch (vp->v_type) {
356 if (vp->v_mount->mnt_flag & MNT_RDONLY)
360 * Inode is accounted in the quotas only if struct
361 * dquot is attached to it. VOP_ACCESS() is called
362 * from vn_open_cred() and provides a convenient
363 * point to call getinoquota(). The lock mode is
364 * exclusive when the file is opening for write.
366 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) {
367 error = getinoquota(ip);
379 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS"
380 * permits the owner of the file to remove the IMMUTABLE flag.
382 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) &&
383 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
387 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) {
388 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS)
389 type = ACL_TYPE_NFS4;
391 type = ACL_TYPE_ACCESS;
393 acl = acl_alloc(M_WAITOK);
394 if (type == ACL_TYPE_NFS4)
395 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td);
397 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td);
400 if (type == ACL_TYPE_NFS4) {
401 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid,
402 ip->i_gid, acl, accmode, ap->a_cred);
404 error = vfs_unixify_accmode(&accmode);
406 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
407 ip->i_gid, acl, accmode, ap->a_cred);
411 if (error != EOPNOTSUPP)
413 "ufs_accessx(): Error retrieving ACL on object (%d).\n",
416 * XXX: Fall back until debugged. Should
417 * eventually possibly log an error, and return
420 error = vfs_unixify_accmode(&accmode);
422 error = vaccess(vp->v_type, ip->i_mode,
423 ip->i_uid, ip->i_gid, accmode, ap->a_cred);
429 #endif /* !UFS_ACL */
430 error = vfs_unixify_accmode(&accmode);
432 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
433 accmode, ap->a_cred);
438 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see
439 * the comment above cache_fplookup for details.
442 ufs_fplookup_vexec(ap)
443 struct vop_fplookup_vexec_args /* {
445 struct ucred *a_cred;
456 if (__predict_false(ip == NULL))
462 * ACLs are not supported and UFS clears/sets this flag on mount and
463 * remount. However, we may still be racing with seeing them and there
464 * is no provision to make sure they were accounted for. This matches
465 * the behavior of the locked case, since the lookup there is also
466 * racy: mount takes no measures to block anyone from progressing.
468 all_x = S_IXUSR | S_IXGRP | S_IXOTH;
469 mode = atomic_load_short(&ip->i_mode);
470 if (__predict_true((mode & all_x) == all_x))
474 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred));
479 ufs_stat(struct vop_stat_args *ap)
481 struct vnode *vp = ap->a_vp;
482 struct inode *ip = VTOI(vp);
483 struct stat *sb = ap->a_sb;
486 error = vop_stat_helper_pre(ap);
487 if (__predict_false(error))
491 ufs_itimes_locked(vp);
493 sb->st_atim.tv_sec = ip->i_din1->di_atime;
494 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec;
496 sb->st_atim.tv_sec = ip->i_din2->di_atime;
497 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec;
501 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev);
502 sb->st_ino = ip->i_number;
503 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type);
504 sb->st_nlink = ip->i_effnlink;
505 sb->st_uid = ip->i_uid;
506 sb->st_gid = ip->i_gid;
508 sb->st_rdev = ip->i_din1->di_rdev;
509 sb->st_size = ip->i_din1->di_size;
510 sb->st_mtim.tv_sec = ip->i_din1->di_mtime;
511 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec;
512 sb->st_ctim.tv_sec = ip->i_din1->di_ctime;
513 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec;
514 sb->st_birthtim.tv_sec = -1;
515 sb->st_birthtim.tv_nsec = 0;
516 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE;
518 sb->st_rdev = ip->i_din2->di_rdev;
519 sb->st_size = ip->i_din2->di_size;
520 sb->st_mtim.tv_sec = ip->i_din2->di_mtime;
521 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec;
522 sb->st_ctim.tv_sec = ip->i_din2->di_ctime;
523 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec;
524 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime;
525 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec;
526 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE;
529 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize);
530 sb->st_flags = ip->i_flags;
531 sb->st_gen = ip->i_gen;
533 return (vop_stat_helper_post(ap, error));
539 struct vop_getattr_args /* {
542 struct ucred *a_cred;
545 struct vnode *vp = ap->a_vp;
546 struct inode *ip = VTOI(vp);
547 struct vattr *vap = ap->a_vap;
550 ufs_itimes_locked(vp);
552 vap->va_atime.tv_sec = ip->i_din1->di_atime;
553 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
555 vap->va_atime.tv_sec = ip->i_din2->di_atime;
556 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
560 * Copy from inode table
562 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev);
563 vap->va_fileid = ip->i_number;
564 vap->va_mode = ip->i_mode & ~IFMT;
565 vap->va_nlink = ip->i_effnlink;
566 vap->va_uid = ip->i_uid;
567 vap->va_gid = ip->i_gid;
569 vap->va_rdev = ip->i_din1->di_rdev;
570 vap->va_size = ip->i_din1->di_size;
571 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
572 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
573 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
574 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
575 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
576 vap->va_filerev = ip->i_din1->di_modrev;
578 vap->va_rdev = ip->i_din2->di_rdev;
579 vap->va_size = ip->i_din2->di_size;
580 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
581 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
582 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
583 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
584 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
585 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
586 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
587 vap->va_filerev = ip->i_din2->di_modrev;
589 vap->va_flags = ip->i_flags;
590 vap->va_gen = ip->i_gen;
591 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
592 vap->va_type = IFTOVT(ip->i_mode);
597 * Set attribute vnode op. called from several syscalls
601 struct vop_setattr_args /* {
604 struct ucred *a_cred;
607 struct vattr *vap = ap->a_vap;
608 struct vnode *vp = ap->a_vp;
609 struct inode *ip = VTOI(vp);
610 struct ucred *cred = ap->a_cred;
611 struct thread *td = curthread;
615 * Check for unsettable attributes.
617 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
618 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
619 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
620 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
623 if (vap->va_flags != VNOVAL) {
624 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE |
625 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE |
626 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK |
627 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
628 UF_SPARSE | UF_SYSTEM)) != 0)
630 if (vp->v_mount->mnt_flag & MNT_RDONLY)
633 * Callers may only modify the file flags on objects they
634 * have VADMIN rights for.
636 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
639 * Unprivileged processes are not permitted to unset system
640 * flags, or modify flags if any system flags are set.
641 * Privileged non-jail processes may not modify system flags
642 * if securelevel > 0 and any existing system flags are set.
643 * Privileged jail processes behave like privileged non-jail
644 * processes if the PR_ALLOW_CHFLAGS permission bit is set;
645 * otherwise, they behave like unprivileged processes.
647 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
649 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
650 error = securelevel_gt(cred, 0);
654 /* The snapshot flag cannot be toggled. */
655 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
659 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
660 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
663 ip->i_flags = vap->va_flags;
664 DIP_SET(ip, i_flags, vap->va_flags);
665 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
666 error = UFS_UPDATE(vp, 0);
667 if (ip->i_flags & (IMMUTABLE | APPEND))
671 * If immutable or append, no one can change any of its attributes
672 * except the ones already handled (in some cases, file flags
673 * including the immutability flags themselves for the superuser).
