2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_quota.h"
43 #include "opt_suiddir.h"
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/malloc.h>
50 #include <sys/namei.h>
51 #include <sys/kernel.h>
52 #include <sys/fcntl.h>
53 #include <sys/filio.h>
57 #include <sys/mount.h>
59 #include <sys/refcount.h>
60 #include <sys/unistd.h>
61 #include <sys/vnode.h>
62 #include <sys/dirent.h>
63 #include <sys/lockf.h>
68 #include <security/audit/audit.h>
69 #include <security/mac/mac_framework.h>
71 #include <sys/file.h> /* XXX */
74 #include <vm/vm_extern.h>
76 #include <ufs/ufs/acl.h>
77 #include <ufs/ufs/extattr.h>
78 #include <ufs/ufs/quota.h>
79 #include <ufs/ufs/inode.h>
80 #include <ufs/ufs/dir.h>
81 #include <ufs/ufs/ufsmount.h>
82 #include <ufs/ufs/ufs_extern.h>
84 #include <ufs/ufs/dirhash.h>
87 #include <ufs/ufs/gjournal.h>
88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS");
92 FEATURE(ufs_quota, "UFS disk quotas support");
93 FEATURE(ufs_quota64, "64bit UFS disk quotas support");
98 "Give all new files in directory the same ownership as the directory");
103 #include <ufs/ffs/ffs_extern.h>
105 static vop_accessx_t ufs_accessx;
106 static vop_fplookup_vexec_t ufs_fplookup_vexec;
107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
109 static vop_close_t ufs_close;
110 static vop_create_t ufs_create;
111 static vop_stat_t ufs_stat;
112 static vop_getattr_t ufs_getattr;
113 static vop_ioctl_t ufs_ioctl;
114 static vop_link_t ufs_link;
115 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *);
116 static vop_mmapped_t ufs_mmapped;
117 static vop_mkdir_t ufs_mkdir;
118 static vop_mknod_t ufs_mknod;
119 static vop_open_t ufs_open;
120 static vop_pathconf_t ufs_pathconf;
121 static vop_print_t ufs_print;
122 static vop_readlink_t ufs_readlink;
123 static vop_remove_t ufs_remove;
124 static vop_rename_t ufs_rename;
125 static vop_rmdir_t ufs_rmdir;
126 static vop_setattr_t ufs_setattr;
127 static vop_strategy_t ufs_strategy;
128 static vop_symlink_t ufs_symlink;
129 static vop_whiteout_t ufs_whiteout;
130 static vop_close_t ufsfifo_close;
131 static vop_kqfilter_t ufsfifo_kqfilter;
133 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
137 * A virgin directory (no blushing please).
139 static struct dirtemplate mastertemplate = {
140 0, 12, DT_DIR, 1, ".",
141 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
143 static struct odirtemplate omastertemplate = {
145 0, DIRBLKSIZ - 12, 2, ".."
149 ufs_itimes_locked(struct vnode *vp)
154 ASSERT_VI_LOCKED(vp, __func__);
159 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
162 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
163 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD);
164 else if (((vp->v_mount->mnt_kern_flag &
165 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
166 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
167 UFS_INODE_SET_FLAG(ip, IN_MODIFIED);
168 else if (ip->i_flag & IN_ACCESS)
169 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS);
171 if (ip->i_flag & IN_ACCESS) {
172 DIP_SET(ip, i_atime, ts.tv_sec);
173 DIP_SET(ip, i_atimensec, ts.tv_nsec);
175 if (ip->i_flag & IN_UPDATE) {
176 DIP_SET(ip, i_mtime, ts.tv_sec);
177 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
179 if (ip->i_flag & IN_CHANGE) {
180 DIP_SET(ip, i_ctime, ts.tv_sec);
181 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
182 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1);
186 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
190 ufs_itimes(struct vnode *vp)
194 ufs_itimes_locked(vp);
199 * Create a regular file
203 struct vop_create_args /* {
205 struct vnode **a_vpp;
206 struct componentname *a_cnp;
213 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
214 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create");
217 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0)
218 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp);
228 struct vop_mknod_args /* {
230 struct vnode **a_vpp;
231 struct componentname *a_cnp;
235 struct vattr *vap = ap->a_vap;
236 struct vnode **vpp = ap->a_vpp;
241 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
242 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod");
246 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
247 if (vap->va_rdev != VNOVAL) {
249 * Want to be able to use this to make badblock
250 * inodes, so don't truncate the dev number.
252 DIP_SET(ip, i_rdev, vap->va_rdev);
255 * Remove inode, then reload it through VFS_VGET(). This is
256 * needed to do further inode initialization, for instance
257 * fifo, which was too early for VFS_VGET() done as part of
260 (*vpp)->v_type = VNON;
261 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
264 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
277 ufs_open(struct vop_open_args *ap)
279 struct vnode *vp = ap->a_vp;
282 if (vp->v_type == VCHR || vp->v_type == VBLK)
286 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td);
287 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0) {
288 vn_irflag_set_cond(vp, VIRF_PGREAD);
292 * Files marked append-only must be opened for appending.
294 if ((ip->i_flags & APPEND) &&
295 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
304 * Update the times on the inode.
309 struct vop_close_args /* {
312 struct ucred *a_cred;
316 struct vnode *vp = ap->a_vp;
320 usecount = vp->v_usecount;
322 ufs_itimes_locked(vp);
329 struct vop_accessx_args /* {
332 struct ucred *a_cred;
336 struct vnode *vp = ap->a_vp;
337 struct inode *ip = VTOI(vp);
338 accmode_t accmode = ap->a_accmode;
346 * Disallow write attempts on read-only filesystems;
347 * unless the file is a socket, fifo, or a block or
348 * character device resident on the filesystem.
350 if (accmode & VMODIFY_PERMS) {
351 switch (vp->v_type) {
355 if (vp->v_mount->mnt_flag & MNT_RDONLY)
359 * Inode is accounted in the quotas only if struct
360 * dquot is attached to it. VOP_ACCESS() is called
361 * from vn_open_cred() and provides a convenient
362 * point to call getinoquota(). The lock mode is
363 * exclusive when the file is opening for write.
365 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) {
366 error = getinoquota(ip);
378 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS"
379 * permits the owner of the file to remove the IMMUTABLE flag.
381 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) &&
382 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
386 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) {
387 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS)
388 type = ACL_TYPE_NFS4;
390 type = ACL_TYPE_ACCESS;
392 acl = acl_alloc(M_WAITOK);
393 if (type == ACL_TYPE_NFS4)
394 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td);
396 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td);
399 if (type == ACL_TYPE_NFS4) {
400 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid,
401 ip->i_gid, acl, accmode, ap->a_cred);
403 error = vfs_unixify_accmode(&accmode);
405 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
406 ip->i_gid, acl, accmode, ap->a_cred);
410 if (error != EOPNOTSUPP)
412 "ufs_accessx(): Error retrieving ACL on object (%d).\n",
415 * XXX: Fall back until debugged. Should
416 * eventually possibly log an error, and return
419 error = vfs_unixify_accmode(&accmode);
421 error = vaccess(vp->v_type, ip->i_mode,
422 ip->i_uid, ip->i_gid, accmode, ap->a_cred);
428 #endif /* !UFS_ACL */
429 error = vfs_unixify_accmode(&accmode);
431 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
432 accmode, ap->a_cred);
437 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see
438 * the comment above cache_fplookup for details.
441 ufs_fplookup_vexec(ap)
442 struct vop_fplookup_vexec_args /* {
444 struct ucred *a_cred;
455 if (__predict_false(ip == NULL))
461 * ACLs are not supported and UFS clears/sets this flag on mount and
462 * remount. However, we may still be racing with seeing them and there
463 * is no provision to make sure they were accounted for. This matches
464 * the behavior of the locked case, since the lookup there is also
465 * racy: mount takes no measures to block anyone from progressing.
