]> git.saurik.com Git - apple/xnu.git/blob - bsd/vfs/vfs_lookup.c
projects / apple / xnu.git / blob
? search:


aaaf2fbb1270052804fdafbbc38b2b42d7b80044
[apple/xnu.git] / bsd / vfs / vfs_lookup.c
1 /*
2 * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
29 /*
30 * Copyright (c) 1982, 1986, 1989, 1993
31 * The Regents of the University of California. All rights reserved.
32 * (c) UNIX System Laboratories, Inc.
33 * All or some portions of this file are derived from material licensed
34 * to the University of California by American Telephone and Telegraph
35 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
36 * the permission of UNIX System Laboratories, Inc.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * SUCH DAMAGE.
65 *
66 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95
67 */
68 /*
69 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
70 * support for mandatory and extensible security protections. This notice
71 * is included in support of clause 2.2 (b) of the Apple Public License,
72 * Version 2.0.
73 */
74
75 #include <sys/param.h>
76 #include <sys/systm.h>
77 #include <sys/syslimits.h>
78 #include <sys/time.h>
79 #include <sys/namei.h>
80 #include <sys/vm.h>
81 #include <sys/vnode_internal.h>
82 #include <sys/mount_internal.h>
83 #include <sys/errno.h>
84 #include <sys/malloc.h>
85 #include <sys/filedesc.h>
86 #include <sys/proc_internal.h>
87 #include <sys/kdebug.h>
88 #include <sys/unistd.h> /* For _PC_NAME_MAX */
89 #include <sys/uio_internal.h>
90 #include <sys/kauth.h>
91 #include <kern/kalloc.h>
92 #include <security/audit/audit.h>
93 #include <sys/dtrace.h> /* to get the prototype for strstr() in sys/dtrace_glue.h */
94 #if CONFIG_MACF
95 #include <security/mac_framework.h>
96 #endif
97
98 #include <sys/paths.h>
99
100 #if NAMEDRSRCFORK
101 #include <sys/xattr.h>
102 #endif
103 /*
104 * The minimum volfs-style pathname is 9.
105 * Example: "/.vol/1/2"
106 */
107 #define VOLFS_MIN_PATH_LEN 9
108
109
110 #if CONFIG_VOLFS
111 static int vfs_getrealpath(const char * path, char * realpath, size_t bufsize, vfs_context_t ctx);
112 #define MAX_VOLFS_RESTARTS 5
113 #endif
114
115 static int lookup_traverse_mountpoints(struct nameidata *ndp, struct componentname *cnp, vnode_t dp, int vbusyflags, vfs_context_t ctx);
116 static int lookup_handle_symlink(struct nameidata *ndp, vnode_t *new_dp, vfs_context_t ctx);
117 static int lookup_authorize_search(vnode_t dp, struct componentname *cnp, int dp_authorized_in_cache, vfs_context_t ctx);
118 static void lookup_consider_update_cache(vnode_t dvp, vnode_t vp, struct componentname *cnp, int nc_generation);
119 static int lookup_handle_found_vnode(struct nameidata *ndp, struct componentname *cnp, int rdonly,
120 int vbusyflags, int *keep_going, int nc_generation,
121 int wantparent, int atroot, vfs_context_t ctx);
122 static int lookup_handle_emptyname(struct nameidata *ndp, struct componentname *cnp, int wantparent);
123
124 #if NAMEDRSRCFORK
125 static int lookup_handle_rsrc_fork(vnode_t dp, struct nameidata *ndp, struct componentname *cnp, int wantparent, vfs_context_t ctx);
126 #endif
127
128
129
130 /*
131 * Convert a pathname into a pointer to a locked inode.
132 *
133 * The FOLLOW flag is set when symbolic links are to be followed
134 * when they occur at the end of the name translation process.
135 * Symbolic links are always followed for all other pathname
136 * components other than the last.
137 *
138 * The segflg defines whether the name is to be copied from user
139 * space or kernel space.
140 *
141 * Overall outline of namei:
142 *
143 * copy in name
144 * get starting directory
145 * while (!done && !error) {
146 * call lookup to search path.
147 * if symbolic link, massage name in buffer and continue
148 * }
149 *
150 * Returns: 0 Success
151 * ENOENT No such file or directory
152 * ELOOP Too many levels of symbolic links
153 * ENAMETOOLONG Filename too long
154 * copyinstr:EFAULT Bad address
155 * copyinstr:ENAMETOOLONG Filename too long
156 * lookup:EBADF Bad file descriptor
157 * lookup:EROFS
158 * lookup:EACCES
159 * lookup:EPERM
160 * lookup:ERECYCLE vnode was recycled from underneath us in lookup.
161 * This means we should re-drive lookup from this point.
162 * lookup: ???
163 * VNOP_READLINK:???
164 */
165 int
166 namei(struct nameidata *ndp)
167 {
168 struct filedesc *fdp; /* pointer to file descriptor state */
169 struct vnode *dp; /* the directory we are searching */
170 struct vnode *usedvp = ndp->ni_dvp; /* store pointer to vp in case we must loop due to
171 * heavy vnode pressure */
172 u_long cnpflags = ndp->ni_cnd.cn_flags; /* store in case we have to restore after loop */
173 int error;
174 struct componentname *cnp = &ndp->ni_cnd;
175 vfs_context_t ctx = cnp->cn_context;
176 proc_t p = vfs_context_proc(ctx);
177 #if CONFIG_AUDIT
178 /* XXX ut should be from context */
179 uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
180 #endif
181
182 #if CONFIG_VOLFS
183 int volfs_restarts = 0;
184 #endif
185 size_t bytes_copied = 0;
186
187 fdp = p->p_fd;
188
189 #if DIAGNOSTIC
190 if (!vfs_context_ucred(ctx) || !p) {
191 panic("namei: bad cred/proc");
192 }
193 if (cnp->cn_nameiop & (~OPMASK)) {
194 panic("namei: nameiop contaminated with flags");
195 }
196 if (cnp->cn_flags & OPMASK) {
197 panic("namei: flags contaminated with nameiops");
198 }
199 #endif
200
201 /*
202 * A compound VNOP found something that needs further processing:
203 * either a trigger vnode, a covered directory, or a symlink.
204 */
205 if (ndp->ni_flag & NAMEI_CONTLOOKUP) {
206 int rdonly, vbusyflags, keep_going, wantparent;
207
208 rdonly = cnp->cn_flags & RDONLY;
209 vbusyflags = ((cnp->cn_flags & CN_NBMOUNTLOOK) != 0) ? LK_NOWAIT : 0;
210 keep_going = 0;
211 wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
212
213 ndp->ni_flag &= ~(NAMEI_CONTLOOKUP);
214
215 error = lookup_handle_found_vnode(ndp, &ndp->ni_cnd, rdonly, vbusyflags,
216 &keep_going, ndp->ni_ncgeneration, wantparent, 0, ctx);
217 if (error) {
218 goto out_drop;
219 }
220 if (keep_going) {
221 if ((cnp->cn_flags & ISSYMLINK) == 0) {
222 panic("We need to keep going on a continued lookup, but for vp type %d (tag %d)\n", ndp->ni_vp->v_type, ndp->ni_vp->v_tag);
223 }
224 goto continue_symlink;
225 }
226
227 return 0;
228 }
229
230 vnode_recycled:
231
232 /*
233 * Get a buffer for the name to be translated, and copy the
234 * name into the buffer.
235 */
236 if ((cnp->cn_flags & HASBUF) == 0) {
237 cnp->cn_pnbuf = ndp->ni_pathbuf;
238 cnp->cn_pnlen = PATHBUFLEN;
239 }
240 #if LP64_DEBUG
241 if ((UIO_SEG_IS_USER_SPACE(ndp->ni_segflg) == 0)
242 && (ndp->ni_segflg != UIO_SYSSPACE)
243 && (ndp->ni_segflg != UIO_SYSSPACE32)) {
244 panic("%s :%d - invalid ni_segflg\n", __FILE__, __LINE__);
245 }
246 #endif /* LP64_DEBUG */
247
248 retry_copy:
249 if (UIO_SEG_IS_USER_SPACE(ndp->ni_segflg)) {
250 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
251 cnp->cn_pnlen, &bytes_copied);
252 } else {
253 error = copystr(CAST_DOWN(void *, ndp->ni_dirp), cnp->cn_pnbuf,
254 cnp->cn_pnlen, &bytes_copied);
255 }
256 if (error == ENAMETOOLONG && !(cnp->cn_flags & HASBUF)) {
257 MALLOC_ZONE(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
258 if (cnp->cn_pnbuf == NULL) {
259 error = ENOMEM;
260 goto error_out;
261 }
262
263 cnp->cn_flags |= HASBUF;
264 cnp->cn_pnlen = MAXPATHLEN;
265 bytes_copied = 0;
266
267 goto retry_copy;
268 }
269 if (error) {
270 goto error_out;
271 }
272 ndp->ni_pathlen = bytes_copied;
273 bytes_copied = 0;
274
275 /*
276 * Since the name cache may contain positive entries of
277 * the incorrect case, force lookup() to bypass the cache
278 * and call directly into the filesystem for each path
279 * component. Note: the FS may still consult the cache,
280 * but can apply rules to validate the results.
281 */
282 if (proc_is_forcing_hfs_case_sensitivity(p)) {
283 cnp->cn_flags |= CN_SKIPNAMECACHE;
284 }
285
286 #if CONFIG_VOLFS
287 /*
288 * Check for legacy volfs style pathnames.
