2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
42 #include "opt_quota.h"
43 #include "opt_suiddir.h"
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/malloc.h>
50 #include <sys/namei.h>
51 #include <sys/kernel.h>
52 #include <sys/fcntl.h>
53 #include <sys/filio.h>
57 #include <sys/mount.h>
59 #include <sys/refcount.h>
60 #include <sys/unistd.h>
61 #include <sys/vnode.h>
62 #include <sys/dirent.h>
63 #include <sys/lockf.h>
68 #include <security/audit/audit.h>
69 #include <security/mac/mac_framework.h>
71 #include <sys/file.h> /* XXX */
74 #include <vm/vm_extern.h>
76 #include <ufs/ufs/acl.h>
77 #include <ufs/ufs/extattr.h>
78 #include <ufs/ufs/quota.h>
79 #include <ufs/ufs/inode.h>
80 #include <ufs/ufs/dir.h>
81 #include <ufs/ufs/ufsmount.h>
82 #include <ufs/ufs/ufs_extern.h>
84 #include <ufs/ufs/dirhash.h>
87 #include <ufs/ufs/gjournal.h>
88 FEATURE(ufs_gjournal, "Journaling support through GEOM for UFS");
92 FEATURE(ufs_quota, "UFS disk quotas support");
93 FEATURE(ufs_quota64, "64bit UFS disk quotas support");
98 "Give all new files in directory the same ownership as the directory");
103 #include <ufs/ffs/ffs_extern.h>
105 static vop_accessx_t ufs_accessx;
106 static vop_fplookup_vexec_t ufs_fplookup_vexec;
107 static int ufs_chmod(struct vnode *, int, struct ucred *, struct thread *);
108 static int ufs_chown(struct vnode *, uid_t, gid_t, struct ucred *, struct thread *);
109 static vop_close_t ufs_close;
110 static vop_create_t ufs_create;
111 static vop_stat_t ufs_stat;
112 static vop_getattr_t ufs_getattr;
113 static vop_ioctl_t ufs_ioctl;
114 static vop_link_t ufs_link;
115 static int ufs_makeinode(int mode, struct vnode *, struct vnode **, struct componentname *, const char *);
116 static vop_mmapped_t ufs_mmapped;
117 static vop_mkdir_t ufs_mkdir;
118 static vop_mknod_t ufs_mknod;
119 static vop_open_t ufs_open;
120 static vop_pathconf_t ufs_pathconf;
121 static vop_print_t ufs_print;
122 static vop_readlink_t ufs_readlink;
123 static vop_remove_t ufs_remove;
124 static vop_rename_t ufs_rename;
125 static vop_rmdir_t ufs_rmdir;
126 static vop_setattr_t ufs_setattr;
127 static vop_strategy_t ufs_strategy;
128 static vop_symlink_t ufs_symlink;
129 static vop_whiteout_t ufs_whiteout;
130 static vop_close_t ufsfifo_close;
131 static vop_kqfilter_t ufsfifo_kqfilter;
133 SYSCTL_NODE(_vfs, OID_AUTO, ufs, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
137 * A virgin directory (no blushing please).
139 static struct dirtemplate mastertemplate = {
140 0, 12, DT_DIR, 1, ".",
141 0, DIRBLKSIZ - 12, DT_DIR, 2, ".."
143 static struct odirtemplate omastertemplate = {
145 0, DIRBLKSIZ - 12, 2, ".."
149 ufs_itimes_locked(struct vnode *vp)
154 ASSERT_VI_LOCKED(vp, __func__);
159 if ((ip->i_flag & (IN_ACCESS | IN_CHANGE | IN_UPDATE)) == 0)
162 if ((vp->v_type == VBLK || vp->v_type == VCHR) && !DOINGSOFTDEP(vp))
163 UFS_INODE_SET_FLAG(ip, IN_LAZYMOD);
164 else if (((vp->v_mount->mnt_kern_flag &
165 (MNTK_SUSPENDED | MNTK_SUSPEND)) == 0) ||
166 (ip->i_flag & (IN_CHANGE | IN_UPDATE)))
167 UFS_INODE_SET_FLAG(ip, IN_MODIFIED);
168 else if (ip->i_flag & IN_ACCESS)
169 UFS_INODE_SET_FLAG(ip, IN_LAZYACCESS);
171 if (ip->i_flag & IN_ACCESS) {
172 DIP_SET(ip, i_atime, ts.tv_sec);
173 DIP_SET(ip, i_atimensec, ts.tv_nsec);
175 if (ip->i_flag & IN_UPDATE) {
176 DIP_SET(ip, i_mtime, ts.tv_sec);
177 DIP_SET(ip, i_mtimensec, ts.tv_nsec);
179 if (ip->i_flag & IN_CHANGE) {
180 DIP_SET(ip, i_ctime, ts.tv_sec);
181 DIP_SET(ip, i_ctimensec, ts.tv_nsec);
182 DIP_SET(ip, i_modrev, DIP(ip, i_modrev) + 1);
186 ip->i_flag &= ~(IN_ACCESS | IN_CHANGE | IN_UPDATE);
190 ufs_itimes(struct vnode *vp)
194 ufs_itimes_locked(vp);
199 * Create a regular file
203 struct vop_create_args /* {
205 struct vnode **a_vpp;
206 struct componentname *a_cnp;
213 ufs_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode),
214 ap->a_dvp, ap->a_vpp, ap->a_cnp, "ufs_create");
217 if ((ap->a_cnp->cn_flags & MAKEENTRY) != 0)
218 cache_enter(ap->a_dvp, *ap->a_vpp, ap->a_cnp);
228 struct vop_mknod_args /* {
230 struct vnode **a_vpp;
231 struct componentname *a_cnp;
235 struct vattr *vap = ap->a_vap;
236 struct vnode **vpp = ap->a_vpp;
241 error = ufs_makeinode(MAKEIMODE(vap->va_type, vap->va_mode),
242 ap->a_dvp, vpp, ap->a_cnp, "ufs_mknod");
246 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
247 if (vap->va_rdev != VNOVAL) {
249 * Want to be able to use this to make badblock
250 * inodes, so don't truncate the dev number.
252 DIP_SET(ip, i_rdev, vap->va_rdev);
255 * Remove inode, then reload it through VFS_VGET so it is
256 * checked to see if it is an alias of an existing entry in
257 * the inode cache. XXX I don't believe this is necessary now.
259 (*vpp)->v_type = VNON;
260 ino = ip->i_number; /* Save this before vgone() invalidates ip. */
263 error = VFS_VGET(ap->a_dvp->v_mount, ino, LK_EXCLUSIVE, vpp);
276 ufs_open(struct vop_open_args *ap)
278 struct vnode *vp = ap->a_vp;
281 if (vp->v_type == VCHR || vp->v_type == VBLK)
285 vnode_create_vobject(vp, DIP(ip, i_size), ap->a_td);
286 if (vp->v_type == VREG && (vn_irflag_read(vp) & VIRF_PGREAD) == 0) {
287 vn_irflag_set_cond(vp, VIRF_PGREAD);
291 * Files marked append-only must be opened for appending.
293 if ((ip->i_flags & APPEND) &&
294 (ap->a_mode & (FWRITE | O_APPEND)) == FWRITE)
303 * Update the times on the inode.
308 struct vop_close_args /* {
311 struct ucred *a_cred;
315 struct vnode *vp = ap->a_vp;
319 usecount = vp->v_usecount;
321 ufs_itimes_locked(vp);
328 struct vop_accessx_args /* {
331 struct ucred *a_cred;
335 struct vnode *vp = ap->a_vp;
336 struct inode *ip = VTOI(vp);
337 accmode_t accmode = ap->a_accmode;
345 * Disallow write attempts on read-only filesystems;
346 * unless the file is a socket, fifo, or a block or
347 * character device resident on the filesystem.
349 if (accmode & VMODIFY_PERMS) {
350 switch (vp->v_type) {
354 if (vp->v_mount->mnt_flag & MNT_RDONLY)
358 * Inode is accounted in the quotas only if struct
359 * dquot is attached to it. VOP_ACCESS() is called
360 * from vn_open_cred() and provides a convenient
361 * point to call getinoquota(). The lock mode is
362 * exclusive when the file is opening for write.
364 if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) {
365 error = getinoquota(ip);
377 * If immutable bit set, nobody gets to write it. "& ~VADMIN_PERMS"
378 * permits the owner of the file to remove the IMMUTABLE flag.
380 if ((accmode & (VMODIFY_PERMS & ~VADMIN_PERMS)) &&
381 (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
385 if ((vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) != 0) {
386 if (vp->v_mount->mnt_flag & MNT_NFS4ACLS)
387 type = ACL_TYPE_NFS4;
389 type = ACL_TYPE_ACCESS;
391 acl = acl_alloc(M_WAITOK);
392 if (type == ACL_TYPE_NFS4)
393 error = ufs_getacl_nfs4_internal(vp, acl, ap->a_td);
395 error = VOP_GETACL(vp, type, acl, ap->a_cred, ap->a_td);
398 if (type == ACL_TYPE_NFS4) {
399 error = vaccess_acl_nfs4(vp->v_type, ip->i_uid,
400 ip->i_gid, acl, accmode, ap->a_cred);
402 error = vfs_unixify_accmode(&accmode);
404 error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
405 ip->i_gid, acl, accmode, ap->a_cred);
409 if (error != EOPNOTSUPP)
411 "ufs_accessx(): Error retrieving ACL on object (%d).\n",
414 * XXX: Fall back until debugged. Should
415 * eventually possibly log an error, and return
418 error = vfs_unixify_accmode(&accmode);
420 error = vaccess(vp->v_type, ip->i_mode,
421 ip->i_uid, ip->i_gid, accmode, ap->a_cred);
427 #endif /* !UFS_ACL */
428 error = vfs_unixify_accmode(&accmode);
430 error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
431 accmode, ap->a_cred);
436 * VOP_FPLOOKUP_VEXEC routines are subject to special circumstances, see
437 * the comment above cache_fplookup for details.