675 if (ip->i_flags & (IMMUTABLE | APPEND))
678 * Go through the fields and update iff not VNOVAL.
680 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
681 if (vp->v_mount->mnt_flag & MNT_RDONLY)
683 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
687 if (vap->va_size != VNOVAL) {
689 * XXX most of the following special cases should be in
690 * callers instead of in N filesystems. The VDIR check
693 switch (vp->v_type) {
699 * Truncation should have an effect in these cases.
700 * Disallow it if the filesystem is read-only or
701 * the file is being snapshotted.
703 if (vp->v_mount->mnt_flag & MNT_RDONLY)
705 if ((ip->i_flags & SF_SNAPSHOT) != 0)
710 * According to POSIX, the result is unspecified
711 * for file types other than regular files,
712 * directories and shared memory objects. We
713 * don't support shared memory objects in the file
714 * system, and have dubious support for truncating
715 * symlinks. Just ignore the request in other cases.
719 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL |
720 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0),
724 if (vap->va_atime.tv_sec != VNOVAL ||
725 vap->va_mtime.tv_sec != VNOVAL ||
726 vap->va_birthtime.tv_sec != VNOVAL) {
727 if (vp->v_mount->mnt_flag & MNT_RDONLY)
729 if ((ip->i_flags & SF_SNAPSHOT) != 0)
731 error = vn_utimes_perm(vp, vap, cred, td);
734 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED);
735 if (vap->va_atime.tv_sec != VNOVAL) {
736 ip->i_flag &= ~IN_ACCESS;
737 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
738 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
740 if (vap->va_mtime.tv_sec != VNOVAL) {
741 ip->i_flag &= ~IN_UPDATE;
742 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
743 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
745 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) {
746 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
747 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
749 error = UFS_UPDATE(vp, 0);
754 if (vap->va_mode != (mode_t)VNOVAL) {
755 if (vp->v_mount->mnt_flag & MNT_RDONLY)
757 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
758 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
760 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
767 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode,
768 int file_owner_id, struct ucred *cred, struct thread *td)
773 aclp = acl_alloc(M_WAITOK);
774 error = ufs_getacl_nfs4_internal(vp, aclp, td);
776 * We don't have to handle EOPNOTSUPP here, as the filesystem claims
782 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id);
783 error = ufs_setacl_nfs4_internal(vp, aclp, td);
793 struct vop_mmapped_args /* {
805 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0)
806 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS);
808 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there.
814 * Change the mode on a file.
815 * Inode must be locked before calling.
818 ufs_chmod(vp, mode, cred, td)
824 struct inode *ip = VTOI(vp);
828 * To modify the permissions on a file, must possess VADMIN
831 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td)))
834 * Privileged processes may set the sticky bit on non-directories,
835 * as well as set the setgid bit on a file with a group that the
836 * process is not a member of. Both of these are allowed in
839 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
840 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
843 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
844 error = priv_check_cred(cred, PRIV_VFS_SETGID);
850 * Deny setting setuid if we are not the file owner.
852 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
853 error = priv_check_cred(cred, PRIV_VFS_ADMIN);
858 newmode = ip->i_mode & ~ALLPERMS;
859 newmode |= (mode & ALLPERMS);
860 UFS_INODE_SET_MODE(ip, newmode);
861 DIP_SET(ip, i_mode, ip->i_mode);
862 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
864 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0)
865 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td);
867 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0)
868 error = UFS_UPDATE(vp, 0);
874 * Perform chown operation on inode ip;
875 * inode must be locked prior to call.
878 ufs_chown(vp, uid, gid, cred, td)
885 struct inode *ip = VTOI(vp);
894 if (uid == (uid_t)VNOVAL)
896 if (gid == (gid_t)VNOVAL)
899 * To modify the ownership of a file, must possess VADMIN for that
902 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td)))
905 * To change the owner of a file, or change the group of a file to a
906 * group of which we are not a member, the caller must have
909 if (((uid != ip->i_uid && uid != cred->cr_uid) ||
910 (gid != ip->i_gid && !groupmember(gid, cred))) &&
911 (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
916 if ((error = getinoquota(ip)) != 0)
919 dqrele(vp, ip->i_dquot[USRQUOTA]);
920 ip->i_dquot[USRQUOTA] = NODQUOT;
923 dqrele(vp, ip->i_dquot[GRPQUOTA]);
924 ip->i_dquot[GRPQUOTA] = NODQUOT;
926 change = DIP(ip, i_blocks);
927 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
928 (void) chkiq(ip, -1, cred, CHOWN|FORCE);
929 for (i = 0; i < MAXQUOTAS; i++) {
930 dqrele(vp, ip->i_dquot[i]);
931 ip->i_dquot[i] = NODQUOT;
935 DIP_SET(ip, i_gid, gid);
937 DIP_SET(ip, i_uid, uid);
939 if ((error = getinoquota(ip)) == 0) {
941 dqrele(vp, ip->i_dquot[USRQUOTA]);
942 ip->i_dquot[USRQUOTA] = NODQUOT;
945 dqrele(vp, ip->i_dquot[GRPQUOTA]);
946 ip->i_dquot[GRPQUOTA] = NODQUOT;
948 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
949 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
952 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
954 for (i = 0; i < MAXQUOTAS; i++) {
955 dqrele(vp, ip->i_dquot[i]);
956 ip->i_dquot[i] = NODQUOT;
960 DIP_SET(ip, i_gid, ogid);
962 DIP_SET(ip, i_uid, ouid);
963 if (getinoquota(ip) == 0) {
965 dqrele(vp, ip->i_dquot[USRQUOTA]);
966 ip->i_dquot[USRQUOTA] = NODQUOT;
969 dqrele(vp, ip->i_dquot[GRPQUOTA]);
970 ip->i_dquot[GRPQUOTA] = NODQUOT;
972 (void) chkdq(ip, change, cred, FORCE|CHOWN);
973 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
974 (void) getinoquota(ip);
979 panic("ufs_chown: lost quota");
981 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
982 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
983 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
984 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID));
985 DIP_SET(ip, i_mode, ip->i_mode);
988 error = UFS_UPDATE(vp, 0);
994 struct vop_remove_args /* {
997 struct componentname *a_cnp;
1001 struct vnode *vp = ap->a_vp;
1002 struct vnode *dvp = ap->a_dvp;
1008 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1009 (VTOI(dvp)->i_flags & APPEND)) {
1014 ufs_gjournal_orphan(vp);
1016 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
1017 if (ip->i_nlink <= 0)
1018 vp->v_vflag |= VV_NOSYNC;
1019 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
1021 * Avoid deadlock where another thread is trying to
1022 * update the inodeblock for dvp and is waiting on
1023 * snaplk. Temporary unlock the vnode lock for the
1024 * unlinked file and sync the directory. This should
1025 * allow vput() of the directory to not block later on
1026 * while holding the snapshot vnode locked, assuming
1027 * that the directory hasn't been unlinked too.