467 all_x = S_IXUSR | S_IXGRP | S_IXOTH;
468 mode = atomic_load_short(&ip->i_mode);
469 if (__predict_true((mode & all_x) == all_x))
473 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred));
478 ufs_stat(struct vop_stat_args *ap)
480 struct vnode *vp = ap->a_vp;
481 struct inode *ip = VTOI(vp);
482 struct stat *sb = ap->a_sb;
485 error = vop_stat_helper_pre(ap);
486 if (__predict_false(error))
490 ufs_itimes_locked(vp);
492 sb->st_atim.tv_sec = ip->i_din1->di_atime;
493 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec;
495 sb->st_atim.tv_sec = ip->i_din2->di_atime;
496 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec;
500 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev);
501 sb->st_ino = ip->i_number;
502 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type);
503 sb->st_nlink = ip->i_effnlink;
504 sb->st_uid = ip->i_uid;
505 sb->st_gid = ip->i_gid;
507 sb->st_rdev = ip->i_din1->di_rdev;
508 sb->st_size = ip->i_din1->di_size;
509 sb->st_mtim.tv_sec = ip->i_din1->di_mtime;
510 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec;
511 sb->st_ctim.tv_sec = ip->i_din1->di_ctime;
512 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec;
513 sb->st_birthtim.tv_sec = -1;
514 sb->st_birthtim.tv_nsec = 0;
515 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE;
517 sb->st_rdev = ip->i_din2->di_rdev;
518 sb->st_size = ip->i_din2->di_size;
519 sb->st_mtim.tv_sec = ip->i_din2->di_mtime;
520 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec;
521 sb->st_ctim.tv_sec = ip->i_din2->di_ctime;
522 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec;
523 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime;
524 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec;
525 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE;
528 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize);
529 sb->st_flags = ip->i_flags;
530 sb->st_gen = ip->i_gen;
532 return (vop_stat_helper_post(ap, error));
538 struct vop_getattr_args /* {
541 struct ucred *a_cred;
544 struct vnode *vp = ap->a_vp;
545 struct inode *ip = VTOI(vp);
546 struct vattr *vap = ap->a_vap;
549 ufs_itimes_locked(vp);
551 vap->va_atime.tv_sec = ip->i_din1->di_atime;
552 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
554 vap->va_atime.tv_sec = ip->i_din2->di_atime;
555 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
559 * Copy from inode table
561 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev);
562 vap->va_fileid = ip->i_number;
563 vap->va_mode = ip->i_mode & ~IFMT;
564 vap->va_nlink = ip->i_effnlink;
565 vap->va_uid = ip->i_uid;
566 vap->va_gid = ip->i_gid;
568 vap->va_rdev = ip->i_din1->di_rdev;
569 vap->va_size = ip->i_din1->di_size;
570 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
571 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
572 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
573 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
574 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
575 vap->va_filerev = ip->i_din1->di_modrev;
577 vap->va_rdev = ip->i_din2->di_rdev;
578 vap->va_size = ip->i_din2->di_size;
579 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
580 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
581 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
582 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
583 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
584 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
585 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
586 vap->va_filerev = ip->i_din2->di_modrev;
588 vap->va_flags = ip->i_flags;
589 vap->va_gen = ip->i_gen;
590 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
591 vap->va_type = IFTOVT(ip->i_mode);
596 * Set attribute vnode op. called from several syscalls
600 struct vop_setattr_args /* {
603 struct ucred *a_cred;
606 struct vattr *vap = ap->a_vap;
607 struct vnode *vp = ap->a_vp;
608 struct inode *ip = VTOI(vp);
609 struct ucred *cred = ap->a_cred;
610 struct thread *td = curthread;
614 * Check for unsettable attributes.
616 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
617 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
618 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
619 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
622 if (vap->va_flags != VNOVAL) {
623 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE |
624 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE |
625 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK |
626 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
627 UF_SPARSE | UF_SYSTEM)) != 0)
629 if (vp->v_mount->mnt_flag & MNT_RDONLY)
632 * Callers may only modify the file flags on objects they
633 * have VADMIN rights for.
635 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
638 * Unprivileged processes are not permitted to unset system
639 * flags, or modify flags if any system flags are set.
640 * Privileged non-jail processes may not modify system flags
641 * if securelevel > 0 and any existing system flags are set.
642 * Privileged jail processes behave like privileged non-jail
643 * processes if the PR_ALLOW_CHFLAGS permission bit is set;
644 * otherwise, they behave like unprivileged processes.
646 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
648 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
649 error = securelevel_gt(cred, 0);
653 /* The snapshot flag cannot be toggled. */
654 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
658 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
659 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
662 ip->i_flags = vap->va_flags;
663 DIP_SET(ip, i_flags, vap->va_flags);
664 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
665 error = UFS_UPDATE(vp, 0);
666 if (ip->i_flags & (IMMUTABLE | APPEND))
670 * If immutable or append, no one can change any of its attributes
671 * except the ones already handled (in some cases, file flags
672 * including the immutability flags themselves for the superuser).
674 if (ip->i_flags & (IMMUTABLE | APPEND))
677 * Go through the fields and update iff not VNOVAL.
679 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
680 if (vp->v_mount->mnt_flag & MNT_RDONLY)
682 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
686 if (vap->va_size != VNOVAL) {
688 * XXX most of the following special cases should be in
689 * callers instead of in N filesystems. The VDIR check
692 switch (vp->v_type) {
698 * Truncation should have an effect in these cases.
699 * Disallow it if the filesystem is read-only or
700 * the file is being snapshotted.
702 if (vp->v_mount->mnt_flag & MNT_RDONLY)
704 if ((ip->i_flags & SF_SNAPSHOT) != 0)
709 * According to POSIX, the result is unspecified
710 * for file types other than regular files,
711 * directories and shared memory objects. We
712 * don't support shared memory objects in the file
713 * system, and have dubious support for truncating
714 * symlinks. Just ignore the request in other cases.
718 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL |
719 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0),
723 if (vap->va_atime.tv_sec != VNOVAL ||
724 vap->va_mtime.tv_sec != VNOVAL ||
725 vap->va_birthtime.tv_sec != VNOVAL) {
726 if (vp->v_mount->mnt_flag & MNT_RDONLY)
728 if ((ip->i_flags & SF_SNAPSHOT) != 0)
730 error = vn_utimes_perm(vp, vap, cred, td);
733 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED);
734 if (vap->va_atime.tv_sec != VNOVAL) {
735 ip->i_flag &= ~IN_ACCESS;
736 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
737 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
739 if (vap->va_mtime.tv_sec != VNOVAL) {
740 ip->i_flag &= ~IN_UPDATE;
741 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
742 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
744 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) {
745 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
746 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
748 error = UFS_UPDATE(vp, 0);
753 if (vap->va_mode != (mode_t)VNOVAL) {
754 if (vp->v_mount->mnt_flag & MNT_RDONLY)
756 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
757 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
759 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
766 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode,
767 int file_owner_id, struct ucred *cred, struct thread *td)
772 aclp = acl_alloc(M_WAITOK);
773 error = ufs_getacl_nfs4_internal(vp, aclp, td);
775 * We don't have to handle EOPNOTSUPP here, as the filesystem claims
781 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id);
782 error = ufs_setacl_nfs4_internal(vp, aclp, td);
792 struct vop_mmapped_args /* {
804 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0)
805 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS);
807 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there.
813 * Change the mode on a file.
814 * Inode must be locked before calling.
817 ufs_chmod(vp, mode, cred, td)
823 struct inode *ip = VTOI(vp);
827 * To modify the permissions on a file, must possess VADMIN
830 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td)))
833 * Privileged processes may set the sticky bit on non-directories,
834 * as well as set the setgid bit on a file with a group that the
835 * process is not a member of. Both of these are allowed in
838 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
839 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
842 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
843 error = priv_check_cred(cred, PRIV_VFS_SETGID);
849 * Deny setting setuid if we are not the file owner.
