/*
- * Copyright (c) 1995-2007 Apple Inc. All rights reserved.
+ * Copyright (c) 1995-2012 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
#include <sys/quota.h>
#include <sys/kdebug.h>
#include <sys/fsevents.h>
+#include <sys/imgsrc.h>
#include <sys/sysproto.h>
#include <sys/xattr.h>
+#include <sys/fcntl.h>
+#include <sys/fsctl.h>
#include <sys/ubc_internal.h>
+#include <sys/disk.h>
#include <machine/cons.h>
#include <machine/limits.h>
#include <miscfs/specfs/specdev.h>
-#include <miscfs/union/union.h>
-#include <bsm/audit_kernel.h>
+#include <security/audit/audit.h>
#include <bsm/audit_kevents.h>
#include <mach/mach_types.h>
#include <kern/kern_types.h>
#include <kern/kalloc.h>
+#include <kern/task.h>
#include <vm/vm_pageout.h>
#include <libkern/OSAtomic.h>
+#include <pexpert/pexpert.h>
#if CONFIG_MACF
#include <security/mac.h>
static int munge_statfs(struct mount *mp, struct vfsstatfs *sfsp,
user_addr_t bufp, int *sizep, boolean_t is_64_bit,
boolean_t partial_copy);
-static int statfs64_common(struct mount *mp, struct vfsstatfs *sfsp, user_addr_t bufp);
+static int statfs64_common(struct mount *mp, struct vfsstatfs *sfsp,
+ user_addr_t bufp);
+static int fsync_common(proc_t p, struct fsync_args *uap, int flags);
+static int mount_common(char *fstypename, vnode_t pvp, vnode_t vp,
+ struct componentname *cnp, user_addr_t fsmountargs,
+ int flags, uint32_t internal_flags, char *labelstr, boolean_t kernelmount,
+ vfs_context_t ctx);
+void vfs_notify_mount(vnode_t pdvp);
+
+int prepare_coveredvp(vnode_t vp, vfs_context_t ctx, struct componentname *cnp, const char *fsname, boolean_t skip_auth);
+
+#ifdef CONFIG_IMGSRC_ACCESS
+static int authorize_devpath_and_update_mntfromname(mount_t mp, user_addr_t devpath, vnode_t *devvpp, vfs_context_t ctx);
+static int place_mount_and_checkdirs(mount_t mp, vnode_t vp, vfs_context_t ctx);
+static void undo_place_on_covered_vp(mount_t mp, vnode_t vp);
+static int mount_begin_update(mount_t mp, vfs_context_t ctx, int flags);
+static void mount_end_update(mount_t mp);
+static int relocate_imageboot_source(vnode_t pvp, vnode_t vp, struct componentname *cnp, const char *fsname, vfs_context_t ctx, boolean_t is64bit, user_addr_t fsmountargs, boolean_t by_index);
+#endif /* CONFIG_IMGSRC_ACCESS */
+
int (*union_dircheckp)(struct vnode **, struct fileproc *, vfs_context_t);
__private_extern__
int sync_internal(void);
__private_extern__
-int open1(vfs_context_t, struct nameidata *, int, struct vnode_attr *, register_t *);
+int open1(vfs_context_t, struct nameidata *, int, struct vnode_attr *, int32_t *);
__private_extern__
int unlink1(vfs_context_t, struct nameidata *, int);
-
-#ifdef __APPLE_API_OBSOLETE
-struct fstatv_args {
- int fd; /* file descriptor of the target file */
- struct vstat *vsb; /* vstat structure for returned info */
-};
-struct lstatv_args {
- const char *path; /* pathname of the target file */
- struct vstat *vsb; /* vstat structure for returned info */
-};
-struct mkcomplex_args {
- const char *path; /* pathname of the file to be created */
- mode_t mode; /* access mode for the newly created file */
- u_long type; /* format of the complex file */
-};
-struct statv_args {
- const char *path; /* pathname of the target file */
- struct vstat *vsb; /* vstat structure for returned info */
-};
-
-int fstatv(proc_t p, struct fstatv_args *uap, register_t *retval);
-int lstatv(proc_t p, struct lstatv_args *uap, register_t *retval);
-int mkcomplex(proc_t p, struct mkcomplex_args *uap, register_t *retval);
-int statv(proc_t p, struct statv_args *uap, register_t *retval);
-
-#endif /* __APPLE_API_OBSOLETE */
-
/*
* incremented each time a mount or unmount operation occurs
* used to invalidate the cached value of the rootvp in the
* mount structure utilized by cache_lookup_path
*/
-int mount_generation = 0;
+uint32_t mount_generation = 0;
/* counts number of mount and unmount operations */
unsigned int vfs_nummntops=0;
* Virtual File System System Calls
*/
+#if NFSCLIENT
+/*
+ * Private in-kernel mounting spi (NFS only, not exported)
+ */
+ __private_extern__
+boolean_t
+vfs_iskernelmount(mount_t mp)
+{
+ return ((mp->mnt_kern_flag & MNTK_KERNEL_MOUNT) ? TRUE : FALSE);
+}
+
+ __private_extern__
+int
+kernel_mount(char *fstype, vnode_t pvp, vnode_t vp, const char *path,
+ void *data, __unused size_t datalen, int syscall_flags, __unused uint32_t kern_flags, vfs_context_t ctx)
+{
+ struct nameidata nd;
+ boolean_t did_namei;
+ int error;
+
+ NDINIT(&nd, LOOKUP, OP_MOUNT, FOLLOW | AUDITVNPATH1 | WANTPARENT,
+ UIO_SYSSPACE, CAST_USER_ADDR_T(path), ctx);
+
+ /*
+ * Get the vnode to be covered if it's not supplied
+ */
+ if (vp == NULLVP) {
+ error = namei(&nd);
+ if (error)
+ return (error);
+ vp = nd.ni_vp;
+ pvp = nd.ni_dvp;
+ did_namei = TRUE;
+ } else {
+ char *pnbuf = CAST_DOWN(char *, path);
+
+ nd.ni_cnd.cn_pnbuf = pnbuf;
+ nd.ni_cnd.cn_pnlen = strlen(pnbuf) + 1;
+ did_namei = FALSE;
+ }
+
+ error = mount_common(fstype, pvp, vp, &nd.ni_cnd, CAST_USER_ADDR_T(data),
+ syscall_flags, kern_flags, NULL, TRUE, ctx);
+
+ if (did_namei) {
+ vnode_put(vp);
+ vnode_put(pvp);
+ nameidone(&nd);
+ }
+
+ return (error);
+}
+#endif /* NFSCLIENT */
+
/*
* Mount a file system.
*/
/* ARGSUSED */
int
-mount(proc_t p, struct mount_args *uap, __unused register_t *retval)
+mount(proc_t p, struct mount_args *uap, __unused int32_t *retval)
{
struct __mac_mount_args muap;
return (__mac_mount(p, &muap, retval));
}
+void
+vfs_notify_mount(vnode_t pdvp)
+{
+ vfs_event_signal(NULL, VQ_MOUNT, (intptr_t)NULL);
+ lock_vnode_and_post(pdvp, NOTE_WRITE);
+}
+
+/*
+ * __mac_mount:
+ * Mount a file system taking into account MAC label behavior.
+ * See mount(2) man page for more information
+ *
+ * Parameters: p Process requesting the mount
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->type Filesystem type
+ * uap->path Path to mount
+ * uap->data Mount arguments
+ * uap->mac_p MAC info
+ * uap->flags Mount flags
+ *
+ *
+ * Returns: 0 Success
+ * !0 Not success
+ */
+boolean_t root_fs_upgrade_try = FALSE;
+
int
-__mac_mount(struct proc *p, register struct __mac_mount_args *uap, __unused register_t *retval)
+__mac_mount(struct proc *p, register struct __mac_mount_args *uap, __unused int32_t *retval)
+{
+ vnode_t pvp, vp;
+ vfs_context_t ctx = vfs_context_current();
+ char fstypename[MFSNAMELEN];
+ struct nameidata nd;
+ size_t dummy=0;
+ char *labelstr = NULL;
+ int flags = uap->flags;
+ int error;
+ boolean_t is_64bit = IS_64BIT_PROCESS(p);
+
+ /*
+ * Get the fs type name from user space
+ */
+ error = copyinstr(uap->type, fstypename, MFSNAMELEN, &dummy);
+ if (error)
+ return (error);
+
+ /*
+ * Get the vnode to be covered
+ */
+ NDINIT(&nd, LOOKUP, OP_MOUNT, NOTRIGGER | FOLLOW | AUDITVNPATH1 | WANTPARENT,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ vp = nd.ni_vp;
+ pvp = nd.ni_dvp;
+
+#ifdef CONFIG_IMGSRC_ACCESS
+ /* Mounting image source cannot be batched with other operations */
+ if (flags == MNT_IMGSRC_BY_INDEX) {
+ error = relocate_imageboot_source(pvp, vp, &nd.ni_cnd, fstypename,
+ ctx, is_64bit, uap->data, (flags == MNT_IMGSRC_BY_INDEX));
+ goto out;
+ }
+#endif /* CONFIG_IMGSRC_ACCESS */
+
+#if CONFIG_MACF
+ /*
+ * Get the label string (if any) from user space
+ */
+ if (uap->mac_p != USER_ADDR_NULL) {
+ struct user_mac mac;
+ size_t ulen = 0;
+
+ if (is_64bit) {
+ struct user64_mac mac64;
+ error = copyin(uap->mac_p, &mac64, sizeof(mac64));
+ mac.m_buflen = mac64.m_buflen;
+ mac.m_string = mac64.m_string;
+ } else {
+ struct user32_mac mac32;
+ error = copyin(uap->mac_p, &mac32, sizeof(mac32));
+ mac.m_buflen = mac32.m_buflen;
+ mac.m_string = mac32.m_string;
+ }
+ if (error)
+ goto out;
+ if ((mac.m_buflen > MAC_MAX_LABEL_BUF_LEN) ||
+ (mac.m_buflen < 2)) {
+ error = EINVAL;
+ goto out;
+ }
+ MALLOC(labelstr, char *, mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, labelstr, mac.m_buflen, &ulen);
+ if (error) {
+ goto out;
+ }
+ AUDIT_ARG(mac_string, labelstr);
+ }
+#endif /* CONFIG_MACF */
+
+ AUDIT_ARG(fflags, flags);
+
+ if ((vp->v_flag & VROOT) &&
+ (vp->v_mount->mnt_flag & MNT_ROOTFS)) {
+ flags |= MNT_UPDATE;
+ /*
+ * See 7392553 for more details on why this check exists.
+ * Suffice to say: If this check is ON and something tries
+ * to mount the rootFS RW, we'll turn off the codesign
+ * bitmap optimization.
+ */
+#if CHECK_CS_VALIDATION_BITMAP
+ if ( !(flags & MNT_RDONLY) ) {
+ root_fs_upgrade_try = TRUE;
+ }
+#endif
+ }
+
+ error = mount_common(fstypename, pvp, vp, &nd.ni_cnd, uap->data, flags, 0,
+ labelstr, FALSE, ctx);
+out:
+#if CONFIG_MACF
+ if (labelstr)
+ FREE(labelstr, M_MACTEMP);
+#endif /* CONFIG_MACF */
+
+ vnode_put(vp);
+ vnode_put(pvp);
+ nameidone(&nd);
+
+ return (error);
+}
+
+/*
+ * common mount implementation (final stage of mounting)
+
+ * Arguments:
+ * fstypename file system type (ie it's vfs name)
+ * pvp parent of covered vnode
+ * vp covered vnode
+ * cnp component name (ie path) of covered vnode
+ * flags generic mount flags
+ * fsmountargs file system specific data
+ * labelstr optional MAC label
+ * kernelmount TRUE for mounts initiated from inside the kernel
+ * ctx caller's context
+ */
+static int
+mount_common(char *fstypename, vnode_t pvp, vnode_t vp,
+ struct componentname *cnp, user_addr_t fsmountargs, int flags, uint32_t internal_flags,
+ char *labelstr, boolean_t kernelmount, vfs_context_t ctx)
{
- struct vnode *vp;
struct vnode *devvp = NULLVP;
struct vnode *device_vnode = NULLVP;
#if CONFIG_MACF
#endif
struct mount *mp;
struct vfstable *vfsp = (struct vfstable *)0;
+ struct proc *p = vfs_context_proc(ctx);
int error, flag = 0;
- struct vnode_attr va;
- vfs_context_t ctx = vfs_context_current();
- struct nameidata nd;
- struct nameidata nd1;
- char fstypename[MFSNAMELEN];
- size_t dummy=0;
user_addr_t devpath = USER_ADDR_NULL;
- user_addr_t fsmountargs = uap->data;
int ronly = 0;
int mntalloc = 0;
- mode_t accessmode;
- boolean_t is_64bit;
+ boolean_t vfsp_ref = FALSE;
boolean_t is_rwlock_locked = FALSE;
-
- AUDIT_ARG(fflags, uap->flags);
-
- is_64bit = proc_is64bit(p);
+ boolean_t did_rele = FALSE;
+ boolean_t have_usecount = FALSE;
/*
- * Get vnode to be covered
+ * Process an update for an existing mount
*/
- NDINIT(&nd, LOOKUP, NOTRIGGER | FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- vp = nd.ni_vp;
-
- if ((vp->v_flag & VROOT) &&
- (vp->v_mount->mnt_flag & MNT_ROOTFS))
- uap->flags |= MNT_UPDATE;
-
- error = copyinstr(uap->type, fstypename, MFSNAMELEN, &dummy);
- if (error)
- goto out1;
-
- if (uap->flags & MNT_UPDATE) {
+ if (flags & MNT_UPDATE) {
if ((vp->v_flag & VROOT) == 0) {
error = EINVAL;
goto out1;
mp = vp->v_mount;
/* unmount in progress return error */
- mount_lock(mp);
+ mount_lock_spin(mp);
if (mp->mnt_lflag & MNT_LUNMOUNT) {
mount_unlock(mp);
error = EBUSY;
* We only allow the filesystem to be reloaded if it
* is currently mounted read-only.
*/
- if ((uap->flags & MNT_RELOAD) &&
+ if ((flags & MNT_RELOAD) &&
((mp->mnt_flag & MNT_RDONLY) == 0)) {
error = ENOTSUP;
goto out1;
}
+
+ /*
+ * If content protection is enabled, update mounts are not
+ * allowed to turn it off.
+ */
+ if ((mp->mnt_flag & MNT_CPROTECT) &&
+ ((flags & MNT_CPROTECT) == 0)) {
+ error = EINVAL;
+ goto out1;
+ }
+
+#ifdef CONFIG_IMGSRC_ACCESS
+ /* Can't downgrade the backer of the root FS */
+ if ((mp->mnt_kern_flag & MNTK_BACKS_ROOT) &&
+ (!vfs_isrdonly(mp)) && (flags & MNT_RDONLY)) {
+ error = ENOTSUP;
+ goto out1;
+ }
+#endif /* CONFIG_IMGSRC_ACCESS */
+
/*
* Only root, or the user that did the original mount is
* permitted to update it.