289 *
290 * For compatibility reasons we currently allow these paths,
291 * but future versions of the OS may not support them.
292 */
293 if (ndp->ni_pathlen >= VOLFS_MIN_PATH_LEN &&
294 cnp->cn_pnbuf[0] == '/' &&
295 cnp->cn_pnbuf[1] == '.' &&
296 cnp->cn_pnbuf[2] == 'v' &&
297 cnp->cn_pnbuf[3] == 'o' &&
298 cnp->cn_pnbuf[4] == 'l' &&
299 cnp->cn_pnbuf[5] == '/') {
300 char * realpath;
301 int realpath_err;
302 /* Attempt to resolve a legacy volfs style pathname. */
303 MALLOC_ZONE(realpath, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
304 if (realpath) {
305 /*
306 * We only error out on the ENAMETOOLONG cases where we know that
307 * vfs_getrealpath translation succeeded but the path could not fit into
308 * MAXPATHLEN characters. In other failure cases, we may be dealing with a path
309 * that legitimately looks like /.vol/1234/567 and is not meant to be translated
310 */
311 if ((realpath_err = vfs_getrealpath(&cnp->cn_pnbuf[6], realpath, MAXPATHLEN, ctx))) {
312 FREE_ZONE(realpath, MAXPATHLEN, M_NAMEI);
313 if (realpath_err == ENOSPC || realpath_err == ENAMETOOLONG) {
314 error = ENAMETOOLONG;
315 goto error_out;
316 }
317 } else {
318 if (cnp->cn_flags & HASBUF) {
319 FREE_ZONE(cnp->cn_pnbuf, cnp->cn_pnlen, M_NAMEI);
320 }
321 cnp->cn_pnbuf = realpath;
322 cnp->cn_pnlen = MAXPATHLEN;
323 ndp->ni_pathlen = strlen(realpath) + 1;
324 cnp->cn_flags |= HASBUF | CN_VOLFSPATH;
325 }
326 }
327 }
328 #endif /* CONFIG_VOLFS */
329
330 #if CONFIG_AUDIT
331 /* If we are auditing the kernel pathname, save the user pathname */
332 if (cnp->cn_flags & AUDITVNPATH1) {
333 AUDIT_ARG(upath, ut->uu_cdir, cnp->cn_pnbuf, ARG_UPATH1);
334 }
335 if (cnp->cn_flags & AUDITVNPATH2) {
336 AUDIT_ARG(upath, ut->uu_cdir, cnp->cn_pnbuf, ARG_UPATH2);
337 }
338 #endif /* CONFIG_AUDIT */
339
340 /*
341 * Do not allow empty pathnames
342 */
343 if (*cnp->cn_pnbuf == '\0') {
344 error = ENOENT;
345 goto error_out;
346 }
347 ndp->ni_loopcnt = 0;
348
349 /*
350 * determine the starting point for the translation.
351 */
352 if ((ndp->ni_rootdir = fdp->fd_rdir) == NULLVP) {
353 if (!(fdp->fd_flags & FD_CHROOT)) {
354 ndp->ni_rootdir = rootvnode;
355 }
356 }
357 cnp->cn_nameptr = cnp->cn_pnbuf;
358
359 ndp->ni_usedvp = NULLVP;
360
361 if (*(cnp->cn_nameptr) == '/') {
362 while (*(cnp->cn_nameptr) == '/') {
363 cnp->cn_nameptr++;
364 ndp->ni_pathlen--;
365 }
366 dp = ndp->ni_rootdir;
367 } else if (cnp->cn_flags & USEDVP) {
368 dp = ndp->ni_dvp;
369 ndp->ni_usedvp = dp;
370 } else {
371 dp = vfs_context_cwd(ctx);
372 }
373
374 if (dp == NULLVP || (dp->v_lflag & VL_DEAD)) {
375 error = ENOENT;
376 goto error_out;
377 }
378 ndp->ni_dvp = NULLVP;
379 ndp->ni_vp = NULLVP;
380
381 for (;;) {
382 #if CONFIG_MACF
383 /*
384 * Give MACF policies a chance to reject the lookup
385 * before performing any filesystem operations.
386 * This hook is called before resolving the path and
387 * again each time a symlink is encountered.
388 * NB: policies receive path information as supplied
389 * by the caller and thus cannot be trusted.
390 */
391 error = mac_vnode_check_lookup_preflight(ctx, dp, cnp->cn_nameptr, cnp->cn_namelen);
392 if (error) {
393 goto error_out;
394 }
395 #endif
396
397 ndp->ni_startdir = dp;
398
399 if ((error = lookup(ndp))) {
400 goto error_out;
401 }
402
403 /*
404 * Check for symbolic link
405 */
406 if ((cnp->cn_flags & ISSYMLINK) == 0) {
407 return 0;
408 }
409
410 continue_symlink:
411 /* Gives us a new path to process, and a starting dir */
412 error = lookup_handle_symlink(ndp, &dp, ctx);
413 if (error != 0) {
414 break;
415 }
416 }
417 /*
418 * only come here if we fail to handle a SYMLINK...
419 * if either ni_dvp or ni_vp is non-NULL, then
420 * we need to drop the iocount that was picked
421 * up in the lookup routine
422 */
423 out_drop:
424 if (ndp->ni_dvp) {
425 vnode_put(ndp->ni_dvp);
426 }
427 if (ndp->ni_vp) {
428 vnode_put(ndp->ni_vp);
429 }
430 error_out:
431 if ((cnp->cn_flags & HASBUF)) {
432 cnp->cn_flags &= ~HASBUF;
433 FREE_ZONE(cnp->cn_pnbuf, cnp->cn_pnlen, M_NAMEI);
434 }
435 cnp->cn_pnbuf = NULL;
436 ndp->ni_vp = NULLVP;
437 ndp->ni_dvp = NULLVP;
438
439 #if CONFIG_VOLFS
440 /*
441 * Deal with volfs fallout.
442 *
443 * At this point, if we were originally given a volfs path that
444 * looks like /.vol/123/456, then we would have had to convert it into
445 * a full path. Assuming that part worked properly, we will now attempt
446 * to conduct a lookup of the item in the namespace. Under normal
447 * circumstances, if a user looked up /tmp/foo and it was not there, it
448 * would be permissible to return ENOENT.
449 *
450 * However, we may not want to do that here. Specifically, the volfs path
451 * uniquely identifies a certain item in the namespace regardless of where it
452 * lives. If the item has moved in between the time we constructed the
453 * path and now, when we're trying to do a lookup/authorization on the full
454 * path, we may have gotten an ENOENT.
455 *
456 * At this point we can no longer tell if the path no longer exists
457 * or if the item in question no longer exists. It could have been renamed
458 * away, in which case the /.vol identifier is still valid.
459 *
460 * Do this dance a maximum of MAX_VOLFS_RESTARTS times.
461 */
462 if ((error == ENOENT) && (ndp->ni_cnd.cn_flags & CN_VOLFSPATH)) {
463 if (volfs_restarts < MAX_VOLFS_RESTARTS) {
464 volfs_restarts++;
465 goto vnode_recycled;
466 }
467 }
468 #endif
469
470 if (error == ERECYCLE) {
471 /* vnode was recycled underneath us. re-drive lookup to start at
472 * the beginning again, since recycling invalidated last lookup*/
473 ndp->ni_cnd.cn_flags = cnpflags;
474 ndp->ni_dvp = usedvp;
475 goto vnode_recycled;
476 }
477
478
479 return error;
480 }
481
482 int
483 namei_compound_available(vnode_t dp, struct nameidata *ndp)
484 {
485 if ((ndp->ni_flag & NAMEI_COMPOUNDOPEN) != 0) {
486 return vnode_compound_open_available(dp);
487 }
488
489 return 0;
490 }
491
492 static int
493 lookup_authorize_search(vnode_t dp, struct componentname *cnp, int dp_authorized_in_cache, vfs_context_t ctx)
494 {
495 #if !CONFIG_MACF
496 #pragma unused(cnp)
497 #endif
498
499 int error;
500
501 if (!dp_authorized_in_cache) {
502 error = vnode_authorize(dp, NULL, KAUTH_VNODE_SEARCH, ctx);
503 if (error) {
504 return error;
505 }
506 }
507 #if CONFIG_MACF
508 error = mac_vnode_check_lookup(ctx, dp, cnp);
509 if (error) {
510 return error;
511 }
512 #endif /* CONFIG_MACF */
513
514 return 0;
515 }
516
517 static void
518 lookup_consider_update_cache(vnode_t dvp, vnode_t vp, struct componentname *cnp, int nc_generation)
519 {
520 int isdot_or_dotdot;
521 isdot_or_dotdot = (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') || (cnp->cn_flags & ISDOTDOT);
522
523 if (vp->v_name == NULL || vp->v_parent == NULLVP) {
524 int update_flags = 0;
525
526 if (isdot_or_dotdot == 0) {
527 if (vp->v_name == NULL) {
528 update_flags |= VNODE_UPDATE_NAME;
529 }
530 if (dvp != NULLVP && vp->v_parent == NULLVP) {
531 update_flags |= VNODE_UPDATE_PARENT;
532 }
533
534 if (update_flags) {
535 vnode_update_identity(vp, dvp, cnp->cn_nameptr, cnp->cn_namelen, cnp->cn_hash, update_flags);
536 }
537 }
538 }
539 if ((cnp->cn_flags & MAKEENTRY) && (vp->v_flag & VNCACHEABLE) && LIST_FIRST(&vp->v_nclinks) == NULL) {
540 /*
541 * missing from name cache, but should
542 * be in it... this can happen if volfs
543 * causes the vnode to be created or the
544 * name cache entry got recycled but the
545 * vnode didn't...