851 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
852 error = priv_check_cred(cred, PRIV_VFS_ADMIN);
857 newmode = ip->i_mode & ~ALLPERMS;
858 newmode |= (mode & ALLPERMS);
859 UFS_INODE_SET_MODE(ip, newmode);
860 DIP_SET(ip, i_mode, ip->i_mode);
861 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
863 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0)
864 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td);
866 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0)
867 error = UFS_UPDATE(vp, 0);
873 * Perform chown operation on inode ip;
874 * inode must be locked prior to call.
877 ufs_chown(vp, uid, gid, cred, td)
884 struct inode *ip = VTOI(vp);
893 if (uid == (uid_t)VNOVAL)
895 if (gid == (gid_t)VNOVAL)
898 * To modify the ownership of a file, must possess VADMIN for that
901 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td)))
904 * To change the owner of a file, or change the group of a file to a
905 * group of which we are not a member, the caller must have
908 if (((uid != ip->i_uid && uid != cred->cr_uid) ||
909 (gid != ip->i_gid && !groupmember(gid, cred))) &&
910 (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
915 if ((error = getinoquota(ip)) != 0)
918 dqrele(vp, ip->i_dquot[USRQUOTA]);
919 ip->i_dquot[USRQUOTA] = NODQUOT;
922 dqrele(vp, ip->i_dquot[GRPQUOTA]);
923 ip->i_dquot[GRPQUOTA] = NODQUOT;
925 change = DIP(ip, i_blocks);
926 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
927 (void) chkiq(ip, -1, cred, CHOWN|FORCE);
928 for (i = 0; i < MAXQUOTAS; i++) {
929 dqrele(vp, ip->i_dquot[i]);
930 ip->i_dquot[i] = NODQUOT;
934 DIP_SET(ip, i_gid, gid);
936 DIP_SET(ip, i_uid, uid);
938 if ((error = getinoquota(ip)) == 0) {
940 dqrele(vp, ip->i_dquot[USRQUOTA]);
941 ip->i_dquot[USRQUOTA] = NODQUOT;
944 dqrele(vp, ip->i_dquot[GRPQUOTA]);
945 ip->i_dquot[GRPQUOTA] = NODQUOT;
947 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
948 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
951 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
953 for (i = 0; i < MAXQUOTAS; i++) {
954 dqrele(vp, ip->i_dquot[i]);
955 ip->i_dquot[i] = NODQUOT;
959 DIP_SET(ip, i_gid, ogid);
961 DIP_SET(ip, i_uid, ouid);
962 if (getinoquota(ip) == 0) {
964 dqrele(vp, ip->i_dquot[USRQUOTA]);
965 ip->i_dquot[USRQUOTA] = NODQUOT;
968 dqrele(vp, ip->i_dquot[GRPQUOTA]);
969 ip->i_dquot[GRPQUOTA] = NODQUOT;
971 (void) chkdq(ip, change, cred, FORCE|CHOWN);
972 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
973 (void) getinoquota(ip);
978 panic("ufs_chown: lost quota");
980 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
981 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
982 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
983 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID));
984 DIP_SET(ip, i_mode, ip->i_mode);
987 error = UFS_UPDATE(vp, 0);
993 struct vop_remove_args /* {
996 struct componentname *a_cnp;
1000 struct vnode *vp = ap->a_vp;
1001 struct vnode *dvp = ap->a_dvp;
1007 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1008 (VTOI(dvp)->i_flags & APPEND))
1010 if (DOINGSUJ(dvp)) {
1011 error = softdep_prelink(dvp, vp);
1013 MPASS(error == ERELOOKUP);
1019 ufs_gjournal_orphan(vp);
1021 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
1022 if (ip->i_nlink <= 0)
1023 vp->v_vflag |= VV_NOSYNC;
1024 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
1026 * Avoid deadlock where another thread is trying to
1027 * update the inodeblock for dvp and is waiting on
1028 * snaplk. Temporary unlock the vnode lock for the
1029 * unlinked file and sync the directory. This should
1030 * allow vput() of the directory to not block later on
1031 * while holding the snapshot vnode locked, assuming
1032 * that the directory hasn't been unlinked too.
1035 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
1036 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1042 print_bad_link_count(const char *funcname, struct vnode *dvp)
1047 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n",
1048 funcname, dip->i_effnlink, (intmax_t)dip->i_number,
1049 dvp->v_mount->mnt_stat.f_mntonname);
1057 struct vop_link_args /* {
1058 struct vnode *a_tdvp;
1060 struct componentname *a_cnp;
1063 struct vnode *vp = ap->a_vp;
1064 struct vnode *tdvp = ap->a_tdvp;
1065 struct componentname *cnp = ap->a_cnp;
1067 struct direct newdir;
1071 if ((cnp->cn_flags & HASBUF) == 0)
1072 panic("ufs_link: no name");
1075 if (DOINGSUJ(tdvp)) {
1076 error = softdep_prelink(tdvp, vp);
1078 MPASS(error == ERELOOKUP);
1083 if (VTOI(tdvp)->i_effnlink < 2) {
1084 print_bad_link_count("ufs_link", tdvp);
1089 if (ip->i_nlink >= UFS_LINK_MAX) {
1094 * The file may have been removed after namei droped the original
1097 if (ip->i_effnlink == 0) {
1101 if (ip->i_flags & (IMMUTABLE | APPEND)) {
1108 DIP_SET(ip, i_nlink, ip->i_nlink);
1109 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1110 if (DOINGSOFTDEP(vp))
1111 softdep_setup_link(VTOI(tdvp), ip);
1112 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp));
1114 ufs_makedirentry(ip, cnp, &newdir);
1115 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
1121 DIP_SET(ip, i_nlink, ip->i_nlink);
1122 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1123 if (DOINGSOFTDEP(vp))
1124 softdep_revert_link(VTOI(tdvp), ip);
1131 * whiteout vnode call
1135 struct vop_whiteout_args /* {
1136 struct vnode *a_dvp;
1137 struct componentname *a_cnp;
1141 struct vnode *dvp = ap->a_dvp;
1142 struct componentname *cnp = ap->a_cnp;
1143 struct direct newdir;
1146 if (DOINGSUJ(dvp) && (ap->a_flags == CREATE ||
1147 ap->a_flags == DELETE)) {
1148 error = softdep_prelink(dvp, NULL);
1150 MPASS(error == ERELOOKUP);
1155 switch (ap->a_flags) {
1157 /* 4.4 format directories support whiteout operations */
1160 return (EOPNOTSUPP);
1163 /* create a new directory whiteout */
1165 if ((cnp->cn_flags & SAVENAME) == 0)
1166 panic("ufs_whiteout: missing name");
1168 panic("ufs_whiteout: old format filesystem");
1171 newdir.d_ino = UFS_WINO;
1172 newdir.d_namlen = cnp->cn_namelen;
1173 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
1174 newdir.d_type = DT_WHT;
1175 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
1179 /* remove an existing directory whiteout */
1182 panic("ufs_whiteout: old format filesystem");
1185 cnp->cn_flags &= ~DOWHITEOUT;
1186 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
1189 panic("ufs_whiteout: unknown op");
1194 static volatile int rename_restarts;
1195 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD,
1196 __DEVOLATILE(int *, &rename_restarts), 0,
1197 "Times rename had to restart due to lock contention");
1200 * Rename system call.
1201 * rename("foo", "bar");
1204 * link("foo", "bar");
1206 * but ``atomically''. Can't do full commit without saving state in the
1207 * inode on disk which isn't feasible at this time. Best we can do is
1208 * always guarantee the target exists.
1210 * Basic algorithm is:
1212 * 1) Bump link count on source while we're linking it to the
1213 * target. This also ensure the inode won't be deleted out
1214 * from underneath us while we work (it may be truncated by
1215 * a concurrent `trunc' or `open' for creation).