#if CONFIG_MACF
error = mac_mount_check_remount(ctx, mp);
if (error != 0) {
- lck_rw_done(&mp->mnt_rwlock);
goto out1;
}
#endif
* For non-root users, silently enforce MNT_NOSUID and MNT_NODEV,
* and MNT_NOEXEC if mount point is already MNT_NOEXEC.
*/
- if (suser(vfs_context_ucred(ctx), NULL)) {
- uap->flags |= MNT_NOSUID | MNT_NODEV;
+ if ((!kernelmount) && suser(vfs_context_ucred(ctx), NULL)) {
+ flags |= MNT_NOSUID | MNT_NODEV;
if (mp->mnt_flag & MNT_NOEXEC)
- uap->flags |= MNT_NOEXEC;
+ flags |= MNT_NOEXEC;
}
flag = mp->mnt_flag;
- mp->mnt_flag |=
- uap->flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
+
+
+ mp->mnt_flag |= flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
vfsp = mp->mnt_vtable;
goto update;
}
- /*
- * If the user is not root, ensure that they own the directory
- * onto which we are attempting to mount.
- */
- VATTR_INIT(&va);
- VATTR_WANTED(&va, va_uid);
- if ((error = vnode_getattr(vp, &va, ctx)) ||
- (va.va_uid != kauth_cred_getuid(vfs_context_ucred(ctx)) &&
- (error = suser(vfs_context_ucred(ctx), &p->p_acflag)))) {
- goto out1;
- }
/*
* For non-root users, silently enforce MNT_NOSUID and MNT_NODEV, and
* MNT_NOEXEC if mount point is already MNT_NOEXEC.
*/
- if (suser(vfs_context_ucred(ctx), NULL)) {
- uap->flags |= MNT_NOSUID | MNT_NODEV;
+ if ((!kernelmount) && suser(vfs_context_ucred(ctx), NULL)) {
+ flags |= MNT_NOSUID | MNT_NODEV;
if (vp->v_mount->mnt_flag & MNT_NOEXEC)
- uap->flags |= MNT_NOEXEC;
- }
- if ( (error = VNOP_FSYNC(vp, MNT_WAIT, ctx)) )
- goto out1;
-
- if ( (error = buf_invalidateblks(vp, BUF_WRITE_DATA, 0, 0)) )
- goto out1;
-
- if (vp->v_type != VDIR) {
- error = ENOTDIR;
- goto out1;
+ flags |= MNT_NOEXEC;
}
/* XXXAUDIT: Should we capture the type on the error path as well? */
AUDIT_ARG(text, fstypename);
mount_list_lock();
for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next)
- if (!strncmp(vfsp->vfc_name, fstypename, MFSNAMELEN))
+ if (!strncmp(vfsp->vfc_name, fstypename, MFSNAMELEN)) {
+ vfsp->vfc_refcount++;
+ vfsp_ref = TRUE;
break;
+ }
mount_list_unlock();
if (vfsp == NULL) {
error = ENODEV;
goto out1;
}
-#if CONFIG_MACF
- error = mac_mount_check_mount(ctx, vp,
- &nd.ni_cnd, vfsp->vfc_name);
- if (error != 0)
+
+ /*
+ * VFC_VFSLOCALARGS is not currently supported for kernel mounts
+ */
+ if (kernelmount && (vfsp->vfc_vfsflags & VFC_VFSLOCALARGS)) {
+ error = EINVAL; /* unsupported request */
goto out1;
-#endif
- if (ISSET(vp->v_flag, VMOUNT) && (vp->v_mountedhere != NULL)) {
- error = EBUSY;
+ }
+
+ error = prepare_coveredvp(vp, ctx, cnp, fstypename, ((internal_flags & KERNEL_MOUNT_NOAUTH) != 0));
+ if (error != 0) {
goto out1;
}
- vnode_lock_spin(vp);
- SET(vp->v_flag, VMOUNT);
- vnode_unlock(vp);
/*
- * Allocate and initialize the filesystem.
+ * Allocate and initialize the filesystem (mount_t)
*/
- MALLOC_ZONE(mp, struct mount *, (u_long)sizeof(struct mount),
+ MALLOC_ZONE(mp, struct mount *, (u_int32_t)sizeof(struct mount),
M_MOUNT, M_WAITOK);
- bzero((char *)mp, (u_long)sizeof(struct mount));
+ bzero((char *)mp, (u_int32_t)sizeof(struct mount));
mntalloc = 1;
/* Initialize the default IO constraints */
mp->mnt_maxsegwritesize = mp->mnt_maxwritecnt;
mp->mnt_devblocksize = DEV_BSIZE;
mp->mnt_alignmentmask = PAGE_MASK;
+ mp->mnt_ioqueue_depth = MNT_DEFAULT_IOQUEUE_DEPTH;
+ mp->mnt_ioscale = 1;
mp->mnt_ioflags = 0;
mp->mnt_realrootvp = NULLVP;
mp->mnt_authcache_ttl = CACHED_LOOKUP_RIGHT_TTL;
is_rwlock_locked = TRUE;
mp->mnt_op = vfsp->vfc_vfsops;
mp->mnt_vtable = vfsp;
- mount_list_lock();
- vfsp->vfc_refcount++;
- mount_list_unlock();
//mp->mnt_stat.f_type = vfsp->vfc_typenum;
mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
strncpy(mp->mnt_vfsstat.f_fstypename, vfsp->vfc_name, MFSTYPENAMELEN);
- strncpy(mp->mnt_vfsstat.f_mntonname, nd.ni_cnd.cn_pnbuf, MAXPATHLEN);
+ strncpy(mp->mnt_vfsstat.f_mntonname, cnp->cn_pnbuf, MAXPATHLEN);
mp->mnt_vnodecovered = vp;
mp->mnt_vfsstat.f_owner = kauth_cred_getuid(vfs_context_ucred(ctx));
+ mp->mnt_throttle_mask = LOWPRI_MAX_NUM_DEV - 1;
+ mp->mnt_devbsdunit = 0;
/* XXX 3762912 hack to support HFS filesystem 'owner' - filesystem may update later */
vfs_setowner(mp, KAUTH_UID_NONE, KAUTH_GID_NONE);
-
+
+#if NFSCLIENT
+ if (kernelmount)
+ mp->mnt_kern_flag |= MNTK_KERNEL_MOUNT;
+ if ((internal_flags & KERNEL_MOUNT_PERMIT_UNMOUNT) != 0)
+ mp->mnt_kern_flag |= MNTK_PERMIT_UNMOUNT;
+#endif /* NFSCLIENT */
+
update:
/*
* Set the mount level flags.
*/
- if (uap->flags & MNT_RDONLY)
+ if (flags & MNT_RDONLY)
mp->mnt_flag |= MNT_RDONLY;
- else if (mp->mnt_flag & MNT_RDONLY)
+ else if (mp->mnt_flag & MNT_RDONLY) {
+ // disallow read/write upgrades of file systems that
+ // had the TYPENAME_OVERRIDE feature set.
+ if (mp->mnt_kern_flag & MNTK_TYPENAME_OVERRIDE) {
+ error = EPERM;
+ goto out1;
+ }
mp->mnt_kern_flag |= MNTK_WANTRDWR;
+ }
mp->mnt_flag &= ~(MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC |
- MNT_UNKNOWNPERMISSIONS | MNT_DONTBROWSE | MNT_AUTOMOUNTED |
- MNT_DEFWRITE | MNT_NOATIME | MNT_QUARANTINE);
- mp->mnt_flag |= uap->flags & (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
- MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC |
- MNT_UNKNOWNPERMISSIONS | MNT_DONTBROWSE | MNT_AUTOMOUNTED |
- MNT_DEFWRITE | MNT_NOATIME | MNT_QUARANTINE);
+ MNT_UNKNOWNPERMISSIONS | MNT_DONTBROWSE |
+ MNT_AUTOMOUNTED | MNT_DEFWRITE | MNT_NOATIME |
+ MNT_QUARANTINE | MNT_CPROTECT);
+ mp->mnt_flag |= flags & (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
+ MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC |
+ MNT_UNKNOWNPERMISSIONS | MNT_DONTBROWSE |
+ MNT_AUTOMOUNTED | MNT_DEFWRITE | MNT_NOATIME |
+ MNT_QUARANTINE | MNT_CPROTECT);
#if CONFIG_MACF
- if (uap->flags & MNT_MULTILABEL) {
+ if (flags & MNT_MULTILABEL) {
if (vfsp->vfc_vfsflags & VFC_VFSNOMACLABEL) {
error = EINVAL;
goto out1;
mp->mnt_flag |= MNT_MULTILABEL;
}
#endif
-
+ /*
+ * Process device path for local file systems if requested
+ */
if (vfsp->vfc_vfsflags & VFC_VFSLOCALARGS) {
- if (is_64bit) {
+ if (vfs_context_is64bit(ctx)) {
if ( (error = copyin(fsmountargs, (caddr_t)&devpath, sizeof(devpath))) )
goto out1;
fsmountargs += sizeof(devpath);
} else {
- char *tmp;
+ user32_addr_t tmp;
if ( (error = copyin(fsmountargs, (caddr_t)&tmp, sizeof(tmp))) )
goto out1;
/* munge into LP64 addr */
fsmountargs += sizeof(tmp);
}
- /* if it is not update and device name needs to be parsed */
+ /* Lookup device and authorize access to it */
if ((devpath)) {
- NDINIT(&nd1, LOOKUP, FOLLOW, UIO_USERSPACE, devpath, ctx);
- if ( (error = namei(&nd1)) )
+ struct nameidata nd;
+
+ NDINIT(&nd, LOOKUP, OP_MOUNT, FOLLOW, UIO_USERSPACE, devpath, ctx);
+ if ( (error = namei(&nd)) )
goto out1;
- strncpy(mp->mnt_vfsstat.f_mntfromname, nd1.ni_cnd.cn_pnbuf, MAXPATHLEN);
- devvp = nd1.ni_vp;
+ strncpy(mp->mnt_vfsstat.f_mntfromname, nd.ni_cnd.cn_pnbuf, MAXPATHLEN);
+ devvp = nd.ni_vp;
- nameidone(&nd1);
+ nameidone(&nd);
if (devvp->v_type != VBLK) {
error = ENOTBLK;
* permissions on the device.
*/
if (suser(vfs_context_ucred(ctx), NULL) != 0) {
- accessmode = KAUTH_VNODE_READ_DATA;
+ mode_t accessmode = KAUTH_VNODE_READ_DATA;
+
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= KAUTH_VNODE_WRITE_DATA;
if ((error = vnode_authorize(devvp, NULL, accessmode, ctx)) != 0)
goto out2;
}
}
- if (devpath && ((uap->flags & MNT_UPDATE) == 0)) {
+ /* On first mount, preflight and open device */
+ if (devpath && ((flags & MNT_UPDATE) == 0)) {
if ( (error = vnode_ref(devvp)) )
goto out2;
/*
mp->mnt_devvp = devvp;
device_vnode = devvp;
- } else {
- if ((mp->mnt_flag & MNT_RDONLY) && (mp->mnt_kern_flag & MNTK_WANTRDWR)) {
- /*
- * If upgrade to read-write by non-root, then verify
- * that user has necessary permissions on the device.
- */
- device_vnode = mp->mnt_devvp;
- if (device_vnode && suser(vfs_context_ucred(ctx), NULL)) {
- if ((error = vnode_authorize(device_vnode, NULL,
- KAUTH_VNODE_READ_DATA | KAUTH_VNODE_WRITE_DATA, ctx)) != 0)
- goto out2;
- }
+
+ } else if ((mp->mnt_flag & MNT_RDONLY) &&
+ (mp->mnt_kern_flag & MNTK_WANTRDWR) &&
+ (device_vnode = mp->mnt_devvp)) {
+ dev_t dev;
+ int maj;
+ /*
+ * If upgrade to read-write by non-root, then verify
+ * that user has necessary permissions on the device.
+ */
+ vnode_getalways(device_vnode);
+
+ if (suser(vfs_context_ucred(ctx), NULL) &&
+ (error = vnode_authorize(device_vnode, NULL,
+ KAUTH_VNODE_READ_DATA | KAUTH_VNODE_WRITE_DATA,
+ ctx)) != 0) {
+ vnode_put(device_vnode);
+ goto out2;
}
+
+ /* Tell the device that we're upgrading */
+ dev = (dev_t)device_vnode->v_rdev;
+ maj = major(dev);
+
+ if ((u_int)maj >= (u_int)nblkdev)
+ panic("Volume mounted on a device with invalid major number.");
+
+ error = bdevsw[maj].d_open(dev, FREAD | FWRITE, S_IFBLK, p);
+ vnode_put(device_vnode);
device_vnode = NULLVP;
+ if (error != 0) {
+ goto out2;
+ }
}
}
#if CONFIG_MACF
- if ((uap->flags & MNT_UPDATE) == 0) {
+ if ((flags & MNT_UPDATE) == 0) {
mac_mount_label_init(mp);
mac_mount_label_associate(ctx, mp);
}
- if (uap->mac_p != USER_ADDR_NULL) {
- struct user_mac mac;
- char *labelstr = NULL;
- size_t ulen = 0;
-
- if ((uap->flags & MNT_UPDATE) != 0) {
- error = mac_mount_check_label_update(
- ctx, mp);
+ if (labelstr) {
+ if ((flags & MNT_UPDATE) != 0) {
+ error = mac_mount_check_label_update(ctx, mp);
if (error != 0)
goto out3;
}
- if (is_64bit) {
- error = copyin(uap->mac_p, &mac, sizeof(mac));
- } else {
- struct mac mac32;
- error = copyin(uap->mac_p, &mac32, sizeof(mac32));
- mac.m_buflen = mac32.m_buflen;
- mac.m_string = CAST_USER_ADDR_T(mac32.m_string);
- }
- if (error != 0)
- goto out3;
- if ((mac.m_buflen > MAC_MAX_LABEL_BUF_LEN) ||
- (mac.m_buflen < 2)) {
- error = EINVAL;
- goto out3;
- }
- MALLOC(labelstr, char *, mac.m_buflen, M_MACTEMP, M_WAITOK);
- error = copyinstr(mac.m_string, labelstr, mac.m_buflen, &ulen);
- if (error != 0) {
- FREE(labelstr, M_MACTEMP);
- goto out3;
- }
- AUDIT_ARG(mac_string, labelstr);
- error = mac_mount_label_internalize(mp->mnt_mntlabel, labelstr);
- FREE(labelstr, M_MACTEMP);
- if (error != 0)
- goto out3;
}
#endif
/*
*/
error = VFS_MOUNT(mp, device_vnode, fsmountargs, ctx);
- if (uap->flags & MNT_UPDATE) {
+ if (flags & MNT_UPDATE) {
if (mp->mnt_kern_flag & MNTK_WANTRDWR)
mp->mnt_flag &= ~MNT_RDONLY;
mp->mnt_flag &=~
(MNT_UPDATE | MNT_RELOAD | MNT_FORCE);
mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
if (error)
- mp->mnt_flag = flag;
+ mp->mnt_flag = flag; /* restore flag value */
vfs_event_signal(NULL, VQ_UPDATE, (intptr_t)NULL);
lck_rw_done(&mp->mnt_rwlock);
is_rwlock_locked = FALSE;
if (!error)
enablequotas(mp, ctx);
- goto out2;
+ goto exit;
}
+
/*
* Put the new filesystem on the mount list after root.