546 * check to make sure that ni_dvp is valid
547 * cache_lookup_path may return a NULL
548 * do a quick check to see if the generation of the
549 * directory matches our snapshot... this will get
550 * rechecked behind the name cache lock, but if it
551 * already fails to match, no need to go any further
552 */
553 if (dvp != NULLVP && (nc_generation == dvp->v_nc_generation) && (!isdot_or_dotdot)) {
554 cache_enter_with_gen(dvp, vp, cnp, nc_generation);
555 }
556 }
557 }
558
559 #if NAMEDRSRCFORK
560 /*
561 * Can change ni_dvp and ni_vp. On success, returns with iocounts on stream vnode (always) and
562 * data fork if requested. On failure, returns with iocount data fork (always) and its parent directory
563 * (if one was provided).
564 */
565 static int
566 lookup_handle_rsrc_fork(vnode_t dp, struct nameidata *ndp, struct componentname *cnp, int wantparent, vfs_context_t ctx)
567 {
568 vnode_t svp = NULLVP;
569 enum nsoperation nsop;
570 int nsflags;
571 int error;
572
573 if (dp->v_type != VREG) {
574 error = ENOENT;
575 goto out;
576 }
577 switch (cnp->cn_nameiop) {
578 case DELETE:
579 if (cnp->cn_flags & CN_ALLOWRSRCFORK) {
580 nsop = NS_DELETE;
581 } else {
582 error = EPERM;
583 goto out;
584 }
585 break;
586 case CREATE:
587 if (cnp->cn_flags & CN_ALLOWRSRCFORK) {
588 nsop = NS_CREATE;
589 } else {
590 error = EPERM;
591 goto out;
592 }
593 break;
594 case LOOKUP:
595 /* Make sure our lookup of "/..namedfork/rsrc" is allowed. */
596 if (cnp->cn_flags & CN_ALLOWRSRCFORK) {
597 nsop = NS_OPEN;
598 } else {
599 error = EPERM;
600 goto out;
601 }
602 break;
603 default:
604 error = EPERM;
605 goto out;
606 }
607
608 nsflags = 0;
609 if (cnp->cn_flags & CN_RAW_ENCRYPTED) {
610 nsflags |= NS_GETRAWENCRYPTED;
611 }
612
613 /* Ask the file system for the resource fork. */
614 error = vnode_getnamedstream(dp, &svp, XATTR_RESOURCEFORK_NAME, nsop, nsflags, ctx);
615
616 /* During a create, it OK for stream vnode to be missing. */
617 if (error == ENOATTR || error == ENOENT) {
618 error = (nsop == NS_CREATE) ? 0 : ENOENT;
619 }
620 if (error) {
621 goto out;
622 }
623 /* The "parent" of the stream is the file. */
624 if (wantparent) {
625 if (ndp->ni_dvp) {
626 vnode_put(ndp->ni_dvp);
627 }
628 ndp->ni_dvp = dp;
629 } else {
630 vnode_put(dp);
631 }
632 ndp->ni_vp = svp; /* on create this may be null */
633
634 /* Restore the truncated pathname buffer (for audits). */
635 if (ndp->ni_pathlen == 1 && ndp->ni_next[0] == '\0') {
636 /*
637 * While we replaced only '/' with '\0' and would ordinarily
638 * need to just switch that back, the buffer in which we did
639 * this may not be what the pathname buffer is now when symlinks
640 * are involved. If we just restore the "/" we will make the
641 * string not terminated anymore, so be safe and restore the
642 * entire suffix.
643 */
644 strncpy(ndp->ni_next, _PATH_RSRCFORKSPEC, sizeof(_PATH_RSRCFORKSPEC));
645 cnp->cn_nameptr = ndp->ni_next + 1;
646 cnp->cn_namelen = sizeof(_PATH_RSRCFORKSPEC) - 1;
647 ndp->ni_next += cnp->cn_namelen;
648 if (ndp->ni_next[0] != '\0') {
649 panic("Incorrect termination of path in %s", __FUNCTION__);
650 }
651 }
652 cnp->cn_flags &= ~MAKEENTRY;
653
654 return 0;
655 out:
656 return error;
657 }
658 #endif /* NAMEDRSRCFORK */
659
660 /*
661 * iocounts in:
662 * --One on ni_vp. One on ni_dvp if there is more path, or we didn't come through the
663 * cache, or we came through the cache and the caller doesn't want the parent.
664 *
665 * iocounts out:
666 * --Leaves us in the correct state for the next step, whatever that might be.
667 * --If we find a symlink, returns with iocounts on both ni_vp and ni_dvp.
668 * --If we are to look up another component, then we have an iocount on ni_vp and
669 * nothing else.
670 * --If we are done, returns an iocount on ni_vp, and possibly on ni_dvp depending on nameidata flags.
671 * --In the event of an error, may return with ni_dvp NULL'ed out (in which case, iocount
672 * was dropped).
673 */
674 static int
675 lookup_handle_found_vnode(struct nameidata *ndp, struct componentname *cnp, int rdonly,
676 int vbusyflags, int *keep_going, int nc_generation,
677 int wantparent, int atroot, vfs_context_t ctx)
678 {
679 vnode_t dp;
680 int error;
681 char *cp;
682
683 dp = ndp->ni_vp;
684 *keep_going = 0;
685
686 if (ndp->ni_vp == NULLVP) {
687 panic("NULL ni_vp in %s\n", __FUNCTION__);
688 }
689
690 if (atroot) {
691 goto nextname;
692 }
693
694 /*
695 * Take into account any additional components consumed by
696 * the underlying filesystem.
697 */
698 if (cnp->cn_consume > 0) {
699 cnp->cn_nameptr += cnp->cn_consume;
700 ndp->ni_next += cnp->cn_consume;
701 ndp->ni_pathlen -= cnp->cn_consume;
702 cnp->cn_consume = 0;
703 } else {
704 lookup_consider_update_cache(ndp->ni_dvp, dp, cnp, nc_generation);
705 }
706
707 /*
708 * Check to see if the vnode has been mounted on...
709 * if so find the root of the mounted file system.
710 * Updates ndp->ni_vp.
711 */
712 error = lookup_traverse_mountpoints(ndp, cnp, dp, vbusyflags, ctx);
713 dp = ndp->ni_vp;
714 if (error) {
715 goto out;
716 }
717
718 #if CONFIG_MACF
719 if (vfs_flags(vnode_mount(dp)) & MNT_MULTILABEL) {
720 error = vnode_label(vnode_mount(dp), NULL, dp, NULL, 0, ctx);
721 if (error) {
722 goto out;
723 }
724 }
725 #endif
726
727 /*
728 * Check for symbolic link
729 */
730 if ((dp->v_type == VLNK) &&
731 ((cnp->cn_flags & FOLLOW) || (ndp->ni_flag & NAMEI_TRAILINGSLASH) || *ndp->ni_next == '/')) {
732 cnp->cn_flags |= ISSYMLINK;
733 *keep_going = 1;
734 return 0;
735 }
736
737 /*
738 * Check for bogus trailing slashes.
739 */
740 if ((ndp->ni_flag & NAMEI_TRAILINGSLASH)) {
741 if (dp->v_type != VDIR) {
742 error = ENOTDIR;
743 goto out;
744 }
745 ndp->ni_flag &= ~(NAMEI_TRAILINGSLASH);
746 }
747
748 #if NAMEDSTREAMS
749 /*
750 * Deny namei/lookup requests to resolve paths that point to shadow files.
751 * Access to shadow files must be conducted by explicit calls to VNOP_LOOKUP
752 * directly, and not use lookup/namei
753 */
754 if (vnode_isshadow(dp)) {
755 error = ENOENT;
756 goto out;
757 }
758 #endif
759
760 nextname:
761 /*
762 * Not a symbolic link. If more pathname,
763 * continue at next component, else return.
764 *
765 * Definitely have a dvp if there's another slash
766 */
767 if (*ndp->ni_next == '/') {
768 cnp->cn_nameptr = ndp->ni_next + 1;
769 ndp->ni_pathlen--;
770 while (*cnp->cn_nameptr == '/') {
771 cnp->cn_nameptr++;
772 ndp->ni_pathlen--;
773 }
774
775 cp = cnp->cn_nameptr;
776 vnode_put(ndp->ni_dvp);
777 ndp->ni_dvp = NULLVP;
778
779 if (*cp == '\0') {
780 goto emptyname;
781 }
782
783 *keep_going = 1;
784 return 0;
785 }
786
787 /*
788 * Disallow directory write attempts on read-only file systems.