440 ufs_fplookup_vexec(ap)
441 struct vop_fplookup_vexec_args /* {
443 struct ucred *a_cred;
454 if (__predict_false(ip == NULL))
460 * ACLs are not supported and UFS clears/sets this flag on mount and
461 * remount. However, we may still be racing with seeing them and there
462 * is no provision to make sure they were accounted for. This matches
463 * the behavior of the locked case, since the lookup there is also
464 * racy: mount takes no measures to block anyone from progressing.
466 all_x = S_IXUSR | S_IXGRP | S_IXOTH;
467 mode = atomic_load_short(&ip->i_mode);
468 if (__predict_true((mode & all_x) == all_x))
472 return (vaccess_vexec_smr(mode, ip->i_uid, ip->i_gid, cred));
477 ufs_stat(struct vop_stat_args *ap)
479 struct vnode *vp = ap->a_vp;
480 struct inode *ip = VTOI(vp);
481 struct stat *sb = ap->a_sb;
484 error = vop_stat_helper_pre(ap);
485 if (__predict_false(error))
489 ufs_itimes_locked(vp);
491 sb->st_atim.tv_sec = ip->i_din1->di_atime;
492 sb->st_atim.tv_nsec = ip->i_din1->di_atimensec;
494 sb->st_atim.tv_sec = ip->i_din2->di_atime;
495 sb->st_atim.tv_nsec = ip->i_din2->di_atimensec;
499 sb->st_dev = dev2udev(ITOUMP(ip)->um_dev);
500 sb->st_ino = ip->i_number;
501 sb->st_mode = (ip->i_mode & ~IFMT) | VTTOIF(vp->v_type);
502 sb->st_nlink = ip->i_effnlink;
503 sb->st_uid = ip->i_uid;
504 sb->st_gid = ip->i_gid;
506 sb->st_rdev = ip->i_din1->di_rdev;
507 sb->st_size = ip->i_din1->di_size;
508 sb->st_mtim.tv_sec = ip->i_din1->di_mtime;
509 sb->st_mtim.tv_nsec = ip->i_din1->di_mtimensec;
510 sb->st_ctim.tv_sec = ip->i_din1->di_ctime;
511 sb->st_ctim.tv_nsec = ip->i_din1->di_ctimensec;
512 sb->st_birthtim.tv_sec = -1;
513 sb->st_birthtim.tv_nsec = 0;
514 sb->st_blocks = dbtob((u_quad_t)ip->i_din1->di_blocks) / S_BLKSIZE;
516 sb->st_rdev = ip->i_din2->di_rdev;
517 sb->st_size = ip->i_din2->di_size;
518 sb->st_mtim.tv_sec = ip->i_din2->di_mtime;
519 sb->st_mtim.tv_nsec = ip->i_din2->di_mtimensec;
520 sb->st_ctim.tv_sec = ip->i_din2->di_ctime;
521 sb->st_ctim.tv_nsec = ip->i_din2->di_ctimensec;
522 sb->st_birthtim.tv_sec = ip->i_din2->di_birthtime;
523 sb->st_birthtim.tv_nsec = ip->i_din2->di_birthnsec;
524 sb->st_blocks = dbtob((u_quad_t)ip->i_din2->di_blocks) / S_BLKSIZE;
527 sb->st_blksize = max(PAGE_SIZE, vp->v_mount->mnt_stat.f_iosize);
528 sb->st_flags = ip->i_flags;
529 sb->st_gen = ip->i_gen;
531 return (vop_stat_helper_post(ap, error));
537 struct vop_getattr_args /* {
540 struct ucred *a_cred;
543 struct vnode *vp = ap->a_vp;
544 struct inode *ip = VTOI(vp);
545 struct vattr *vap = ap->a_vap;
548 ufs_itimes_locked(vp);
550 vap->va_atime.tv_sec = ip->i_din1->di_atime;
551 vap->va_atime.tv_nsec = ip->i_din1->di_atimensec;
553 vap->va_atime.tv_sec = ip->i_din2->di_atime;
554 vap->va_atime.tv_nsec = ip->i_din2->di_atimensec;
558 * Copy from inode table
560 vap->va_fsid = dev2udev(ITOUMP(ip)->um_dev);
561 vap->va_fileid = ip->i_number;
562 vap->va_mode = ip->i_mode & ~IFMT;
563 vap->va_nlink = ip->i_effnlink;
564 vap->va_uid = ip->i_uid;
565 vap->va_gid = ip->i_gid;
567 vap->va_rdev = ip->i_din1->di_rdev;
568 vap->va_size = ip->i_din1->di_size;
569 vap->va_mtime.tv_sec = ip->i_din1->di_mtime;
570 vap->va_mtime.tv_nsec = ip->i_din1->di_mtimensec;
571 vap->va_ctime.tv_sec = ip->i_din1->di_ctime;
572 vap->va_ctime.tv_nsec = ip->i_din1->di_ctimensec;
573 vap->va_bytes = dbtob((u_quad_t)ip->i_din1->di_blocks);
574 vap->va_filerev = ip->i_din1->di_modrev;
576 vap->va_rdev = ip->i_din2->di_rdev;
577 vap->va_size = ip->i_din2->di_size;
578 vap->va_mtime.tv_sec = ip->i_din2->di_mtime;
579 vap->va_mtime.tv_nsec = ip->i_din2->di_mtimensec;
580 vap->va_ctime.tv_sec = ip->i_din2->di_ctime;
581 vap->va_ctime.tv_nsec = ip->i_din2->di_ctimensec;
582 vap->va_birthtime.tv_sec = ip->i_din2->di_birthtime;
583 vap->va_birthtime.tv_nsec = ip->i_din2->di_birthnsec;
584 vap->va_bytes = dbtob((u_quad_t)ip->i_din2->di_blocks);
585 vap->va_filerev = ip->i_din2->di_modrev;
587 vap->va_flags = ip->i_flags;
588 vap->va_gen = ip->i_gen;
589 vap->va_blocksize = vp->v_mount->mnt_stat.f_iosize;
590 vap->va_type = IFTOVT(ip->i_mode);
595 * Set attribute vnode op. called from several syscalls
599 struct vop_setattr_args /* {
602 struct ucred *a_cred;
605 struct vattr *vap = ap->a_vap;
606 struct vnode *vp = ap->a_vp;
607 struct inode *ip = VTOI(vp);
608 struct ucred *cred = ap->a_cred;
609 struct thread *td = curthread;
613 * Check for unsettable attributes.
615 if ((vap->va_type != VNON) || (vap->va_nlink != VNOVAL) ||
616 (vap->va_fsid != VNOVAL) || (vap->va_fileid != VNOVAL) ||
617 (vap->va_blocksize != VNOVAL) || (vap->va_rdev != VNOVAL) ||
618 ((int)vap->va_bytes != VNOVAL) || (vap->va_gen != VNOVAL)) {
621 if (vap->va_flags != VNOVAL) {
622 if ((vap->va_flags & ~(SF_APPEND | SF_ARCHIVED | SF_IMMUTABLE |
623 SF_NOUNLINK | SF_SNAPSHOT | UF_APPEND | UF_ARCHIVE |
624 UF_HIDDEN | UF_IMMUTABLE | UF_NODUMP | UF_NOUNLINK |
625 UF_OFFLINE | UF_OPAQUE | UF_READONLY | UF_REPARSE |
626 UF_SPARSE | UF_SYSTEM)) != 0)
628 if (vp->v_mount->mnt_flag & MNT_RDONLY)
631 * Callers may only modify the file flags on objects they
632 * have VADMIN rights for.
634 if ((error = VOP_ACCESS(vp, VADMIN, cred, td)))
637 * Unprivileged processes are not permitted to unset system
638 * flags, or modify flags if any system flags are set.
639 * Privileged non-jail processes may not modify system flags
640 * if securelevel > 0 and any existing system flags are set.
641 * Privileged jail processes behave like privileged non-jail
642 * processes if the PR_ALLOW_CHFLAGS permission bit is set;
643 * otherwise, they behave like unprivileged processes.
645 if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
647 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
648 error = securelevel_gt(cred, 0);
652 /* The snapshot flag cannot be toggled. */
653 if ((vap->va_flags ^ ip->i_flags) & SF_SNAPSHOT)
657 (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND) ||
658 ((vap->va_flags ^ ip->i_flags) & SF_SETTABLE))
661 ip->i_flags = vap->va_flags;
662 DIP_SET(ip, i_flags, vap->va_flags);
663 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
664 error = UFS_UPDATE(vp, 0);
665 if (ip->i_flags & (IMMUTABLE | APPEND))
669 * If immutable or append, no one can change any of its attributes
670 * except the ones already handled (in some cases, file flags
671 * including the immutability flags themselves for the superuser).
673 if (ip->i_flags & (IMMUTABLE | APPEND))
676 * Go through the fields and update iff not VNOVAL.
678 if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
679 if (vp->v_mount->mnt_flag & MNT_RDONLY)
681 if ((error = ufs_chown(vp, vap->va_uid, vap->va_gid, cred,
685 if (vap->va_size != VNOVAL) {
687 * XXX most of the following special cases should be in
688 * callers instead of in N filesystems. The VDIR check
691 switch (vp->v_type) {
697 * Truncation should have an effect in these cases.
698 * Disallow it if the filesystem is read-only or
699 * the file is being snapshotted.
701 if (vp->v_mount->mnt_flag & MNT_RDONLY)
703 if ((ip->i_flags & SF_SNAPSHOT) != 0)
708 * According to POSIX, the result is unspecified
709 * for file types other than regular files,
710 * directories and shared memory objects. We
711 * don't support shared memory objects in the file
712 * system, and have dubious support for truncating
713 * symlinks. Just ignore the request in other cases.