*/
printf("%s() VFS_ROOT returned %d\n", __func__, error);
goto out3;
}
-
- /* VFS_ROOT provides reference so needref = 0 */
error = vnode_label(mp, NULL, rvp, NULL, 0, ctx);
+ /*
+ * drop reference provided by VFS_ROOT
+ */
+ vnode_put(rvp);
+
if (error)
goto out3;
}
mount_generation++;
name_cache_unlock();
- vnode_ref(vp);
+ error = vnode_ref(vp);
+ if (error != 0) {
+ goto out4;
+ }
+
+ have_usecount = TRUE;
error = checkdirs(vp, ctx);
if (error != 0) {
*/
(void)VFS_START(mp, 0, ctx);
- mount_list_add(mp);
+ if (mount_list_add(mp) != 0) {
+ /*
+ * The system is shutting down trying to umount
+ * everything, so fail with a plausible errno.
+ */
+ error = EBUSY;
+ goto out4;
+ }
lck_rw_done(&mp->mnt_rwlock);
is_rwlock_locked = FALSE;
mp->mnt_kern_flag |= MNTK_UNMOUNT_PREFLIGHT;
}
/* increment the operations count */
- OSAddAtomic(1, (SInt32 *)&vfs_nummntops);
+ OSAddAtomic(1, &vfs_nummntops);
enablequotas(mp, ctx);
if (device_vnode) {
}
/* Now that mount is setup, notify the listeners */
- vfs_event_signal(NULL, VQ_MOUNT, (intptr_t)NULL);
+ vfs_notify_mount(pvp);
} else {
+ /* If we fail a fresh mount, there should be no vnodes left hooked into the mountpoint. */
+ if (mp->mnt_vnodelist.tqh_first != NULL) {
+ panic("mount_common(): mount of %s filesystem failed with %d, but vnode list is not empty.",
+ mp->mnt_vtable->vfc_name, error);
+ }
+
vnode_lock_spin(vp);
CLR(vp->v_flag, VMOUNT);
vnode_unlock(vp);
mount_list_unlock();
if (device_vnode ) {
- VNOP_CLOSE(device_vnode, ronly ? FREAD : FREAD|FWRITE, ctx);
vnode_rele(device_vnode);
+ VNOP_CLOSE(device_vnode, ronly ? FREAD : FREAD|FWRITE, ctx);
}
lck_rw_done(&mp->mnt_rwlock);
is_rwlock_locked = FALSE;
+
+ /*
+ * if we get here, we have a mount structure that needs to be freed,
+ * but since the coveredvp hasn't yet been updated to point at it,
+ * no need to worry about other threads holding a crossref on this mp
+ * so it's ok to just free it
+ */
mount_lock_destroy(mp);
#if CONFIG_MACF
mac_mount_label_destroy(mp);
#endif
FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
}
- nameidone(&nd);
-
+exit:
/*
- * drop I/O count on covered 'vp' and
- * on the device vp if there was one
+ * drop I/O count on the device vp if there was one
*/
if (devpath && devvp)
vnode_put(devvp);
- vnode_put(vp);
return(error);
+
+/* Error condition exits */
out4:
(void)VFS_UNMOUNT(mp, MNT_FORCE, ctx);
+
+ /*
+ * If the mount has been placed on the covered vp,
+ * it may have been discovered by now, so we have
+ * to treat this just like an unmount
+ */
+ mount_lock_spin(mp);
+ mp->mnt_lflag |= MNT_LDEAD;
+ mount_unlock(mp);
+
if (device_vnode != NULLVP) {
+ vnode_rele(device_vnode);
VNOP_CLOSE(device_vnode, mp->mnt_flag & MNT_RDONLY ? FREAD : FREAD|FWRITE,
ctx);
-
+ did_rele = TRUE;
}
+
vnode_lock_spin(vp);
+
+ mp->mnt_crossref++;
vp->v_mountedhere = (mount_t) 0;
+
vnode_unlock(vp);
- vnode_rele(vp);
+
+ if (have_usecount) {
+ vnode_rele(vp);
+ }
out3:
- if (devpath && ((uap->flags & MNT_UPDATE) == 0))
+ if (devpath && ((flags & MNT_UPDATE) == 0) && (!did_rele))
vnode_rele(devvp);
out2:
if (devpath && devvp)
if (is_rwlock_locked == TRUE) {
lck_rw_done(&mp->mnt_rwlock);
}
+
if (mntalloc) {
+ if (mp->mnt_crossref)
+ mount_dropcrossref(mp, vp, 0);
+ else {
+ mount_lock_destroy(mp);
#if CONFIG_MACF
- mac_mount_label_destroy(mp);
+ mac_mount_label_destroy(mp);
#endif
+ FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
+ }
+ }
+ if (vfsp_ref) {
mount_list_lock();
vfsp->vfc_refcount--;
mount_list_unlock();
- FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
}
- vnode_put(vp);
- nameidone(&nd);
return(error);
}
-void
-enablequotas(struct mount *mp, vfs_context_t ctx)
+/*
+ * Flush in-core data, check for competing mount attempts,
+ * and set VMOUNT
+ */
+int
+prepare_coveredvp(vnode_t vp, vfs_context_t ctx, struct componentname *cnp, const char *fsname, boolean_t skip_auth)
{
- struct nameidata qnd;
- int type;
- char qfpath[MAXPATHLEN];
- const char *qfname = QUOTAFILENAME;
- const char *qfopsname = QUOTAOPSNAME;
- const char *qfextension[] = INITQFNAMES;
-
- /* XXX Shoulkd be an MNTK_ flag, instead of strncmp()'s */
- if ((strncmp(mp->mnt_vfsstat.f_fstypename, "hfs", sizeof("hfs")) != 0 )
- && (strncmp( mp->mnt_vfsstat.f_fstypename, "ufs", sizeof("ufs")) != 0))
- return;
-
- /*
- * Enable filesystem disk quotas if necessary.
- * We ignore errors as this should not interfere with final mount
- */
- for (type=0; type < MAXQUOTAS; type++) {
- snprintf(qfpath, sizeof(qfpath), "%s/%s.%s", mp->mnt_vfsstat.f_mntonname, qfopsname, qfextension[type]);
- NDINIT(&qnd, LOOKUP, FOLLOW, UIO_SYSSPACE32, CAST_USER_ADDR_T(qfpath), ctx);
- if (namei(&qnd) != 0)
- continue; /* option file to trigger quotas is not present */
- vnode_put(qnd.ni_vp);
- nameidone(&qnd);
- snprintf(qfpath, sizeof(qfpath), "%s/%s.%s", mp->mnt_vfsstat.f_mntonname, qfname, qfextension[type]);
+ struct vnode_attr va;
+ int error;
- (void) VFS_QUOTACTL(mp, QCMD(Q_QUOTAON, type), 0, qfpath, ctx);
+ if (!skip_auth) {
+ /*
+ * If the user is not root, ensure that they own the directory
+ * onto which we are attempting to mount.
+ */
+ VATTR_INIT(&va);
+ VATTR_WANTED(&va, va_uid);
+ if ((error = vnode_getattr(vp, &va, ctx)) ||
+ (va.va_uid != kauth_cred_getuid(vfs_context_ucred(ctx)) &&
+ (!vfs_context_issuser(ctx)))) {
+ error = EPERM;
+ goto out;
+ }
}
- return;
-}
-
-static int
-checkdirs_callback(proc_t p, void * arg)
-{
- struct cdirargs * cdrp = (struct cdirargs * )arg;
- vnode_t olddp = cdrp->olddp;
- vnode_t newdp = cdrp->newdp;
- struct filedesc *fdp;
- vnode_t tvp;
- vnode_t fdp_cvp;
- vnode_t fdp_rvp;
- int cdir_changed = 0;
- int rdir_changed = 0;
+ if ( (error = VNOP_FSYNC(vp, MNT_WAIT, ctx)) )
+ goto out;
- /*
- * XXX Also needs to iterate each thread in the process to see if it
- * XXX is using a per-thread current working directory, and, if so,
- * XXX update that as well.
- */
+ if ( (error = buf_invalidateblks(vp, BUF_WRITE_DATA, 0, 0)) )
+ goto out;
- proc_fdlock(p);
- fdp = p->p_fd;
- if (fdp == (struct filedesc *)0) {
- proc_fdunlock(p);
- return(PROC_RETURNED);
+ if (vp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
}
- fdp_cvp = fdp->fd_cdir;
- fdp_rvp = fdp->fd_rdir;
- proc_fdunlock(p);
- if (fdp_cvp == olddp) {
- vnode_ref(newdp);
- tvp = fdp->fd_cdir;
- fdp_cvp = newdp;
- cdir_changed = 1;
- vnode_rele(tvp);
- }
- if (fdp_rvp == olddp) {
- vnode_ref(newdp);
- tvp = fdp->fd_rdir;
- fdp_rvp = newdp;
- rdir_changed = 1;
- vnode_rele(tvp);
- }
- if (cdir_changed || rdir_changed) {
- proc_fdlock(p);
- fdp->fd_cdir = fdp_cvp;
- fdp->fd_rdir = fdp_rvp;
- proc_fdunlock(p);
+ if (ISSET(vp->v_flag, VMOUNT) && (vp->v_mountedhere != NULL)) {
+ error = EBUSY;
+ goto out;
}
- return(PROC_RETURNED);
+
+#if CONFIG_MACF
+ error = mac_mount_check_mount(ctx, vp,
+ cnp, fsname);
+ if (error != 0)
+ goto out;
+#endif
+
+ vnode_lock_spin(vp);
+ SET(vp->v_flag, VMOUNT);
+ vnode_unlock(vp);
+
+out:
+ return error;
}
+#if CONFIG_IMGSRC_ACCESS
+#if DEBUG
+#define IMGSRC_DEBUG(args...) printf(args)
+#else
+#define IMGSRC_DEBUG(args...) do { } while(0)
+#endif
-/*
- * Scan all active processes to see if any of them have a current
- * or root directory onto which the new filesystem has just been
- * mounted. If so, replace them with the new mount point.
- */
static int
-checkdirs(vnode_t olddp, vfs_context_t ctx)
+authorize_devpath_and_update_mntfromname(mount_t mp, user_addr_t devpath, vnode_t *devvpp, vfs_context_t ctx)
{
- vnode_t newdp;
- vnode_t tvp;
- int err;
- struct cdirargs cdr;
- struct uthread * uth = get_bsdthread_info(current_thread());
-
- if (olddp->v_usecount == 1)
- return(0);
- if (uth != (struct uthread *)0)
- uth->uu_notrigger = 1;
- err = VFS_ROOT(olddp->v_mountedhere, &newdp, ctx);
- if (uth != (struct uthread *)0)
- uth->uu_notrigger = 0;
+ struct nameidata nd;
+ vnode_t vp, realdevvp;
+ mode_t accessmode;
+ int error;
- if (err != 0) {
-#if DIAGNOSTIC
- panic("mount: lost mount: error %d", err);
-#endif
- return(err);
+ NDINIT(&nd, LOOKUP, OP_LOOKUP, FOLLOW, UIO_USERSPACE, devpath, ctx);
+ if ( (error = namei(&nd)) ) {
+ IMGSRC_DEBUG("namei() failed with %d\n", error);
+ return error;
}
- cdr.olddp = olddp;
- cdr.newdp = newdp;
- /* do not block for exec/fork trans as the vp in cwd & rootdir are not changing */
- proc_iterate(PROC_ALLPROCLIST | PROC_NOWAITTRANS, checkdirs_callback, (void *)&cdr, NULL, NULL);
+ vp = nd.ni_vp;
- if (rootvnode == olddp) {
- vnode_ref(newdp);
- tvp = rootvnode;
- rootvnode = newdp;
- vnode_rele(tvp);
+ if (!vnode_isblk(vp)) {
+ IMGSRC_DEBUG("Not block device.\n");
+ error = ENOTBLK;
+ goto out;
}
- vnode_put(newdp);
- return(0);
-}
-
-/*
- * Unmount a file system.
- *
- * Note: unmount takes a path to the vnode mounted on as argument,
- * not special file (as before).
- */
-/* ARGSUSED */
-int
-unmount(__unused proc_t p, struct unmount_args *uap, __unused register_t *retval)
-{
- vnode_t vp;
- struct mount *mp;
- int error;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
-
- NDINIT(&nd, LOOKUP, NOTRIGGER | FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- vp = nd.ni_vp;
- mp = vp->v_mount;
- nameidone(&nd);
+ realdevvp = mp->mnt_devvp;
+ if (realdevvp == NULLVP) {
+ IMGSRC_DEBUG("No device backs the mount.\n");
+ error = ENXIO;
+ goto out;
+ }
-#if CONFIG_MACF
- error = mac_mount_check_umount(ctx, mp);
+ error = vnode_getwithref(realdevvp);
if (error != 0) {
- vnode_put(vp);
- return (error);
+ IMGSRC_DEBUG("Coudn't get iocount on device.\n");
+ goto out;
}
-#endif
+
+ if (vnode_specrdev(vp) != vnode_specrdev(realdevvp)) {
+ IMGSRC_DEBUG("Wrong dev_t.\n");
+ error = ENXIO;
+ goto out1;
+ }
+
+ strlcpy(mp->mnt_vfsstat.f_mntfromname, nd.ni_cnd.cn_pnbuf, MAXPATHLEN);
+
/*
- * Must be the root of the filesystem
+ * If mount by non-root, then verify that user has necessary
+ * permissions on the device.
*/
- if ((vp->v_flag & VROOT) == 0) {
- vnode_put(vp);
- return (EINVAL);
+ if (!vfs_context_issuser(ctx)) {
+ accessmode = KAUTH_VNODE_READ_DATA;
+ if ((mp->mnt_flag & MNT_RDONLY) == 0)
+ accessmode |= KAUTH_VNODE_WRITE_DATA;
+ if ((error = vnode_authorize(vp, NULL, accessmode, ctx)) != 0) {
+ IMGSRC_DEBUG("Access denied.\n");
+ goto out1;
+ }
}
- mount_ref(mp, 0);
- vnode_put(vp);
- /* safedounmount consumes the mount ref */
- return (safedounmount(mp, uap->flags, ctx));
-}
-int
-vfs_unmountbyfsid(fsid_t * fsid, int flags, vfs_context_t ctx)
-{
- mount_t mp;
+ *devvpp = vp;
- mp = mount_list_lookupby_fsid(fsid, 0, 1);
- if (mp == (mount_t)0) {
- return(ENOENT);
+out1:
+ vnode_put(realdevvp);
+out:
+ nameidone(&nd);
+ if (error) {
+ vnode_put(vp);
}
- mount_ref(mp, 0);
- mount_iterdrop(mp);
- /* safedounmount consumes the mount ref */
- return(safedounmount(mp, flags, ctx));
-}
+ return error;
+}
/*
- * The mount struct comes with a mount ref which will be consumed.
- * Do the actual file system unmount, prevent some common foot shooting.
+ * Clear VMOUNT, set v_mountedhere, and mnt_vnodecovered, ref the vnode,
+ * and call checkdirs()
*/
-int
-safedounmount(struct mount *mp, int flags, vfs_context_t ctx)
+static int
+place_mount_and_checkdirs(mount_t mp, vnode_t vp, vfs_context_t ctx)
{
int error;
- proc_t p = vfs_context_proc(ctx);
- /*
- * Only root, or the user that did the original mount is
- * permitted to unmount this filesystem.