1216 * 2) Link source to destination. If destination already exists,
1218 * 3) Unlink source reference to inode if still around. If a
1219 * directory was moved and the parent of the destination
1220 * is different from the source, patch the ".." entry in the
1225 struct vop_rename_args /* {
1226 struct vnode *a_fdvp;
1227 struct vnode *a_fvp;
1228 struct componentname *a_fcnp;
1229 struct vnode *a_tdvp;
1230 struct vnode *a_tvp;
1231 struct componentname *a_tcnp;
1234 struct vnode *tvp = ap->a_tvp;
1235 struct vnode *tdvp = ap->a_tdvp;
1236 struct vnode *fvp = ap->a_fvp;
1237 struct vnode *fdvp = ap->a_fdvp;
1239 struct componentname *tcnp = ap->a_tcnp;
1240 struct componentname *fcnp = ap->a_fcnp;
1241 struct thread *td = fcnp->cn_thread;
1242 struct inode *fip, *tip, *tdp, *fdp;
1243 struct direct newdir;
1245 int doingdirectory, newparent;
1251 want_seqc_end = false;
1254 if ((tcnp->cn_flags & HASBUF) == 0 ||
1255 (fcnp->cn_flags & HASBUF) == 0)
1256 panic("ufs_rename: no name");
1261 if (tvp && tvp != tdvp)
1264 * Check for cross-device rename.
1266 if ((fvp->v_mount != tdvp->v_mount) ||
1267 (tvp && (fvp->v_mount != tvp->v_mount))) {
1274 * We need to acquire 2 to 4 locks depending on whether tvp is NULL
1275 * and fdvp and tdvp are the same directory. Subsequently we need
1276 * to double-check all paths and in the directory rename case we
1277 * need to verify that we are not creating a directory loop. To
1278 * handle this we acquire all but fdvp using non-blocking
1279 * acquisitions. If we fail to acquire any lock in the path we will
1280 * drop all held locks, acquire the new lock in a blocking fashion,
1281 * and then release it and restart the rename. This acquire/release
1282 * step ensures that we do not spin on a lock waiting for release.
1284 error = vn_lock(fdvp, LK_EXCLUSIVE);
1287 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1289 error = vn_lock(tdvp, LK_EXCLUSIVE);
1293 atomic_add_int(&rename_restarts, 1);
1297 * Re-resolve fvp to be certain it still exists and fetch the
1300 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1306 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1312 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1318 atomic_add_int(&rename_restarts, 1);
1324 * Re-resolve tvp and acquire the vnode lock if present.
1326 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino);
1327 if (error != 0 && error != EJUSTRETURN) {
1334 * If tvp disappeared we just carry on.
1336 if (error == EJUSTRETURN && tvp != NULL) {
1341 * Get the tvp ino if the lookup succeeded. We may have to restart
1342 * if the non-blocking acquire fails.
1346 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1356 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1360 atomic_add_int(&rename_restarts, 1);
1365 if (DOINGSOFTDEP(fdvp)) {
1366 error = softdep_prerename(fdvp, fvp, tdvp, tvp);
1368 if (error == ERELOOKUP) {
1369 atomic_add_int(&rename_restarts, 1);
1382 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1383 (VTOI(tdvp)->i_flags & APPEND))) {
1388 * Renaming a file to itself has no effect. The upper layers should
1389 * not call us in that case. However, things could change after
1390 * we drop the locks above.
1398 ino = fip->i_number;
1399 if (fip->i_nlink >= UFS_LINK_MAX) {
1403 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1404 || (fdp->i_flags & APPEND)) {
1408 if ((fip->i_mode & IFMT) == IFDIR) {
1410 * Avoid ".", "..", and aliases of "." for obvious reasons.
1412 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1414 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) {
1418 if (fdp->i_number != tdp->i_number)
1419 newparent = tdp->i_number;
1422 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) ||
1423 (tvp != NULL && tvp->v_type == VDIR &&
1424 tvp->v_mountedhere != NULL)) {
1430 * If ".." must be changed (ie the directory gets a new
1431 * parent) then the source directory must not be in the
1432 * directory hierarchy above the target, as this would
1433 * orphan everything below the source directory. Also
1434 * the user must have write permission in the source so
1435 * as to be able to change "..".
1437 if (doingdirectory && newparent) {
1438 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1441 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred,
1444 * We encountered a lock that we have to wait for. Unlock
1445 * everything else and VGET before restarting.
1453 error = VFS_VGET(mp, ino, LK_SHARED, &nvp);
1456 atomic_add_int(&rename_restarts, 1);
1461 if ((tcnp->cn_flags & SAVESTART) == 0)
1462 panic("ufs_rename: lost to startdir");
1464 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 ||
1465 tdp->i_effnlink == 0)
1466 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp);
1469 vn_seqc_write_begin(tvp);
1470 vn_seqc_write_begin(tdvp);
1471 vn_seqc_write_begin(fvp);
1472 vn_seqc_write_begin(fdvp);
1473 want_seqc_end = true;
1476 * 1) Bump link count while we're moving stuff
1477 * around. If we crash somewhere before
1478 * completing our work, the link count
1479 * may be wrong, but correctable.
1483 DIP_SET(fip, i_nlink, fip->i_nlink);
1484 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1485 if (DOINGSOFTDEP(fvp))
1486 softdep_setup_link(tdp, fip);
1487 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp));
1492 * 2) If target doesn't exist, link the target
1493 * to the source and unlink the source.
1494 * Otherwise, rewrite the target directory
1495 * entry to reference the source inode and
1496 * expunge the original entry's existence.
1499 if (ITODEV(tdp) != ITODEV(fip))
1500 panic("ufs_rename: EXDEV");
1501 if (doingdirectory && newparent) {
1503 * Account for ".." in new directory.
1504 * When source and destination have the same
1505 * parent we don't adjust the link count. The
1506 * actual link modification is completed when
1507 * .. is rewritten below.
1509 if (tdp->i_nlink >= UFS_LINK_MAX) {
1514 ufs_makedirentry(fip, tcnp, &newdir);
1515 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1518 /* Setup tdvp for directory compaction if needed. */
1519 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 &&
1520 I_ENDOFF(tdp) < tdp->i_size)
1521 endoff = I_ENDOFF(tdp);
1523 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip))
1524 panic("ufs_rename: EXDEV");
1526 * Short circuit rename(foo, foo).
1528 if (tip->i_number == fip->i_number)
1529 panic("ufs_rename: same file");
1531 * If the parent directory is "sticky", then the caller
1532 * must possess VADMIN for the parent directory, or the
1533 * destination of the rename. This implements append-only
1536 if ((tdp->i_mode & S_ISTXT) &&
1537 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1538 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1543 * Target must be empty if a directory and have no links
1544 * to it. Also, ensure source and target are compatible
1545 * (both directories, or both not directories).
1547 if ((tip->i_mode & IFMT) == IFDIR) {
1548 if ((tip->i_effnlink > 2) ||
1549 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) {
1553 if (!doingdirectory) {
1558 } else if (doingdirectory) {
1562 if (doingdirectory) {
1565 if (DOINGSOFTDEP(tdvp))
1566 softdep_change_linkcnt(tdp);
1569 if (DOINGSOFTDEP(tvp))
1570 softdep_change_linkcnt(tip);
1572 error = ufs_dirrewrite(tdp, tip, fip->i_number,
1573 IFTODT(fip->i_mode),
1574 (doingdirectory && newparent) ? newparent : doingdirectory);
1576 if (doingdirectory) {
1579 if (DOINGSOFTDEP(tdvp))
1580 softdep_change_linkcnt(tdp);
1583 if (DOINGSOFTDEP(tvp))
1584 softdep_change_linkcnt(tip);
1588 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1590 * The only stuff left in the directory is "."
1591 * and "..". The "." reference is inconsequential
1592 * since we are quashing it. We have removed the "."