717 if ((error = UFS_TRUNCATE(vp, vap->va_size, IO_NORMAL |
718 ((vap->va_vaflags & VA_SYNC) != 0 ? IO_SYNC : 0),
722 if (vap->va_atime.tv_sec != VNOVAL ||
723 vap->va_mtime.tv_sec != VNOVAL ||
724 vap->va_birthtime.tv_sec != VNOVAL) {
725 if (vp->v_mount->mnt_flag & MNT_RDONLY)
727 if ((ip->i_flags & SF_SNAPSHOT) != 0)
729 error = vn_utimes_perm(vp, vap, cred, td);
732 UFS_INODE_SET_FLAG(ip, IN_CHANGE | IN_MODIFIED);
733 if (vap->va_atime.tv_sec != VNOVAL) {
734 ip->i_flag &= ~IN_ACCESS;
735 DIP_SET(ip, i_atime, vap->va_atime.tv_sec);
736 DIP_SET(ip, i_atimensec, vap->va_atime.tv_nsec);
738 if (vap->va_mtime.tv_sec != VNOVAL) {
739 ip->i_flag &= ~IN_UPDATE;
740 DIP_SET(ip, i_mtime, vap->va_mtime.tv_sec);
741 DIP_SET(ip, i_mtimensec, vap->va_mtime.tv_nsec);
743 if (vap->va_birthtime.tv_sec != VNOVAL && I_IS_UFS2(ip)) {
744 ip->i_din2->di_birthtime = vap->va_birthtime.tv_sec;
745 ip->i_din2->di_birthnsec = vap->va_birthtime.tv_nsec;
747 error = UFS_UPDATE(vp, 0);
752 if (vap->va_mode != (mode_t)VNOVAL) {
753 if (vp->v_mount->mnt_flag & MNT_RDONLY)
755 if ((ip->i_flags & SF_SNAPSHOT) != 0 && (vap->va_mode &
756 (S_IXUSR | S_IWUSR | S_IXGRP | S_IWGRP | S_IXOTH | S_IWOTH)))
758 error = ufs_chmod(vp, (int)vap->va_mode, cred, td);
765 ufs_update_nfs4_acl_after_mode_change(struct vnode *vp, int mode,
766 int file_owner_id, struct ucred *cred, struct thread *td)
771 aclp = acl_alloc(M_WAITOK);
772 error = ufs_getacl_nfs4_internal(vp, aclp, td);
774 * We don't have to handle EOPNOTSUPP here, as the filesystem claims
780 acl_nfs4_sync_acl_from_mode(aclp, mode, file_owner_id);
781 error = ufs_setacl_nfs4_internal(vp, aclp, td);
791 struct vop_mmapped_args /* {
803 if ((mp->mnt_flag & (MNT_NOATIME | MNT_RDONLY)) == 0)
804 UFS_INODE_SET_FLAG_SHARED(ip, IN_ACCESS);
806 * XXXKIB No UFS_UPDATE(ap->a_vp, 0) there.
812 * Change the mode on a file.
813 * Inode must be locked before calling.
816 ufs_chmod(vp, mode, cred, td)
822 struct inode *ip = VTOI(vp);
826 * To modify the permissions on a file, must possess VADMIN
829 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred, td)))
832 * Privileged processes may set the sticky bit on non-directories,
833 * as well as set the setgid bit on a file with a group that the
834 * process is not a member of. Both of these are allowed in
837 if (vp->v_type != VDIR && (mode & S_ISTXT)) {
838 if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
841 if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
842 error = priv_check_cred(cred, PRIV_VFS_SETGID);
848 * Deny setting setuid if we are not the file owner.
850 if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
851 error = priv_check_cred(cred, PRIV_VFS_ADMIN);
856 newmode = ip->i_mode & ~ALLPERMS;
857 newmode |= (mode & ALLPERMS);
858 UFS_INODE_SET_MODE(ip, newmode);
859 DIP_SET(ip, i_mode, ip->i_mode);
860 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
862 if ((vp->v_mount->mnt_flag & MNT_NFS4ACLS) != 0)
863 error = ufs_update_nfs4_acl_after_mode_change(vp, mode, ip->i_uid, cred, td);
865 if (error == 0 && (ip->i_flag & IN_CHANGE) != 0)
866 error = UFS_UPDATE(vp, 0);
872 * Perform chown operation on inode ip;
873 * inode must be locked prior to call.
876 ufs_chown(vp, uid, gid, cred, td)
883 struct inode *ip = VTOI(vp);
892 if (uid == (uid_t)VNOVAL)
894 if (gid == (gid_t)VNOVAL)
897 * To modify the ownership of a file, must possess VADMIN for that
900 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred, td)))
903 * To change the owner of a file, or change the group of a file to a
904 * group of which we are not a member, the caller must have
907 if (((uid != ip->i_uid && uid != cred->cr_uid) ||
908 (gid != ip->i_gid && !groupmember(gid, cred))) &&
909 (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
914 if ((error = getinoquota(ip)) != 0)
917 dqrele(vp, ip->i_dquot[USRQUOTA]);
918 ip->i_dquot[USRQUOTA] = NODQUOT;
921 dqrele(vp, ip->i_dquot[GRPQUOTA]);
922 ip->i_dquot[GRPQUOTA] = NODQUOT;
924 change = DIP(ip, i_blocks);
925 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
926 (void) chkiq(ip, -1, cred, CHOWN|FORCE);
927 for (i = 0; i < MAXQUOTAS; i++) {
928 dqrele(vp, ip->i_dquot[i]);
929 ip->i_dquot[i] = NODQUOT;
933 DIP_SET(ip, i_gid, gid);
935 DIP_SET(ip, i_uid, uid);
937 if ((error = getinoquota(ip)) == 0) {
939 dqrele(vp, ip->i_dquot[USRQUOTA]);
940 ip->i_dquot[USRQUOTA] = NODQUOT;
943 dqrele(vp, ip->i_dquot[GRPQUOTA]);
944 ip->i_dquot[GRPQUOTA] = NODQUOT;
946 if ((error = chkdq(ip, change, cred, CHOWN)) == 0) {
947 if ((error = chkiq(ip, 1, cred, CHOWN)) == 0)
950 (void) chkdq(ip, -change, cred, CHOWN|FORCE);
952 for (i = 0; i < MAXQUOTAS; i++) {
953 dqrele(vp, ip->i_dquot[i]);
954 ip->i_dquot[i] = NODQUOT;
958 DIP_SET(ip, i_gid, ogid);
960 DIP_SET(ip, i_uid, ouid);
961 if (getinoquota(ip) == 0) {
963 dqrele(vp, ip->i_dquot[USRQUOTA]);
964 ip->i_dquot[USRQUOTA] = NODQUOT;
967 dqrele(vp, ip->i_dquot[GRPQUOTA]);
968 ip->i_dquot[GRPQUOTA] = NODQUOT;
970 (void) chkdq(ip, change, cred, FORCE|CHOWN);
971 (void) chkiq(ip, 1, cred, FORCE|CHOWN);
972 (void) getinoquota(ip);
977 panic("ufs_chown: lost quota");
979 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
980 if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
981 if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
982 UFS_INODE_SET_MODE(ip, ip->i_mode & ~(ISUID | ISGID));
983 DIP_SET(ip, i_mode, ip->i_mode);
986 error = UFS_UPDATE(vp, 0);
992 struct vop_remove_args /* {
995 struct componentname *a_cnp;
999 struct vnode *vp = ap->a_vp;
1000 struct vnode *dvp = ap->a_dvp;
1006 if ((ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1007 (VTOI(dvp)->i_flags & APPEND))
1009 if (DOINGSOFTDEP(dvp)) {
1010 error = softdep_prelink(dvp, vp);
1012 MPASS(error == ERELOOKUP);
1018 ufs_gjournal_orphan(vp);
1020 error = ufs_dirremove(dvp, ip, ap->a_cnp->cn_flags, 0);
1021 if (ip->i_nlink <= 0)
1022 vp->v_vflag |= VV_NOSYNC;
1023 if ((ip->i_flags & SF_SNAPSHOT) != 0) {
1025 * Avoid deadlock where another thread is trying to
1026 * update the inodeblock for dvp and is waiting on
1027 * snaplk. Temporary unlock the vnode lock for the
1028 * unlinked file and sync the directory. This should
1029 * allow vput() of the directory to not block later on
1030 * while holding the snapshot vnode locked, assuming
1031 * that the directory hasn't been unlinked too.