1030 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
1031 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1038 print_bad_link_count(const char *funcname, struct vnode *dvp)
1043 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n",
1044 funcname, dip->i_effnlink, (intmax_t)dip->i_number,
1045 dvp->v_mount->mnt_stat.f_mntonname);
1053 struct vop_link_args /* {
1054 struct vnode *a_tdvp;
1056 struct componentname *a_cnp;
1059 struct vnode *vp = ap->a_vp;
1060 struct vnode *tdvp = ap->a_tdvp;
1061 struct componentname *cnp = ap->a_cnp;
1063 struct direct newdir;
1067 if ((cnp->cn_flags & HASBUF) == 0)
1068 panic("ufs_link: no name");
1070 if (VTOI(tdvp)->i_effnlink < 2) {
1071 print_bad_link_count("ufs_link", tdvp);
1076 if (ip->i_nlink >= UFS_LINK_MAX) {
1081 * The file may have been removed after namei droped the original
1084 if (ip->i_effnlink == 0) {
1088 if (ip->i_flags & (IMMUTABLE | APPEND)) {
1094 DIP_SET(ip, i_nlink, ip->i_nlink);
1095 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1096 if (DOINGSOFTDEP(vp))
1097 softdep_setup_link(VTOI(tdvp), ip);
1098 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp));
1100 ufs_makedirentry(ip, cnp, &newdir);
1101 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL, 0);
1107 DIP_SET(ip, i_nlink, ip->i_nlink);
1108 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1109 if (DOINGSOFTDEP(vp))
1110 softdep_revert_link(VTOI(tdvp), ip);
1117 * whiteout vnode call
1121 struct vop_whiteout_args /* {
1122 struct vnode *a_dvp;
1123 struct componentname *a_cnp;
1127 struct vnode *dvp = ap->a_dvp;
1128 struct componentname *cnp = ap->a_cnp;
1129 struct direct newdir;
1132 switch (ap->a_flags) {
1134 /* 4.4 format directories support whiteout operations */
1135 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1137 return (EOPNOTSUPP);
1140 /* create a new directory whiteout */
1142 if ((cnp->cn_flags & SAVENAME) == 0)
1143 panic("ufs_whiteout: missing name");
1144 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
1145 panic("ufs_whiteout: old format filesystem");
1148 newdir.d_ino = UFS_WINO;
1149 newdir.d_namlen = cnp->cn_namelen;
1150 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
1151 newdir.d_type = DT_WHT;
1152 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL, 0);
1156 /* remove an existing directory whiteout */
1158 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
1159 panic("ufs_whiteout: old format filesystem");
1162 cnp->cn_flags &= ~DOWHITEOUT;
1163 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
1166 panic("ufs_whiteout: unknown op");
1171 static volatile int rename_restarts;
1172 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD,
1173 __DEVOLATILE(int *, &rename_restarts), 0,
1174 "Times rename had to restart due to lock contention");
1177 * Rename system call.
1178 * rename("foo", "bar");
1181 * link("foo", "bar");
1183 * but ``atomically''. Can't do full commit without saving state in the
1184 * inode on disk which isn't feasible at this time. Best we can do is
1185 * always guarantee the target exists.
1187 * Basic algorithm is:
1189 * 1) Bump link count on source while we're linking it to the
1190 * target. This also ensure the inode won't be deleted out
1191 * from underneath us while we work (it may be truncated by
1192 * a concurrent `trunc' or `open' for creation).
1193 * 2) Link source to destination. If destination already exists,
1195 * 3) Unlink source reference to inode if still around. If a
1196 * directory was moved and the parent of the destination
1197 * is different from the source, patch the ".." entry in the
1202 struct vop_rename_args /* {
1203 struct vnode *a_fdvp;
1204 struct vnode *a_fvp;
1205 struct componentname *a_fcnp;
1206 struct vnode *a_tdvp;
1207 struct vnode *a_tvp;
1208 struct componentname *a_tcnp;
1211 struct vnode *tvp = ap->a_tvp;
1212 struct vnode *tdvp = ap->a_tdvp;
1213 struct vnode *fvp = ap->a_fvp;
1214 struct vnode *fdvp = ap->a_fdvp;
1216 struct componentname *tcnp = ap->a_tcnp;
1217 struct componentname *fcnp = ap->a_fcnp;
1218 struct thread *td = fcnp->cn_thread;
1219 struct inode *fip, *tip, *tdp, *fdp;
1220 struct direct newdir;
1222 int doingdirectory, newparent;
1228 want_seqc_end = false;
1231 if ((tcnp->cn_flags & HASBUF) == 0 ||
1232 (fcnp->cn_flags & HASBUF) == 0)
1233 panic("ufs_rename: no name");
1238 if (tvp && tvp != tdvp)
1241 * Check for cross-device rename.
1243 if ((fvp->v_mount != tdvp->v_mount) ||
1244 (tvp && (fvp->v_mount != tvp->v_mount))) {
1251 * We need to acquire 2 to 4 locks depending on whether tvp is NULL
1252 * and fdvp and tdvp are the same directory. Subsequently we need
1253 * to double-check all paths and in the directory rename case we
1254 * need to verify that we are not creating a directory loop. To
1255 * handle this we acquire all but fdvp using non-blocking
1256 * acquisitions. If we fail to acquire any lock in the path we will
1257 * drop all held locks, acquire the new lock in a blocking fashion,
1258 * and then release it and restart the rename. This acquire/release
1259 * step ensures that we do not spin on a lock waiting for release.
1261 error = vn_lock(fdvp, LK_EXCLUSIVE);
1264 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1266 error = vn_lock(tdvp, LK_EXCLUSIVE);
1270 atomic_add_int(&rename_restarts, 1);
1274 * Re-resolve fvp to be certain it still exists and fetch the
1277 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1283 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1289 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1295 atomic_add_int(&rename_restarts, 1);
1301 * Re-resolve tvp and acquire the vnode lock if present.
1303 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino);
1304 if (error != 0 && error != EJUSTRETURN) {
1311 * If tvp disappeared we just carry on.
1313 if (error == EJUSTRETURN && tvp != NULL) {
1318 * Get the tvp ino if the lookup succeeded. We may have to restart
1319 * if the non-blocking acquire fails.
1323 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1333 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1337 atomic_add_int(&rename_restarts, 1);
1347 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1348 (VTOI(tdvp)->i_flags & APPEND))) {
1353 * Renaming a file to itself has no effect. The upper layers should
1354 * not call us in that case. However, things could change after
1355 * we drop the locks above.
1363 ino = fip->i_number;
1364 if (fip->i_nlink >= UFS_LINK_MAX) {
1368 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1369 || (fdp->i_flags & APPEND)) {
1373 if ((fip->i_mode & IFMT) == IFDIR) {
1375 * Avoid ".", "..", and aliases of "." for obvious reasons.
1377 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1379 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) {
1383 if (fdp->i_number != tdp->i_number)
1384 newparent = tdp->i_number;
1387 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) ||
1388 (tvp != NULL && tvp->v_type == VDIR &&
1389 tvp->v_mountedhere != NULL)) {
1395 * If ".." must be changed (ie the directory gets a new
1396 * parent) then the source directory must not be in the
1397 * directory hierarchy above the target, as this would
1398 * orphan everything below the source directory. Also
1399 * the user must have write permission in the source so
1400 * as to be able to change "..".