- */
- if ((mp->mnt_vfsstat.f_owner != kauth_cred_getuid(kauth_cred_get())) &&
- (error = suser(kauth_cred_get(), &p->p_acflag)))
- goto out;
+ mp->mnt_vnodecovered = vp; /* XXX This is normally only set at init-time ... */
+
+ vnode_lock_spin(vp);
+ CLR(vp->v_flag, VMOUNT);
+ vp->v_mountedhere = mp;
+ vnode_unlock(vp);
- /*
- * Don't allow unmounting the root file system.
- */
- if (mp->mnt_flag & MNT_ROOTFS) {
- error = EBUSY; /* the root is always busy */
- goto out;
- }
-
- return (dounmount(mp, flags, 1, ctx));
-
-out:
- mount_drop(mp, 0);
- return(error);
-}
-
-/*
- * Do the actual file system unmount.
- */
-int
-dounmount(struct mount *mp, int flags, int withref, vfs_context_t ctx)
-{
- vnode_t coveredvp = (vnode_t)0;
- int error;
- int needwakeup = 0;
- int forcedunmount = 0;
- int lflags = 0;
-
- if (flags & MNT_FORCE)
- forcedunmount = 1;
- mount_lock(mp);
- /* XXX post jaguar fix LK_DRAIN - then clean this up */
- if ((flags & MNT_FORCE)) {
- mp->mnt_kern_flag |= MNTK_FRCUNMOUNT;
- mp->mnt_lflag |= MNT_LFORCE;
- }
- if (mp->mnt_lflag & MNT_LUNMOUNT) {
- mp->mnt_lflag |= MNT_LWAIT;
- if(withref != 0)
- mount_drop(mp, 1);
- msleep((caddr_t)mp, &mp->mnt_mlock, (PVFS | PDROP), "dounmount", NULL);
- /*
- * The prior unmount attempt has probably succeeded.
- * Do not dereference mp here - returning EBUSY is safest.
- */
- return (EBUSY);
- }
- mp->mnt_kern_flag |= MNTK_UNMOUNT;
- mp->mnt_lflag |= MNT_LUNMOUNT;
- mp->mnt_flag &=~ MNT_ASYNC;
- /*
- * anyone currently in the fast path that
- * trips over the cached rootvp will be
- * dumped out and forced into the slow path
- * to regenerate a new cached value
- */
- mp->mnt_realrootvp = NULLVP;
- mount_unlock(mp);
-
/*
* taking the name_cache_lock exclusively will
* insure that everyone is out of the fast path who
mount_generation++;
name_cache_unlock();
-
- lck_rw_lock_exclusive(&mp->mnt_rwlock);
- if (withref != 0)
- mount_drop(mp, 0);
-#if CONFIG_FSE
- fsevent_unmount(mp); /* has to come first! */
-#endif
- error = 0;
- if (forcedunmount == 0) {
- ubc_umount(mp); /* release cached vnodes */
- if ((mp->mnt_flag & MNT_RDONLY) == 0) {
- error = VFS_SYNC(mp, MNT_WAIT, ctx);
- if (error) {
- mount_lock(mp);
- mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
- mp->mnt_lflag &= ~MNT_LUNMOUNT;
- mp->mnt_lflag &= ~MNT_LFORCE;
- goto out;
- }
- }
- }
-
- if (forcedunmount)
- lflags |= FORCECLOSE;
- error = vflush(mp, NULLVP, SKIPSWAP | SKIPSYSTEM | SKIPROOT | lflags);
- if ((forcedunmount == 0) && error) {
- mount_lock(mp);
- mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
- mp->mnt_lflag &= ~MNT_LUNMOUNT;
- mp->mnt_lflag &= ~MNT_LFORCE;
+ error = vnode_ref(vp);
+ if (error != 0) {
goto out;
}
- /* make sure there are no one in the mount iterations or lookup */
- mount_iterdrain(mp);
-
- error = VFS_UNMOUNT(mp, flags, ctx);
- if (error) {
- mount_iterreset(mp);
- mount_lock(mp);
- mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
- mp->mnt_lflag &= ~MNT_LUNMOUNT;
- mp->mnt_lflag &= ~MNT_LFORCE;
+ error = checkdirs(vp, ctx);
+ if (error != 0) {
+ /* Unmount the filesystem as cdir/rdirs cannot be updated */
+ vnode_rele(vp);
goto out;
}
- /* increment the operations count */
- if (!error)
- OSAddAtomic(1, (SInt32 *)&vfs_nummntops);
-
- if ( mp->mnt_devvp && mp->mnt_vtable->vfc_vfsflags & VFC_VFSLOCALARGS) {
- mp->mnt_devvp->v_specflags &= ~SI_MOUNTEDON;
- VNOP_CLOSE(mp->mnt_devvp, mp->mnt_flag & MNT_RDONLY ? FREAD : FREAD|FWRITE,
- ctx);
- vnode_rele(mp->mnt_devvp);
- }
- lck_rw_done(&mp->mnt_rwlock);
- mount_list_remove(mp);
- lck_rw_lock_exclusive(&mp->mnt_rwlock);
-
- /* mark the mount point hook in the vp but not drop the ref yet */
- if ((coveredvp = mp->mnt_vnodecovered) != NULLVP) {
- vnode_getwithref(coveredvp);
- vnode_lock_spin(coveredvp);
- coveredvp->v_mountedhere = (struct mount *)0;
- vnode_unlock(coveredvp);
- vnode_put(coveredvp);
+out:
+ if (error != 0) {
+ mp->mnt_vnodecovered = NULLVP;
}
+ return error;
+}
- mount_list_lock();
- mp->mnt_vtable->vfc_refcount--;
- mount_list_unlock();
+static void
+undo_place_on_covered_vp(mount_t mp, vnode_t vp)
+{
+ vnode_rele(vp);
+ vnode_lock_spin(vp);
+ vp->v_mountedhere = (mount_t)NULL;
+ vnode_unlock(vp);
- cache_purgevfs(mp); /* remove cache entries for this file sys */
- vfs_event_signal(NULL, VQ_UNMOUNT, (intptr_t)NULL);
- mount_lock(mp);
- mp->mnt_lflag |= MNT_LDEAD;
+ mp->mnt_vnodecovered = NULLVP;
+}
- if (mp->mnt_lflag & MNT_LWAIT) {
- /*
- * do the wakeup here
- * in case we block in mount_refdrain
- * which will drop the mount lock
- * and allow anyone blocked in vfs_busy
- * to wakeup and see the LDEAD state
- */
- mp->mnt_lflag &= ~MNT_LWAIT;
- wakeup((caddr_t)mp);
- }
- mount_refdrain(mp);
-out:
- if (mp->mnt_lflag & MNT_LWAIT) {
- mp->mnt_lflag &= ~MNT_LWAIT;
- needwakeup = 1;
+static int
+mount_begin_update(mount_t mp, vfs_context_t ctx, int flags)
+{
+ int error;
+
+ /* unmount in progress return error */
+ mount_lock_spin(mp);
+ if (mp->mnt_lflag & MNT_LUNMOUNT) {
+ mount_unlock(mp);
+ return EBUSY;
}
mount_unlock(mp);
- lck_rw_done(&mp->mnt_rwlock);
+ lck_rw_lock_exclusive(&mp->mnt_rwlock);
- if (needwakeup)
- wakeup((caddr_t)mp);
- if (!error) {
- if ((coveredvp != NULLVP)) {
- vnode_getwithref(coveredvp);
- vnode_rele(coveredvp);
- vnode_lock_spin(coveredvp);
- if(mp->mnt_crossref == 0) {
- vnode_unlock(coveredvp);
- mount_lock_destroy(mp);
-#if CONFIG_MACF
- mac_mount_label_destroy(mp);
-#endif
- FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
- } else {
- coveredvp->v_lflag |= VL_MOUNTDEAD;
- vnode_unlock(coveredvp);
- }
- vnode_put(coveredvp);
- } else if (mp->mnt_flag & MNT_ROOTFS) {
- mount_lock_destroy(mp);
-#if CONFIG_MACF
- mac_mount_label_destroy(mp);
-#endif
- FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
- } else
- panic("dounmount: no coveredvp");
+ /*
+ * We only allow the filesystem to be reloaded if it
+ * is currently mounted read-only.
+ */
+ if ((flags & MNT_RELOAD) &&
+ ((mp->mnt_flag & MNT_RDONLY) == 0)) {
+ error = ENOTSUP;
+ goto out;
}
- return (error);
-}
-void
-mount_dropcrossref(mount_t mp, vnode_t dp, int need_put)
-{
- vnode_lock(dp);
- mp->mnt_crossref--;
- if (mp->mnt_crossref < 0)
- panic("mount cross refs -ve");
- if (((dp->v_lflag & VL_MOUNTDEAD) == VL_MOUNTDEAD) && (mp->mnt_crossref == 0)) {
- dp->v_lflag &= ~VL_MOUNTDEAD;
- if (need_put)
- vnode_put_locked(dp);
- vnode_unlock(dp);
- mount_lock_destroy(mp);
+ /*
+ * Only root, or the user that did the original mount is
+ * permitted to update it.
+ */
+ if (mp->mnt_vfsstat.f_owner != kauth_cred_getuid(vfs_context_ucred(ctx)) &&
+ (!vfs_context_issuser(ctx))) {
+ error = EPERM;
+ goto out;
+ }
#if CONFIG_MACF
- mac_mount_label_destroy(mp);
+ error = mac_mount_check_remount(ctx, mp);
+ if (error != 0) {
+ goto out;
+ }
#endif
- FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
- return;
- }
- if (need_put)
- vnode_put_locked(dp);
- vnode_unlock(dp);
-}
-
-/*
- * Sync each mounted filesystem.
- */
-#if DIAGNOSTIC
-int syncprt = 0;
-struct ctldebug debug0 = { "syncprt", &syncprt };
-#endif
+out:
+ if (error) {
+ lck_rw_done(&mp->mnt_rwlock);
+ }
-int print_vmpage_stat=0;
+ return error;
+}
-static int
-sync_callback(mount_t mp, __unused void * arg)
+static void
+mount_end_update(mount_t mp)
{
- int asyncflag;
-
- if ((mp->mnt_flag & MNT_RDONLY) == 0) {
- asyncflag = mp->mnt_flag & MNT_ASYNC;
- mp->mnt_flag &= ~MNT_ASYNC;
- VFS_SYNC(mp, MNT_NOWAIT, vfs_context_current());
- if (asyncflag)
- mp->mnt_flag |= MNT_ASYNC;
- }
- return(VFS_RETURNED);
+ lck_rw_done(&mp->mnt_rwlock);
}
-
-extern unsigned int vp_pagein, vp_pgodirty, vp_pgoclean;
-extern unsigned int dp_pgins, dp_pgouts;
-
-/* ARGSUSED */
-int
-sync(__unused proc_t p, __unused struct sync_args *uap, __unused register_t *retval)
+static int
+get_imgsrc_rootvnode(uint32_t height, vnode_t *rvpp)
{
+ vnode_t vp;
- vfs_iterate(LK_NOWAIT, sync_callback, (void *)0);
- {
- if(print_vmpage_stat) {
- vm_countdirtypages();
- printf("VP: %d: %d: %d: %d: %d\n", vp_pgodirty, vp_pgoclean, vp_pagein,
- dp_pgins, dp_pgouts);
+ if (height >= MAX_IMAGEBOOT_NESTING) {
+ return EINVAL;
}
+
+ vp = imgsrc_rootvnodes[height];
+ if ((vp != NULLVP) && (vnode_get(vp) == 0)) {
+ *rvpp = vp;
+ return 0;
+ } else {
+ return ENOENT;
}
-#if DIAGNOSTIC
- if (syncprt)
- vfs_bufstats();
-#endif /* DIAGNOSTIC */
- return (0);
}
-/*
- * Change filesystem quotas.
- */
-#if QUOTA
-static int quotactl_funneled(proc_t p, struct quotactl_args *uap, register_t *retval);
-
-int
-quotactl(proc_t p, struct quotactl_args *uap, register_t *retval)
+static int
+relocate_imageboot_source(vnode_t pvp, vnode_t vp, struct componentname *cnp,
+ const char *fsname, vfs_context_t ctx,
+ boolean_t is64bit, user_addr_t fsmountargs, boolean_t by_index)
{
- boolean_t funnel_state;
int error;
-
- funnel_state = thread_funnel_set(kernel_flock, TRUE);
- error = quotactl_funneled(p, uap, retval);
- thread_funnel_set(kernel_flock, funnel_state);
- return(error);
-}
+ mount_t mp;
+ boolean_t placed = FALSE;
+ vnode_t devvp = NULLVP;
+ struct vfstable *vfsp;
+ user_addr_t devpath;
+ char *old_mntonname;
+ vnode_t rvp;
+ uint32_t height;
+ uint32_t flags;
-static int
-quotactl_funneled(proc_t p, struct quotactl_args *uap, __unused register_t *retval)
-{
- struct mount *mp;
- int error, quota_cmd, quota_status;
- caddr_t datap;
- size_t fnamelen;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
- struct dqblk my_dqblk;
+ /* If we didn't imageboot, nothing to move */
+ if (imgsrc_rootvnodes[0] == NULLVP) {
+ return EINVAL;
+ }
- AUDIT_ARG(uid, uap->uid, 0, 0, 0);
- AUDIT_ARG(cmd, uap->cmd);
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- mp = nd.ni_vp->v_mount;
- vnode_put(nd.ni_vp);
- nameidone(&nd);
+ /* Only root can do this */
+ if (!vfs_context_issuser(ctx)) {
+ return EPERM;
+ }
- /* copyin any data we will need for downstream code */
- quota_cmd = uap->cmd >> SUBCMDSHIFT;
+ IMGSRC_DEBUG("looking for root vnode.\n");
- switch (quota_cmd) {
- case Q_QUOTAON:
- /* uap->arg specifies a file from which to take the quotas */
- fnamelen = MAXPATHLEN;
- datap = kalloc(MAXPATHLEN);
- error = copyinstr(uap->arg, datap, MAXPATHLEN, &fnamelen);
- break;
- case Q_GETQUOTA:
- /* uap->arg is a pointer to a dqblk structure. */
- datap = (caddr_t) &my_dqblk;
- break;
- case Q_SETQUOTA:
- case Q_SETUSE:
- /* uap->arg is a pointer to a dqblk structure. */
- datap = (caddr_t) &my_dqblk;
- if (proc_is64bit(p)) {
- struct user_dqblk my_dqblk64;
- error = copyin(uap->arg, (caddr_t)&my_dqblk64, sizeof (my_dqblk64));
- if (error == 0) {
- munge_dqblk(&my_dqblk, &my_dqblk64, FALSE);
+ /*
+ * Get root vnode of filesystem we're moving.