1034 (void) VOP_FSYNC(dvp, MNT_WAIT, td);
1035 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1041 print_bad_link_count(const char *funcname, struct vnode *dvp)
1046 uprintf("%s: Bad link count %d on parent inode %jd in file system %s\n",
1047 funcname, dip->i_effnlink, (intmax_t)dip->i_number,
1048 dvp->v_mount->mnt_stat.f_mntonname);
1056 struct vop_link_args /* {
1057 struct vnode *a_tdvp;
1059 struct componentname *a_cnp;
1062 struct vnode *vp = ap->a_vp;
1063 struct vnode *tdvp = ap->a_tdvp;
1064 struct componentname *cnp = ap->a_cnp;
1066 struct direct newdir;
1070 if ((cnp->cn_flags & HASBUF) == 0)
1071 panic("ufs_link: no name");
1074 if (DOINGSOFTDEP(tdvp)) {
1075 error = softdep_prelink(tdvp, vp);
1077 MPASS(error == ERELOOKUP);
1082 if (VTOI(tdvp)->i_effnlink < 2) {
1083 print_bad_link_count("ufs_link", tdvp);
1088 if (ip->i_nlink >= UFS_LINK_MAX) {
1093 * The file may have been removed after namei droped the original
1096 if (ip->i_effnlink == 0) {
1100 if (ip->i_flags & (IMMUTABLE | APPEND)) {
1107 DIP_SET(ip, i_nlink, ip->i_nlink);
1108 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1109 if (DOINGSOFTDEP(vp))
1110 softdep_setup_link(VTOI(tdvp), ip);
1111 error = UFS_UPDATE(vp, !DOINGSOFTDEP(vp) && !DOINGASYNC(vp));
1113 ufs_makedirentry(ip, cnp, &newdir);
1114 error = ufs_direnter(tdvp, vp, &newdir, cnp, NULL);
1120 DIP_SET(ip, i_nlink, ip->i_nlink);
1121 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
1122 if (DOINGSOFTDEP(vp))
1123 softdep_revert_link(VTOI(tdvp), ip);
1130 * whiteout vnode call
1134 struct vop_whiteout_args /* {
1135 struct vnode *a_dvp;
1136 struct componentname *a_cnp;
1140 struct vnode *dvp = ap->a_dvp;
1141 struct componentname *cnp = ap->a_cnp;
1142 struct direct newdir;
1145 if (DOINGSOFTDEP(dvp) && (ap->a_flags == CREATE ||
1146 ap->a_flags == DELETE)) {
1147 error = softdep_prelink(dvp, NULL);
1149 MPASS(error == ERELOOKUP);
1154 switch (ap->a_flags) {
1156 /* 4.4 format directories support whiteout operations */
1157 if (dvp->v_mount->mnt_maxsymlinklen > 0)
1159 return (EOPNOTSUPP);
1162 /* create a new directory whiteout */
1164 if ((cnp->cn_flags & SAVENAME) == 0)
1165 panic("ufs_whiteout: missing name");
1166 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
1167 panic("ufs_whiteout: old format filesystem");
1170 newdir.d_ino = UFS_WINO;
1171 newdir.d_namlen = cnp->cn_namelen;
1172 bcopy(cnp->cn_nameptr, newdir.d_name, (unsigned)cnp->cn_namelen + 1);
1173 newdir.d_type = DT_WHT;
1174 error = ufs_direnter(dvp, NULL, &newdir, cnp, NULL);
1178 /* remove an existing directory whiteout */
1180 if (dvp->v_mount->mnt_maxsymlinklen <= 0)
1181 panic("ufs_whiteout: old format filesystem");
1184 cnp->cn_flags &= ~DOWHITEOUT;
1185 error = ufs_dirremove(dvp, NULL, cnp->cn_flags, 0);
1188 panic("ufs_whiteout: unknown op");
1193 static volatile int rename_restarts;
1194 SYSCTL_INT(_vfs_ufs, OID_AUTO, rename_restarts, CTLFLAG_RD,
1195 __DEVOLATILE(int *, &rename_restarts), 0,
1196 "Times rename had to restart due to lock contention");
1199 * Rename system call.
1200 * rename("foo", "bar");
1203 * link("foo", "bar");
1205 * but ``atomically''. Can't do full commit without saving state in the
1206 * inode on disk which isn't feasible at this time. Best we can do is
1207 * always guarantee the target exists.
1209 * Basic algorithm is:
1211 * 1) Bump link count on source while we're linking it to the
1212 * target. This also ensure the inode won't be deleted out
1213 * from underneath us while we work (it may be truncated by
1214 * a concurrent `trunc' or `open' for creation).
1215 * 2) Link source to destination. If destination already exists,
1217 * 3) Unlink source reference to inode if still around. If a
1218 * directory was moved and the parent of the destination
1219 * is different from the source, patch the ".." entry in the
1224 struct vop_rename_args /* {
1225 struct vnode *a_fdvp;
1226 struct vnode *a_fvp;
1227 struct componentname *a_fcnp;
1228 struct vnode *a_tdvp;
1229 struct vnode *a_tvp;
1230 struct componentname *a_tcnp;
1233 struct vnode *tvp = ap->a_tvp;
1234 struct vnode *tdvp = ap->a_tdvp;
1235 struct vnode *fvp = ap->a_fvp;
1236 struct vnode *fdvp = ap->a_fdvp;
1238 struct componentname *tcnp = ap->a_tcnp;
1239 struct componentname *fcnp = ap->a_fcnp;
1240 struct thread *td = fcnp->cn_thread;
1241 struct inode *fip, *tip, *tdp, *fdp;
1242 struct direct newdir;
1244 int doingdirectory, newparent;
1250 want_seqc_end = false;
1253 if ((tcnp->cn_flags & HASBUF) == 0 ||
1254 (fcnp->cn_flags & HASBUF) == 0)
1255 panic("ufs_rename: no name");
1260 if (tvp && tvp != tdvp)
1263 * Check for cross-device rename.
1265 if ((fvp->v_mount != tdvp->v_mount) ||
1266 (tvp && (fvp->v_mount != tvp->v_mount))) {
1273 * We need to acquire 2 to 4 locks depending on whether tvp is NULL
1274 * and fdvp and tdvp are the same directory. Subsequently we need
1275 * to double-check all paths and in the directory rename case we
1276 * need to verify that we are not creating a directory loop. To
1277 * handle this we acquire all but fdvp using non-blocking
1278 * acquisitions. If we fail to acquire any lock in the path we will
1279 * drop all held locks, acquire the new lock in a blocking fashion,
1280 * and then release it and restart the rename. This acquire/release
1281 * step ensures that we do not spin on a lock waiting for release.
1283 error = vn_lock(fdvp, LK_EXCLUSIVE);
1286 if (vn_lock(tdvp, LK_EXCLUSIVE | LK_NOWAIT) != 0) {
1288 error = vn_lock(tdvp, LK_EXCLUSIVE);
1292 atomic_add_int(&rename_restarts, 1);
1296 * Re-resolve fvp to be certain it still exists and fetch the
1299 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1305 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1311 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1317 atomic_add_int(&rename_restarts, 1);
1323 * Re-resolve tvp and acquire the vnode lock if present.
1325 error = ufs_lookup_ino(tdvp, NULL, tcnp, &ino);
1326 if (error != 0 && error != EJUSTRETURN) {
1333 * If tvp disappeared we just carry on.
1335 if (error == EJUSTRETURN && tvp != NULL) {
1340 * Get the tvp ino if the lookup succeeded. We may have to restart
1341 * if the non-blocking acquire fails.
1345 error = VFS_VGET(mp, ino, LK_EXCLUSIVE | LK_NOWAIT, &nvp);
1355 error = VFS_VGET(mp, ino, LK_EXCLUSIVE, &nvp);
1359 atomic_add_int(&rename_restarts, 1);
1364 if (DOINGSOFTDEP(fdvp)) {
1365 error = softdep_prerename(fdvp, fvp, tdvp, tvp);
1367 if (error == ERELOOKUP) {
1368 atomic_add_int(&rename_restarts, 1);
1381 if (tvp && ((VTOI(tvp)->i_flags & (NOUNLINK | IMMUTABLE | APPEND)) ||
1382 (VTOI(tdvp)->i_flags & APPEND))) {
1387 * Renaming a file to itself has no effect. The upper layers should
1388 * not call us in that case. However, things could change after
1389 * we drop the locks above.
1397 ino = fip->i_number;
1398 if (fip->i_nlink >= UFS_LINK_MAX) {
1402 if ((fip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))
1403 || (fdp->i_flags & APPEND)) {
1407 if ((fip->i_mode & IFMT) == IFDIR) {
1409 * Avoid ".", "..", and aliases of "." for obvious reasons.
1411 if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
1413 (fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) {
1417 if (fdp->i_number != tdp->i_number)
1418 newparent = tdp->i_number;
1421 if ((fvp->v_type == VDIR && fvp->v_mountedhere != NULL) ||
1422 (tvp != NULL && tvp->v_type == VDIR &&
1423 tvp->v_mountedhere != NULL)) {
1429 * If ".." must be changed (ie the directory gets a new
1430 * parent) then the source directory must not be in the
1431 * directory hierarchy above the target, as this would
1432 * orphan everything below the source directory. Also
1433 * the user must have write permission in the source so
1434 * as to be able to change "..".
1436 if (doingdirectory && newparent) {
1437 error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_thread);
1440 error = ufs_checkpath(ino, fdp->i_number, tdp, tcnp->cn_cred,
1443 * We encountered a lock that we have to wait for. Unlock
1444 * everything else and VGET before restarting.
1452 error = VFS_VGET(mp, ino, LK_SHARED, &nvp);
1455 atomic_add_int(&rename_restarts, 1);
1460 if ((tcnp->cn_flags & SAVESTART) == 0)
1461 panic("ufs_rename: lost to startdir");
1463 if (fip->i_effnlink == 0 || fdp->i_effnlink == 0 ||
1464 tdp->i_effnlink == 0)
1465 panic("Bad effnlink fip %p, fdp %p, tdp %p", fip, fdp, tdp);
1468 vn_seqc_write_begin(tvp);
1469 vn_seqc_write_begin(tdvp);
1470 vn_seqc_write_begin(fvp);
1471 vn_seqc_write_begin(fdvp);
1472 want_seqc_end = true;
1475 * 1) Bump link count while we're moving stuff
1476 * around. If we crash somewhere before
1477 * completing our work, the link count
1478 * may be wrong, but correctable.
1482 DIP_SET(fip, i_nlink, fip->i_nlink);
1483 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1484 if (DOINGSOFTDEP(fvp))
1485 softdep_setup_link(tdp, fip);
1486 error = UFS_UPDATE(fvp, !DOINGSOFTDEP(fvp) && !DOINGASYNC(fvp));
1491 * 2) If target doesn't exist, link the target
1492 * to the source and unlink the source.
1493 * Otherwise, rewrite the target directory
1494 * entry to reference the source inode and
1495 * expunge the original entry's existence.
1498 if (ITODEV(tdp) != ITODEV(fip))
1499 panic("ufs_rename: EXDEV");
1500 if (doingdirectory && newparent) {
1502 * Account for ".." in new directory.
1503 * When source and destination have the same
1504 * parent we don't adjust the link count. The
1505 * actual link modification is completed when
1506 * .. is rewritten below.
1508 if (tdp->i_nlink >= UFS_LINK_MAX) {
1513 ufs_makedirentry(fip, tcnp, &newdir);
1514 error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL);
1517 /* Setup tdvp for directory compaction if needed. */
1518 if (I_COUNT(tdp) != 0 && I_ENDOFF(tdp) != 0 &&
1519 I_ENDOFF(tdp) < tdp->i_size)
1520 endoff = I_ENDOFF(tdp);
1522 if (ITODEV(tip) != ITODEV(tdp) || ITODEV(tip) != ITODEV(fip))
1523 panic("ufs_rename: EXDEV");
1525 * Short circuit rename(foo, foo).