1593 * reference and the reference in the parent directory,
1594 * but there may be other hard links. The soft
1595 * dependency code will arrange to do these operations
1596 * after the parent directory entry has been deleted on
1597 * disk, so when running with that code we avoid doing
1602 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1603 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1606 DIP_SET(tip, i_nlink, tip->i_nlink);
1607 UFS_INODE_SET_FLAG(tip, IN_CHANGE);
1612 * 3) Unlink the source. We have to resolve the path again to
1613 * fixup the directory offset and count for ufs_dirremove.
1616 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1618 panic("ufs_rename: from entry went away!");
1619 if (ino != fip->i_number)
1620 panic("ufs_rename: ino mismatch %ju != %ju\n",
1621 (uintmax_t)ino, (uintmax_t)fip->i_number);
1624 * If the source is a directory with a
1625 * new parent, the link count of the old
1626 * parent directory must be decremented
1627 * and ".." set to point to the new parent.
1629 if (doingdirectory && newparent) {
1631 * If tip exists we simply use its link, otherwise we must
1637 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1638 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1639 if (DOINGSOFTDEP(tdvp))
1640 softdep_setup_dotdot_link(tdp, fip);
1641 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) &&
1643 /* Don't go to bad here as the new link exists. */
1646 } else if (DOINGSUJ(tdvp))
1647 /* Journal must account for each new link. */
1648 softdep_setup_dotdot_link(tdp, fip);
1649 SET_I_OFFSET(fip, mastertemplate.dot_reclen);
1650 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0);
1653 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0);
1655 * The kern_renameat() looks up the fvp using the DELETE flag, which
1656 * causes the removal of the name cache entry for fvp.
1657 * As the relookup of the fvp is done in two steps:
1658 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a
1659 * normal lookup of the from name just before the VFS_VGET() call,
1660 * causing the cache entry to be re-instantiated.
1662 * The same issue also applies to tvp if it exists as
1663 * otherwise we may have a stale name cache entry for the new
1664 * name that references the old i-node if it has other links
1665 * or open file descriptors.
1667 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp);
1670 if (want_seqc_end) {
1672 vn_seqc_write_end(tvp);
1673 vn_seqc_write_end(tdvp);
1674 vn_seqc_write_end(fvp);
1675 vn_seqc_write_end(fdvp);
1682 * If compaction or fsync was requested do it in
1683 * ffs_vput_pair() now that other locks are no longer needed.
1685 if (error == 0 && endoff != 0) {
1686 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF);
1687 SET_I_ENDOFF(tdp, endoff);
1689 VOP_VPUT_PAIR(tdvp, &tvp, true);
1695 DIP_SET(fip, i_nlink, fip->i_nlink);
1696 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1697 if (DOINGSOFTDEP(fvp))
1698 softdep_revert_link(tdp, fip);
1702 if (want_seqc_end) {
1704 vn_seqc_write_end(tvp);
1705 vn_seqc_write_end(tdvp);
1706 vn_seqc_write_end(fvp);
1707 vn_seqc_write_end(fdvp);
1721 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp,
1722 mode_t dmode, struct ucred *cred, struct thread *td)
1725 struct inode *ip = VTOI(tvp);
1726 struct acl *dacl, *acl;
1728 acl = acl_alloc(M_WAITOK);
1729 dacl = acl_alloc(M_WAITOK);
1732 * Retrieve default ACL from parent, if any.
1734 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1738 * Retrieved a default ACL, so merge mode and ACL if
1739 * necessary. If the ACL is empty, fall through to
1740 * the "not defined or available" case.
1742 if (acl->acl_cnt != 0) {
1743 dmode = acl_posix1e_newfilemode(dmode, acl);
1744 UFS_INODE_SET_MODE(ip, dmode);
1745 DIP_SET(ip, i_mode, dmode);
1747 ufs_sync_acl_from_inode(ip, acl);
1754 * Just use the mode as-is.
1756 UFS_INODE_SET_MODE(ip, dmode);
1757 DIP_SET(ip, i_mode, dmode);
1766 * XXX: If we abort now, will Soft Updates notify the extattr
1767 * code that the EAs for the file need to be released?
1769 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1771 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td);
1778 * XXX: This should not happen, as EOPNOTSUPP above
1779 * was supposed to free acl.
1781 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1783 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1799 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp,
1800 mode_t mode, struct ucred *cred, struct thread *td)
1803 struct inode *ip = VTOI(tvp);
1806 acl = acl_alloc(M_WAITOK);
1809 * Retrieve default ACL for parent, if any.
1811 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1815 * Retrieved a default ACL, so merge mode and ACL if
1818 if (acl->acl_cnt != 0) {
1820 * Two possible ways for default ACL to not
1821 * be present. First, the EA can be
1822 * undefined, or second, the default ACL can
1823 * be blank. If it's blank, fall through to
1824 * the it's not defined case.
1826 mode = acl_posix1e_newfilemode(mode, acl);
1827 UFS_INODE_SET_MODE(ip, mode);
1828 DIP_SET(ip, i_mode, mode);
1829 ufs_sync_acl_from_inode(ip, acl);
1836 * Just use the mode as-is.
1838 UFS_INODE_SET_MODE(ip, mode);
1839 DIP_SET(ip, i_mode, mode);
1848 * XXX: If we abort now, will Soft Updates notify the extattr
1849 * code that the EAs for the file need to be released?
1851 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1858 * XXX: This should not happen, as EOPNOTSUPP above was
1859 * supposed to free acl.
1861 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1862 "but no VOP_SETACL()\n");
1863 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1864 "but no VOP_SETACL()"); */
1878 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp,
1879 mode_t child_mode, struct ucred *cred, struct thread *td)
1882 struct acl *parent_aclp, *child_aclp;
1884 parent_aclp = acl_alloc(M_WAITOK);
1885 child_aclp = acl_alloc(M_WAITOK | M_ZERO);
1887 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td);
1890 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp,
1891 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR);
1892 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td);
1896 acl_free(parent_aclp);
1897 acl_free(child_aclp);
1908 struct vop_mkdir_args /* {
1909 struct vnode *a_dvp;
1910 struct vnode **a_vpp;
1911 struct componentname *a_cnp;
1912 struct vattr *a_vap;
1915 struct vnode *dvp = ap->a_dvp;
1916 struct vattr *vap = ap->a_vap;
1917 struct componentname *cnp = ap->a_cnp;
1918 struct inode *ip, *dp;
1921 struct dirtemplate dirtemplate, *dtp;
1922 struct direct newdir;
1927 if ((cnp->cn_flags & HASBUF) == 0)
1928 panic("ufs_mkdir: no name");
1931 if (dp->i_nlink >= UFS_LINK_MAX) {
1935 dmode = vap->va_mode & 0777;
1939 * Must simulate part of ufs_makeinode here to acquire the inode,
1940 * but not have it entered in the parent directory. The entry is
1941 * made later after writing "." and ".." entries.
1943 if (dp->i_effnlink < 2) {
1944 print_bad_link_count("ufs_mkdir", dvp);
1949 if (DOINGSUJ(dvp)) {
1950 error = softdep_prelink(dvp, NULL);
1952 MPASS(error == ERELOOKUP);
1957 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1960 vn_seqc_write_begin(tvp);
1962 ip->i_gid = dp->i_gid;
1963 DIP_SET(ip, i_gid, dp->i_gid);
1967 struct ucred ucred, *ucp;
1972 * If we are hacking owners here, (only do this where told to)
1973 * and we are not giving it TO root, (would subvert quotas)
1974 * then go ahead and give it to the other user.
1975 * The new directory also inherits the SUID bit.
1976 * If user's UID and dir UID are the same,
1977 * 'give it away' so that the SUID is still forced on.