+ */
+ if (by_index) {
+ if (is64bit) {
+ struct user64_mnt_imgsrc_args mia64;
+ error = copyin(fsmountargs, &mia64, sizeof(mia64));
+ if (error != 0) {
+ IMGSRC_DEBUG("Failed to copy in arguments.\n");
+ return error;
}
- }
- else {
- error = copyin(uap->arg, (caddr_t)&my_dqblk, sizeof (my_dqblk));
- }
- break;
- case Q_QUOTASTAT:
- /* uap->arg is a pointer to an integer */
- datap = (caddr_t) "a_status;
- break;
- default:
- datap = NULL;
- break;
- } /* switch */
-
- if (error == 0) {
- error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, datap, ctx);
- }
- switch (quota_cmd) {
- case Q_QUOTAON:
- if (datap != NULL)
- kfree(datap, MAXPATHLEN);
- break;
- case Q_GETQUOTA:
- /* uap->arg is a pointer to a dqblk structure we need to copy out to */
- if (error == 0) {
- if (proc_is64bit(p)) {
- struct user_dqblk my_dqblk64;
- munge_dqblk(&my_dqblk, &my_dqblk64, TRUE);
- error = copyout((caddr_t)&my_dqblk64, uap->arg, sizeof (my_dqblk64));
- }
- else {
- error = copyout(datap, uap->arg, sizeof (struct dqblk));
+ height = mia64.mi_height;
+ flags = mia64.mi_flags;
+ devpath = mia64.mi_devpath;
+ } else {
+ struct user32_mnt_imgsrc_args mia32;
+ error = copyin(fsmountargs, &mia32, sizeof(mia32));
+ if (error != 0) {
+ IMGSRC_DEBUG("Failed to copy in arguments.\n");
+ return error;
}
+
+ height = mia32.mi_height;
+ flags = mia32.mi_flags;
+ devpath = mia32.mi_devpath;
}
- break;
- case Q_QUOTASTAT:
- /* uap->arg is a pointer to an integer */
- if (error == 0) {
- error = copyout(datap, uap->arg, sizeof(quota_status));
+ } else {
+ /*
+ * For binary compatibility--assumes one level of nesting.
+ */
+ if (is64bit) {
+ if ( (error = copyin(fsmountargs, (caddr_t)&devpath, sizeof(devpath))) )
+ return error;
+ } else {
+ user32_addr_t tmp;
+ if ( (error = copyin(fsmountargs, (caddr_t)&tmp, sizeof(tmp))) )
+ return error;
+
+ /* munge into LP64 addr */
+ devpath = CAST_USER_ADDR_T(tmp);
}
- break;
- default:
- break;
- } /* switch */
- return (error);
-}
-#else
-int
-quotactl(__unused proc_t p, __unused struct quotactl_args *uap, __unused register_t *retval)
-{
- return (EOPNOTSUPP);
-}
-#endif /* QUOTA */
+ height = 0;
+ flags = 0;
+ }
-/*
- * Get filesystem statistics.
- *
- * Returns: 0 Success
- * namei:???
- * vfs_update_vfsstat:???
- * munge_statfs:EFAULT
- */
-/* ARGSUSED */
-int
-statfs(__unused proc_t p, struct statfs_args *uap, __unused register_t *retval)
-{
- struct mount *mp;
- struct vfsstatfs *sp;
- int error;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
- vnode_t vp;
+ if (flags != 0) {
+ IMGSRC_DEBUG("%s: Got nonzero flags.\n", __FUNCTION__);
+ return EINVAL;
+ }
- NDINIT(&nd, LOOKUP, NOTRIGGER | FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- vp = nd.ni_vp;
- mp = vp->v_mount;
- sp = &mp->mnt_vfsstat;
- nameidone(&nd);
+ error = get_imgsrc_rootvnode(height, &rvp);
+ if (error != 0) {
+ IMGSRC_DEBUG("getting root vnode failed with %d\n", error);
+ return error;
+ }
- error = vfs_update_vfsstat(mp, ctx, VFS_USER_EVENT);
- vnode_put(vp);
- if (error != 0)
- return (error);
+ IMGSRC_DEBUG("got root vnode.\n");
- error = munge_statfs(mp, sp, uap->buf, NULL, IS_64BIT_PROCESS(p), TRUE);
- return (error);
-}
+ MALLOC(old_mntonname, char*, MAXPATHLEN, M_TEMP, M_WAITOK);
-/*
- * Get filesystem statistics.
- */
-/* ARGSUSED */
-int
-fstatfs(__unused proc_t p, struct fstatfs_args *uap, __unused register_t *retval)
-{
- vnode_t vp;
- struct mount *mp;
- struct vfsstatfs *sp;
- int error;
+ /* Can only move once */
+ mp = vnode_mount(rvp);
+ if ((mp->mnt_kern_flag & MNTK_HAS_MOVED) == MNTK_HAS_MOVED) {
+ IMGSRC_DEBUG("Already moved.\n");
+ error = EBUSY;
+ goto out0;
+ }
- AUDIT_ARG(fd, uap->fd);
+ IMGSRC_DEBUG("Starting updated.\n");
- if ( (error = file_vnode(uap->fd, &vp)) )
- return (error);
+ /* Get exclusive rwlock on mount, authorize update on mp */
+ error = mount_begin_update(mp , ctx, 0);
+ if (error != 0) {
+ IMGSRC_DEBUG("Starting updated failed with %d\n", error);
+ goto out0;
+ }
- AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+ /*
+ * It can only be moved once. Flag is set under the rwlock,
+ * so we're now safe to proceed.
+ */
+ if ((mp->mnt_kern_flag & MNTK_HAS_MOVED) == MNTK_HAS_MOVED) {
+ IMGSRC_DEBUG("Already moved [2]\n");
+ goto out1;
+ }
+
+
+ IMGSRC_DEBUG("Preparing coveredvp.\n");
- mp = vp->v_mount;
- if (!mp) {
- file_drop(uap->fd);
- return (EBADF);
+ /* Mark covered vnode as mount in progress, authorize placing mount on top */
+ error = prepare_coveredvp(vp, ctx, cnp, fsname, FALSE);
+ if (error != 0) {
+ IMGSRC_DEBUG("Preparing coveredvp failed with %d.\n", error);
+ goto out1;
}
- sp = &mp->mnt_vfsstat;
- if ((error = vfs_update_vfsstat(mp,vfs_context_current(),VFS_USER_EVENT)) != 0) {
- file_drop(uap->fd);
- return (error);
+
+ IMGSRC_DEBUG("Covered vp OK.\n");
+
+ /* Sanity check the name caller has provided */
+ vfsp = mp->mnt_vtable;
+ if (strncmp(vfsp->vfc_name, fsname, MFSNAMELEN) != 0) {
+ IMGSRC_DEBUG("Wrong fs name.\n");
+ error = EINVAL;
+ goto out2;
}
- file_drop(uap->fd);
- error = munge_statfs(mp, sp, uap->buf, NULL, IS_64BIT_PROCESS(p), TRUE);
+ /* Check the device vnode and update mount-from name, for local filesystems */
+ if (vfsp->vfc_vfsflags & VFC_VFSLOCALARGS) {
+ IMGSRC_DEBUG("Local, doing device validation.\n");
- return (error);
-}
+ if (devpath != USER_ADDR_NULL) {
+ error = authorize_devpath_and_update_mntfromname(mp, devpath, &devvp, ctx);
+ if (error) {
+ IMGSRC_DEBUG("authorize_devpath_and_update_mntfromname() failed.\n");
+ goto out2;
+ }
-/*
- * Common routine to handle copying of statfs64 data to user space
- */
-static int
-statfs64_common(struct mount *mp, struct vfsstatfs *sfsp, user_addr_t bufp)
-{
- int error;
- struct statfs64 sfs;
-
- bzero(&sfs, sizeof(sfs));
+ vnode_put(devvp);
+ }
+ }
- sfs.f_bsize = sfsp->f_bsize;
- sfs.f_iosize = (int32_t)sfsp->f_iosize;
- sfs.f_blocks = sfsp->f_blocks;
- sfs.f_bfree = sfsp->f_bfree;
- sfs.f_bavail = sfsp->f_bavail;
- sfs.f_files = sfsp->f_files;
- sfs.f_ffree = sfsp->f_ffree;
- sfs.f_fsid = sfsp->f_fsid;
- sfs.f_owner = sfsp->f_owner;
- sfs.f_type = mp->mnt_vtable->vfc_typenum;
- sfs.f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
- sfs.f_fssubtype = sfsp->f_fssubtype;
- strlcpy(&sfs.f_fstypename[0], &sfsp->f_fstypename[0], MFSTYPENAMELEN);
- strlcpy(&sfs.f_mntonname[0], &sfsp->f_mntonname[0], MAXPATHLEN);
- strlcpy(&sfs.f_mntfromname[0], &sfsp->f_mntfromname[0], MAXPATHLEN);
+ /*
+ * Place mp on top of vnode, ref the vnode, call checkdirs(),
+ * and increment the name cache's mount generation
+ */
- error = copyout((caddr_t)&sfs, bufp, sizeof(sfs));
+ IMGSRC_DEBUG("About to call place_mount_and_checkdirs().\n");
+ error = place_mount_and_checkdirs(mp, vp, ctx);
+ if (error != 0) {
+ goto out2;
+ }
- return(error);
-}
+ placed = TRUE;
-/*
- * Get file system statistics in 64-bit mode
- */
-int
-statfs64(__unused struct proc *p, struct statfs64_args *uap, __unused register_t *retval)
-{
- struct mount *mp;
- struct vfsstatfs *sp;
- int error;
- struct nameidata nd;
- vfs_context_t ctxp = vfs_context_current();
- vnode_t vp;
+ strncpy(old_mntonname, mp->mnt_vfsstat.f_mntonname, MAXPATHLEN);
+ strncpy(mp->mnt_vfsstat.f_mntonname, cnp->cn_pnbuf, MAXPATHLEN);
- NDINIT(&nd, LOOKUP, NOTRIGGER | FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctxp);
- error = namei(&nd);
- if (error)
- return (error);
- vp = nd.ni_vp;
- mp = vp->v_mount;
- sp = &mp->mnt_vfsstat;
- nameidone(&nd);
+ /* Forbid future moves */
+ mount_lock(mp);
+ mp->mnt_kern_flag |= MNTK_HAS_MOVED;
+ mount_unlock(mp);
- error = vfs_update_vfsstat(mp, ctxp, VFS_USER_EVENT);
- vnode_put(vp);
- if (error != 0)
- return (error);
+ /* Finally, add to mount list, completely ready to go */
+ if (mount_list_add(mp) != 0) {
+ /*
+ * The system is shutting down trying to umount
+ * everything, so fail with a plausible errno.
+ */
+ error = EBUSY;
+ goto out3;
+ }
- error = statfs64_common(mp, sp, uap->buf);
+ mount_end_update(mp);
+ vnode_put(rvp);
+ FREE(old_mntonname, M_TEMP);
- return (error);
-}
+ vfs_notify_mount(pvp);
-/*
- * Get file system statistics in 64-bit mode
- */
-int
-fstatfs64(__unused struct proc *p, struct fstatfs64_args *uap, __unused register_t *retval)
-{
- struct vnode *vp;
- struct mount *mp;
- struct vfsstatfs *sp;
- int error;
+ return 0;
+out3:
+ strncpy(mp->mnt_vfsstat.f_mntonname, old_mntonname, MAXPATHLEN);
- AUDIT_ARG(fd, uap->fd);
+ mount_lock(mp);
+ mp->mnt_kern_flag &= ~(MNTK_HAS_MOVED);
+ mount_unlock(mp);
- if ( (error = file_vnode(uap->fd, &vp)) )
- return (error);
+out2:
+ /*
+ * Placing the mp on the vnode clears VMOUNT,
+ * so cleanup is different after that point
+ */
+ if (placed) {
+ /* Rele the vp, clear VMOUNT and v_mountedhere */
+ undo_place_on_covered_vp(mp, vp);
+ } else {
+ vnode_lock_spin(vp);
+ CLR(vp->v_flag, VMOUNT);
+ vnode_unlock(vp);
+ }
+out1:
+ mount_end_update(mp);
- AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+out0:
+ vnode_put(rvp);
+ FREE(old_mntonname, M_TEMP);
+ return error;
+}
- mp = vp->v_mount;
- if (!mp) {
- file_drop(uap->fd);
- return (EBADF);
+#endif /* CONFIG_IMGSRC_ACCESS */
+
+void
+enablequotas(struct mount *mp, vfs_context_t ctx)
+{
+ struct nameidata qnd;
+ int type;
+ char qfpath[MAXPATHLEN];
+ const char *qfname = QUOTAFILENAME;
+ const char *qfopsname = QUOTAOPSNAME;
+ const char *qfextension[] = INITQFNAMES;
+
+ /* XXX Shoulkd be an MNTK_ flag, instead of strncmp()'s */
+ if (strncmp(mp->mnt_vfsstat.f_fstypename, "hfs", sizeof("hfs")) != 0 ) {
+ return;
}
- sp = &mp->mnt_vfsstat;
- if ((error = vfs_update_vfsstat(mp, vfs_context_current(), VFS_USER_EVENT)) != 0) {
- file_drop(uap->fd);
- return (error);
+ /*
+ * Enable filesystem disk quotas if necessary.
+ * We ignore errors as this should not interfere with final mount
+ */
+ for (type=0; type < MAXQUOTAS; type++) {
+ snprintf(qfpath, sizeof(qfpath), "%s/%s.%s", mp->mnt_vfsstat.f_mntonname, qfopsname, qfextension[type]);
+ NDINIT(&qnd, LOOKUP, OP_MOUNT, FOLLOW, UIO_SYSSPACE,
+ CAST_USER_ADDR_T(qfpath), ctx);
+ if (namei(&qnd) != 0)
+ continue; /* option file to trigger quotas is not present */
+ vnode_put(qnd.ni_vp);
+ nameidone(&qnd);
+ snprintf(qfpath, sizeof(qfpath), "%s/%s.%s", mp->mnt_vfsstat.f_mntonname, qfname, qfextension[type]);
+
+ (void) VFS_QUOTACTL(mp, QCMD(Q_QUOTAON, type), 0, qfpath, ctx);
}
- file_drop(uap->fd);
+ return;
+}
- error = statfs64_common(mp, sp, uap->buf);
- return (error);
+static int
+checkdirs_callback(proc_t p, void * arg)
+{
+ struct cdirargs * cdrp = (struct cdirargs * )arg;
+ vnode_t olddp = cdrp->olddp;
+ vnode_t newdp = cdrp->newdp;
+ struct filedesc *fdp;
+ vnode_t tvp;
+ vnode_t fdp_cvp;
+ vnode_t fdp_rvp;
+ int cdir_changed = 0;
+ int rdir_changed = 0;
+
+ /*
+ * XXX Also needs to iterate each thread in the process to see if it
+ * XXX is using a per-thread current working directory, and, if so,
+ * XXX update that as well.