1527 if (tip->i_number == fip->i_number)
1528 panic("ufs_rename: same file");
1530 * If the parent directory is "sticky", then the caller
1531 * must possess VADMIN for the parent directory, or the
1532 * destination of the rename. This implements append-only
1535 if ((tdp->i_mode & S_ISTXT) &&
1536 VOP_ACCESS(tdvp, VADMIN, tcnp->cn_cred, td) &&
1537 VOP_ACCESS(tvp, VADMIN, tcnp->cn_cred, td)) {
1542 * Target must be empty if a directory and have no links
1543 * to it. Also, ensure source and target are compatible
1544 * (both directories, or both not directories).
1546 if ((tip->i_mode & IFMT) == IFDIR) {
1547 if ((tip->i_effnlink > 2) ||
1548 !ufs_dirempty(tip, tdp->i_number, tcnp->cn_cred)) {
1552 if (!doingdirectory) {
1557 } else if (doingdirectory) {
1561 if (doingdirectory) {
1564 if (DOINGSOFTDEP(tdvp))
1565 softdep_change_linkcnt(tdp);
1568 if (DOINGSOFTDEP(tvp))
1569 softdep_change_linkcnt(tip);
1571 error = ufs_dirrewrite(tdp, tip, fip->i_number,
1572 IFTODT(fip->i_mode),
1573 (doingdirectory && newparent) ? newparent : doingdirectory);
1575 if (doingdirectory) {
1578 if (DOINGSOFTDEP(tdvp))
1579 softdep_change_linkcnt(tdp);
1582 if (DOINGSOFTDEP(tvp))
1583 softdep_change_linkcnt(tip);
1587 if (doingdirectory && !DOINGSOFTDEP(tvp)) {
1589 * The only stuff left in the directory is "."
1590 * and "..". The "." reference is inconsequential
1591 * since we are quashing it. We have removed the "."
1592 * reference and the reference in the parent directory,
1593 * but there may be other hard links. The soft
1594 * dependency code will arrange to do these operations
1595 * after the parent directory entry has been deleted on
1596 * disk, so when running with that code we avoid doing
1601 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1602 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1605 DIP_SET(tip, i_nlink, tip->i_nlink);
1606 UFS_INODE_SET_FLAG(tip, IN_CHANGE);
1611 * 3) Unlink the source. We have to resolve the path again to
1612 * fixup the directory offset and count for ufs_dirremove.
1615 error = ufs_lookup_ino(fdvp, NULL, fcnp, &ino);
1617 panic("ufs_rename: from entry went away!");
1618 if (ino != fip->i_number)
1619 panic("ufs_rename: ino mismatch %ju != %ju\n",
1620 (uintmax_t)ino, (uintmax_t)fip->i_number);
1623 * If the source is a directory with a
1624 * new parent, the link count of the old
1625 * parent directory must be decremented
1626 * and ".." set to point to the new parent.
1628 if (doingdirectory && newparent) {
1630 * If tip exists we simply use its link, otherwise we must
1636 DIP_SET(tdp, i_nlink, tdp->i_nlink);
1637 UFS_INODE_SET_FLAG(tdp, IN_CHANGE);
1638 if (DOINGSOFTDEP(tdvp))
1639 softdep_setup_dotdot_link(tdp, fip);
1640 error = UFS_UPDATE(tdvp, !DOINGSOFTDEP(tdvp) &&
1642 /* Don't go to bad here as the new link exists. */
1645 } else if (DOINGSUJ(tdvp))
1646 /* Journal must account for each new link. */
1647 softdep_setup_dotdot_link(tdp, fip);
1648 SET_I_OFFSET(fip, mastertemplate.dot_reclen);
1649 ufs_dirrewrite(fip, fdp, newparent, DT_DIR, 0);
1652 error = ufs_dirremove(fdvp, fip, fcnp->cn_flags, 0);
1654 * The kern_renameat() looks up the fvp using the DELETE flag, which
1655 * causes the removal of the name cache entry for fvp.
1656 * As the relookup of the fvp is done in two steps:
1657 * ufs_lookup_ino() and then VFS_VGET(), another thread might do a
1658 * normal lookup of the from name just before the VFS_VGET() call,
1659 * causing the cache entry to be re-instantiated.
1661 * The same issue also applies to tvp if it exists as
1662 * otherwise we may have a stale name cache entry for the new
1663 * name that references the old i-node if it has other links
1664 * or open file descriptors.
1666 cache_vop_rename(fdvp, fvp, tdvp, tvp, fcnp, tcnp);
1669 if (want_seqc_end) {
1671 vn_seqc_write_end(tvp);
1672 vn_seqc_write_end(tdvp);
1673 vn_seqc_write_end(fvp);
1674 vn_seqc_write_end(fdvp);
1681 * If compaction or fsync was requested do it in
1682 * ffs_vput_pair() now that other locks are no longer needed.
1684 if (error == 0 && endoff != 0) {
1685 UFS_INODE_SET_FLAG(tdp, IN_ENDOFF);
1686 SET_I_ENDOFF(tdp, endoff);
1688 VOP_VPUT_PAIR(tdvp, &tvp, true);
1694 DIP_SET(fip, i_nlink, fip->i_nlink);
1695 UFS_INODE_SET_FLAG(fip, IN_CHANGE);
1696 if (DOINGSOFTDEP(fvp))
1697 softdep_revert_link(tdp, fip);
1701 if (want_seqc_end) {
1703 vn_seqc_write_end(tvp);
1704 vn_seqc_write_end(tdvp);
1705 vn_seqc_write_end(fvp);
1706 vn_seqc_write_end(fdvp);
1720 ufs_do_posix1e_acl_inheritance_dir(struct vnode *dvp, struct vnode *tvp,
1721 mode_t dmode, struct ucred *cred, struct thread *td)
1724 struct inode *ip = VTOI(tvp);
1725 struct acl *dacl, *acl;
1727 acl = acl_alloc(M_WAITOK);
1728 dacl = acl_alloc(M_WAITOK);
1731 * Retrieve default ACL from parent, if any.
1733 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1737 * Retrieved a default ACL, so merge mode and ACL if
1738 * necessary. If the ACL is empty, fall through to
1739 * the "not defined or available" case.
1741 if (acl->acl_cnt != 0) {
1742 dmode = acl_posix1e_newfilemode(dmode, acl);
1743 UFS_INODE_SET_MODE(ip, dmode);
1744 DIP_SET(ip, i_mode, dmode);
1746 ufs_sync_acl_from_inode(ip, acl);
1753 * Just use the mode as-is.
1755 UFS_INODE_SET_MODE(ip, dmode);
1756 DIP_SET(ip, i_mode, dmode);
1765 * XXX: If we abort now, will Soft Updates notify the extattr
1766 * code that the EAs for the file need to be released?
1768 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1770 error = VOP_SETACL(tvp, ACL_TYPE_DEFAULT, dacl, cred, td);
1777 * XXX: This should not happen, as EOPNOTSUPP above
1778 * was supposed to free acl.
1780 printf("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()\n");
1782 panic("ufs_mkdir: VOP_GETACL() but no VOP_SETACL()");
1798 ufs_do_posix1e_acl_inheritance_file(struct vnode *dvp, struct vnode *tvp,
1799 mode_t mode, struct ucred *cred, struct thread *td)
1802 struct inode *ip = VTOI(tvp);
1805 acl = acl_alloc(M_WAITOK);
1808 * Retrieve default ACL for parent, if any.
1810 error = VOP_GETACL(dvp, ACL_TYPE_DEFAULT, acl, cred, td);
1814 * Retrieved a default ACL, so merge mode and ACL if
1817 if (acl->acl_cnt != 0) {
1819 * Two possible ways for default ACL to not
1820 * be present. First, the EA can be
1821 * undefined, or second, the default ACL can
1822 * be blank. If it's blank, fall through to
1823 * the it's not defined case.
1825 mode = acl_posix1e_newfilemode(mode, acl);
1826 UFS_INODE_SET_MODE(ip, mode);
1827 DIP_SET(ip, i_mode, mode);
1828 ufs_sync_acl_from_inode(ip, acl);
1835 * Just use the mode as-is.
1837 UFS_INODE_SET_MODE(ip, mode);
1838 DIP_SET(ip, i_mode, mode);
1847 * XXX: If we abort now, will Soft Updates notify the extattr
1848 * code that the EAs for the file need to be released?
1850 error = VOP_SETACL(tvp, ACL_TYPE_ACCESS, acl, cred, td);
1857 * XXX: This should not happen, as EOPNOTSUPP above was
1858 * supposed to free acl.
1860 printf("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1861 "but no VOP_SETACL()\n");
1862 /* panic("ufs_do_posix1e_acl_inheritance_file: VOP_GETACL() "
1863 "but no VOP_SETACL()"); */
1877 ufs_do_nfs4_acl_inheritance(struct vnode *dvp, struct vnode *tvp,
1878 mode_t child_mode, struct ucred *cred, struct thread *td)
1881 struct acl *parent_aclp, *child_aclp;
1883 parent_aclp = acl_alloc(M_WAITOK);
1884 child_aclp = acl_alloc(M_WAITOK | M_ZERO);
1886 error = ufs_getacl_nfs4_internal(dvp, parent_aclp, td);
1889 acl_nfs4_compute_inherited_acl(parent_aclp, child_aclp,
1890 child_mode, VTOI(tvp)->i_uid, tvp->v_type == VDIR);
1891 error = ufs_setacl_nfs4_internal(tvp, child_aclp, td);
1895 acl_free(parent_aclp);
1896 acl_free(child_aclp);
1907 struct vop_mkdir_args /* {
1908 struct vnode *a_dvp;
1909 struct vnode **a_vpp;
1910 struct componentname *a_cnp;
1911 struct vattr *a_vap;
1914 struct vnode *dvp = ap->a_dvp;
1915 struct vattr *vap = ap->a_vap;
1916 struct componentname *cnp = ap->a_cnp;
1917 struct inode *ip, *dp;
1920 struct dirtemplate dirtemplate, *dtp;
1921 struct direct newdir;
1926 if ((cnp->cn_flags & HASBUF) == 0)
1927 panic("ufs_mkdir: no name");
1930 if (dp->i_nlink >= UFS_LINK_MAX) {
1934 dmode = vap->va_mode & 0777;
1938 * Must simulate part of ufs_makeinode here to acquire the inode,
1939 * but not have it entered in the parent directory. The entry is
1940 * made later after writing "." and ".." entries.