789 */
790 if (rdonly &&
791 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
792 error = EROFS;
793 goto out;
794 }
795
796 /* If SAVESTART is set, we should have a dvp */
797 if (cnp->cn_flags & SAVESTART) {
798 /*
799 * note that we already hold a reference
800 * on both dp and ni_dvp, but for some reason
801 * can't get another one... in this case we
802 * need to do vnode_put on dp in 'bad2'
803 */
804 if ((vnode_get(ndp->ni_dvp))) {
805 error = ENOENT;
806 goto out;
807 }
808 ndp->ni_startdir = ndp->ni_dvp;
809 }
810 if (!wantparent && ndp->ni_dvp) {
811 vnode_put(ndp->ni_dvp);
812 ndp->ni_dvp = NULLVP;
813 }
814
815 if (cnp->cn_flags & AUDITVNPATH1) {
816 AUDIT_ARG(vnpath, dp, ARG_VNODE1);
817 } else if (cnp->cn_flags & AUDITVNPATH2) {
818 AUDIT_ARG(vnpath, dp, ARG_VNODE2);
819 }
820
821 #if NAMEDRSRCFORK
822 /*
823 * Caller wants the resource fork.
824 */
825 if ((cnp->cn_flags & CN_WANTSRSRCFORK) && (dp != NULLVP)) {
826 error = lookup_handle_rsrc_fork(dp, ndp, cnp, wantparent, ctx);
827 if (error != 0) {
828 goto out;
829 }
830
831 dp = ndp->ni_vp;
832 }
833 #endif
834 if (kdebug_enable) {
835 kdebug_lookup(ndp->ni_vp, cnp);
836 }
837
838 return 0;
839
840 emptyname:
841 error = lookup_handle_emptyname(ndp, cnp, wantparent);
842 if (error != 0) {
843 goto out;
844 }
845
846 return 0;
847 out:
848 return error;
849 }
850
851 /*
852 * Comes in iocount on ni_vp. May overwrite ni_dvp, but doesn't interpret incoming value.
853 */
854 static int
855 lookup_handle_emptyname(struct nameidata *ndp, struct componentname *cnp, int wantparent)
856 {
857 vnode_t dp;
858 int error = 0;
859
860 dp = ndp->ni_vp;
861 cnp->cn_namelen = 0;
862 /*
863 * A degenerate name (e.g. / or "") which is a way of
864 * talking about a directory, e.g. like "/." or ".".
865 */
866 if (dp->v_type != VDIR) {
867 error = ENOTDIR;
868 goto out;
869 }
870 if (cnp->cn_nameiop != LOOKUP) {
871 error = EISDIR;
872 goto out;
873 }
874 if (wantparent) {
875 /*
876 * note that we already hold a reference
877 * on dp, but for some reason can't
878 * get another one... in this case we
879 * need to do vnode_put on dp in 'bad'
880 */
881 if ((vnode_get(dp))) {
882 error = ENOENT;
883 goto out;
884 }
885 ndp->ni_dvp = dp;
886 }
887 cnp->cn_flags &= ~ISDOTDOT;
888 cnp->cn_flags |= ISLASTCN;
889 ndp->ni_next = cnp->cn_nameptr;
890 ndp->ni_vp = dp;
891
892 if (cnp->cn_flags & AUDITVNPATH1) {
893 AUDIT_ARG(vnpath, dp, ARG_VNODE1);
894 } else if (cnp->cn_flags & AUDITVNPATH2) {
895 AUDIT_ARG(vnpath, dp, ARG_VNODE2);
896 }
897 if (cnp->cn_flags & SAVESTART) {
898 panic("lookup: SAVESTART");
899 }
900
901 return 0;
902 out:
903 return error;
904 }
905 /*
906 * Search a pathname.
907 * This is a very central and rather complicated routine.
908 *
909 * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
910 * The starting directory is taken from ni_startdir. The pathname is
911 * descended until done, or a symbolic link is encountered. The variable
912 * ni_more is clear if the path is completed; it is set to one if a
913 * symbolic link needing interpretation is encountered.
914 *
915 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
916 * whether the name is to be looked up, created, renamed, or deleted.
917 * When CREATE, RENAME, or DELETE is specified, information usable in
918 * creating, renaming, or deleting a directory entry may be calculated.
919 * If flag has LOCKPARENT or'ed into it, the parent directory is returned
920 * locked. If flag has WANTPARENT or'ed into it, the parent directory is
921 * returned unlocked. Otherwise the parent directory is not returned. If
922 * the target of the pathname exists and LOCKLEAF is or'ed into the flag
923 * the target is returned locked, otherwise it is returned unlocked.
924 * When creating or renaming and LOCKPARENT is specified, the target may not
925 * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
926 *
927 * Overall outline of lookup:
928 *
929 * dirloop:
930 * identify next component of name at ndp->ni_ptr
931 * handle degenerate case where name is null string
932 * if .. and crossing mount points and on mounted filesys, find parent
933 * call VNOP_LOOKUP routine for next component name
934 * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
935 * component vnode returned in ni_vp (if it exists), locked.
936 * if result vnode is mounted on and crossing mount points,
937 * find mounted on vnode
938 * if more components of name, do next level at dirloop
939 * return the answer in ni_vp, locked if LOCKLEAF set
940 * if LOCKPARENT set, return locked parent in ni_dvp
941 * if WANTPARENT set, return unlocked parent in ni_dvp
942 *
943 * Returns: 0 Success
944 * ENOENT No such file or directory
945 * EBADF Bad file descriptor
946 * ENOTDIR Not a directory
947 * EROFS Read-only file system [CREATE]
948 * EISDIR Is a directory [CREATE]
949 * cache_lookup_path:ERECYCLE (vnode was recycled from underneath us, redrive lookup again)
950 * vnode_authorize:EROFS
951 * vnode_authorize:EACCES
952 * vnode_authorize:EPERM
953 * vnode_authorize:???
954 * VNOP_LOOKUP:ENOENT No such file or directory
955 * VNOP_LOOKUP:EJUSTRETURN Restart system call (INTERNAL)
956 * VNOP_LOOKUP:???
957 * VFS_ROOT:ENOTSUP
958 * VFS_ROOT:ENOENT
959 * VFS_ROOT:???
960 */
961 int
962 lookup(struct nameidata *ndp)
963 {
964 char *cp; /* pointer into pathname argument */
965 vnode_t tdp; /* saved dp */
966 vnode_t dp; /* the directory we are searching */
967 int docache = 1; /* == 0 do not cache last component */
968 int wantparent; /* 1 => wantparent or lockparent flag */
969 int rdonly; /* lookup read-only flag bit */
970 int dp_authorized = 0;
971 int error = 0;
972 struct componentname *cnp = &ndp->ni_cnd;
973 vfs_context_t ctx = cnp->cn_context;
974 int vbusyflags = 0;
975 int nc_generation = 0;
976 vnode_t last_dp = NULLVP;
977 int keep_going;
978 int atroot;
979
980 /*
981 * Setup: break out flag bits into variables.
982 */
983 if (cnp->cn_flags & NOCACHE) {
984 docache = 0;
985 }
986 wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
987 rdonly = cnp->cn_flags & RDONLY;
988 cnp->cn_flags &= ~ISSYMLINK;
989 cnp->cn_consume = 0;
990
991 dp = ndp->ni_startdir;
992 ndp->ni_startdir = NULLVP;
993
994 if ((cnp->cn_flags & CN_NBMOUNTLOOK) != 0) {
995 vbusyflags = LK_NOWAIT;
996 }
997 cp = cnp->cn_nameptr;
998
999 if (*cp == '\0') {
1000 if ((vnode_getwithref(dp))) {
1001 dp = NULLVP;
1002 error = ENOENT;
1003 goto bad;
1004 }
1005 ndp->ni_vp = dp;
1006 error = lookup_handle_emptyname(ndp, cnp, wantparent);
1007 if (error) {
1008 goto bad;
1009 }
1010
1011 return 0;
1012 }
1013 dirloop:
1014 atroot = 0;
1015 ndp->ni_vp = NULLVP;
1016
1017 if ((error = cache_lookup_path(ndp, cnp, dp, ctx, &dp_authorized, last_dp))) {
1018 dp = NULLVP;
1019 goto bad;
1020 }
1021 if ((cnp->cn_flags & ISLASTCN)) {
1022 if (docache) {
1023 cnp->cn_flags |= MAKEENTRY;
1024 }
1025 } else {
1026 cnp->cn_flags |= MAKEENTRY;
1027 }
1028
1029 dp = ndp->ni_dvp;
1030
1031 if (ndp->ni_vp != NULLVP) {
1032 /*
1033 * cache_lookup_path returned a non-NULL ni_vp then,
1034 * we're guaranteed that the dp is a VDIR, it's
1035 * been authorized, and vp is not ".."
1036 *
1037 * make sure we don't try to enter the name back into
1038 * the cache if this vp is purged before we get to that
1039 * check since we won't have serialized behind whatever
1040 * activity is occurring in the FS that caused the purge
1041 */
1042 if (dp != NULLVP) {
1043 nc_generation = dp->v_nc_generation - 1;
1044 }
1045
1046 goto returned_from_lookup_path;
1047 }
1048
1049 /*
1050 * Handle "..": two special cases.
1051 * 1. If at root directory (e.g. after chroot)
1052 * or at absolute root directory
1053 * then ignore it so can't get out.
1054 * 2. If this vnode is the root of a mounted
1055 * filesystem, then replace it with the
1056 * vnode which was mounted on so we take the
1057 * .. in the other file system.
1058 */
1059 if ((cnp->cn_flags & ISDOTDOT)) {
1060 /*
1061 * if this is a chroot'ed process, check if the current
1062 * directory is still a subdirectory of the process's
1063 * root directory.