+ */
+
+ proc_fdlock(p);
+ fdp = p->p_fd;
+ if (fdp == (struct filedesc *)0) {
+ proc_fdunlock(p);
+ return(PROC_RETURNED);
+ }
+ fdp_cvp = fdp->fd_cdir;
+ fdp_rvp = fdp->fd_rdir;
+ proc_fdunlock(p);
+
+ if (fdp_cvp == olddp) {
+ vnode_ref(newdp);
+ tvp = fdp->fd_cdir;
+ fdp_cvp = newdp;
+ cdir_changed = 1;
+ vnode_rele(tvp);
+ }
+ if (fdp_rvp == olddp) {
+ vnode_ref(newdp);
+ tvp = fdp->fd_rdir;
+ fdp_rvp = newdp;
+ rdir_changed = 1;
+ vnode_rele(tvp);
+ }
+ if (cdir_changed || rdir_changed) {
+ proc_fdlock(p);
+ fdp->fd_cdir = fdp_cvp;
+ fdp->fd_rdir = fdp_rvp;
+ proc_fdunlock(p);
+ }
+ return(PROC_RETURNED);
}
-struct getfsstat_struct {
- user_addr_t sfsp;
- user_addr_t *mp;
- int count;
- int maxcount;
- int flags;
- int error;
-};
+/*
+ * Scan all active processes to see if any of them have a current
+ * or root directory onto which the new filesystem has just been
+ * mounted. If so, replace them with the new mount point.
+ */
static int
-getfsstat_callback(mount_t mp, void * arg)
+checkdirs(vnode_t olddp, vfs_context_t ctx)
{
-
- struct getfsstat_struct *fstp = (struct getfsstat_struct *)arg;
- struct vfsstatfs *sp;
- int error, my_size;
- vfs_context_t ctx = vfs_context_current();
+ vnode_t newdp;
+ vnode_t tvp;
+ int err;
+ struct cdirargs cdr;
+ struct uthread * uth = get_bsdthread_info(current_thread());
- if (fstp->sfsp && fstp->count < fstp->maxcount) {
- sp = &mp->mnt_vfsstat;
- /*
- * If MNT_NOWAIT is specified, do not refresh the
- * fsstat cache. MNT_WAIT overrides MNT_NOWAIT.
- */
- if (((fstp->flags & MNT_NOWAIT) == 0 || (fstp->flags & MNT_WAIT)) &&
- (error = vfs_update_vfsstat(mp, ctx,
- VFS_USER_EVENT))) {
- KAUTH_DEBUG("vfs_update_vfsstat returned %d", error);
- return(VFS_RETURNED);
- }
+ if (olddp->v_usecount == 1)
+ return(0);
+ if (uth != (struct uthread *)0)
+ uth->uu_notrigger = 1;
+ err = VFS_ROOT(olddp->v_mountedhere, &newdp, ctx);
+ if (uth != (struct uthread *)0)
+ uth->uu_notrigger = 0;
- /*
- * Need to handle LP64 version of struct statfs
- */
- error = munge_statfs(mp, sp, fstp->sfsp, &my_size, IS_64BIT_PROCESS(vfs_context_proc(ctx)), FALSE);
- if (error) {
- fstp->error = error;
- return(VFS_RETURNED_DONE);
- }
- fstp->sfsp += my_size;
+ if (err != 0) {
+#if DIAGNOSTIC
+ panic("mount: lost mount: error %d", err);
+#endif
+ return(err);
+ }
- if (fstp->mp) {
- error = mac_mount_label_get(mp, *fstp->mp);
- if (error) {
- fstp->error = error;
- return(VFS_RETURNED_DONE);
- }
- fstp->mp++;
- }
+ cdr.olddp = olddp;
+ cdr.newdp = newdp;
+ /* do not block for exec/fork trans as the vp in cwd & rootdir are not changing */
+ proc_iterate(PROC_ALLPROCLIST | PROC_NOWAITTRANS, checkdirs_callback, (void *)&cdr, NULL, NULL);
+
+ if (rootvnode == olddp) {
+ vnode_ref(newdp);
+ tvp = rootvnode;
+ rootvnode = newdp;
+ vnode_rele(tvp);
}
- fstp->count++;
- return(VFS_RETURNED);
+
+ vnode_put(newdp);
+ return(0);
}
/*
- * Get statistics on all filesystems.
+ * Unmount a file system.
+ *
+ * Note: unmount takes a path to the vnode mounted on as argument,
+ * not special file (as before).
*/
+/* ARGSUSED */
int
-getfsstat(__unused proc_t p, struct getfsstat_args *uap, int *retval)
+unmount(__unused proc_t p, struct unmount_args *uap, __unused int32_t *retval)
{
- struct __mac_getfsstat_args muap;
+ vnode_t vp;
+ struct mount *mp;
+ int error;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
- muap.buf = uap->buf;
- muap.bufsize = uap->bufsize;
- muap.mac = USER_ADDR_NULL;
- muap.macsize = 0;
- muap.flags = uap->flags;
+ NDINIT(&nd, LOOKUP, OP_UNMOUNT, NOTRIGGER | FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ vp = nd.ni_vp;
+ mp = vp->v_mount;
+ nameidone(&nd);
- return (__mac_getfsstat(p, &muap, retval));
+#if CONFIG_MACF
+ error = mac_mount_check_umount(ctx, mp);
+ if (error != 0) {
+ vnode_put(vp);
+ return (error);
+ }
+#endif
+ /*
+ * Must be the root of the filesystem
+ */
+ if ((vp->v_flag & VROOT) == 0) {
+ vnode_put(vp);
+ return (EINVAL);
+ }
+ mount_ref(mp, 0);
+ vnode_put(vp);
+ /* safedounmount consumes the mount ref */
+ return (safedounmount(mp, uap->flags, ctx));
}
int
-__mac_getfsstat(__unused proc_t p, struct __mac_getfsstat_args *uap, int *retval)
+vfs_unmountbyfsid(fsid_t * fsid, int flags, vfs_context_t ctx)
{
- user_addr_t sfsp;
- user_addr_t *mp;
- int count, maxcount;
- struct getfsstat_struct fst;
+ mount_t mp;
- if (IS_64BIT_PROCESS(p)) {
- maxcount = uap->bufsize / sizeof(struct user_statfs);
- }
- else {
- maxcount = uap->bufsize / sizeof(struct statfs);
+ mp = mount_list_lookupby_fsid(fsid, 0, 1);
+ if (mp == (mount_t)0) {
+ return(ENOENT);
}
- sfsp = uap->buf;
- count = 0;
+ mount_ref(mp, 0);
+ mount_iterdrop(mp);
+ /* safedounmount consumes the mount ref */
+ return(safedounmount(mp, flags, ctx));
+}
- mp = NULL;
-
-#if CONFIG_MACF
- if (uap->mac != USER_ADDR_NULL) {
- u_int32_t *mp0;
- int error;
- int i;
-
- count = (int)(uap->macsize / (IS_64BIT_PROCESS(p) ? 8 : 4));
- if (count != maxcount)
- return (EINVAL);
-
- /* Copy in the array */
- MALLOC(mp0, u_int32_t *, uap->macsize, M_MACTEMP, M_WAITOK);
- error = copyin(uap->mac, mp0, uap->macsize);
- if (error)
- return (error);
-
- /* Normalize to an array of user_addr_t */
- MALLOC(mp, user_addr_t *, count * sizeof(user_addr_t), M_MACTEMP, M_WAITOK);
- for (i = 0; i < count; i++) {
- if (IS_64BIT_PROCESS(p))
- mp[i] = ((user_addr_t *)mp0)[i];
- else
- mp[i] = (user_addr_t)mp0[i];
- }
- FREE(mp0, M_MACTEMP);
- }
-#endif
-
-
- fst.sfsp = sfsp;
- fst.mp = mp;
- fst.flags = uap->flags;
- fst.count = 0;
- fst.error = 0;
- fst.maxcount = maxcount;
-
-
- vfs_iterate(0, getfsstat_callback, &fst);
-
- if (mp)
- FREE(mp, M_MACTEMP);
-
- if (fst.error ) {
- KAUTH_DEBUG("ERROR - %s gets %d", p->p_comm, fst.error);
- return(fst.error);
- }
-
- if (fst.sfsp && fst.count > fst.maxcount)
- *retval = fst.maxcount;
- else
- *retval = fst.count;
- return (0);
-}
-
-static int
-getfsstat64_callback(mount_t mp, void * arg)
-{
- struct getfsstat_struct *fstp = (struct getfsstat_struct *)arg;
- struct vfsstatfs *sp;
- int error;
-
- if (fstp->sfsp && fstp->count < fstp->maxcount) {
- sp = &mp->mnt_vfsstat;
- /*
- * If MNT_NOWAIT is specified, do not refresh the
- * fsstat cache. MNT_WAIT overrides MNT_NOWAIT.
- */
- if (((fstp->flags & MNT_NOWAIT) == 0 || (fstp->flags & MNT_WAIT)) &&
- (error = vfs_update_vfsstat(mp, vfs_context_current(), VFS_USER_EVENT))) {
- KAUTH_DEBUG("vfs_update_vfsstat returned %d", error);
- return(VFS_RETURNED);
- }
-
- error = statfs64_common(mp, sp, fstp->sfsp);
- if (error) {
- fstp->error = error;
- return(VFS_RETURNED_DONE);
- }
- fstp->sfsp += sizeof(struct statfs64);
- }
- fstp->count++;
- return(VFS_RETURNED);
-}
/*
- * Get statistics on all file systems in 64 bit mode.
+ * The mount struct comes with a mount ref which will be consumed.
+ * Do the actual file system unmount, prevent some common foot shooting.
*/
int
-getfsstat64(__unused proc_t p, struct getfsstat64_args *uap, int *retval)
+safedounmount(struct mount *mp, int flags, vfs_context_t ctx)
{
- user_addr_t sfsp;
- int count, maxcount;
- struct getfsstat_struct fst;
-
- maxcount = uap->bufsize / sizeof(struct statfs64);
-
- sfsp = uap->buf;
- count = 0;
-
- fst.sfsp = sfsp;
- fst.flags = uap->flags;
- fst.count = 0;
- fst.error = 0;
- fst.maxcount = maxcount;
+ int error;
+ proc_t p = vfs_context_proc(ctx);
- vfs_iterate(0, getfsstat64_callback, &fst);
+ /*
+ * If the file system is not responding and MNT_NOBLOCK
+ * is set and not a forced unmount then return EBUSY.
+ */
+ if ((mp->mnt_kern_flag & MNT_LNOTRESP) &&
+ (flags & MNT_NOBLOCK) && ((flags & MNT_FORCE) == 0)) {
+ error = EBUSY;
+ goto out;
+ }
- if (fst.error ) {
- KAUTH_DEBUG("ERROR - %s gets %d", p->p_comm, fst.error);
- return(fst.error);
+ /*
+ * Skip authorization if the mount is tagged as permissive and
+ * this is not a forced-unmount attempt.
+ */
+ if (!(((mp->mnt_kern_flag & MNTK_PERMIT_UNMOUNT) != 0) && ((flags & MNT_FORCE) == 0))) {
+ /*
+ * Only root, or the user that did the original mount is
+ * permitted to unmount this filesystem.
+ */
+ if ((mp->mnt_vfsstat.f_owner != kauth_cred_getuid(kauth_cred_get())) &&
+ (error = suser(kauth_cred_get(), &p->p_acflag)))
+ goto out;
+ }
+ /*
+ * Don't allow unmounting the root file system.
+ */
+ if (mp->mnt_flag & MNT_ROOTFS) {
+ error = EBUSY; /* the root is always busy */
+ goto out;
}
- if (fst.sfsp && fst.count > fst.maxcount)
- *retval = fst.maxcount;
- else
- *retval = fst.count;
+#ifdef CONFIG_IMGSRC_ACCESS
+ if (mp->mnt_kern_flag & MNTK_BACKS_ROOT) {
+ error = EBUSY;
+ goto out;
+ }
+#endif /* CONFIG_IMGSRC_ACCESS */
- return (0);
-}
+ return (dounmount(mp, flags, 1, ctx));
-#if COMPAT_GETFSSTAT
-ogetfsstat(proc_t p, struct getfsstat_args *uap, register_t *retval)
-{
- return (ENOTSUP);
+out:
+ mount_drop(mp, 0);
+ return(error);
}
-#endif
/*
- * Change current working directory to a given file descriptor.
+ * Do the actual file system unmount.
*/
-/* ARGSUSED */
-static int
-common_fchdir(proc_t p, struct fchdir_args *uap, int per_thread)
+int
+dounmount(struct mount *mp, int flags, int withref, vfs_context_t ctx)
{
- struct filedesc *fdp = p->p_fd;
- vnode_t vp;
- vnode_t tdp;
- vnode_t tvp;
- struct mount *mp;
+ vnode_t coveredvp = (vnode_t)0;
int error;
- vfs_context_t ctx = vfs_context_current();
+ int needwakeup = 0;
+ int forcedunmount = 0;
+ int lflags = 0;
+ struct vnode *devvp = NULLVP;
+#if CONFIG_TRIGGERS
+ int did_vflush = 0;
+#endif /* CONFIG_TRIGGERS */
- if (per_thread && uap->fd == -1) {
+ if (flags & MNT_FORCE)
+ forcedunmount = 1;
+
+ mount_lock(mp);
+ /* XXX post jaguar fix LK_DRAIN - then clean this up */
+ if ((flags & MNT_FORCE)) {
+ mp->mnt_kern_flag |= MNTK_FRCUNMOUNT;
+ mp->mnt_lflag |= MNT_LFORCE;
+ }
+ if (mp->mnt_lflag & MNT_LUNMOUNT) {
+ mp->mnt_lflag |= MNT_LWAIT;
+ if(withref != 0)
+ mount_drop(mp, 1);
+ msleep((caddr_t)mp, &mp->mnt_mlock, (PVFS | PDROP), "dounmount", NULL);
/*
- * Switching back from per-thread to per process CWD; verify we
- * in fact have one before proceeding. The only success case
- * for this code path is to return 0 preemptively after zapping
- * the thread structure contents.
+ * The prior unmount attempt has probably succeeded.
+ * Do not dereference mp here - returning EBUSY is safest.