1979 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1980 (dp->i_mode & ISUID) && dp->i_uid) {
1982 ip->i_uid = dp->i_uid;
1983 DIP_SET(ip, i_uid, dp->i_uid);
1985 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1987 * Make sure the correct user gets charged
1989 * Make a dummy credential for the victim.
1990 * XXX This seems to never be accessed out of
1991 * our context so a stack variable is ok.
1993 refcount_init(&ucred.cr_ref, 1);
1994 ucred.cr_uid = ip->i_uid;
1995 ucred.cr_ngroups = 1;
1996 ucred.cr_groups = &ucred_group;
1997 ucred.cr_groups[0] = dp->i_gid;
2002 ip->i_uid = cnp->cn_cred->cr_uid;
2003 DIP_SET(ip, i_uid, ip->i_uid);
2006 if ((error = getinoquota(ip)) ||
2007 (error = chkiq(ip, 1, ucp, 0))) {
2008 if (DOINGSOFTDEP(tvp))
2009 softdep_revert_link(dp, ip);
2010 UFS_VFREE(tvp, ip->i_number, dmode);
2011 vn_seqc_write_end(tvp);
2018 #else /* !SUIDDIR */
2019 ip->i_uid = cnp->cn_cred->cr_uid;
2020 DIP_SET(ip, i_uid, ip->i_uid);
2022 if ((error = getinoquota(ip)) ||
2023 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2024 if (DOINGSOFTDEP(tvp))
2025 softdep_revert_link(dp, ip);
2026 UFS_VFREE(tvp, ip->i_number, dmode);
2027 vn_seqc_write_end(tvp);
2033 #endif /* !SUIDDIR */
2034 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2035 UFS_INODE_SET_MODE(ip, dmode);
2036 DIP_SET(ip, i_mode, dmode);
2037 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
2040 DIP_SET(ip, i_nlink, 2);
2042 if (cnp->cn_flags & ISWHITEOUT) {
2043 ip->i_flags |= UF_OPAQUE;
2044 DIP_SET(ip, i_flags, ip->i_flags);
2048 * Bump link count in parent directory to reflect work done below.
2049 * Should be done before reference is created so cleanup is
2050 * possible if we crash.
2054 DIP_SET(dp, i_nlink, dp->i_nlink);
2055 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2056 if (DOINGSOFTDEP(dvp))
2057 softdep_setup_mkdir(dp, ip);
2058 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp));
2062 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2063 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2070 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2071 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode,
2072 cnp->cn_cred, cnp->cn_thread);
2075 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2076 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode,
2077 cnp->cn_cred, cnp->cn_thread);
2081 #endif /* !UFS_ACL */
2084 * Initialize directory with "." and ".." from static template.
2087 dtp = &mastertemplate;
2089 dtp = (struct dirtemplate *)&omastertemplate;
2091 dirtemplate.dot_ino = ip->i_number;
2092 dirtemplate.dotdot_ino = dp->i_number;
2093 vnode_pager_setsize(tvp, DIRBLKSIZ);
2094 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
2095 BA_CLRBUF, &bp)) != 0)
2097 ip->i_size = DIRBLKSIZ;
2098 DIP_SET(ip, i_size, DIRBLKSIZ);
2099 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2100 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
2101 if (DOINGSOFTDEP(tvp)) {
2103 * Ensure that the entire newly allocated block is a
2104 * valid directory so that future growth within the
2105 * block does not have to ensure that the block is
2106 * written before the inode.
2109 while (blkoff < bp->b_bcount) {
2111 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
2112 blkoff += DIRBLKSIZ;
2115 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) &&
2116 !DOINGASYNC(tvp))) != 0) {
2121 * Directory set up, now install its entry in the parent directory.
2123 * If we are not doing soft dependencies, then we must write out the
2124 * buffer containing the new directory body before entering the new
2125 * name in the parent. If we are doing soft dependencies, then the
2126 * buffer containing the new directory body will be passed to and
2127 * released in the soft dependency code after the code has attached
2128 * an appropriate ordering dependency to the buffer which ensures that
2129 * the buffer is written before the new name is written in the parent.
2131 if (DOINGASYNC(dvp))
2133 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
2135 ufs_makedirentry(ip, cnp, &newdir);
2136 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
2141 vn_seqc_write_end(tvp);
2145 DIP_SET(dp, i_nlink, dp->i_nlink);
2146 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2148 * No need to do an explicit VOP_TRUNCATE here, vrele will
2149 * do this for us because we set the link count to 0.
2153 DIP_SET(ip, i_nlink, 0);
2154 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2155 if (DOINGSOFTDEP(tvp))
2156 softdep_revert_mkdir(dp, ip);
2157 vn_seqc_write_end(tvp);
2166 * Rmdir system call.
2170 struct vop_rmdir_args /* {
2171 struct vnode *a_dvp;
2173 struct componentname *a_cnp;
2176 struct vnode *vp = ap->a_vp;
2177 struct vnode *dvp = ap->a_dvp;
2178 struct componentname *cnp = ap->a_cnp;
2179 struct inode *ip, *dp;
2186 * Do not remove a directory that is in the process of being renamed.
2187 * Verify the directory is empty (and valid). Rmdir ".." will not be
2188 * valid since ".." will contain a reference to the current directory
2189 * and thus be non-empty. Do not allow the removal of mounted on
2190 * directories (this can happen when an NFS exported filesystem
2191 * tries to remove a locally mounted on directory).
2194 if (dp->i_effnlink <= 2) {
2195 if (dp->i_effnlink == 2)
2196 print_bad_link_count("ufs_rmdir", dvp);
2200 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
2204 if ((dp->i_flags & APPEND)
2205 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
2209 if (vp->v_mountedhere != 0) {
2213 if (DOINGSUJ(dvp)) {
2214 error = softdep_prelink(dvp, vp);
2216 MPASS(error == ERELOOKUP);
2222 ufs_gjournal_orphan(vp);
2225 * Delete reference to directory before purging
2226 * inode. If we crash in between, the directory
2227 * will be reattached to lost+found,
2231 if (DOINGSOFTDEP(vp))
2232 softdep_setup_rmdir(dp, ip);
2233 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
2237 if (DOINGSOFTDEP(vp))
2238 softdep_revert_rmdir(dp, ip);
2242 * The only stuff left in the directory is "." and "..". The "."
2243 * reference is inconsequential since we are quashing it. The soft
2244 * dependency code will arrange to do these operations after
2245 * the parent directory entry has been deleted on disk, so
2246 * when running with that code we avoid doing them now.
2248 if (!DOINGSOFTDEP(vp)) {
2250 DIP_SET(dp, i_nlink, dp->i_nlink);
2251 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2252 error = UFS_UPDATE(dvp, 0);
2254 DIP_SET(ip, i_nlink, ip->i_nlink);
2255 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2257 cache_vop_rmdir(dvp, vp);
2259 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
2260 if (ip->i_dirhash != NULL)
2261 ufsdirhash_free(ip);
2268 * symlink -- make a symbolic link
2272 struct vop_symlink_args /* {
2273 struct vnode *a_dvp;
2274 struct vnode **a_vpp;
2275 struct componentname *a_cnp;
2276 struct vattr *a_vap;
2277 const char *a_target;
2280 struct vnode *vp, **vpp = ap->a_vpp;
2284 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
2285 vpp, ap->a_cnp, "ufs_symlink");
2289 len = strlen(ap->a_target);
2290 if (len < VFSTOUFS(vp->v_mount)->um_maxsymlinklen) {
2292 bcopy(ap->a_target, SHORTLINK(ip), len);
2294 DIP_SET(ip, i_size, len);
2295 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2296 error = UFS_UPDATE(vp, 0);
2298 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target),
2299 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
2300 ap->a_cnp->cn_cred, NOCRED, NULL, NULL);
2307 * Vnode op for reading directories.