1064 */
1065 if (ndp->ni_rootdir && (ndp->ni_rootdir != rootvnode) &&
1066 dp != ndp->ni_rootdir) {
1067 int sdir_error;
1068 int is_subdir = FALSE;
1069
1070 sdir_error = vnode_issubdir(dp, ndp->ni_rootdir,
1071 &is_subdir, vfs_context_kernel());
1072
1073 /*
1074 * If we couldn't determine if dp is a subdirectory of
1075 * ndp->ni_rootdir (sdir_error != 0), we let the request
1076 * proceed.
1077 */
1078 if (!sdir_error && !is_subdir) {
1079 vnode_put(dp);
1080 dp = ndp->ni_rootdir;
1081 /*
1082 * There's a ref on the process's root directory
1083 * but we can't use vnode_getwithref here as
1084 * there is nothing preventing that ref being
1085 * released by another thread.
1086 */
1087 if (vnode_get(dp)) {
1088 error = ENOENT;
1089 goto bad;
1090 }
1091 }
1092 }
1093
1094 for (;;) {
1095 if (dp == ndp->ni_rootdir || dp == rootvnode) {
1096 ndp->ni_dvp = dp;
1097 ndp->ni_vp = dp;
1098 /*
1099 * we're pinned at the root
1100 * we've already got one reference on 'dp'
1101 * courtesy of cache_lookup_path... take
1102 * another one for the ".."
1103 * if we fail to get the new reference, we'll
1104 * drop our original down in 'bad'
1105 */
1106 if ((vnode_get(dp))) {
1107 error = ENOENT;
1108 goto bad;
1109 }
1110 atroot = 1;
1111 goto returned_from_lookup_path;
1112 }
1113 if ((dp->v_flag & VROOT) == 0 ||
1114 (cnp->cn_flags & NOCROSSMOUNT)) {
1115 break;
1116 }
1117 if (dp->v_mount == NULL) { /* forced umount */
1118 error = EBADF;
1119 goto bad;
1120 }
1121 tdp = dp;
1122 dp = tdp->v_mount->mnt_vnodecovered;
1123
1124 vnode_put(tdp);
1125
1126 if ((vnode_getwithref(dp))) {
1127 dp = NULLVP;
1128 error = ENOENT;
1129 goto bad;
1130 }
1131 ndp->ni_dvp = dp;
1132 dp_authorized = 0;
1133 }
1134 }
1135
1136 /*
1137 * We now have a segment name to search for, and a directory to search.
1138 */
1139 unionlookup:
1140 ndp->ni_vp = NULLVP;
1141
1142 if (dp->v_type != VDIR) {
1143 error = ENOTDIR;
1144 goto lookup_error;
1145 }
1146 if ((cnp->cn_flags & DONOTAUTH) != DONOTAUTH) {
1147 error = lookup_authorize_search(dp, cnp, dp_authorized, ctx);
1148 if (error) {
1149 goto lookup_error;
1150 }
1151 }
1152
1153 /*
1154 * Now that we've authorized a lookup, can bail out if the filesystem
1155 * will be doing a batched operation. Return an iocount on dvp.
1156 */
1157 #if NAMEDRSRCFORK
1158 if ((cnp->cn_flags & ISLASTCN) && namei_compound_available(dp, ndp) && !(cnp->cn_flags & CN_WANTSRSRCFORK)) {
1159 #else
1160 if ((cnp->cn_flags & ISLASTCN) && namei_compound_available(dp, ndp)) {
1161 #endif /* NAMEDRSRCFORK */
1162 ndp->ni_flag |= NAMEI_UNFINISHED;
1163 ndp->ni_ncgeneration = dp->v_nc_generation;
1164 return 0;
1165 }
1166
1167 nc_generation = dp->v_nc_generation;
1168
1169 /*
1170 * Note:
1171 * Filesystems that support hardlinks may want to call vnode_update_identity
1172 * if the lookup operation below will modify the in-core vnode to belong to a new point
1173 * in the namespace. VFS cannot infer whether or not the look up operation makes the vnode
1174 * name change or change parents. Without this, the lookup may make update
1175 * filesystem-specific in-core metadata but fail to update the v_parent or v_name
1176 * fields in the vnode. If VFS were to do this, it would be necessary to call
1177 * vnode_update_identity on every lookup operation -- expensive!
1178 *
1179 * However, even with this in place, multiple lookups may occur in between this lookup
1180 * and the subsequent vnop, so, at best, we could only guarantee that you would get a
1181 * valid path back, and not necessarily the one that you wanted.
1182 *
1183 * Example:
1184 * /tmp/a == /foo/b
1185 *
1186 * If you are now looking up /foo/b and the vnode for this link represents /tmp/a,
1187 * vnode_update_identity will fix the parentage so that you can get /foo/b back
1188 * through the v_parent chain (preventing you from getting /tmp/b back). It would
1189 * not fix whether or not you should or should not get /tmp/a vs. /foo/b.
1190 */
1191
1192 error = VNOP_LOOKUP(dp, &ndp->ni_vp, cnp, ctx);
1193
1194 if (error) {
1195 lookup_error:
1196 if ((error == ENOENT) &&
1197 (dp->v_mount != NULL) &&
1198 (dp->v_mount->mnt_flag & MNT_UNION)) {
1199 tdp = dp;
1200 error = lookup_traverse_union(tdp, &dp, ctx);
1201 vnode_put(tdp);
1202 if (error) {
1203 dp = NULLVP;
1204 goto bad;
1205 }
1206
1207 ndp->ni_dvp = dp;
1208 dp_authorized = 0;
1209 goto unionlookup;
1210 }
1211
1212 if (error != EJUSTRETURN) {
1213 goto bad;
1214 }
1215
1216 if (ndp->ni_vp != NULLVP) {
1217 panic("leaf should be empty");
1218 }
1219
1220 #if NAMEDRSRCFORK
1221 /*
1222 * At this point, error should be EJUSTRETURN.
1223 *
1224 * If CN_WANTSRSRCFORK is set, that implies that the
1225 * underlying filesystem could not find the "parent" of the
1226 * resource fork (the data fork), and we are doing a lookup
1227 * for a CREATE event.
1228 *
1229 * However, this should be converted to an error, as the
1230 * failure to find this parent should disallow further
1231 * progress to try and acquire a resource fork vnode.
1232 */
1233 if (cnp->cn_flags & CN_WANTSRSRCFORK) {
1234 error = ENOENT;
1235 goto bad;
1236 }
1237 #endif
1238
1239 error = lookup_validate_creation_path(ndp);
1240 if (error) {
1241 goto bad;
1242 }
1243 /*
1244 * We return with ni_vp NULL to indicate that the entry
1245 * doesn't currently exist, leaving a pointer to the
1246 * referenced directory vnode in ndp->ni_dvp.
1247 */
1248 if (cnp->cn_flags & SAVESTART) {
1249 if ((vnode_get(ndp->ni_dvp))) {
1250 error = ENOENT;
1251 goto bad;
1252 }
1253 ndp->ni_startdir = ndp->ni_dvp;
1254 }
1255 if (!wantparent) {
1256 vnode_put(ndp->ni_dvp);
1257 }
1258
1259 if (kdebug_enable) {
1260 kdebug_lookup(ndp->ni_dvp, cnp);
1261 }
1262 return 0;
1263 }
1264 returned_from_lookup_path:
1265 /* We'll always have an iocount on ni_vp when this finishes. */
1266 error = lookup_handle_found_vnode(ndp, cnp, rdonly, vbusyflags, &keep_going, nc_generation, wantparent, atroot, ctx);
1267 if (error != 0) {
1268 goto bad2;
1269 }
1270
1271 if (keep_going) {
1272 dp = ndp->ni_vp;
1273
1274 /* namei() will handle symlinks */
1275 if ((dp->v_type == VLNK) &&
1276 ((cnp->cn_flags & FOLLOW) || (ndp->ni_flag & NAMEI_TRAILINGSLASH) || *ndp->ni_next == '/')) {
1277 return 0;
1278 }
1279
1280 /*
1281 * Otherwise, there's more path to process.
1282 * cache_lookup_path is now responsible for dropping io ref on dp
1283 * when it is called again in the dirloop. This ensures we hold
1284 * a ref on dp until we complete the next round of lookup.
1285 */
1286 last_dp = dp;
1287
1288 goto dirloop;
1289 }
1290
1291 return 0;
1292 bad2:
1293 if (ndp->ni_dvp) {
1294 vnode_put(ndp->ni_dvp);
1295 }
1296
1297 vnode_put(ndp->ni_vp);
1298 ndp->ni_vp = NULLVP;
1299
1300 if (kdebug_enable) {
1301 kdebug_lookup(dp, cnp);
1302 }
1303 return error;
1304
1305 bad:
1306 if (dp) {
1307 vnode_put(dp);
1308 }
1309 ndp->ni_vp = NULLVP;
1310
1311 if (kdebug_enable) {
1312 kdebug_lookup(dp, cnp);
1313 }
1314 return error;
1315 }
1316
1317 /*
1318 * Given a vnode in a union mount, traverse to the equivalent
1319 * vnode in the underlying mount.