1942 if (dp->i_effnlink < 2) {
1943 print_bad_link_count("ufs_mkdir", dvp);
1948 if (DOINGSOFTDEP(dvp)) {
1949 error = softdep_prelink(dvp, NULL);
1951 MPASS(error == ERELOOKUP);
1956 error = UFS_VALLOC(dvp, dmode, cnp->cn_cred, &tvp);
1959 vn_seqc_write_begin(tvp);
1961 ip->i_gid = dp->i_gid;
1962 DIP_SET(ip, i_gid, dp->i_gid);
1966 struct ucred ucred, *ucp;
1971 * If we are hacking owners here, (only do this where told to)
1972 * and we are not giving it TO root, (would subvert quotas)
1973 * then go ahead and give it to the other user.
1974 * The new directory also inherits the SUID bit.
1975 * If user's UID and dir UID are the same,
1976 * 'give it away' so that the SUID is still forced on.
1978 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
1979 (dp->i_mode & ISUID) && dp->i_uid) {
1981 ip->i_uid = dp->i_uid;
1982 DIP_SET(ip, i_uid, dp->i_uid);
1984 if (dp->i_uid != cnp->cn_cred->cr_uid) {
1986 * Make sure the correct user gets charged
1988 * Make a dummy credential for the victim.
1989 * XXX This seems to never be accessed out of
1990 * our context so a stack variable is ok.
1992 refcount_init(&ucred.cr_ref, 1);
1993 ucred.cr_uid = ip->i_uid;
1994 ucred.cr_ngroups = 1;
1995 ucred.cr_groups = &ucred_group;
1996 ucred.cr_groups[0] = dp->i_gid;
2001 ip->i_uid = cnp->cn_cred->cr_uid;
2002 DIP_SET(ip, i_uid, ip->i_uid);
2005 if ((error = getinoquota(ip)) ||
2006 (error = chkiq(ip, 1, ucp, 0))) {
2007 if (DOINGSOFTDEP(tvp))
2008 softdep_revert_link(dp, ip);
2009 UFS_VFREE(tvp, ip->i_number, dmode);
2010 vn_seqc_write_end(tvp);
2017 #else /* !SUIDDIR */
2018 ip->i_uid = cnp->cn_cred->cr_uid;
2019 DIP_SET(ip, i_uid, ip->i_uid);
2021 if ((error = getinoquota(ip)) ||
2022 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2023 if (DOINGSOFTDEP(tvp))
2024 softdep_revert_link(dp, ip);
2025 UFS_VFREE(tvp, ip->i_number, dmode);
2026 vn_seqc_write_end(tvp);
2032 #endif /* !SUIDDIR */
2033 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2034 UFS_INODE_SET_MODE(ip, dmode);
2035 DIP_SET(ip, i_mode, dmode);
2036 tvp->v_type = VDIR; /* Rest init'd in getnewvnode(). */
2039 DIP_SET(ip, i_nlink, 2);
2041 if (cnp->cn_flags & ISWHITEOUT) {
2042 ip->i_flags |= UF_OPAQUE;
2043 DIP_SET(ip, i_flags, ip->i_flags);
2047 * Bump link count in parent directory to reflect work done below.
2048 * Should be done before reference is created so cleanup is
2049 * possible if we crash.
2053 DIP_SET(dp, i_nlink, dp->i_nlink);
2054 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2055 if (DOINGSOFTDEP(dvp))
2056 softdep_setup_mkdir(dp, ip);
2057 error = UFS_UPDATE(dvp, !DOINGSOFTDEP(dvp) && !DOINGASYNC(dvp));
2061 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2062 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2069 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2070 error = ufs_do_posix1e_acl_inheritance_dir(dvp, tvp, dmode,
2071 cnp->cn_cred, cnp->cn_thread);
2074 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2075 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, dmode,
2076 cnp->cn_cred, cnp->cn_thread);
2080 #endif /* !UFS_ACL */
2083 * Initialize directory with "." and ".." from static template.
2085 if (dvp->v_mount->mnt_maxsymlinklen > 0)
2086 dtp = &mastertemplate;
2088 dtp = (struct dirtemplate *)&omastertemplate;
2090 dirtemplate.dot_ino = ip->i_number;
2091 dirtemplate.dotdot_ino = dp->i_number;
2092 vnode_pager_setsize(tvp, DIRBLKSIZ);
2093 if ((error = UFS_BALLOC(tvp, (off_t)0, DIRBLKSIZ, cnp->cn_cred,
2094 BA_CLRBUF, &bp)) != 0)
2096 ip->i_size = DIRBLKSIZ;
2097 DIP_SET(ip, i_size, DIRBLKSIZ);
2098 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2099 bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate);
2100 if (DOINGSOFTDEP(tvp)) {
2102 * Ensure that the entire newly allocated block is a
2103 * valid directory so that future growth within the
2104 * block does not have to ensure that the block is
2105 * written before the inode.
2108 while (blkoff < bp->b_bcount) {
2110 (bp->b_data + blkoff))->d_reclen = DIRBLKSIZ;
2111 blkoff += DIRBLKSIZ;
2114 if ((error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) &&
2115 !DOINGASYNC(tvp))) != 0) {
2120 * Directory set up, now install its entry in the parent directory.
2122 * If we are not doing soft dependencies, then we must write out the
2123 * buffer containing the new directory body before entering the new
2124 * name in the parent. If we are doing soft dependencies, then the
2125 * buffer containing the new directory body will be passed to and
2126 * released in the soft dependency code after the code has attached
2127 * an appropriate ordering dependency to the buffer which ensures that
2128 * the buffer is written before the new name is written in the parent.
2130 if (DOINGASYNC(dvp))
2132 else if (!DOINGSOFTDEP(dvp) && ((error = bwrite(bp))))
2134 ufs_makedirentry(ip, cnp, &newdir);
2135 error = ufs_direnter(dvp, tvp, &newdir, cnp, bp);
2140 vn_seqc_write_end(tvp);
2144 DIP_SET(dp, i_nlink, dp->i_nlink);
2145 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2147 * No need to do an explicit VOP_TRUNCATE here, vrele will
2148 * do this for us because we set the link count to 0.
2152 DIP_SET(ip, i_nlink, 0);
2153 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2154 if (DOINGSOFTDEP(tvp))
2155 softdep_revert_mkdir(dp, ip);
2156 vn_seqc_write_end(tvp);
2165 * Rmdir system call.
2169 struct vop_rmdir_args /* {
2170 struct vnode *a_dvp;
2172 struct componentname *a_cnp;
2175 struct vnode *vp = ap->a_vp;
2176 struct vnode *dvp = ap->a_dvp;
2177 struct componentname *cnp = ap->a_cnp;
2178 struct inode *ip, *dp;
2185 * Do not remove a directory that is in the process of being renamed.
2186 * Verify the directory is empty (and valid). Rmdir ".." will not be
2187 * valid since ".." will contain a reference to the current directory
2188 * and thus be non-empty. Do not allow the removal of mounted on
2189 * directories (this can happen when an NFS exported filesystem
2190 * tries to remove a locally mounted on directory).
2193 if (dp->i_effnlink <= 2) {
2194 if (dp->i_effnlink == 2)
2195 print_bad_link_count("ufs_rmdir", dvp);
2199 if (!ufs_dirempty(ip, dp->i_number, cnp->cn_cred)) {
2203 if ((dp->i_flags & APPEND)
2204 || (ip->i_flags & (NOUNLINK | IMMUTABLE | APPEND))) {
2208 if (vp->v_mountedhere != 0) {
2212 if (DOINGSOFTDEP(dvp)) {
2213 error = softdep_prelink(dvp, vp);
2215 MPASS(error == ERELOOKUP);
2221 ufs_gjournal_orphan(vp);
2224 * Delete reference to directory before purging
2225 * inode. If we crash in between, the directory
2226 * will be reattached to lost+found,
2230 if (DOINGSOFTDEP(vp))
2231 softdep_setup_rmdir(dp, ip);
2232 error = ufs_dirremove(dvp, ip, cnp->cn_flags, 1);
2236 if (DOINGSOFTDEP(vp))
2237 softdep_revert_rmdir(dp, ip);
2241 * The only stuff left in the directory is "." and "..". The "."
2242 * reference is inconsequential since we are quashing it. The soft
2243 * dependency code will arrange to do these operations after
2244 * the parent directory entry has been deleted on disk, so
2245 * when running with that code we avoid doing them now.