2311 struct vop_readdir_args /* {
2314 struct ucred *a_cred;
2320 struct vnode *vp = ap->a_vp;
2321 struct uio *uio = ap->a_uio;
2324 struct direct *dp, *edp;
2326 struct dirent dstdp;
2327 off_t offset, startoffset;
2328 size_t readcnt, skipcnt;
2333 if (uio->uio_offset < 0)
2336 if (ip->i_effnlink == 0)
2338 if (ap->a_ncookies != NULL) {
2339 if (uio->uio_resid < 0)
2342 ncookies = uio->uio_resid;
2343 if (uio->uio_offset >= ip->i_size)
2345 else if (ip->i_size - uio->uio_offset < ncookies)
2346 ncookies = ip->i_size - uio->uio_offset;
2347 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
2348 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
2349 *ap->a_ncookies = ncookies;
2350 *ap->a_cookies = cookies;
2355 offset = startoffset = uio->uio_offset;
2356 startresid = uio->uio_resid;
2358 while (error == 0 && uio->uio_resid > 0 &&
2359 uio->uio_offset < ip->i_size) {
2360 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp);
2363 if (bp->b_offset + bp->b_bcount > ip->i_size)
2364 readcnt = ip->i_size - bp->b_offset;
2366 readcnt = bp->b_bcount;
2367 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) &
2368 ~(size_t)(DIRBLKSIZ - 1);
2369 offset = bp->b_offset + skipcnt;
2370 dp = (struct direct *)&bp->b_data[skipcnt];
2371 edp = (struct direct *)&bp->b_data[readcnt];
2372 while (error == 0 && uio->uio_resid > 0 && dp < edp) {
2373 if (dp->d_reclen <= offsetof(struct direct, d_name) ||
2374 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) {
2378 #if BYTE_ORDER == LITTLE_ENDIAN
2379 /* Old filesystem format. */
2381 dstdp.d_namlen = dp->d_type;
2382 dstdp.d_type = dp->d_namlen;
2386 dstdp.d_namlen = dp->d_namlen;
2387 dstdp.d_type = dp->d_type;
2389 if (offsetof(struct direct, d_name) + dstdp.d_namlen >
2394 if (offset < startoffset || dp->d_ino == 0)
2396 dstdp.d_fileno = dp->d_ino;
2397 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
2398 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
2399 /* NOTE: d_off is the offset of the *next* entry. */
2400 dstdp.d_off = offset + dp->d_reclen;
2401 dirent_terminate(&dstdp);
2402 if (dstdp.d_reclen > uio->uio_resid) {
2403 if (uio->uio_resid == startresid)
2406 error = EJUSTRETURN;
2410 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio);
2413 if (cookies != NULL) {
2414 KASSERT(ncookies > 0,
2415 ("ufs_readdir: cookies buffer too small"));
2416 *cookies = offset + dp->d_reclen;
2421 offset += dp->d_reclen;
2422 dp = (struct direct *)((caddr_t)dp + dp->d_reclen);
2425 uio->uio_offset = offset;
2427 /* We need to correct uio_offset. */
2428 uio->uio_offset = offset;
2429 if (error == EJUSTRETURN)
2431 if (ap->a_ncookies != NULL) {
2433 ap->a_ncookies -= ncookies;
2435 free(*ap->a_cookies, M_TEMP);
2436 *ap->a_ncookies = 0;
2437 *ap->a_cookies = NULL;
2440 if (error == 0 && ap->a_eofflag)
2441 *ap->a_eofflag = ip->i_size <= uio->uio_offset;
2446 * Return target name of a symbolic link
2450 struct vop_readlink_args /* {
2453 struct ucred *a_cred;
2456 struct vnode *vp = ap->a_vp;
2457 struct inode *ip = VTOI(vp);
2461 if (isize < VFSTOUFS(vp->v_mount)->um_maxsymlinklen)
2462 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
2463 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
2467 * Calculate the logical to physical mapping if not done already,
2468 * then call the device strategy routine.
2470 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
2471 * deadlock on memory. See ufs_bmap() for details.
2475 struct vop_strategy_args /* {
2480 struct buf *bp = ap->a_bp;
2481 struct vnode *vp = ap->a_vp;
2485 if (bp->b_blkno == bp->b_lblkno) {
2486 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
2487 bp->b_blkno = blkno;
2489 bp->b_error = error;
2490 bp->b_ioflags |= BIO_ERROR;
2494 if ((long)bp->b_blkno == -1)
2497 if ((long)bp->b_blkno == -1) {
2501 bp->b_iooffset = dbtob(bp->b_blkno);
2502 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp);
2507 * Print out the contents of an inode.
2511 struct vop_print_args /* {
2515 struct vnode *vp = ap->a_vp;
2516 struct inode *ip = VTOI(vp);
2518 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink,
2519 ip->i_effnlink, (intmax_t)ip->i_size);
2521 printf(", extsize %d", ip->i_din2->di_extsize);
2522 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n",
2523 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid,
2524 (u_int)ip->i_flags, PRINT_INODE_FLAGS);
2525 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
2526 devtoname(ITODEV(ip)));
2527 if (vp->v_type == VFIFO)
2534 * Close wrapper for fifos.
2536 * Update the times on the inode then do device close.
2540 struct vop_close_args /* {
2543 struct ucred *a_cred;
2544 struct thread *a_td;
2547 struct vnode *vp = ap->a_vp;
2551 usecount = vp->v_usecount;
2553 ufs_itimes_locked(vp);
2555 return (fifo_specops.vop_close(ap));
2559 * Kqfilter wrapper for fifos.
2561 * Fall through to ufs kqfilter routines if needed
2564 ufsfifo_kqfilter(ap)
2565 struct vop_kqfilter_args *ap;
2569 error = fifo_specops.vop_kqfilter(ap);
2571 error = vfs_kqfilter(ap);
2576 * Return POSIX pathconf information applicable to ufs filesystems.
2580 struct vop_pathconf_args /* {
2589 switch (ap->a_name) {
2591 *ap->a_retval = UFS_LINK_MAX;
2594 *ap->a_retval = UFS_MAXNAMLEN;
2597 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO)
2598 *ap->a_retval = PIPE_BUF;
2602 case _PC_CHOWN_RESTRICTED:
2609 case _PC_ACL_EXTENDED:
2610 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2616 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS)
2622 case _PC_ACL_PATH_MAX:
2624 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS))
2625 *ap->a_retval = ACL_MAX_ENTRIES;
2633 case _PC_MAC_PRESENT:
2634 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2640 case _PC_MIN_HOLE_SIZE:
2641 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2649 case _PC_ALLOC_SIZE_MIN:
2650 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2652 case _PC_FILESIZEBITS:
2655 case _PC_REC_INCR_XFER_SIZE:
2656 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2658 case _PC_REC_MAX_XFER_SIZE:
2659 *ap->a_retval = -1; /* means ``unlimited'' */
2661 case _PC_REC_MIN_XFER_SIZE:
2662 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2664 case _PC_REC_XFER_ALIGN:
2665 *ap->a_retval = PAGE_SIZE;
2667 case _PC_SYMLINK_MAX:
2668 *ap->a_retval = MAXPATHLEN;
2672 error = vop_stdpathconf(ap);
2679 * Initialize the vnode associated with a new inode, handle aliased
2683 ufs_vinit(mntp, fifoops, vpp)
2685 struct vop_vector *fifoops;
2692 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2694 vp->v_type = IFTOVT(ip->i_mode);
2696 * Only unallocated inodes should be of type VNON.
2698 if (ip->i_mode != 0 && vp->v_type == VNON)
2700 if (vp->v_type == VFIFO)
2702 if (ip->i_number == UFS_ROOTINO)
2703 vp->v_vflag |= VV_ROOT;
2709 * Allocate a new inode.
2710 * Vnode dvp must be locked.