1320 */
1321 int
1322 lookup_traverse_union(vnode_t dvp, vnode_t *new_dvp, vfs_context_t ctx)
1323 {
1324 char *path = NULL, *pp;
1325 const char *name, *np;
1326 int len;
1327 int error = 0;
1328 struct nameidata nd;
1329 vnode_t vp = dvp;
1330
1331 *new_dvp = NULL;
1332
1333 if (vp && vp->v_flag & VROOT) {
1334 *new_dvp = vp->v_mount->mnt_vnodecovered;
1335 if (vnode_getwithref(*new_dvp)) {
1336 return ENOENT;
1337 }
1338 return 0;
1339 }
1340
1341 path = (char *) kalloc(MAXPATHLEN);
1342 if (path == NULL) {
1343 error = ENOMEM;
1344 goto done;
1345 }
1346
1347 /*
1348 * Walk back up to the mountpoint following the
1349 * v_parent chain and build a slash-separated path.
1350 * Then lookup that path starting with the covered vnode.
1351 */
1352 pp = path + (MAXPATHLEN - 1);
1353 *pp = '\0';
1354
1355 while (1) {
1356 name = vnode_getname(vp);
1357 if (name == NULL) {
1358 printf("lookup_traverse_union: null parent name: .%s\n", pp);
1359 error = ENOENT;
1360 goto done;
1361 }
1362 len = strlen(name);
1363 if ((len + 1) > (pp - path)) { // Enough space for this name ?
1364 error = ENAMETOOLONG;
1365 vnode_putname(name);
1366 goto done;
1367 }
1368 for (np = name + len; len > 0; len--) { // Copy name backwards
1369 *--pp = *--np;
1370 }
1371 vnode_putname(name);
1372 vp = vp->v_parent;
1373 if (vp == NULLVP || vp->v_flag & VROOT) {
1374 break;
1375 }
1376 *--pp = '/';
1377 }
1378
1379 /* Evaluate the path in the underlying mount */
1380 NDINIT(&nd, LOOKUP, OP_LOOKUP, USEDVP, UIO_SYSSPACE, CAST_USER_ADDR_T(pp), ctx);
1381 nd.ni_dvp = dvp->v_mount->mnt_vnodecovered;
1382 error = namei(&nd);
1383 if (error == 0) {
1384 *new_dvp = nd.ni_vp;
1385 }
1386 nameidone(&nd);
1387 done:
1388 if (path) {
1389 kfree(path, MAXPATHLEN);
1390 }
1391 return error;
1392 }
1393
1394 int
1395 lookup_validate_creation_path(struct nameidata *ndp)
1396 {
1397 struct componentname *cnp = &ndp->ni_cnd;
1398
1399 /*
1400 * If creating and at end of pathname, then can consider
1401 * allowing file to be created.
1402 */
1403 if (cnp->cn_flags & RDONLY) {
1404 return EROFS;
1405 }
1406 if ((cnp->cn_flags & ISLASTCN) && (ndp->ni_flag & NAMEI_TRAILINGSLASH) && !(cnp->cn_flags & WILLBEDIR)) {
1407 return ENOENT;
1408 }
1409
1410 return 0;
1411 }
1412
1413 /*
1414 * Modifies only ni_vp. Always returns with ni_vp still valid (iocount held).
1415 */
1416 static int
1417 lookup_traverse_mountpoints(struct nameidata *ndp, struct componentname *cnp, vnode_t dp,
1418 int vbusyflags, vfs_context_t ctx)
1419 {
1420 mount_t mp;
1421 vnode_t tdp;
1422 int error = 0;
1423 uint32_t depth = 0;
1424 vnode_t mounted_on_dp;
1425 int current_mount_generation = 0;
1426 #if CONFIG_TRIGGERS
1427 vnode_t triggered_dp = NULLVP;
1428 int retry_cnt = 0;
1429 #define MAX_TRIGGER_RETRIES 1
1430 #endif
1431
1432 if (dp->v_type != VDIR || cnp->cn_flags & NOCROSSMOUNT) {
1433 return 0;
1434 }
1435
1436 mounted_on_dp = dp;
1437 #if CONFIG_TRIGGERS
1438 restart:
1439 #endif
1440 current_mount_generation = mount_generation;
1441
1442 while (dp->v_mountedhere) {
1443 vnode_lock_spin(dp);
1444 if ((mp = dp->v_mountedhere)) {
1445 mp->mnt_crossref++;
1446 vnode_unlock(dp);
1447 } else {
1448 vnode_unlock(dp);
1449 break;
1450 }
1451
1452 if (ISSET(mp->mnt_lflag, MNT_LFORCE)) {
1453 mount_dropcrossref(mp, dp, 0);
1454 break; // don't traverse into a forced unmount
1455 }
1456
1457
1458 if (vfs_busy(mp, vbusyflags)) {
1459 mount_dropcrossref(mp, dp, 0);
1460 if (vbusyflags == LK_NOWAIT) {
1461 error = ENOENT;
1462 goto out;
1463 }
1464
1465 continue;
1466 }
1467
1468 error = VFS_ROOT(mp, &tdp, ctx);
1469
1470 mount_dropcrossref(mp, dp, 0);
1471 vfs_unbusy(mp);
1472
1473 if (error) {
1474 goto out;
1475 }
1476
1477 vnode_put(dp);
1478 ndp->ni_vp = dp = tdp;
1479 if (dp->v_type != VDIR) {
1480 #if DEVELOPMENT || DEBUG
1481 panic("%s : Root of filesystem not a directory\n",
1482 __FUNCTION__);
1483 #else
1484 break;
1485 #endif
1486 }
1487 depth++;
1488 }
1489
1490 #if CONFIG_TRIGGERS
1491 /*
1492 * The triggered_dp check here is required but is susceptible to a
1493 * (unlikely) race in which trigger mount is done from here and is
1494 * unmounted before we get past vfs_busy above. We retry to deal with
1495 * that case but it has the side effect of unwanted retries for
1496 * "special" processes which don't want to trigger mounts.
1497 */
1498 if (dp->v_resolve && retry_cnt < MAX_TRIGGER_RETRIES) {
1499 error = vnode_trigger_resolve(dp, ndp, ctx);
1500 if (error) {
1501 goto out;
1502 }
1503 if (dp == triggered_dp) {
1504 retry_cnt += 1;
1505 } else {
1506 retry_cnt = 0;
1507 }
1508 triggered_dp = dp;
1509 goto restart;
1510 }
1511 #endif /* CONFIG_TRIGGERS */
1512
1513 if (depth) {
1514 mp = mounted_on_dp->v_mountedhere;
1515
1516 if (mp) {
1517 mount_lock_spin(mp);
1518 mp->mnt_realrootvp_vid = dp->v_id;
1519 mp->mnt_realrootvp = dp;
1520 mp->mnt_generation = current_mount_generation;
1521 mount_unlock(mp);
1522 }
1523 }
1524
1525 return 0;
1526
1527 out:
1528 return error;
1529 }
1530
1531 /*
1532 * Takes ni_vp and ni_dvp non-NULL. Returns with *new_dp set to the location
1533 * at which to start a lookup with a resolved path, and all other iocounts dropped.
1534 */
1535 static int
1536 lookup_handle_symlink(struct nameidata *ndp, vnode_t *new_dp, vfs_context_t ctx)
1537 {
1538 int error;
1539 char *cp; /* pointer into pathname argument */
1540 uio_t auio;
1541 union {
1542 union {
1543 struct user_iovec s_uiovec;
1544 struct kern_iovec s_kiovec;
1545 } u_iovec;
1546 struct uio s_uio;
1547 char uio_buf[UIO_SIZEOF(1)];
1548 } u_uio_buf; /* union only for aligning uio_buf correctly */
1549 int need_newpathbuf;
1550 u_int linklen;
1551 struct componentname *cnp = &ndp->ni_cnd;
1552 vnode_t dp;
1553 char *tmppn;
1554 u_int rsrclen = (cnp->cn_flags & CN_WANTSRSRCFORK) ? sizeof(_PATH_RSRCFORKSPEC) : 0;
1555
1556 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
1557 return ELOOP;
1558 }
1559 #if CONFIG_MACF
1560 if ((error = mac_vnode_check_readlink(ctx, ndp->ni_vp)) != 0) {
1561 return error;
1562 }
1563 #endif /* MAC */
1564 if (ndp->ni_pathlen > 1 || !(cnp->cn_flags & HASBUF)) {
1565 need_newpathbuf = 1;
1566 } else {
1567 need_newpathbuf = 0;
1568 }
1569
1570 if (need_newpathbuf) {
1571 MALLOC_ZONE(cp, char *, MAXPATHLEN, M_NAMEI, M_WAITOK);
1572 if (cp == NULL) {
1573 return ENOMEM;
1574 }
1575 } else {
1576 cp = cnp->cn_pnbuf;
1577 }
1578 auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_READ,
1579 &u_uio_buf.uio_buf[0], sizeof(u_uio_buf.uio_buf));
1580
1581 uio_addiov(auio, CAST_USER_ADDR_T(cp), MAXPATHLEN);
1582
1583 error = VNOP_READLINK(ndp->ni_vp, auio, ctx);
1584 if (error) {
1585 if (need_newpathbuf) {
1586 FREE_ZONE(cp, MAXPATHLEN, M_NAMEI);
1587 }
1588 return error;
1589 }
1590
1591 /*
1592 * Safe to set unsigned with a [larger] signed type here
1593 * because 0 <= uio_resid <= MAXPATHLEN and MAXPATHLEN
1594 * is only 1024.