1402 if (doingdirectory && newparent) {
1403 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1406 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred,
1409 * We encountered a lock that we have to wait for. Unlock
1410 * everything else and VGET before restarting.
1418 error = VFS_VGET(mp, ino, LK_SHARED, &nvp);
1421 atomic_add_int(&rename_restarts, 1);
1426 if ((tcnp->cn_flags & SAVESTART) == 0)
1427 panic("ufs_rename: lost to startdir");
1429 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 ||
1430 tdp->i_effnlink == 0)
1431 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp);
1434 vn_seqc_write_begin(tvp);
1435 vn_seqc_write_begin(tdvp);
1436 vn_seqc_write_begin(fvp);
1437 vn_seqc_write_begin(fdvp);
1438 want_seqc_end = true;
1441 * 1) Bump link count while we're moving stuff
1442 * around. If we crash somewhere before
1443 * completing our work, the link count
1444 * may be wrong, but correctable.
1448 DIP_SET(fip, i_nlink, fip->i_nlink);
1449 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1450 if (DOINGSOFTDEP(fvp))
1451 softdep_setup_link(tdp, fip);
1452 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp));
1457 * 2) If target doesn't exist, link the target
1458 * to the source and unlink the source.
1459 * Otherwise, rewrite the target directory
1460 * entry to reference the source inode and
1461 * expunge the original entry's existence.
1464 if (ITODEV(tdp) != ITODEV(fip))
1465 panic("ufs_rename: EXDEV");
1466 if (doingdirectory && newparent) {
1468 * Account for ".." in new directory.
1469 * When source and destination have the same
1470 * parent we don't adjust the link count. The
1471 * actual link modification is completed when
1472 * .. is rewritten below.
1474 if (tdp->i_nlink >= UFS_LINK_MAX) {
1479 ufs_makedirentry(fip, tcnp, &newdir);
1480 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL, 1);
1483 /* Setup tdvp for directory compaction if needed. */
1484 if (tdp->i_count && tdp->i_endoff &&
1485 tdp->i_endoff < tdp->i_size)
1486 endoff = tdp->i_endoff;
1488 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip))
1489 panic("ufs_rename: EXDEV");
1491 * Short circuit rename(foo, foo).
1493 if (tip->i_number == fip->i_number)
1494 panic("ufs_rename: same file");
1496 * If the parent directory is "sticky", then the caller
1497 * must possess VADMIN for the parent directory, or the
1498 * destination of the rename. This implements append-only
1501 if ((tdp->i_mode & S_ISTXT) &&
1502 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1503 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1508 * Target must be empty if a directory and have no links
1509 * to it. Also, ensure source and target are compatible
1510 * (both directories, or both not directories).
1512 if ((tip->i_mode & IFMT) == IFDIR) {
1513 if ((tip->i_effnlink > 2) ||
1514 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) {
1518 if (!doingdirectory) {
1523 } else if (doingdirectory) {
1527 if (doingdirectory) {
1530 if (DOINGSOFTDEP(tdvp))
1531 softdep_change_linkcnt(tdp);
1534 if (DOINGSOFTDEP(tvp))
1535 softdep_change_linkcnt(tip);
1537 error = ufs_dirrewrite(tdp, tip, fip->i_number,
1538 IFTODT(fip->i_mode),
1539 (doingdirectory && newparent) ? newparent : doingdirectory);
1541 if (doingdirectory) {
1544 if (DOINGSOFTDEP(tdvp))
1545 softdep_change_linkcnt(tdp);
1548 if (DOINGSOFTDEP(tvp))
1549 softdep_change_linkcnt(tip);
1553 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1555 * The only stuff left in the directory is "."
1556 * and "..". The "." reference is inconsequential
1557 * since we are quashing it. We have removed the "."
1558 * reference and the reference in the parent directory,
1559 * but there may be other hard links. The soft
1560 * dependency code will arrange to do these operations
1561 * after the parent directory entry has been deleted on
1562 * disk, so when running with that code we avoid doing
1567 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1568 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1571 DIP_SET(tip, i_nlink, tip->i_nlink);
1572 UFS_INODE_SET_FLAG(tip, IN_CHANGE);
1577 * 3) Unlink the source. We have to resolve the path again to
1578 * fixup the directory offset and count for ufs_dirremove.
1581 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1583 panic("ufs_rename: from entry went away!");
1584 if (ino != fip->i_number)
1585 panic("ufs_rename: ino mismatch %ju != %ju\n",
1586 (uintmax_t)ino, (uintmax_t)fip->i_number);
1589 * If the source is a directory with a
1590 * new parent, the link count of the old
1591 * parent directory must be decremented
1592 * and ".." set to point to the new parent.
1594 if (doingdirectory && newparent) {
1596 * If tip exists we simply use its link, otherwise we must
1602 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1603 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1604 if (DOINGSOFTDEP(tdvp))
1605 softdep_setup_dotdot_link(tdp, fip);
1606 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) &&
1608 /* Don't go to bad here as the new link exists. */
1611 } else if (DOINGSUJ(tdvp))
1612 /* Journal must account for each new link. */
1613 softdep_setup_dotdot_link(tdp, fip);
1614 fip->i_offset = mastertemplate.dot_reclen;
1615 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0);
1618 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0);
1620 * The kern_renameat() looks up the fvp using the DELETE flag, which
1621 * causes the removal of the name cache entry for fvp.
1622 * As the relookup of the fvp is done in two steps:
1623 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a
1624 * normal lookup of the from name just before the VFS_VGET() call,
1625 * causing the cache entry to be re-instantiated.
1627 * The same issue also applies to tvp if it exists as
1628 * otherwise we may have a stale name cache entry for the new
1629 * name that references the old i-node if it has other links
1630 * or open file descriptors.
1632 cache_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp);
1635 if (want_seqc_end) {
1637 vn_seqc_write_end(tvp);
1638 vn_seqc_write_end(tdvp);
1639 vn_seqc_write_end(fvp);
1640 vn_seqc_write_end(fdvp);
1648 * If compaction or fsync was requested do it now that other locks
1649 * are no longer needed.
1651 if (error == 0 && endoff != 0) {
1652 error = UFS_TRUNCATE(tdvp, endoff, IO_NORMAL |
1653 (DOINGASYNC(tdvp) ? 0 : IO_SYNC), tcnp->cn_cred);
1654 if (error != 0 && !ffs_fsfail_cleanup(VFSTOUFS(mp), error))
1656 "ufs_rename: failed to truncate, error %d\n",
1660 ufsdirhash_free(tdp);
1661 else if (tdp->i_dirhash != NULL)
1662 ufsdirhash_dirtrunc(tdp, endoff);
1665 * Even if the directory compaction failed, rename was
1666 * succesful. Do not propagate a UFS_TRUNCATE() error
1671 if (error == 0 && tdp->i_flag & IN_NEEDSYNC)
1672 error = VOP_FSYNC(tdvp, MNT_WAIT, td);
1679 DIP_SET(fip, i_nlink, fip->i_nlink);
1680 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1681 if (DOINGSOFTDEP(fvp))
1682 softdep_revert_link(tdp, fip);
1686 if (want_seqc_end) {
1688 vn_seqc_write_end(tvp);
1689 vn_seqc_write_end(tdvp);
1690 vn_seqc_write_end(fvp);
1691 vn_seqc_write_end(fdvp);
1705 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp,
1706 mode_t dmode, struct ucred *cred, struct thread *td)
1709 struct inode *ip = VTOI(tvp);
1710 struct acl *dacl, *acl;
1712 acl = acl_alloc(M_WAITOK);
1713 dacl = acl_alloc(M_WAITOK);
1716 * Retrieve default ACL from parent, if any.