2247 if (!DOINGSOFTDEP(vp)) {
2249 DIP_SET(dp, i_nlink, dp->i_nlink);
2250 UFS_INODE_SET_FLAG(dp, IN_CHANGE);
2251 error = UFS_UPDATE(dvp, 0);
2253 DIP_SET(ip, i_nlink, ip->i_nlink);
2254 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2256 cache_vop_rmdir(dvp, vp);
2258 /* Kill any active hash; i_effnlink == 0, so it will not come back. */
2259 if (ip->i_dirhash != NULL)
2260 ufsdirhash_free(ip);
2267 * symlink -- make a symbolic link
2271 struct vop_symlink_args /* {
2272 struct vnode *a_dvp;
2273 struct vnode **a_vpp;
2274 struct componentname *a_cnp;
2275 struct vattr *a_vap;
2276 const char *a_target;
2279 struct vnode *vp, **vpp = ap->a_vpp;
2283 error = ufs_makeinode(IFLNK | ap->a_vap->va_mode, ap->a_dvp,
2284 vpp, ap->a_cnp, "ufs_symlink");
2288 len = strlen(ap->a_target);
2289 if (len < vp->v_mount->mnt_maxsymlinklen) {
2291 bcopy(ap->a_target, SHORTLINK(ip), len);
2293 DIP_SET(ip, i_size, len);
2294 UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
2295 error = UFS_UPDATE(vp, 0);
2297 error = vn_rdwr(UIO_WRITE, vp, __DECONST(void *, ap->a_target),
2298 len, (off_t)0, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
2299 ap->a_cnp->cn_cred, NOCRED, NULL, NULL);
2306 * Vnode op for reading directories.
2310 struct vop_readdir_args /* {
2313 struct ucred *a_cred;
2319 struct vnode *vp = ap->a_vp;
2320 struct uio *uio = ap->a_uio;
2323 struct direct *dp, *edp;
2325 struct dirent dstdp;
2326 off_t offset, startoffset;
2327 size_t readcnt, skipcnt;
2332 if (uio->uio_offset < 0)
2335 if (ip->i_effnlink == 0)
2337 if (ap->a_ncookies != NULL) {
2338 if (uio->uio_resid < 0)
2341 ncookies = uio->uio_resid;
2342 if (uio->uio_offset >= ip->i_size)
2344 else if (ip->i_size - uio->uio_offset < ncookies)
2345 ncookies = ip->i_size - uio->uio_offset;
2346 ncookies = ncookies / (offsetof(struct direct, d_name) + 4) + 1;
2347 cookies = malloc(ncookies * sizeof(*cookies), M_TEMP, M_WAITOK);
2348 *ap->a_ncookies = ncookies;
2349 *ap->a_cookies = cookies;
2354 offset = startoffset = uio->uio_offset;
2355 startresid = uio->uio_resid;
2357 while (error == 0 && uio->uio_resid > 0 &&
2358 uio->uio_offset < ip->i_size) {
2359 error = UFS_BLKATOFF(vp, uio->uio_offset, NULL, &bp);
2362 if (bp->b_offset + bp->b_bcount > ip->i_size)
2363 readcnt = ip->i_size - bp->b_offset;
2365 readcnt = bp->b_bcount;
2366 skipcnt = (size_t)(uio->uio_offset - bp->b_offset) &
2367 ~(size_t)(DIRBLKSIZ - 1);
2368 offset = bp->b_offset + skipcnt;
2369 dp = (struct direct *)&bp->b_data[skipcnt];
2370 edp = (struct direct *)&bp->b_data[readcnt];
2371 while (error == 0 && uio->uio_resid > 0 && dp < edp) {
2372 if (dp->d_reclen <= offsetof(struct direct, d_name) ||
2373 (caddr_t)dp + dp->d_reclen > (caddr_t)edp) {
2377 #if BYTE_ORDER == LITTLE_ENDIAN
2378 /* Old filesystem format. */
2379 if (vp->v_mount->mnt_maxsymlinklen <= 0) {
2380 dstdp.d_namlen = dp->d_type;
2381 dstdp.d_type = dp->d_namlen;
2385 dstdp.d_namlen = dp->d_namlen;
2386 dstdp.d_type = dp->d_type;
2388 if (offsetof(struct direct, d_name) + dstdp.d_namlen >
2393 if (offset < startoffset || dp->d_ino == 0)
2395 dstdp.d_fileno = dp->d_ino;
2396 dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
2397 bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
2398 /* NOTE: d_off is the offset of the *next* entry. */
2399 dstdp.d_off = offset + dp->d_reclen;
2400 dirent_terminate(&dstdp);
2401 if (dstdp.d_reclen > uio->uio_resid) {
2402 if (uio->uio_resid == startresid)
2405 error = EJUSTRETURN;
2409 error = uiomove((caddr_t)&dstdp, dstdp.d_reclen, uio);
2412 if (cookies != NULL) {
2413 KASSERT(ncookies > 0,
2414 ("ufs_readdir: cookies buffer too small"));
2415 *cookies = offset + dp->d_reclen;
2420 offset += dp->d_reclen;
2421 dp = (struct direct *)((caddr_t)dp + dp->d_reclen);
2424 uio->uio_offset = offset;
2426 /* We need to correct uio_offset. */
2427 uio->uio_offset = offset;
2428 if (error == EJUSTRETURN)
2430 if (ap->a_ncookies != NULL) {
2432 ap->a_ncookies -= ncookies;
2434 free(*ap->a_cookies, M_TEMP);
2435 *ap->a_ncookies = 0;
2436 *ap->a_cookies = NULL;
2439 if (error == 0 && ap->a_eofflag)
2440 *ap->a_eofflag = ip->i_size <= uio->uio_offset;
2445 * Return target name of a symbolic link
2449 struct vop_readlink_args /* {
2452 struct ucred *a_cred;
2455 struct vnode *vp = ap->a_vp;
2456 struct inode *ip = VTOI(vp);
2460 if ((isize < vp->v_mount->mnt_maxsymlinklen) ||
2461 DIP(ip, i_blocks) == 0) { /* XXX - for old fastlink support */
2462 return (uiomove(SHORTLINK(ip), isize, ap->a_uio));
2464 return (VOP_READ(vp, ap->a_uio, 0, ap->a_cred));
2468 * Calculate the logical to physical mapping if not done already,
2469 * then call the device strategy routine.
2471 * In order to be able to swap to a file, the ufs_bmaparray() operation may not
2472 * deadlock on memory. See ufs_bmap() for details.
2476 struct vop_strategy_args /* {
2481 struct buf *bp = ap->a_bp;
2482 struct vnode *vp = ap->a_vp;
2486 if (bp->b_blkno == bp->b_lblkno) {
2487 error = ufs_bmaparray(vp, bp->b_lblkno, &blkno, bp, NULL, NULL);
2488 bp->b_blkno = blkno;
2490 bp->b_error = error;
2491 bp->b_ioflags |= BIO_ERROR;
2495 if ((long)bp->b_blkno == -1)
2498 if ((long)bp->b_blkno == -1) {
2502 bp->b_iooffset = dbtob(bp->b_blkno);
2503 BO_STRATEGY(VFSTOUFS(vp->v_mount)->um_bo, bp);
2508 * Print out the contents of an inode.
2512 struct vop_print_args /* {
2516 struct vnode *vp = ap->a_vp;
2517 struct inode *ip = VTOI(vp);
2519 printf("\tnlink=%d, effnlink=%d, size=%jd", ip->i_nlink,
2520 ip->i_effnlink, (intmax_t)ip->i_size);
2522 printf(", extsize %d", ip->i_din2->di_extsize);
2523 printf("\n\tgeneration=%jx, uid=%d, gid=%d, flags=0x%b\n",
2524 (uintmax_t)ip->i_gen, ip->i_uid, ip->i_gid,
2525 (u_int)ip->i_flags, PRINT_INODE_FLAGS);
2526 printf("\tino %lu, on dev %s", (u_long)ip->i_number,
2527 devtoname(ITODEV(ip)));
2528 if (vp->v_type == VFIFO)
2535 * Close wrapper for fifos.
2537 * Update the times on the inode then do device close.
2541 struct vop_close_args /* {
2544 struct ucred *a_cred;
2545 struct thread *a_td;
2548 struct vnode *vp = ap->a_vp;
2552 usecount = vp->v_usecount;
2554 ufs_itimes_locked(vp);
2556 return (fifo_specops.vop_close(ap));
2560 * Kqfilter wrapper for fifos.
2562 * Fall through to ufs kqfilter routines if needed
2565 ufsfifo_kqfilter(ap)
2566 struct vop_kqfilter_args *ap;
2570 error = fifo_specops.vop_kqfilter(ap);
2572 error = vfs_kqfilter(ap);
2577 * Return POSIX pathconf information applicable to ufs filesystems.
2581 struct vop_pathconf_args /* {
2590 switch (ap->a_name) {
2592 *ap->a_retval = UFS_LINK_MAX;
2595 *ap->a_retval = UFS_MAXNAMLEN;
2598 if (ap->a_vp->v_type == VDIR || ap->a_vp->v_type == VFIFO)
2599 *ap->a_retval = PIPE_BUF;
2603 case _PC_CHOWN_RESTRICTED:
2610 case _PC_ACL_EXTENDED:
2611 if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS)
2617 if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS)
2623 case _PC_ACL_PATH_MAX:
2625 if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS))
2626 *ap->a_retval = ACL_MAX_ENTRIES;
2634 case _PC_MAC_PRESENT:
2635 if (ap->a_vp->v_mount->mnt_flag & MNT_MULTILABEL)
2641 case _PC_MIN_HOLE_SIZE:
2642 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2650 case _PC_ALLOC_SIZE_MIN:
2651 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize;
2653 case _PC_FILESIZEBITS:
2656 case _PC_REC_INCR_XFER_SIZE:
2657 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2659 case _PC_REC_MAX_XFER_SIZE:
2660 *ap->a_retval = -1; /* means ``unlimited'' */
2662 case _PC_REC_MIN_XFER_SIZE:
2663 *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_iosize;
2665 case _PC_REC_XFER_ALIGN:
2666 *ap->a_retval = PAGE_SIZE;
2668 case _PC_SYMLINK_MAX:
2669 *ap->a_retval = MAXPATHLEN;
2673 error = vop_stdpathconf(ap);
2680 * Initialize the vnode associated with a new inode, handle aliased
2684 ufs_vinit(mntp, fifoops, vpp)
2686 struct vop_vector *fifoops;
2693 ASSERT_VOP_LOCKED(vp, "ufs_vinit");
2695 vp->v_type = IFTOVT(ip->i_mode);
2697 * Only unallocated inodes should be of type VNON.