1595 */
1596 linklen = MAXPATHLEN - (u_int)uio_resid(auio);
1597 if (linklen + ndp->ni_pathlen + rsrclen > MAXPATHLEN) {
1598 if (need_newpathbuf) {
1599 FREE_ZONE(cp, MAXPATHLEN, M_NAMEI);
1600 }
1601
1602 return ENAMETOOLONG;
1603 }
1604 if (need_newpathbuf) {
1605 long len = cnp->cn_pnlen;
1606
1607 tmppn = cnp->cn_pnbuf;
1608 bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen);
1609 cnp->cn_pnbuf = cp;
1610 cnp->cn_pnlen = MAXPATHLEN;
1611
1612 if ((cnp->cn_flags & HASBUF)) {
1613 FREE_ZONE(tmppn, len, M_NAMEI);
1614 } else {
1615 cnp->cn_flags |= HASBUF;
1616 }
1617 } else {
1618 cnp->cn_pnbuf[linklen] = '\0';
1619 }
1620
1621 ndp->ni_pathlen += linklen;
1622 cnp->cn_nameptr = cnp->cn_pnbuf;
1623
1624 /*
1625 * starting point for 'relative'
1626 * symbolic link path
1627 */
1628 dp = ndp->ni_dvp;
1629
1630 /*
1631 * get rid of references returned via 'lookup'
1632 */
1633 vnode_put(ndp->ni_vp);
1634 vnode_put(ndp->ni_dvp); /* ALWAYS have a dvp for a symlink */
1635
1636 ndp->ni_vp = NULLVP;
1637 ndp->ni_dvp = NULLVP;
1638
1639 /*
1640 * Check if symbolic link restarts us at the root
1641 */
1642 if (*(cnp->cn_nameptr) == '/') {
1643 while (*(cnp->cn_nameptr) == '/') {
1644 cnp->cn_nameptr++;
1645 ndp->ni_pathlen--;
1646 }
1647 if ((dp = ndp->ni_rootdir) == NULLVP) {
1648 return ENOENT;
1649 }
1650 }
1651
1652 *new_dp = dp;
1653
1654 return 0;
1655 }
1656
1657 /*
1658 * relookup - lookup a path name component
1659 * Used by lookup to re-aquire things.
1660 */
1661 int
1662 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp)
1663 {
1664 struct vnode *dp = NULL; /* the directory we are searching */
1665 int wantparent; /* 1 => wantparent or lockparent flag */
1666 int rdonly; /* lookup read-only flag bit */
1667 int error = 0;
1668 #ifdef NAMEI_DIAGNOSTIC
1669 int i, newhash; /* DEBUG: check name hash */
1670 char *cp; /* DEBUG: check name ptr/len */
1671 #endif
1672 vfs_context_t ctx = cnp->cn_context;;
1673
1674 /*
1675 * Setup: break out flag bits into variables.
1676 */
1677 wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
1678 rdonly = cnp->cn_flags & RDONLY;
1679 cnp->cn_flags &= ~ISSYMLINK;
1680
1681 if (cnp->cn_flags & NOCACHE) {
1682 cnp->cn_flags &= ~MAKEENTRY;
1683 } else {
1684 cnp->cn_flags |= MAKEENTRY;
1685 }
1686
1687 dp = dvp;
1688
1689 /*
1690 * Check for degenerate name (e.g. / or "")
1691 * which is a way of talking about a directory,
1692 * e.g. like "/." or ".".
1693 */
1694 if (cnp->cn_nameptr[0] == '\0') {
1695 if (cnp->cn_nameiop != LOOKUP || wantparent) {
1696 error = EISDIR;
1697 goto bad;
1698 }
1699 if (dp->v_type != VDIR) {
1700 error = ENOTDIR;
1701 goto bad;
1702 }
1703 if ((vnode_get(dp))) {
1704 error = ENOENT;
1705 goto bad;
1706 }
1707 *vpp = dp;
1708
1709 if (cnp->cn_flags & SAVESTART) {
1710 panic("lookup: SAVESTART");
1711 }
1712 return 0;
1713 }
1714 /*
1715 * We now have a segment name to search for, and a directory to search.
1716 */
1717 if ((error = VNOP_LOOKUP(dp, vpp, cnp, ctx))) {
1718 if (error != EJUSTRETURN) {
1719 goto bad;
1720 }
1721 #if DIAGNOSTIC
1722 if (*vpp != NULL) {
1723 panic("leaf should be empty");
1724 }
1725 #endif
1726 /*
1727 * If creating and at end of pathname, then can consider
1728 * allowing file to be created.
1729 */
1730 if (rdonly) {
1731 error = EROFS;
1732 goto bad;
1733 }
1734 /*
1735 * We return with ni_vp NULL to indicate that the entry
1736 * doesn't currently exist, leaving a pointer to the
1737 * (possibly locked) directory inode in ndp->ni_dvp.
1738 */
1739 return 0;
1740 }
1741 dp = *vpp;
1742
1743 #if DIAGNOSTIC
1744 /*
1745 * Check for symbolic link
1746 */
1747 if (dp->v_type == VLNK && (cnp->cn_flags & FOLLOW)) {
1748 panic("relookup: symlink found.\n");
1749 }
1750 #endif
1751
1752 /*
1753 * Disallow directory write attempts on read-only file systems.
1754 */
1755 if (rdonly &&
1756 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
1757 error = EROFS;
1758 goto bad2;
1759 }
1760 /* ASSERT(dvp == ndp->ni_startdir) */
1761
1762 return 0;
1763
1764 bad2:
1765 vnode_put(dp);
1766 bad:
1767 *vpp = NULL;
1768
1769 return error;
1770 }
1771
1772 /*
1773 * Free pathname buffer
1774 */
1775 void
1776 nameidone(struct nameidata *ndp)
1777 {
1778 if (ndp->ni_cnd.cn_flags & HASBUF) {
1779 char *tmp = ndp->ni_cnd.cn_pnbuf;
1780
1781 ndp->ni_cnd.cn_pnbuf = NULL;
1782 ndp->ni_cnd.cn_flags &= ~HASBUF;
1783 FREE_ZONE(tmp, ndp->ni_cnd.cn_pnlen, M_NAMEI);
1784 }
1785 }
1786
1787
1788 /*
1789 * Log (part of) a pathname using the KERNEL_DEBUG_CONSTANT mechanism, as used
1790 * by fs_usage. The path up to and including the current component name are
1791 * logged. Up to NUMPARMS*4 bytes of pathname will be logged. If the path
1792 * to be logged is longer than that, then the last NUMPARMS*4 bytes are logged.
1793 * That is, the truncation removes the leading portion of the path.
1794 *
1795 * The logging is done via multiple KERNEL_DEBUG_CONSTANT calls. The first one
1796 * is marked with DBG_FUNC_START. The last one is marked with DBG_FUNC_END
1797 * (in addition to DBG_FUNC_START if it is also the first). There may be
1798 * intermediate ones with neither DBG_FUNC_START nor DBG_FUNC_END.
1799 *
1800 * The first KERNEL_DEBUG_CONSTANT passes the vnode pointer and 12 bytes of
1801 * pathname. The remaining KERNEL_DEBUG_CONSTANT calls add 16 bytes of pathname
1802 * each. The minimum number of KERNEL_DEBUG_CONSTANT calls required to pass
1803 * the path are used. Any excess padding in the final KERNEL_DEBUG_CONSTANT
1804 * (because not all of the 12 or 16 bytes are needed for the remainder of the
1805 * path) is set to zero bytes, or '>' if there is more path beyond the
1806 * current component name (usually because an intermediate component was not
1807 * found).
1808 *
1809 * NOTE: If the path length is greater than NUMPARMS*4, or is not of the form
1810 * 12+N*16, there will be no padding.
1811 *
1812 * TODO: If there is more path beyond the current component name, should we
1813 * force some padding? For example, a lookup for /foo_bar_baz/spam that
1814 * fails because /foo_bar_baz is not found will only log "/foo_bar_baz", with
1815 * no '>' padding. But /foo_bar/spam would log "/foo_bar>>>>".
1816 */
1817 #if (KDEBUG_LEVEL >= KDEBUG_LEVEL_IST)
1818
1819 void
1820 kdebug_vfs_lookup(long *dbg_parms, int dbg_namelen, void *dp, uint32_t flags)
1821 {
1822 int code;
1823 unsigned int i;
1824 bool lookup = flags & KDBG_VFS_LOOKUP_FLAG_LOOKUP;
1825 bool noprocfilt = flags & KDBG_VFS_LOOKUP_FLAG_NOPROCFILT;
1826
1827 /*
1828 * In the event that we collect multiple, consecutive pathname
1829 * entries, we must mark the start of the path's string and the end.