1718 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1722 * Retrieved a default ACL, so merge mode and ACL if
1723 * necessary. If the ACL is empty, fall through to
1724 * the "not defined or available" case.
1726 if (acl->acl_cnt != 0) {
1727 dmode = acl_posix1e_newfilemode(dmode, acl);
1728 UFS_INODE_SET_MODE(ip, dmode);
1729 DIP_SET(ip, i_mode, dmode);
1731 ufs_sync_acl_from_inode(ip, acl);
1738 * Just use the mode as-is.
1740 UFS_INODE_SET_MODE(ip, dmode);
1741 DIP_SET(ip, i_mode, dmode);
1750 * XXX: If we abort now, will Soft Updates notify the extattr
1751 * code that the EAs for the file need to be released?
1753 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1755 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td);
1762 * XXX: This should not happen, as EOPNOTSUPP above
1763 * was supposed to free acl.
1765 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1767 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1783 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp,
1784 mode_t mode, struct ucred *cred, struct thread *td)
1787 struct inode *ip = VTOI(tvp);
1790 acl = acl_alloc(M_WAITOK);
1793 * Retrieve default ACL for parent, if any.
1795 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1799 * Retrieved a default ACL, so merge mode and ACL if
1802 if (acl->acl_cnt != 0) {
1804 * Two possible ways for default ACL to not
1805 * be present. First, the EA can be
1806 * undefined, or second, the default ACL can
1807 * be blank. If it's blank, fall through to
1808 * the it's not defined case.
1810 mode = acl_posix1e_newfilemode(mode, acl);
1811 UFS_INODE_SET_MODE(ip, mode);
1812 DIP_SET(ip, i_mode, mode);
1813 ufs_sync_acl_from_inode(ip, acl);
1820 * Just use the mode as-is.
1822 UFS_INODE_SET_MODE(ip, mode);
1823 DIP_SET(ip, i_mode, mode);
1832 * XXX: If we abort now, will Soft Updates notify the extattr
1833 * code that the EAs for the file need to be released?
1835 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1842 * XXX: This should not happen, as EOPNOTSUPP above was
1843 * supposed to free acl.
1845 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1846 "but no VOP_SETACL()\n");
1847 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1848 "but no VOP_SETACL()"); */
1862 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp,
1863 mode_t child_mode, struct ucred *cred, struct thread *td)
1866 struct acl *parent_aclp, *child_aclp;
1868 parent_aclp = acl_alloc(M_WAITOK);
1869 child_aclp = acl_alloc(M_WAITOK | M_ZERO);
1871 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td);
1874 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp,
1875 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR);
1876 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td);
1880 acl_free(parent_aclp);
1881 acl_free(child_aclp);
1892 struct vop_mkdir_args /* {
1893 struct vnode *a_dvp;
1894 struct vnode **a_vpp;
1895 struct componentname *a_cnp;
1896 struct vattr *a_vap;
1899 struct vnode *dvp = ap->a_dvp;
1900 struct vattr *vap = ap->a_vap;
1901 struct componentname *cnp = ap->a_cnp;
1902 struct inode *ip, *dp;
1905 struct dirtemplate dirtemplate, *dtp;
1906 struct direct newdir;
1911 if ((cnp->cn_flags & HASBUF) == 0)
1912 panic("ufs_mkdir: no name");
1915 if (dp->i_nlink >= UFS_LINK_MAX) {
1919 dmode = vap->va_mode & 0777;
1922 * Must simulate part of ufs_makeinode here to acquire the inode,
1923 * but not have it entered in the parent directory. The entry is
1924 * made later after writing "." and ".." entries.
1926 if (dp->i_effnlink < 2) {
1927 print_bad_link_count("ufs_mkdir", dvp);
1931 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1934 vn_seqc_write_begin(tvp);
1936 ip->i_gid = dp->i_gid;
1937 DIP_SET(ip, i_gid, dp->i_gid);
1941 struct ucred ucred, *ucp;
1946 * If we are hacking owners here, (only do this where told to)
1947 * and we are not giving it TO root, (would subvert quotas)
1948 * then go ahead and give it to the other user.
1949 * The new directory also inherits the SUID bit.
1950 * If user's UID and dir UID are the same,
1951 * 'give it away' so that the SUID is still forced on.
1953 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1954 (dp->i_mode & ISUID) && dp->i_uid) {
1956 ip->i_uid = dp->i_uid;
1957 DIP_SET(ip, i_uid, dp->i_uid);
1959 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1961 * Make sure the correct user gets charged
1963 * Make a dummy credential for the victim.
1964 * XXX This seems to never be accessed out of
1965 * our context so a stack variable is ok.
1967 refcount_init(&ucred.cr_ref, 1);
1968 ucred.cr_uid = ip->i_uid;
1969 ucred.cr_ngroups = 1;
1970 ucred.cr_groups = &ucred_group;
1971 ucred.cr_groups[0] = dp->i_gid;
1976 ip->i_uid = cnp->cn_cred->cr_uid;
1977 DIP_SET(ip, i_uid, ip->i_uid);
1980 if ((error = getinoquota(ip)) ||
1981 (error = chkiq(ip, 1, ucp, 0))) {
1982 if (DOINGSOFTDEP(tvp))
1983 softdep_revert_link(dp, ip);
1984 UFS_VFREE(tvp, ip->i_number, dmode);
1985 vn_seqc_write_end(tvp);
1992 #else /* !SUIDDIR */
1993 ip->i_uid = cnp->cn_cred->cr_uid;
1994 DIP_SET(ip, i_uid, ip->i_uid);
1996 if ((error = getinoquota(ip)) ||
1997 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
1998 if (DOINGSOFTDEP(tvp))
1999 softdep_revert_link(dp, ip);
2000 UFS_VFREE(tvp, ip->i_number, dmode);
2001 vn_seqc_write_end(tvp);
2007 #endif /* !SUIDDIR */
2008 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2009 UFS_INODE_SET_MODE(ip, dmode);
2010 DIP_SET(ip, i_mode, dmode);
2011 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
2014 DIP_SET(ip, i_nlink, 2);
2016 if (cnp->cn_flags & ISWHITEOUT) {
2017 ip->i_flags |= UF_OPAQUE;
2018 DIP_SET(ip, i_flags, ip->i_flags);
2022 * Bump link count in parent directory to reflect work done below.
2023 * Should be done before reference is created so cleanup is
2024 * possible if we crash.