2699 if (ip->i_mode != 0 && vp->v_type == VNON)
2701 if (vp->v_type == VFIFO)
2703 if (ip->i_number == UFS_ROOTINO)
2704 vp->v_vflag |= VV_ROOT;
2710 * Allocate a new inode.
2711 * Vnode dvp must be locked.
2714 ufs_makeinode(mode, dvp, vpp, cnp, callfunc)
2718 struct componentname *cnp;
2719 const char *callfunc;
2721 struct inode *ip, *pdir;
2722 struct direct newdir;
2728 if ((cnp->cn_flags & HASBUF) == 0)
2729 panic("%s: no name", callfunc);
2732 if ((mode & IFMT) == 0)
2735 if (pdir->i_effnlink < 2) {
2736 print_bad_link_count(callfunc, dvp);
2739 if (DOINGSOFTDEP(dvp)) {
2740 error = softdep_prelink(dvp, NULL);
2742 MPASS(error == ERELOOKUP);
2746 error = UFS_VALLOC(dvp, mode, cnp->cn_cred, &tvp);
2750 ip->i_gid = pdir->i_gid;
2751 DIP_SET(ip, i_gid, pdir->i_gid);
2755 struct ucred ucred, *ucp;
2760 * If we are not the owner of the directory,
2761 * and we are hacking owners here, (only do this where told to)
2762 * and we are not giving it TO root, (would subvert quotas)
2763 * then go ahead and give it to the other user.
2764 * Note that this drops off the execute bits for security.
2766 if ((dvp->v_mount->mnt_flag & MNT_SUIDDIR) &&
2767 (pdir->i_mode & ISUID) &&
2768 (pdir->i_uid != cnp->cn_cred->cr_uid) && pdir->i_uid) {
2769 ip->i_uid = pdir->i_uid;
2770 DIP_SET(ip, i_uid, ip->i_uid);
2774 * Make sure the correct user gets charged
2776 * Quickly knock up a dummy credential for the victim.
2777 * XXX This seems to never be accessed out of our
2778 * context so a stack variable is ok.
2780 refcount_init(&ucred.cr_ref, 1);
2781 ucred.cr_uid = ip->i_uid;
2782 ucred.cr_ngroups = 1;
2783 ucred.cr_groups = &ucred_group;
2784 ucred.cr_groups[0] = pdir->i_gid;
2788 ip->i_uid = cnp->cn_cred->cr_uid;
2789 DIP_SET(ip, i_uid, ip->i_uid);
2793 if ((error = getinoquota(ip)) ||
2794 (error = chkiq(ip, 1, ucp, 0))) {
2795 if (DOINGSOFTDEP(tvp))
2796 softdep_revert_link(pdir, ip);
2797 UFS_VFREE(tvp, ip->i_number, mode);
2804 #else /* !SUIDDIR */
2805 ip->i_uid = cnp->cn_cred->cr_uid;
2806 DIP_SET(ip, i_uid, ip->i_uid);
2808 if ((error = getinoquota(ip)) ||
2809 (error = chkiq(ip, 1, cnp->cn_cred, 0))) {
2810 if (DOINGSOFTDEP(tvp))
2811 softdep_revert_link(pdir, ip);
2812 UFS_VFREE(tvp, ip->i_number, mode);
2818 #endif /* !SUIDDIR */
2819 vn_seqc_write_begin(tvp); /* Mostly to cover asserts */
2820 UFS_INODE_SET_FLAG(ip, IN_ACCESS | IN_CHANGE | IN_UPDATE);
2821 UFS_INODE_SET_MODE(ip, mode);
2822 DIP_SET(ip, i_mode, mode);
2823 tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
2826 DIP_SET(ip, i_nlink, 1);
2827 if (DOINGSOFTDEP(tvp))
2828 softdep_setup_create(VTOI(dvp), ip);
2829 if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
2830 priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) {
2831 UFS_INODE_SET_MODE(ip, ip->i_mode & ~ISGID);
2832 DIP_SET(ip, i_mode, ip->i_mode);
2835 if (cnp->cn_flags & ISWHITEOUT) {
2836 ip->i_flags |= UF_OPAQUE;
2837 DIP_SET(ip, i_flags, ip->i_flags);
2841 * Make sure inode goes to disk before directory entry.
2843 error = UFS_UPDATE(tvp, !DOINGSOFTDEP(tvp) && !DOINGASYNC(tvp));
2847 if (dvp->v_mount->mnt_flag & MNT_MULTILABEL) {
2848 error = mac_vnode_create_extattr(cnp->cn_cred, dvp->v_mount,
2855 if (dvp->v_mount->mnt_flag & MNT_ACLS) {
2856 error = ufs_do_posix1e_acl_inheritance_file(dvp, tvp, mode,
2857 cnp->cn_cred, cnp->cn_thread);
2860 } else if (dvp->v_mount->mnt_flag & MNT_NFS4ACLS) {
2861 error = ufs_do_nfs4_acl_inheritance(dvp, tvp, mode,
2862 cnp->cn_cred, cnp->cn_thread);
2866 #endif /* !UFS_ACL */
2867 ufs_makedirentry(ip, cnp, &newdir);
2868 error = ufs_direnter(dvp, tvp, &newdir, cnp, NULL);
2871 vn_seqc_write_end(tvp);
2877 * Write error occurred trying to update the inode
2878 * or the directory so must deallocate the inode.
2882 DIP_SET(ip, i_nlink, 0);
2883 UFS_INODE_SET_FLAG(ip, IN_CHANGE);
2884 if (DOINGSOFTDEP(tvp))
2885 softdep_revert_create(VTOI(dvp), ip);
2886 vn_seqc_write_end(tvp);
2893 ufs_ioctl(struct vop_ioctl_args *ap)
2899 switch (ap->a_command) {
2901 error = vn_lock(vp, LK_SHARED);
2903 error = ufs_bmap_seekdata(vp, (off_t *)ap->a_data);
2909 return (vn_bmap_seekhole(vp, ap->a_command, (off_t *)ap->a_data,
2917 ufs_read_pgcache(struct vop_read_pgcache_args *ap)
2924 VNPASS((vn_irflag_read(vp) & VIRF_PGREAD) != 0, vp);
2926 if (uio->uio_resid > ptoa(io_hold_cnt) || uio->uio_offset < 0 ||
2927 (ap->a_ioflag & IO_DIRECT) != 0)
2928 return (EJUSTRETURN);
2929 return (vn_read_from_obj(vp, uio));
2932 /* Global vfs data structures for ufs. */
2933 struct vop_vector ufs_vnodeops = {
2934 .vop_default = &default_vnodeops,
2935 .vop_fsync = VOP_PANIC,
2936 .vop_read = VOP_PANIC,
2937 .vop_reallocblks = VOP_PANIC,
2938 .vop_write = VOP_PANIC,
2939 .vop_accessx = ufs_accessx,
2940 .vop_bmap = ufs_bmap,
2941 .vop_fplookup_vexec = ufs_fplookup_vexec,
2942 .vop_fplookup_symlink = VOP_EAGAIN,
2943 .vop_cachedlookup = ufs_lookup,
2944 .vop_close = ufs_close,
2945 .vop_create = ufs_create,
2946 .vop_stat = ufs_stat,
2947 .vop_getattr = ufs_getattr,
2948 .vop_inactive = ufs_inactive,
2949 .vop_ioctl = ufs_ioctl,
2950 .vop_link = ufs_link,
2951 .vop_lookup = vfs_cache_lookup,
2952 .vop_mmapped = ufs_mmapped,
2953 .vop_mkdir = ufs_mkdir,
2954 .vop_mknod = ufs_mknod,
2955 .vop_need_inactive = ufs_need_inactive,
2956 .vop_open = ufs_open,
2957 .vop_pathconf = ufs_pathconf,
2958 .vop_poll = vop_stdpoll,
2959 .vop_print = ufs_print,
2960 .vop_read_pgcache = ufs_read_pgcache,
2961 .vop_readdir = ufs_readdir,
2962 .vop_readlink = ufs_readlink,
2963 .vop_reclaim = ufs_reclaim,
2964 .vop_remove = ufs_remove,
2965 .vop_rename = ufs_rename,
2966 .vop_rmdir = ufs_rmdir,
2967 .vop_setattr = ufs_setattr,
2969 .vop_setlabel = vop_stdsetlabel_ea,
2971 .vop_strategy = ufs_strategy,
2972 .vop_symlink = ufs_symlink,
2973 .vop_whiteout = ufs_whiteout,
2975 .vop_getextattr = ufs_getextattr,
2976 .vop_deleteextattr = ufs_deleteextattr,
2977 .vop_setextattr = ufs_setextattr,
2980 .vop_getacl = ufs_getacl,
2981 .vop_setacl = ufs_setacl,
2982 .vop_aclcheck = ufs_aclcheck,
2985 VFS_VOP_VECTOR_REGISTER(ufs_vnodeops);
2987 struct vop_vector ufs_fifoops = {
2988 .vop_default = &fifo_specops,
2989 .vop_fsync = VOP_PANIC,
2990 .vop_accessx = ufs_accessx,
2991 .vop_close = ufsfifo_close,
2992 .vop_getattr = ufs_getattr,
2993 .vop_inactive = ufs_inactive,
2994 .vop_kqfilter = ufsfifo_kqfilter,
2995 .vop_pathconf = ufs_pathconf,
2996 .vop_print = ufs_print,
2997 .vop_read = VOP_PANIC,
2998 .vop_reclaim = ufs_reclaim,
2999 .vop_setattr = ufs_setattr,
3001 .vop_setlabel = vop_stdsetlabel_ea,
3003 .vop_write = VOP_PANIC,
3005 .vop_getextattr = ufs_getextattr,
3006 .vop_deleteextattr = ufs_deleteextattr,
3007 .vop_setextattr = ufs_setextattr,
3010 .vop_getacl = ufs_getacl,
3011 .vop_setacl = ufs_setacl,
3012 .vop_aclcheck = ufs_aclcheck,
3015 VFS_VOP_VECTOR_REGISTER(ufs_fifoops);