1830 */
1831 if (lookup) {
1832 code = VFS_LOOKUP | DBG_FUNC_START;
1833 } else {
1834 code = VFS_LOOKUP_DONE | DBG_FUNC_START;
1835 }
1836
1837 if (dbg_namelen <= (int)(3 * sizeof(long))) {
1838 code |= DBG_FUNC_END;
1839 }
1840
1841 if (noprocfilt) {
1842 KDBG_RELEASE_NOPROCFILT(code, kdebug_vnode(dp), dbg_parms[0],
1843 dbg_parms[1], dbg_parms[2]);
1844 } else {
1845 KDBG_RELEASE(code, kdebug_vnode(dp), dbg_parms[0], dbg_parms[1],
1846 dbg_parms[2]);
1847 }
1848
1849 code &= ~DBG_FUNC_START;
1850
1851 for (i = 3, dbg_namelen -= (3 * sizeof(long)); dbg_namelen > 0; i += 4, dbg_namelen -= (4 * sizeof(long))) {
1852 if (dbg_namelen <= (int)(4 * sizeof(long))) {
1853 code |= DBG_FUNC_END;
1854 }
1855
1856 if (noprocfilt) {
1857 KDBG_RELEASE_NOPROCFILT(code, dbg_parms[i], dbg_parms[i + 1],
1858 dbg_parms[i + 2], dbg_parms[i + 3]);
1859 } else {
1860 KDBG_RELEASE(code, dbg_parms[i], dbg_parms[i + 1], dbg_parms[i + 2],
1861 dbg_parms[i + 3]);
1862 }
1863 }
1864 }
1865
1866 void
1867 kdebug_lookup_gen_events(long *dbg_parms, int dbg_namelen, void *dp,
1868 bool lookup)
1869 {
1870 kdebug_vfs_lookup(dbg_parms, dbg_namelen, dp,
1871 lookup ? KDBG_VFS_LOOKUP_FLAG_LOOKUP : 0);
1872 }
1873
1874 void
1875 kdebug_lookup(vnode_t dp, struct componentname *cnp)
1876 {
1877 int dbg_namelen;
1878 char *dbg_nameptr;
1879 long dbg_parms[NUMPARMS];
1880
1881 /* Collect the pathname for tracing */
1882 dbg_namelen = (cnp->cn_nameptr - cnp->cn_pnbuf) + cnp->cn_namelen;
1883 dbg_nameptr = cnp->cn_nameptr + cnp->cn_namelen;
1884
1885 if (dbg_namelen > (int)sizeof(dbg_parms)) {
1886 dbg_namelen = sizeof(dbg_parms);
1887 }
1888 dbg_nameptr -= dbg_namelen;
1889
1890 /* Copy the (possibly truncated) path itself */
1891 memcpy(dbg_parms, dbg_nameptr, dbg_namelen);
1892
1893 /* Pad with '\0' or '>' */
1894 if (dbg_namelen < (int)sizeof(dbg_parms)) {
1895 memset((char *)dbg_parms + dbg_namelen,
1896 *(cnp->cn_nameptr + cnp->cn_namelen) ? '>' : 0,
1897 sizeof(dbg_parms) - dbg_namelen);
1898 }
1899 kdebug_vfs_lookup(dbg_parms, dbg_namelen, (void *)dp,
1900 KDBG_VFS_LOOKUP_FLAG_LOOKUP);
1901 }
1902
1903 #else /* (KDEBUG_LEVEL >= KDEBUG_LEVEL_IST) */
1904
1905 void
1906 kdebug_vfs_lookup(long *dbg_parms __unused, int dbg_namelen __unused,
1907 void *dp __unused, __unused uint32_t flags)
1908 {
1909 }
1910
1911 static void
1912 kdebug_lookup(struct vnode *dp __unused, struct componentname *cnp __unused)
1913 {
1914 }
1915 #endif /* (KDEBUG_LEVEL >= KDEBUG_LEVEL_IST) */
1916
1917 int
1918 vfs_getbyid(fsid_t *fsid, ino64_t ino, vnode_t *vpp, vfs_context_t ctx)
1919 {
1920 mount_t mp;
1921 int error;
1922
1923 mp = mount_lookupby_volfsid(fsid->val[0], 1);
1924 if (mp == NULL) {
1925 return EINVAL;
1926 }
1927
1928 /* Get the target vnode. */
1929 if (ino == 2) {
1930 error = VFS_ROOT(mp, vpp, ctx);
1931 } else {
1932 error = VFS_VGET(mp, ino, vpp, ctx);
1933 }
1934
1935 vfs_unbusy(mp);
1936 return error;
1937 }
1938 /*
1939 * Obtain the real path from a legacy volfs style path.
1940 *
1941 * Valid formats of input path:
1942 *
1943 * "555/@"
1944 * "555/2"
1945 * "555/123456"
1946 * "555/123456/foobar"
1947 *
1948 * Where:
1949 * 555 represents the volfs file system id
1950 * '@' and '2' are aliases to the root of a file system
1951 * 123456 represents a file id
1952 * "foobar" represents a file name
1953 */
1954 #if CONFIG_VOLFS
1955 static int
1956 vfs_getrealpath(const char * path, char * realpath, size_t bufsize, vfs_context_t ctx)
1957 {
1958 vnode_t vp;
1959 struct mount *mp = NULL;
1960 char *str;
1961 char ch;
1962 uint32_t id;
1963 ino64_t ino;
1964 int error;
1965 int length;
1966
1967 /* Get file system id and move str to next component. */
1968 id = strtoul(path, &str, 10);
1969 if (id == 0 || str[0] != '/') {
1970 return EINVAL;
1971 }
1972 while (*str == '/') {
1973 str++;
1974 }
1975 ch = *str;
1976
1977 mp = mount_lookupby_volfsid(id, 1);
1978 if (mp == NULL) {
1979 return EINVAL; /* unexpected failure */
1980 }
1981 /* Check for an alias to a file system root. */
1982 if (ch == '@' && str[1] == '\0') {
1983 ino = 2;
1984 str++;
1985 } else {
1986 /* Get file id and move str to next component. */
1987 ino = strtouq(str, &str, 10);
1988 }
1989
1990 /* Get the target vnode. */
1991 if (ino == 2) {
1992 struct vfs_attr vfsattr;
1993 int use_vfs_root = TRUE;
1994
1995 VFSATTR_INIT(&vfsattr);
1996 VFSATTR_WANTED(&vfsattr, f_capabilities);
1997 if (vfs_getattr(mp, &vfsattr, vfs_context_kernel()) == 0 &&
1998 VFSATTR_IS_SUPPORTED(&vfsattr, f_capabilities)) {
1999 if ((vfsattr.f_capabilities.capabilities[VOL_CAPABILITIES_FORMAT] & VOL_CAP_FMT_VOL_GROUPS) &&
2000 (vfsattr.f_capabilities.valid[VOL_CAPABILITIES_FORMAT] & VOL_CAP_FMT_VOL_GROUPS)) {
2001 use_vfs_root = FALSE;
2002 }
2003 }
2004
2005 if (use_vfs_root) {
2006 error = VFS_ROOT(mp, &vp, ctx);
2007 } else {
2008 error = VFS_VGET(mp, ino, &vp, ctx);
2009 }
2010 } else {
2011 error = VFS_VGET(mp, ino, &vp, ctx);
2012 }
2013 vfs_unbusy(mp);
2014 if (error) {
2015 goto out;
2016 }
2017 realpath[0] = '\0';
2018
2019 /* Get the absolute path to this vnode. */
2020 error = build_path(vp, realpath, bufsize, &length, 0, ctx);
2021 vnode_put(vp);
2022
2023 if (error == 0 && *str != '\0') {
2024 int attempt = strlcat(realpath, str, MAXPATHLEN);
2025 if (attempt > MAXPATHLEN) {
2026 error = ENAMETOOLONG;
2027 }
2028 }
2029 out:
2030 return error;
2031 }
2032 #endif
2033
2034 void
2035 lookup_compound_vnop_post_hook(int error, vnode_t dvp, vnode_t vp, struct nameidata *ndp, int did_create)
2036 {
2037 if (error == 0 && vp == NULLVP) {
2038 panic("NULL vp with error == 0.\n");
2039 }
2040
2041 /*
2042 * We don't want to do any of this if we didn't use the compound vnop
2043 * to perform the lookup... i.e. if we're allowing and using the legacy pattern,
2044 * where we did a full lookup.
2045 */
2046 if ((ndp->ni_flag & NAMEI_COMPOUND_OP_MASK) == 0) {
2047 return;
2048 }
2049
2050 /*
2051 * If we're going to continue the lookup, we'll handle
2052 * all lookup-related updates at that time.
2053 */
2054 if (error == EKEEPLOOKING) {
2055 return;
2056 }
2057
2058 /*
2059 * Only audit or update cache for *found* vnodes. For creation
2060 * neither would happen in the non-compound-vnop case.
2061 */
2062 if ((vp != NULLVP) && !did_create) {
2063 /*
2064 * If MAKEENTRY isn't set, and we've done a successful compound VNOP,
2065 * then we certainly don't want to update cache or identity.
2066 */
2067 if ((error != 0) || (ndp->ni_cnd.cn_flags & MAKEENTRY)) {
2068 lookup_consider_update_cache(dvp, vp, &ndp->ni_cnd, ndp->ni_ncgeneration);
2069 }
2070 if (ndp->ni_cnd.cn_flags & AUDITVNPATH1) {
2071 AUDIT_ARG(vnpath, vp, ARG_VNODE1);
2072 } else if (ndp->ni_cnd.cn_flags & AUDITVNPATH2) {
2073 AUDIT_ARG(vnpath, vp, ARG_VNODE2);
2074 }
2075 }
2076
2077 /*
2078 * If you created (whether you opened or not), cut a lookup tracepoint
2079 * for the parent dir (as would happen without a compound vnop). Note: we may need
2080 * a vnode despite failure in this case!
2081 *
2082 * If you did not create:
2083 * Found child (succeeded or not): cut a tracepoint for the child.
2084 * Did not find child: cut a tracepoint with the parent.
2085 */
2086 if (kdebug_enable) {
2087 kdebug_lookup(vp ? vp : dvp, &ndp->ni_cnd);
2088 }
2089 }
mirror of XNU