2028 DIP_SET(dp, i_nlink, dp->i_nlink);
2029 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2030 if (DOINGSOFTDEP(dvp))
2031 softdep_setup_mkdir(dp, ip);
2032 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp));
2036 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2037 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2044 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2045 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode,
2046 cnp->cn_cred, cnp->cn_thread);
2049 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2050 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode,
2051 cnp->cn_cred, cnp->cn_thread);
2055 #endif /* !UFS_ACL */
2058 * Initialize directory with "." and ".." from static template.
2060 if (dvp->v_mount->mnt_maxsymlinklen > 0)
2061 dtp = &mastertemplate;
2063 dtp = (struct dirtemplate *)&omastertemplate;
2065 dirtemplate.dot_ino = ip->i_number;
2066 dirtemplate.dotdot_ino = dp->i_number;
2067 vnode_pager_setsize(tvp, DIRBLKSIZ);
2068 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
2069 BA_CLRBUF, &bp)) != 0)
2071 ip->i_size = DIRBLKSIZ;
2072 DIP_SET(ip, i_size, DIRBLKSIZ);
2073 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2074 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
2075 if (DOINGSOFTDEP(tvp)) {
2077 * Ensure that the entire newly allocated block is a
2078 * valid directory so that future growth within the
2079 * block does not have to ensure that the block is
2080 * written before the inode.
2083 while (blkoff < bp->b_bcount) {
2085 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
2086 blkoff += DIRBLKSIZ;
2089 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) &&
2090 !DOINGASYNC(tvp))) != 0) {
2095 * Directory set up, now install its entry in the parent directory.
2097 * If we are not doing soft dependencies, then we must write out the
2098 * buffer containing the new directory body before entering the new
2099 * name in the parent. If we are doing soft dependencies, then the
2100 * buffer containing the new directory body will be passed to and
2101 * released in the soft dependency code after the code has attached
2102 * an appropriate ordering dependency to the buffer which ensures that
2103 * the buffer is written before the new name is written in the parent.
2105 if (DOINGASYNC(dvp))
2107 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
2109 ufs_makedirentry(ip, cnp, &newdir);
2110 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp, 0);
2115 vn_seqc_write_end(tvp);
2119 DIP_SET(dp, i_nlink, dp->i_nlink);
2120 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2122 * No need to do an explicit VOP_TRUNCATE here, vrele will
2123 * do this for us because we set the link count to 0.
2127 DIP_SET(ip, i_nlink, 0);
2128 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2129 if (DOINGSOFTDEP(tvp))
2130 softdep_revert_mkdir(dp, ip);
2131 vn_seqc_write_end(tvp);
2140 * Rmdir system call.
2144 struct vop_rmdir_args /* {
2145 struct vnode *a_dvp;
2147 struct componentname *a_cnp;
2150 struct vnode *vp = ap->a_vp;
2151 struct vnode *dvp = ap->a_dvp;
2152 struct componentname *cnp = ap->a_cnp;
2153 struct inode *ip, *dp;
2160 * Do not remove a directory that is in the process of being renamed.
2161 * Verify the directory is empty (and valid). Rmdir ".." will not be
2162 * valid since ".." will contain a reference to the current directory
2163 * and thus be non-empty. Do not allow the removal of mounted on
2164 * directories (this can happen when an NFS exported filesystem
2165 * tries to remove a locally mounted on directory).
2168 if (dp->i_effnlink <= 2) {
2169 if (dp->i_effnlink == 2)
2170 print_bad_link_count("ufs_rmdir", dvp);
2174 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
2178 if ((dp->i_flags & APPEND)
2179 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
2183 if (vp->v_mountedhere != 0) {
2188 ufs_gjournal_orphan(vp);
2191 * Delete reference to directory before purging
2192 * inode. If we crash in between, the directory
2193 * will be reattached to lost+found,
2197 if (DOINGSOFTDEP(vp))
2198 softdep_setup_rmdir(dp, ip);
2199 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
2203 if (DOINGSOFTDEP(vp))
2204 softdep_revert_rmdir(dp, ip);
2208 * The only stuff left in the directory is "." and "..". The "."
2209 * reference is inconsequential since we are quashing it. The soft
2210 * dependency code will arrange to do these operations after
2211 * the parent directory entry has been deleted on disk, so
2212 * when running with that code we avoid doing them now.
2214 if (!DOINGSOFTDEP(vp)) {
2216 DIP_SET(dp, i_nlink, dp->i_nlink);
2217 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2218 error = UFS_UPDATE(dvp, 0);
2220 DIP_SET(ip, i_nlink, ip->i_nlink);
2221 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2225 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
2226 if (ip->i_dirhash != NULL)
2227 ufsdirhash_free(ip);
2234 * symlink -- make a symbolic link
2238 struct vop_symlink_args /* {
2239 struct vnode *a_dvp;
2240 struct vnode **a_vpp;
2241 struct componentname *a_cnp;
2242 struct vattr *a_vap;
2243 const char *a_target;
2246 struct vnode *vp, **vpp = ap->a_vpp;
2250 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
2251 vpp, ap->a_cnp, "ufs_symlink");
2255 len = strlen(ap->a_target);
2256 if (len < vp->v_mount->mnt_maxsymlinklen) {
2258 bcopy(ap->a_target, SHORTLINK(ip), len);
2260 DIP_SET(ip, i_size, len);
2261 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2262 error = UFS_UPDATE(vp, 0);
2264 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target),
2265 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
2266 ap->a_cnp->cn_cred, NOCRED, NULL, NULL);
2273 * Vnode op for reading directories.