*/
- thread_t th = vfs_context_thread(ctx);
- if (th) {
- uthread_t uth = get_bsdthread_info(th);
- tvp = uth->uu_cdir;
- uth->uu_cdir = NULLVP;
- if (tvp != NULLVP) {
- vnode_rele(tvp);
- return (0);
+ return (EBUSY);
+ }
+ mp->mnt_kern_flag |= MNTK_UNMOUNT;
+ mp->mnt_lflag |= MNT_LUNMOUNT;
+ mp->mnt_flag &=~ MNT_ASYNC;
+ /*
+ * anyone currently in the fast path that
+ * trips over the cached rootvp will be
+ * dumped out and forced into the slow path
+ * to regenerate a new cached value
+ */
+ mp->mnt_realrootvp = NULLVP;
+ mount_unlock(mp);
+
+ /*
+ * taking the name_cache_lock exclusively will
+ * insure that everyone is out of the fast path who
+ * might be trying to use a now stale copy of
+ * vp->v_mountedhere->mnt_realrootvp
+ * bumping mount_generation causes the cached values
+ * to be invalidated
+ */
+ name_cache_lock();
+ mount_generation++;
+ name_cache_unlock();
+
+
+ lck_rw_lock_exclusive(&mp->mnt_rwlock);
+ if (withref != 0)
+ mount_drop(mp, 0);
+#if CONFIG_FSE
+ fsevent_unmount(mp); /* has to come first! */
+#endif
+ error = 0;
+ if (forcedunmount == 0) {
+ ubc_umount(mp); /* release cached vnodes */
+ if ((mp->mnt_flag & MNT_RDONLY) == 0) {
+ error = VFS_SYNC(mp, MNT_WAIT, ctx);
+ if (error) {
+ mount_lock(mp);
+ mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
+ mp->mnt_lflag &= ~MNT_LUNMOUNT;
+ mp->mnt_lflag &= ~MNT_LFORCE;
+ goto out;
}
}
- return (EBADF);
}
- if ( (error = file_vnode(uap->fd, &vp)) )
- return(error);
- if ( (error = vnode_getwithref(vp)) ) {
- file_drop(uap->fd);
- return(error);
+#if CONFIG_TRIGGERS
+ vfs_nested_trigger_unmounts(mp, flags, ctx);
+ did_vflush = 1;
+#endif
+ if (forcedunmount)
+ lflags |= FORCECLOSE;
+ error = vflush(mp, NULLVP, SKIPSWAP | SKIPSYSTEM | SKIPROOT | lflags);
+ if ((forcedunmount == 0) && error) {
+ mount_lock(mp);
+ mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
+ mp->mnt_lflag &= ~MNT_LUNMOUNT;
+ mp->mnt_lflag &= ~MNT_LFORCE;
+ goto out;
}
- AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+ /* make sure there are no one in the mount iterations or lookup */
+ mount_iterdrain(mp);
- if (vp->v_type != VDIR) {
- error = ENOTDIR;
+ error = VFS_UNMOUNT(mp, flags, ctx);
+ if (error) {
+ mount_iterreset(mp);
+ mount_lock(mp);
+ mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
+ mp->mnt_lflag &= ~MNT_LUNMOUNT;
+ mp->mnt_lflag &= ~MNT_LFORCE;
goto out;
}
-#if CONFIG_MACF
- error = mac_vnode_check_chdir(ctx, vp);
- if (error)
- goto out;
-#endif
- error = vnode_authorize(vp, NULL, KAUTH_VNODE_SEARCH, ctx);
- if (error)
- goto out;
+ /* increment the operations count */
+ if (!error)
+ OSAddAtomic(1, &vfs_nummntops);
- while (!error && (mp = vp->v_mountedhere) != NULL) {
- if (vfs_busy(mp, LK_NOWAIT)) {
- error = EACCES;
- goto out;
- }
- error = VFS_ROOT(mp, &tdp, ctx);
- vfs_unbusy(mp);
- if (error)
- break;
- vnode_put(vp);
- vp = tdp;
+ if ( mp->mnt_devvp && mp->mnt_vtable->vfc_vfsflags & VFC_VFSLOCALARGS) {
+ /* hold an io reference and drop the usecount before close */
+ devvp = mp->mnt_devvp;
+ vnode_getalways(devvp);
+ vnode_rele(devvp);
+ VNOP_CLOSE(devvp, mp->mnt_flag & MNT_RDONLY ? FREAD : FREAD|FWRITE,
+ ctx);
+ vnode_clearmountedon(devvp);
+ vnode_put(devvp);
}
- if (error)
- goto out;
- if ( (error = vnode_ref(vp)) )
- goto out;
- vnode_put(vp);
+ lck_rw_done(&mp->mnt_rwlock);
+ mount_list_remove(mp);
+ lck_rw_lock_exclusive(&mp->mnt_rwlock);
- if (per_thread) {
- thread_t th = vfs_context_thread(ctx);
- if (th) {
- uthread_t uth = get_bsdthread_info(th);
- tvp = uth->uu_cdir;
- uth->uu_cdir = vp;
- OSBitOrAtomic(P_THCWD, (UInt32 *)&p->p_flag);
- } else {
- vnode_rele(vp);
- return (ENOENT);
+ /* mark the mount point hook in the vp but not drop the ref yet */
+ if ((coveredvp = mp->mnt_vnodecovered) != NULLVP) {
+ vnode_getwithref(coveredvp);
+ vnode_lock_spin(coveredvp);
+
+ mp->mnt_crossref++;
+ coveredvp->v_mountedhere = (struct mount *)0;
+
+ vnode_unlock(coveredvp);
+ vnode_put(coveredvp);
+ }
+
+ mount_list_lock();
+ mp->mnt_vtable->vfc_refcount--;
+ mount_list_unlock();
+
+ cache_purgevfs(mp); /* remove cache entries for this file sys */
+ vfs_event_signal(NULL, VQ_UNMOUNT, (intptr_t)NULL);
+ mount_lock(mp);
+ mp->mnt_lflag |= MNT_LDEAD;
+
+ if (mp->mnt_lflag & MNT_LWAIT) {
+ /*
+ * do the wakeup here
+ * in case we block in mount_refdrain
+ * which will drop the mount lock
+ * and allow anyone blocked in vfs_busy
+ * to wakeup and see the LDEAD state
+ */
+ mp->mnt_lflag &= ~MNT_LWAIT;
+ wakeup((caddr_t)mp);
+ }
+ mount_refdrain(mp);
+out:
+ if (mp->mnt_lflag & MNT_LWAIT) {
+ mp->mnt_lflag &= ~MNT_LWAIT;
+ needwakeup = 1;
+ }
+
+
+#if CONFIG_TRIGGERS
+ /*
+ * Callback and context are set together under the mount lock, and
+ * never cleared, so we're safe to examine them here, drop the lock,
+ * and call out.
+ */
+ if (mp->mnt_triggercallback != NULL) {
+ mount_unlock(mp);
+ if (error == 0) {
+ mp->mnt_triggercallback(mp, VTC_RELEASE, mp->mnt_triggerdata, ctx);
+ } else if (did_vflush) {
+ mp->mnt_triggercallback(mp, VTC_REPLACE, mp->mnt_triggerdata, ctx);
}
} else {
- proc_fdlock(p);
- tvp = fdp->fd_cdir;
- fdp->fd_cdir = vp;
- proc_fdunlock(p);
+ mount_unlock(mp);
}
+#else
+ mount_unlock(mp);
+#endif /* CONFIG_TRIGGERS */
- if (tvp)
- vnode_rele(tvp);
- file_drop(uap->fd);
+ lck_rw_done(&mp->mnt_rwlock);
- return (0);
-out:
- vnode_put(vp);
- file_drop(uap->fd);
+ if (needwakeup)
+ wakeup((caddr_t)mp);
- return(error);
-}
+ if (!error) {
+ if ((coveredvp != NULLVP)) {
+ vnode_t pvp;
-int
-fchdir(proc_t p, struct fchdir_args *uap, __unused register_t *retval)
-{
- return common_fchdir(p, uap, 0);
+ vnode_getwithref(coveredvp);
+ pvp = vnode_getparent(coveredvp);
+ vnode_rele(coveredvp);
+
+ mount_dropcrossref(mp, coveredvp, 0);
+#if CONFIG_TRIGGERS
+ if (coveredvp->v_resolve)
+ vnode_trigger_rearm(coveredvp, ctx);
+#endif
+ vnode_put(coveredvp);
+
+ if (pvp) {
+ lock_vnode_and_post(pvp, NOTE_WRITE);
+ vnode_put(pvp);
+ }
+ } else if (mp->mnt_flag & MNT_ROOTFS) {
+ mount_lock_destroy(mp);
+#if CONFIG_MACF
+ mac_mount_label_destroy(mp);
+#endif
+ FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
+ } else
+ panic("dounmount: no coveredvp");
+ }
+ return (error);
}
-int
-__pthread_fchdir(proc_t p, struct __pthread_fchdir_args *uap, __unused register_t *retval)
+void
+mount_dropcrossref(mount_t mp, vnode_t dp, int need_put)
{
- return common_fchdir(p, (void *)uap, 1);
+ vnode_lock(dp);
+ mp->mnt_crossref--;
+
+ if (mp->mnt_crossref < 0)
+ panic("mount cross refs -ve");
+
+ if ((mp != dp->v_mountedhere) && (mp->mnt_crossref == 0)) {
+
+ if (need_put)
+ vnode_put_locked(dp);
+ vnode_unlock(dp);
+
+ mount_lock_destroy(mp);
+#if CONFIG_MACF
+ mac_mount_label_destroy(mp);
+#endif
+ FREE_ZONE((caddr_t)mp, sizeof (struct mount), M_MOUNT);
+ return;
+ }
+ if (need_put)
+ vnode_put_locked(dp);
+ vnode_unlock(dp);
}
+
/*
- * Change current working directory (``.'').
- *
- * Returns: 0 Success
- * change_dir:ENOTDIR
- * change_dir:???
- * vnode_ref:ENOENT No such file or directory
+ * Sync each mounted filesystem.
*/
-/* ARGSUSED */
-static int
-common_chdir(proc_t p, struct chdir_args *uap, int per_thread)
+#if DIAGNOSTIC
+int syncprt = 0;
+struct ctldebug debug0 = { "syncprt", &syncprt };
+#endif
+
+int print_vmpage_stat=0;
+
+static int
+sync_callback(mount_t mp, void * arg)
{
- struct filedesc *fdp = p->p_fd;
- int error;
- struct nameidata nd;
- vnode_t tvp;
- vfs_context_t ctx = vfs_context_current();
+ int asyncflag;
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = change_dir(&nd, ctx);
- if (error)
- return (error);
- if ( (error = vnode_ref(nd.ni_vp)) ) {
- vnode_put(nd.ni_vp);
- return (error);
+ if ((mp->mnt_flag & MNT_RDONLY) == 0) {
+ asyncflag = mp->mnt_flag & MNT_ASYNC;
+ mp->mnt_flag &= ~MNT_ASYNC;
+ VFS_SYNC(mp, arg ? MNT_WAIT : MNT_NOWAIT, vfs_context_current());
+ if (asyncflag)
+ mp->mnt_flag |= MNT_ASYNC;
}
- /*
- * drop the iocount we picked up in change_dir
- */
- vnode_put(nd.ni_vp);
+ return(VFS_RETURNED);
+}
- if (per_thread) {
- thread_t th = vfs_context_thread(ctx);
- if (th) {
- uthread_t uth = get_bsdthread_info(th);
- tvp = uth->uu_cdir;
- uth->uu_cdir = nd.ni_vp;
- OSBitOrAtomic(P_THCWD, (UInt32 *)&p->p_flag);
- } else {
- vnode_rele(nd.ni_vp);
- return (ENOENT);
- }
- } else {
- proc_fdlock(p);
- tvp = fdp->fd_cdir;
- fdp->fd_cdir = nd.ni_vp;
- proc_fdunlock(p);
- }
- if (tvp)
- vnode_rele(tvp);
+#include <kern/clock.h>
- return (0);
-}
+clock_sec_t sync_wait_time = 0;
+/* ARGSUSED */
int
-chdir(proc_t p, struct chdir_args *uap, __unused register_t *retval)
+sync(__unused proc_t p, __unused struct sync_args *uap, __unused int32_t *retval)
{
- return common_chdir(p, (void *)uap, 0);
-}
+ clock_nsec_t nsecs;
-int
-__pthread_chdir(proc_t p, struct __pthread_chdir_args *uap, __unused register_t *retval)
-{
- return common_chdir(p, (void *)uap, 1);
-}
+ vfs_iterate(LK_NOWAIT, sync_callback, (void *)0);
+
+ {
+ static fsid_t fsid = { { 0, 0 } };
+
+ clock_get_calendar_microtime(&sync_wait_time, &nsecs);
+ vfs_event_signal(&fsid, VQ_SYNCEVENT, (intptr_t)NULL);
+ wakeup((caddr_t)&sync_wait_time);
+ }
+ {
+ if(print_vmpage_stat) {
+ vm_countdirtypages();
+ }
+ }
+#if DIAGNOSTIC
+ if (syncprt)
+ vfs_bufstats();
+#endif /* DIAGNOSTIC */
+ return (0);
+}
/*
- * Change notion of root (``/'') directory.
+ * Change filesystem quotas.
*/
-/* ARGSUSED */
+#if QUOTA
+static int quotactl_funneled(proc_t p, struct quotactl_args *uap, int32_t *retval);
+
int
-chroot(proc_t p, struct chroot_args *uap, __unused register_t *retval)
+quotactl(proc_t p, struct quotactl_args *uap, int32_t *retval)
{
- struct filedesc *fdp = p->p_fd;
+ boolean_t funnel_state;
int error;
+
+ funnel_state = thread_funnel_set(kernel_flock, TRUE);
+ error = quotactl_funneled(p, uap, retval);
+ thread_funnel_set(kernel_flock, funnel_state);
+ return(error);
+}
+
+static int
+quotactl_funneled(proc_t p, struct quotactl_args *uap, __unused int32_t *retval)
+{
+ struct mount *mp;
+ int error, quota_cmd, quota_status;
+ caddr_t datap;
+ size_t fnamelen;
struct nameidata nd;
- vnode_t tvp;
vfs_context_t ctx = vfs_context_current();
+ struct dqblk my_dqblk;
- if ((error = suser(kauth_cred_get(), &p->p_acflag)))
- return (error);
-
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = change_dir(&nd, ctx);
+ AUDIT_ARG(uid, uap->uid);
+ AUDIT_ARG(cmd, uap->cmd);
+ NDINIT(&nd, LOOKUP, OP_LOOKUP, FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, ctx);
+ error = namei(&nd);
if (error)
return (error);
+ mp = nd.ni_vp->v_mount;
+ vnode_put(nd.ni_vp);
+ nameidone(&nd);
-#if CONFIG_MACF
- error = mac_vnode_check_chroot(ctx, nd.ni_vp,
- &nd.ni_cnd);
- if (error) {
- vnode_put(nd.ni_vp);
- return (error);
- }
-#endif
+ /* copyin any data we will need for downstream code */
+ quota_cmd = uap->cmd >> SUBCMDSHIFT;
- if ( (error = vnode_ref(nd.ni_vp)) ) {
- vnode_put(nd.ni_vp);
- return (error);
- }
- vnode_put(nd.ni_vp);
+ switch (quota_cmd) {
+ case Q_QUOTAON:
+ /* uap->arg specifies a file from which to take the quotas */
+ fnamelen = MAXPATHLEN;
+ datap = kalloc(MAXPATHLEN);
+ error = copyinstr(uap->arg, datap, MAXPATHLEN, &fnamelen);
+ break;
+ case Q_GETQUOTA:
+ /* uap->arg is a pointer to a dqblk structure. */
+ datap = (caddr_t) &my_dqblk;
+ break;
+ case Q_SETQUOTA:
+ case Q_SETUSE:
+ /* uap->arg is a pointer to a dqblk structure. */
+ datap = (caddr_t) &my_dqblk;
+ if (proc_is64bit(p)) {
+ struct user_dqblk my_dqblk64;
+ error = copyin(uap->arg, (caddr_t)&my_dqblk64, sizeof (my_dqblk64));
+ if (error == 0) {
+ munge_dqblk(&my_dqblk, &my_dqblk64, FALSE);
+ }
+ }
+ else {
+ error = copyin(uap->arg, (caddr_t)&my_dqblk, sizeof (my_dqblk));
+ }
+ break;
+ case Q_QUOTASTAT:
+ /* uap->arg is a pointer to an integer */
+ datap = (caddr_t) "a_status;
+ break;
+ default:
+ datap = NULL;
+ break;
+ } /* switch */
- proc_fdlock(p);
- tvp = fdp->fd_rdir;
- fdp->fd_rdir = nd.ni_vp;
- fdp->fd_flags |= FD_CHROOT;
- proc_fdunlock(p);
+ if (error == 0) {
+ error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, datap, ctx);
+ }
- if (tvp != NULL)
- vnode_rele(tvp);
+ switch (quota_cmd) {
+ case Q_QUOTAON:
+ if (datap != NULL)
+ kfree(datap, MAXPATHLEN);
+ break;
+ case Q_GETQUOTA:
+ /* uap->arg is a pointer to a dqblk structure we need to copy out to */
+ if (error == 0) {
+ if (proc_is64bit(p)) {
+ struct user_dqblk my_dqblk64;
+ munge_dqblk(&my_dqblk, &my_dqblk64, TRUE);
+ error = copyout((caddr_t)&my_dqblk64, uap->arg, sizeof (my_dqblk64));
+ }
+ else {
+ error = copyout(datap, uap->arg, sizeof (struct dqblk));
+ }
+ }
+ break;
+ case Q_QUOTASTAT:
+ /* uap->arg is a pointer to an integer */
+ if (error == 0) {
+ error = copyout(datap, uap->arg, sizeof(quota_status));
+ }
+ break;
+ default:
+ break;
+ } /* switch */
- return (0);
+ return (error);
+}
+#else
+int
+quotactl(__unused proc_t p, __unused struct quotactl_args *uap, __unused int32_t *retval)
+{
+ return (EOPNOTSUPP);
}
+#endif /* QUOTA */
/*
- * Common routine for chroot and chdir.