2713 ufs_makeinode(mode, dvp, vpp, cnp, callfunc)
2717 struct componentname *cnp;
2718 const char *callfunc;
2720 struct inode *ip, *pdir;
2721 struct direct newdir;
2727 if ((cnp->cn_flags & HASBUF) == 0)
2728 panic("%s: no name", callfunc);
2731 if ((mode & IFMT) == 0)
2734 if (pdir->i_effnlink < 2) {
2735 print_bad_link_count(callfunc, dvp);
2738 if (DOINGSUJ(dvp)) {
2739 error = softdep_prelink(dvp, NULL);
2741 MPASS(error == ERELOOKUP);
2745 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2749 ip->i_gid = pdir->i_gid;
2750 DIP_SET(ip, i_gid, pdir->i_gid);
2754 struct ucred ucred, *ucp;
2759 * If we are not the owner of the directory,
2760 * and we are hacking owners here, (only do this where told to)
2761 * and we are not giving it TO root, (would subvert quotas)
2762 * then go ahead and give it to the other user.
2763 * Note that this drops off the execute bits for security.
2765 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2766 (pdir->i_mode & ISUID) &&
2767 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2768 ip->i_uid = pdir->i_uid;
2769 DIP_SET(ip, i_uid, ip->i_uid);
2773 * Make sure the correct user gets charged
2775 * Quickly knock up a dummy credential for the victim.
2776 * XXX This seems to never be accessed out of our
2777 * context so a stack variable is ok.
2779 refcount_init(&ucred.cr_ref, 1);
2780 ucred.cr_uid = ip->i_uid;
2781 ucred.cr_ngroups = 1;
2782 ucred.cr_groups = &ucred_group;
2783 ucred.cr_groups[0] = pdir->i_gid;
2787 ip->i_uid = cnp->cn_cred->cr_uid;
2788 DIP_SET(ip, i_uid, ip->i_uid);
2792 if ((error = getinoquota(ip)) ||
2793 (error = chkiq(ip, 1, ucp, 0))) {
2794 if (DOINGSOFTDEP(tvp))
2795 softdep_revert_link(pdir, ip);
2796 UFS_VFREE(tvp, ip->i_number, mode);
2803 #else /* !SUIDDIR */
2804 ip->i_uid = cnp->cn_cred->cr_uid;
2805 DIP_SET(ip, i_uid, ip->i_uid);
2807 if ((error = getinoquota(ip)) ||
2808 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2809 if (DOINGSOFTDEP(tvp))
2810 softdep_revert_link(pdir, ip);
2811 UFS_VFREE(tvp, ip->i_number, mode);
2817 #endif /* !SUIDDIR */
2818 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */
2819 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2820 UFS_INODE_SET_MODE(ip, mode);
2821 DIP_SET(ip, i_mode, mode);
2822 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2825 DIP_SET(ip, i_nlink, 1);
2826 if (DOINGSOFTDEP(tvp))
2827 softdep_setup_create(VTOI(dvp), ip);
2828 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2829 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) {
2830 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID);
2831 DIP_SET(ip, i_mode, ip->i_mode);
2834 if (cnp->cn_flags & ISWHITEOUT) {
2835 ip->i_flags |= UF_OPAQUE;
2836 DIP_SET(ip, i_flags, ip->i_flags);
2840 * Make sure inode goes to disk before directory entry.
2842 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp));
2846 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2847 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2854 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2855 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode,
2856 cnp->cn_cred, cnp->cn_thread);
2859 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2860 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode,
2861 cnp->cn_cred, cnp->cn_thread);
2865 #endif /* !UFS_ACL */
2866 ufs_makedirentry(ip, cnp, &newdir);
2867 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2870 vn_seqc_write_end(tvp);
2876 * Write error occurred trying to update the inode
2877 * or the directory so must deallocate the inode.
2881 DIP_SET(ip, i_nlink, 0);
2882 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2883 if (DOINGSOFTDEP(tvp))
2884 softdep_revert_create(VTOI(dvp), ip);
2885 vn_seqc_write_end(tvp);
2892 ufs_ioctl(struct vop_ioctl_args *ap)
2898 switch (ap->a_command) {
2900 error = vn_lock(vp, LK_SHARED);
2902 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data);
2908 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data,
2916 ufs_read_pgcache(struct vop_read_pgcache_args *ap)
2923 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp);
2925 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 ||
2926 (ap->a_ioflag & IO_DIRECT) != 0)
2927 return (EJUSTRETURN);
2928 return (vn_read_from_obj(vp, uio));
2931 /* Global vfs data structures for ufs. */
2932 struct vop_vector ufs_vnodeops = {
2933 .vop_default = &default_vnodeops,
2934 .vop_fsync = VOP_PANIC,
2935 .vop_read = VOP_PANIC,
2936 .vop_reallocblks = VOP_PANIC,
2937 .vop_write = VOP_PANIC,
2938 .vop_accessx = ufs_accessx,
2939 .vop_bmap = ufs_bmap,
2940 .vop_fplookup_vexec = ufs_fplookup_vexec,
2941 .vop_fplookup_symlink = VOP_EAGAIN,
2942 .vop_cachedlookup = ufs_lookup,
2943 .vop_close = ufs_close,
2944 .vop_create = ufs_create,
2945 .vop_stat = ufs_stat,
2946 .vop_getattr = ufs_getattr,
2947 .vop_inactive = ufs_inactive,
2948 .vop_ioctl = ufs_ioctl,
2949 .vop_link = ufs_link,
2950 .vop_lookup = vfs_cache_lookup,
2951 .vop_mmapped = ufs_mmapped,
2952 .vop_mkdir = ufs_mkdir,
2953 .vop_mknod = ufs_mknod,
2954 .vop_need_inactive = ufs_need_inactive,
2955 .vop_open = ufs_open,
2956 .vop_pathconf = ufs_pathconf,
2957 .vop_poll = vop_stdpoll,
2958 .vop_print = ufs_print,
2959 .vop_read_pgcache = ufs_read_pgcache,
2960 .vop_readdir = ufs_readdir,
2961 .vop_readlink = ufs_readlink,
2962 .vop_reclaim = ufs_reclaim,
2963 .vop_remove = ufs_remove,
2964 .vop_rename = ufs_rename,
2965 .vop_rmdir = ufs_rmdir,
2966 .vop_setattr = ufs_setattr,
2968 .vop_setlabel = vop_stdsetlabel_ea,
2970 .vop_strategy = ufs_strategy,
2971 .vop_symlink = ufs_symlink,
2972 .vop_whiteout = ufs_whiteout,
2974 .vop_getextattr = ufs_getextattr,
2975 .vop_deleteextattr = ufs_deleteextattr,
2976 .vop_setextattr = ufs_setextattr,
2979 .vop_getacl = ufs_getacl,
2980 .vop_setacl = ufs_setacl,
2981 .vop_aclcheck = ufs_aclcheck,
2984 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops);
2986 struct vop_vector ufs_fifoops = {
2987 .vop_default = &fifo_specops,
2988 .vop_fsync = VOP_PANIC,
2989 .vop_accessx = ufs_accessx,
2990 .vop_close = ufsfifo_close,
2991 .vop_getattr = ufs_getattr,
2992 .vop_inactive = ufs_inactive,
2993 .vop_kqfilter = ufsfifo_kqfilter,
2994 .vop_pathconf = ufs_pathconf,
2995 .vop_print = ufs_print,
2996 .vop_read = VOP_PANIC,
2997 .vop_reclaim = ufs_reclaim,
2998 .vop_setattr = ufs_setattr,
3000 .vop_setlabel = vop_stdsetlabel_ea,
3002 .vop_write = VOP_PANIC,
3004 .vop_getextattr = ufs_getextattr,
3005 .vop_deleteextattr = ufs_deleteextattr,
3006 .vop_setextattr = ufs_setextattr,
3009 .vop_getacl = ufs_getacl,
3010 .vop_setacl = ufs_setacl,
3011 .vop_aclcheck = ufs_aclcheck,
3014 VFS_VOP_VECTOR_REGISTER(ufs_fifoops);