2277 struct vop_readdir_args /* {
2280 struct ucred *a_cred;
2286 struct vnode *vp = ap->a_vp;
2287 struct uio *uio = ap->a_uio;
2290 struct direct *dp, *edp;
2292 struct dirent dstdp;
2293 off_t offset, startoffset;
2294 size_t readcnt, skipcnt;
2299 if (uio->uio_offset < 0)
2302 if (ip->i_effnlink == 0)
2304 if (ap->a_ncookies != NULL) {
2305 if (uio->uio_resid < 0)
2308 ncookies = uio->uio_resid;
2309 if (uio->uio_offset >= ip->i_size)
2311 else if (ip->i_size - uio->uio_offset < ncookies)
2312 ncookies = ip->i_size - uio->uio_offset;
2313 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
2314 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
2315 *ap->a_ncookies = ncookies;
2316 *ap->a_cookies = cookies;
2321 offset = startoffset = uio->uio_offset;
2322 startresid = uio->uio_resid;
2324 while (error == 0 && uio->uio_resid > 0 &&
2325 uio->uio_offset < ip->i_size) {
2326 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp);
2329 if (bp->b_offset + bp->b_bcount > ip->i_size)
2330 readcnt = ip->i_size - bp->b_offset;
2332 readcnt = bp->b_bcount;
2333 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) &
2334 ~(size_t)(DIRBLKSIZ - 1);
2335 offset = bp->b_offset + skipcnt;
2336 dp = (struct direct *)&bp->b_data[skipcnt];
2337 edp = (struct direct *)&bp->b_data[readcnt];
2338 while (error == 0 && uio->uio_resid > 0 && dp < edp) {
2339 if (dp->d_reclen <= offsetof(struct direct, d_name) ||
2340 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) {
2344 #if BYTE_ORDER == LITTLE_ENDIAN
2345 /* Old filesystem format. */
2346 if (vp->v_mount->mnt_maxsymlinklen <= 0) {
2347 dstdp.d_namlen = dp->d_type;
2348 dstdp.d_type = dp->d_namlen;
2352 dstdp.d_namlen = dp->d_namlen;
2353 dstdp.d_type = dp->d_type;
2355 if (offsetof(struct direct, d_name) + dstdp.d_namlen >
2360 if (offset < startoffset || dp->d_ino == 0)
2362 dstdp.d_fileno = dp->d_ino;
2363 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
2364 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
2365 /* NOTE: d_off is the offset of the *next* entry. */
2366 dstdp.d_off = offset + dp->d_reclen;
2367 dirent_terminate(&dstdp);
2368 if (dstdp.d_reclen > uio->uio_resid) {
2369 if (uio->uio_resid == startresid)
2372 error = EJUSTRETURN;
2376 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio);
2379 if (cookies != NULL) {
2380 KASSERT(ncookies > 0,
2381 ("ufs_readdir: cookies buffer too small"));
2382 *cookies = offset + dp->d_reclen;
2387 offset += dp->d_reclen;
2388 dp = (struct direct *)((caddr_t)dp + dp->d_reclen);
2391 uio->uio_offset = offset;
2393 /* We need to correct uio_offset. */
2394 uio->uio_offset = offset;
2395 if (error == EJUSTRETURN)
2397 if (ap->a_ncookies != NULL) {
2399 ap->a_ncookies -= ncookies;
2401 free(*ap->a_cookies, M_TEMP);
2402 *ap->a_ncookies = 0;
2403 *ap->a_cookies = NULL;
2406 if (error == 0 && ap->a_eofflag)
2407 *ap->a_eofflag = ip->i_size <= uio->uio_offset;
2412 * Return target name of a symbolic link
2416 struct vop_readlink_args /* {
2419 struct ucred *a_cred;
2422 struct vnode *vp = ap->a_vp;
2423 struct inode *ip = VTOI(vp);
2427 if ((isize < vp->v_mount->mnt_maxsymlinklen) ||
2428 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */
2429 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
2431 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
2435 * Calculate the logical to physical mapping if not done already,
2436 * then call the device strategy routine.
2438 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
2439 * deadlock on memory. See ufs_bmap() for details.
2443 struct vop_strategy_args /* {
2448 struct buf *bp = ap->a_bp;
2449 struct vnode *vp = ap->a_vp;
2453 if (bp->b_blkno == bp->b_lblkno) {
2454 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
2455 bp->b_blkno = blkno;
2457 bp->b_error = error;
2458 bp->b_ioflags |= BIO_ERROR;
2462 if ((long)bp->b_blkno == -1)
2465 if ((long)bp->b_blkno == -1) {
2469 bp->b_iooffset = dbtob(bp->b_blkno);
2470 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp);
2475 * Print out the contents of an inode.
2479 struct vop_print_args /* {
2483 struct vnode *vp = ap->a_vp;
2484 struct inode *ip = VTOI(vp);
2486 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink,
2487 ip->i_effnlink, (intmax_t)ip->i_size);
2489 printf(", extsize %d", ip->i_din2->di_extsize);
2490 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n",
2491 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid,
2492 (u_int)ip->i_flags, PRINT_INODE_FLAGS);
2493 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
2494 devtoname(ITODEV(ip)));
2495 if (vp->v_type == VFIFO)
2502 * Close wrapper for fifos.
2504 * Update the times on the inode then do device close.
2508 struct vop_close_args /* {
2511 struct ucred *a_cred;
2512 struct thread *a_td;
2515 struct vnode *vp = ap->a_vp;
2519 usecount = vp->v_usecount;
2521 ufs_itimes_locked(vp);
2523 return (fifo_specops.vop_close(ap));
2527 * Kqfilter wrapper for fifos.
2529 * Fall through to ufs kqfilter routines if needed
2532 ufsfifo_kqfilter(ap)
2533 struct vop_kqfilter_args *ap;
2537 error = fifo_specops.vop_kqfilter(ap);
2539 error = vfs_kqfilter(ap);
2544 * Return POSIX pathconf information applicable to ufs filesystems.
2548 struct vop_pathconf_args /* {
2557 switch (ap->a_name) {
2559 *ap->a_retval = UFS_LINK_MAX;
2562 *ap->a_retval = UFS_MAXNAMLEN;
2565 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO)
2566 *ap->a_retval = PIPE_BUF;
2570 case _PC_CHOWN_RESTRICTED:
2577 case _PC_ACL_EXTENDED:
2578 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2584 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS)
2590 case _PC_ACL_PATH_MAX:
2592 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS))
2593 *ap->a_retval = ACL_MAX_ENTRIES;
2601 case _PC_MAC_PRESENT:
2602 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2608 case _PC_MIN_HOLE_SIZE:
2609 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2617 case _PC_ALLOC_SIZE_MIN:
2618 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2620 case _PC_FILESIZEBITS:
2623 case _PC_REC_INCR_XFER_SIZE:
2624 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2626 case _PC_REC_MAX_XFER_SIZE:
2627 *ap->a_retval = -1; /* means ``unlimited'' */
2629 case _PC_REC_MIN_XFER_SIZE:
2630 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2632 case _PC_REC_XFER_ALIGN:
2633 *ap->a_retval = PAGE_SIZE;
2635 case _PC_SYMLINK_MAX:
2636 *ap->a_retval = MAXPATHLEN;
2640 error = vop_stdpathconf(ap);
2647 * Initialize the vnode associated with a new inode, handle aliased
2651 ufs_vinit(mntp, fifoops, vpp)
2653 struct vop_vector *fifoops;
2660 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2662 vp->v_type = IFTOVT(ip->i_mode);
2664 * Only unallocated inodes should be of type VNON.
2666 if (ip->i_mode != 0 && vp->v_type == VNON)
2668 if (vp->v_type == VFIFO)
2670 if (ip->i_number == UFS_ROOTINO)
2671 vp->v_vflag |= VV_ROOT;
2677 * Allocate a new inode.
2678 * Vnode dvp must be locked.
2681 ufs_makeinode(mode, dvp, vpp, cnp, callfunc)
2685 struct componentname *cnp;
2686 const char *callfunc;
2688 struct inode *ip, *pdir;
2689 struct direct newdir;
2695 if ((cnp->cn_flags & HASBUF) == 0)
2696 panic("%s: no name", callfunc);
2699 if ((mode & IFMT) == 0)
2702 if (pdir->i_effnlink < 2) {
2703 print_bad_link_count(callfunc, dvp);
2706 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2710 ip->i_gid = pdir->i_gid;
2711 DIP_SET(ip, i_gid, pdir->i_gid);
2715 struct ucred ucred, *ucp;
2720 * If we are not the owner of the directory,
2721 * and we are hacking owners here, (only do this where told to)
2722 * and we are not giving it TO root, (would subvert quotas)
2723 * then go ahead and give it to the other user.
2724 * Note that this drops off the execute bits for security.
2726 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2727 (pdir->i_mode & ISUID) &&
2728 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2729 ip->i_uid = pdir->i_uid;
2730 DIP_SET(ip, i_uid, ip->i_uid);
2734 * Make sure the correct user gets charged
2736 * Quickly knock up a dummy credential for the victim.
2737 * XXX This seems to never be accessed out of our
2738 * context so a stack variable is ok.
2740 refcount_init(&ucred.cr_ref, 1);
2741 ucred.cr_uid = ip->i_uid;
2742 ucred.cr_ngroups = 1;
2743 ucred.cr_groups = &ucred_group;
2744 ucred.cr_groups[0] = pdir->i_gid;
2748 ip->i_uid = cnp->cn_cred->cr_uid;
2749 DIP_SET(ip, i_uid, ip->i_uid);
2753 if ((error = getinoquota(ip)) ||
2754 (error = chkiq(ip, 1, ucp, 0))) {
2755 if (DOINGSOFTDEP(tvp))
2756 softdep_revert_link(pdir, ip);
2757 UFS_VFREE(tvp, ip->i_number, mode);
2764 #else /* !SUIDDIR */
2765 ip->i_uid = cnp->cn_cred->cr_uid;
2766 DIP_SET(ip, i_uid, ip->i_uid);
2768 if ((error = getinoquota(ip)) ||
2769 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2770 if (DOINGSOFTDEP(tvp))
2771 softdep_revert_link(pdir, ip);
2772 UFS_VFREE(tvp, ip->i_number, mode);
2778 #endif /* !SUIDDIR */
2779 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */
2780 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2781 UFS_INODE_SET_MODE(ip, mode);
2782 DIP_SET(ip, i_mode, mode);
2783 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2786 DIP_SET(ip, i_nlink, 1);
2787 if (DOINGSOFTDEP(tvp))
2788 softdep_setup_create(VTOI(dvp), ip);
2789 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2790 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) {
2791 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID);
2792 DIP_SET(ip, i_mode, ip->i_mode);
2795 if (cnp->cn_flags & ISWHITEOUT) {
2796 ip->i_flags |= UF_OPAQUE;
2797 DIP_SET(ip, i_flags, ip->i_flags);
2801 * Make sure inode goes to disk before directory entry.
2803 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp));
2807 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2808 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2815 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2816 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode,
2817 cnp->cn_cred, cnp->cn_thread);
2820 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2821 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode,
2822 cnp->cn_cred, cnp->cn_thread);
2826 #endif /* !UFS_ACL */
2827 ufs_makedirentry(ip, cnp, &newdir);
2828 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL, 0);
2831 vn_seqc_write_end(tvp);
2837 * Write error occurred trying to update the inode
2838 * or the directory so must deallocate the inode.
2842 DIP_SET(ip, i_nlink, 0);
2843 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2844 if (DOINGSOFTDEP(tvp))
2845 softdep_revert_create(VTOI(dvp), ip);
2846 vn_seqc_write_end(tvp);
2853 ufs_ioctl(struct vop_ioctl_args *ap)
2859 switch (ap->a_command) {
2861 error = vn_lock(vp, LK_SHARED);
2863 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data);
2869 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data,
2877 ufs_read_pgcache(struct vop_read_pgcache_args *ap)
2884 MPASS((vp->v_irflag & VIRF_PGREAD) != 0);
2886 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 ||
2887 (ap->a_ioflag & IO_DIRECT) != 0)
2888 return (EJUSTRETURN);
2889 return (vn_read_from_obj(vp, uio));
2892 /* Global vfs data structures for ufs. */
2893 struct vop_vector ufs_vnodeops = {
2894 .vop_default = &default_vnodeops,
2895 .vop_fsync = VOP_PANIC,
2896 .vop_read = VOP_PANIC,
2897 .vop_reallocblks = VOP_PANIC,
2898 .vop_write = VOP_PANIC,
2899 .vop_accessx = ufs_accessx,
2900 .vop_bmap = ufs_bmap,
2901 .vop_fplookup_vexec = ufs_fplookup_vexec,
2902 .vop_cachedlookup = ufs_lookup,
2903 .vop_close = ufs_close,
2904 .vop_create = ufs_create,
2905 .vop_stat = ufs_stat,
2906 .vop_getattr = ufs_getattr,
2907 .vop_inactive = ufs_inactive,
2908 .vop_ioctl = ufs_ioctl,
2909 .vop_link = ufs_link,
2910 .vop_lookup = vfs_cache_lookup,
2911 .vop_mmapped = ufs_mmapped,
2912 .vop_mkdir = ufs_mkdir,
2913 .vop_mknod = ufs_mknod,
2914 .vop_need_inactive = ufs_need_inactive,
2915 .vop_open = ufs_open,
2916 .vop_pathconf = ufs_pathconf,
2917 .vop_poll = vop_stdpoll,
2918 .vop_print = ufs_print,
2919 .vop_read_pgcache = ufs_read_pgcache,
2920 .vop_readdir = ufs_readdir,
2921 .vop_readlink = ufs_readlink,
2922 .vop_reclaim = ufs_reclaim,
2923 .vop_remove = ufs_remove,
2924 .vop_rename = ufs_rename,
2925 .vop_rmdir = ufs_rmdir,
2926 .vop_setattr = ufs_setattr,
2928 .vop_setlabel = vop_stdsetlabel_ea,
2930 .vop_strategy = ufs_strategy,
2931 .vop_symlink = ufs_symlink,
2932 .vop_whiteout = ufs_whiteout,
2934 .vop_getextattr = ufs_getextattr,
2935 .vop_deleteextattr = ufs_deleteextattr,
2936 .vop_setextattr = ufs_setextattr,
2939 .vop_getacl = ufs_getacl,
2940 .vop_setacl = ufs_setacl,
2941 .vop_aclcheck = ufs_aclcheck,
2944 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops);
2946 struct vop_vector ufs_fifoops = {
2947 .vop_default = &fifo_specops,
2948 .vop_fsync = VOP_PANIC,
2949 .vop_accessx = ufs_accessx,
2950 .vop_close = ufsfifo_close,
2951 .vop_getattr = ufs_getattr,
2952 .vop_inactive = ufs_inactive,
2953 .vop_kqfilter = ufsfifo_kqfilter,
2954 .vop_pathconf = ufs_pathconf,
2955 .vop_print = ufs_print,
2956 .vop_read = VOP_PANIC,
2957 .vop_reclaim = ufs_reclaim,
2958 .vop_setattr = ufs_setattr,
2960 .vop_setlabel = vop_stdsetlabel_ea,
2962 .vop_write = VOP_PANIC,
2964 .vop_getextattr = ufs_getextattr,
2965 .vop_deleteextattr = ufs_deleteextattr,
2966 .vop_setextattr = ufs_setextattr,
2969 .vop_getacl = ufs_getacl,
2970 .vop_setacl = ufs_setacl,
2971 .vop_aclcheck = ufs_aclcheck,
2974 VFS_VOP_VECTOR_REGISTER(ufs_fifoops);