+ * Get filesystem statistics.
*
* Returns: 0 Success
- * ENOTDIR Not a directory
- * namei:??? [anything namei can return]
- * vnode_authorize:??? [anything vnode_authorize can return]
+ * namei:???
+ * vfs_update_vfsstat:???
+ * munge_statfs:EFAULT
*/
-static int
-change_dir(struct nameidata *ndp, vfs_context_t ctx)
+/* ARGSUSED */
+int
+statfs(__unused proc_t p, struct statfs_args *uap, __unused int32_t *retval)
{
- vnode_t vp;
+ struct mount *mp;
+ struct vfsstatfs *sp;
int error;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+ vnode_t vp;
- if ((error = namei(ndp)))
- return (error);
- nameidone(ndp);
- vp = ndp->ni_vp;
-
- if (vp->v_type != VDIR) {
- vnode_put(vp);
- return (ENOTDIR);
- }
-
-#if CONFIG_MACF
- error = mac_vnode_check_chdir(ctx, vp);
- if (error) {
- vnode_put(vp);
+ NDINIT(&nd, LOOKUP, OP_STATFS, NOTRIGGER | FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
return (error);
- }
-#endif
+ vp = nd.ni_vp;
+ mp = vp->v_mount;
+ sp = &mp->mnt_vfsstat;
+ nameidone(&nd);
- error = vnode_authorize(vp, NULL, KAUTH_VNODE_SEARCH, ctx);
- if (error) {
- vnode_put(vp);
+ error = vfs_update_vfsstat(mp, ctx, VFS_USER_EVENT);
+ vnode_put(vp);
+ if (error != 0)
return (error);
- }
+ error = munge_statfs(mp, sp, uap->buf, NULL, IS_64BIT_PROCESS(p), TRUE);
return (error);
}
/*
- * Check permissions, allocate an open file structure,
- * and call the device open routine if any.
- *
- * Returns: 0 Success
- * EINVAL
- * EINTR
- * falloc:ENFILE
- * falloc:EMFILE
- * falloc:ENOMEM
- * vn_open_auth:???
- * dupfdopen:???
- * VNOP_ADVLOCK:???
- * vnode_setsize:???
+ * Get filesystem statistics.
*/
-#warning XXX implement uid, gid
+/* ARGSUSED */
int
-open1(vfs_context_t ctx, struct nameidata *ndp, int uflags, struct vnode_attr *vap, register_t *retval)
+fstatfs(__unused proc_t p, struct fstatfs_args *uap, __unused int32_t *retval)
{
- proc_t p = vfs_context_proc(ctx);
- uthread_t uu = get_bsdthread_info(vfs_context_thread(ctx));
- struct filedesc *fdp = p->p_fd;
- struct fileproc *fp;
vnode_t vp;
- int flags, oflags;
- struct fileproc *nfp;
- int type, indx, error;
- struct flock lf;
- int no_controlling_tty = 0;
- int deny_controlling_tty = 0;
- struct session *sessp = SESSION_NULL;
- struct vfs_context context = *vfs_context_current(); /* local copy */
-
- oflags = uflags;
+ struct mount *mp;
+ struct vfsstatfs *sp;
+ int error;
- if ((oflags & O_ACCMODE) == O_ACCMODE)
- return(EINVAL);
- flags = FFLAGS(uflags);
+ AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(fflags, oflags);
- AUDIT_ARG(mode, vap->va_mode);
+ if ( (error = file_vnode(uap->fd, &vp)) )
+ return (error);
- if ( (error = falloc(p, &nfp, &indx, ctx)) ) {
+ error = vnode_getwithref(vp);
+ if (error) {
+ file_drop(uap->fd);
return (error);
}
- fp = nfp;
- uu->uu_dupfd = -indx - 1;
- if (!(p->p_flag & P_CONTROLT)) {
- sessp = proc_session(p);
- no_controlling_tty = 1;
- /*
- * If conditions would warrant getting a controlling tty if
- * the device being opened is a tty (see ttyopen in tty.c),
- * but the open flags deny it, set a flag in the session to
- * prevent it.
- */
- if (SESS_LEADER(p, sessp) &&
- sessp->s_ttyvp == NULL &&
- (flags & O_NOCTTY)) {
- session_lock(sessp);
- sessp->s_flags |= S_NOCTTY;
- session_unlock(sessp);
- deny_controlling_tty = 1;
- }
+ AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+
+ mp = vp->v_mount;
+ if (!mp) {
+ error = EBADF;
+ goto out;
+ }
+ sp = &mp->mnt_vfsstat;
+ if ((error = vfs_update_vfsstat(mp,vfs_context_current(),VFS_USER_EVENT)) != 0) {
+ goto out;
}
- if ((error = vn_open_auth(ndp, &flags, vap))) {
- if ((error == ENODEV || error == ENXIO) && (uu->uu_dupfd >= 0)){ /* XXX from fdopen */
- if ((error = dupfdopen(fdp, indx, uu->uu_dupfd, flags, error)) == 0) {
- fp_drop(p, indx, NULL, 0);
- *retval = indx;
- if (deny_controlling_tty) {
- session_lock(sessp);
- sessp->s_flags &= ~S_NOCTTY;
- session_unlock(sessp);
- }
- if (sessp != SESSION_NULL)
- session_rele(sessp);
- return (0);
- }
- }
- if (error == ERESTART)
- error = EINTR;
- fp_free(p, indx, fp);
+ error = munge_statfs(mp, sp, uap->buf, NULL, IS_64BIT_PROCESS(p), TRUE);
- if (deny_controlling_tty) {
- session_lock(sessp);
- sessp->s_flags &= ~S_NOCTTY;
- session_unlock(sessp);
- }
- if (sessp != SESSION_NULL)
- session_rele(sessp);
- return (error);
- }
- uu->uu_dupfd = 0;
- vp = ndp->ni_vp;
+out:
+ file_drop(uap->fd);
+ vnode_put(vp);
- fp->f_fglob->fg_flag = flags & (FMASK | O_EVTONLY);
- fp->f_fglob->fg_type = DTYPE_VNODE;
- fp->f_fglob->fg_ops = &vnops;
- fp->f_fglob->fg_data = (caddr_t)vp;
+ return (error);
+}
- if (flags & (O_EXLOCK | O_SHLOCK)) {
- lf.l_whence = SEEK_SET;
- lf.l_start = 0;
- lf.l_len = 0;
- if (flags & O_EXLOCK)
- lf.l_type = F_WRLCK;
- else
- lf.l_type = F_RDLCK;
- type = F_FLOCK;
- if ((flags & FNONBLOCK) == 0)
- type |= F_WAIT;
-#if CONFIG_MACF
- error = mac_file_check_lock(vfs_context_ucred(ctx), fp->f_fglob,
- F_SETLK, &lf);
- if (error)
- goto bad;
-#endif
- if ((error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, type, ctx)))
- goto bad;
- fp->f_fglob->fg_flag |= FHASLOCK;
- }
-
- /* try to truncate by setting the size attribute */
- if ((flags & O_TRUNC) && ((error = vnode_setsize(vp, (off_t)0, 0, ctx)) != 0))
- goto bad;
-
- /*
- * If the open flags denied the acquisition of a controlling tty,
- * clear the flag in the session structure that prevented the lower
- * level code from assigning one.
- */
- if (deny_controlling_tty) {
- session_lock(sessp);
- sessp->s_flags &= ~S_NOCTTY;
- session_unlock(sessp);
- }
-
- /*
- * If a controlling tty was set by the tty line discipline, then we
- * want to set the vp of the tty into the session structure. We have
- * a race here because we can't get to the vp for the tp in ttyopen,
- * because it's not passed as a parameter in the open path.
- */
- if (no_controlling_tty && (p->p_flag & P_CONTROLT)) {
- vnode_t ttyvp;
- vnode_ref(vp);
- session_lock(sessp);
- ttyvp = sessp->s_ttyvp;
- sessp->s_ttyvp = vp;
- sessp->s_ttyvid = vnode_vid(vp);
- session_unlock(sessp);
- if (ttyvp != NULLVP)
- vnode_rele(ttyvp);
- }
-
- vnode_put(vp);
-
- proc_fdlock(p);
- procfdtbl_releasefd(p, indx, NULL);
- fp_drop(p, indx, fp, 1);
- proc_fdunlock(p);
-
- *retval = indx;
+/*
+ * Common routine to handle copying of statfs64 data to user space
+ */
+static int
+statfs64_common(struct mount *mp, struct vfsstatfs *sfsp, user_addr_t bufp)
+{
+ int error;
+ struct statfs64 sfs;
+
+ bzero(&sfs, sizeof(sfs));
- if (sessp != SESSION_NULL)
- session_rele(sessp);
- return (0);
-bad:
- if (deny_controlling_tty) {
- session_lock(sessp);
- sessp->s_flags &= ~S_NOCTTY;
- session_unlock(sessp);
+ sfs.f_bsize = sfsp->f_bsize;
+ sfs.f_iosize = (int32_t)sfsp->f_iosize;
+ sfs.f_blocks = sfsp->f_blocks;
+ sfs.f_bfree = sfsp->f_bfree;
+ sfs.f_bavail = sfsp->f_bavail;
+ sfs.f_files = sfsp->f_files;
+ sfs.f_ffree = sfsp->f_ffree;
+ sfs.f_fsid = sfsp->f_fsid;
+ sfs.f_owner = sfsp->f_owner;
+ sfs.f_type = mp->mnt_vtable->vfc_typenum;
+ sfs.f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
+ sfs.f_fssubtype = sfsp->f_fssubtype;
+ if (mp->mnt_kern_flag & MNTK_TYPENAME_OVERRIDE) {
+ strlcpy(&sfs.f_fstypename[0], &mp->fstypename_override[0], MFSTYPENAMELEN);
+ } else {
+ strlcpy(&sfs.f_fstypename[0], &sfsp->f_fstypename[0], MFSTYPENAMELEN);
}
- if (sessp != SESSION_NULL)
- session_rele(sessp);
-
- /* Modify local copy (to not damage thread copy) */
- context.vc_ucred = fp->f_fglob->fg_cred;
-
- vn_close(vp, fp->f_fglob->fg_flag, &context);
- vnode_put(vp);
- fp_free(p, indx, fp);
+ strlcpy(&sfs.f_mntonname[0], &sfsp->f_mntonname[0], MAXPATHLEN);
+ strlcpy(&sfs.f_mntfromname[0], &sfsp->f_mntfromname[0], MAXPATHLEN);
- return (error);
+ error = copyout((caddr_t)&sfs, bufp, sizeof(sfs));
+ return(error);
}
-/*
- * An open system call using an extended argument list compared to the regular
- * system call 'open'.
- *
- * Parameters: p Process requesting the open
- * uap User argument descriptor (see below)
- * retval Pointer to an area to receive the
- * return calue from the system call
- *
- * Indirect: uap->path Path to open (same as 'open')
- * uap->flags Flags to open (same as 'open'
- * uap->uid UID to set, if creating
- * uap->gid GID to set, if creating
- * uap->mode File mode, if creating (same as 'open')
- * uap->xsecurity ACL to set, if creating
- *
- * Returns: 0 Success
- * !0 errno value
- *
- * Notes: The kauth_filesec_t in 'va', if any, is in host byte order.
- *
- * XXX: We should enummerate the possible errno values here, and where
- * in the code they originated.
+/*
+ * Get file system statistics in 64-bit mode
*/
int
-open_extended(proc_t p, struct open_extended_args *uap, register_t *retval)
+statfs64(__unused struct proc *p, struct statfs64_args *uap, __unused int32_t *retval)
{
- struct filedesc *fdp = p->p_fd;
- int ciferror;
- kauth_filesec_t xsecdst;
- struct vnode_attr va;
+ struct mount *mp;
+ struct vfsstatfs *sp;
+ int error;
struct nameidata nd;
- int cmode;
-
- xsecdst = NULL;
- if ((uap->xsecurity != USER_ADDR_NULL) &&
- ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0))
- return ciferror;
-
- VATTR_INIT(&va);
- cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
- VATTR_SET(&va, va_mode, cmode);
- if (uap->uid != KAUTH_UID_NONE)
- VATTR_SET(&va, va_uid, uap->uid);
- if (uap->gid != KAUTH_GID_NONE)
- VATTR_SET(&va, va_gid, uap->gid);
- if (xsecdst != NULL)
- VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
-
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, UIO_USERSPACE, uap->path, vfs_context_current());
-
- ciferror = open1(vfs_context_current(), &nd, uap->flags, &va, retval);
- if (xsecdst != NULL)
- kauth_filesec_free(xsecdst);
-
- return ciferror;
-}
-
-int
-open(proc_t p, struct open_args *uap, register_t *retval)
-{
- __pthread_testcancel(1);
- return(open_nocancel(p, (struct open_nocancel_args *)uap, retval));
-}
-
+ vfs_context_t ctxp = vfs_context_current();
+ vnode_t vp;
-int
-open_nocancel(proc_t p, struct open_nocancel_args *uap, register_t *retval)
-{
- struct filedesc *fdp = p->p_fd;
- struct vnode_attr va;
- struct nameidata nd;
- int cmode;
+ NDINIT(&nd, LOOKUP, OP_STATFS, NOTRIGGER | FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctxp);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ vp = nd.ni_vp;
+ mp = vp->v_mount;
+ sp = &mp->mnt_vfsstat;
+ nameidone(&nd);
- VATTR_INIT(&va);
- /* Mask off all but regular access permissions */
- cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
- VATTR_SET(&va, va_mode, cmode & ACCESSPERMS);
+ error = vfs_update_vfsstat(mp, ctxp, VFS_USER_EVENT);
+ vnode_put(vp);
+ if (error != 0)
+ return (error);
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, UIO_USERSPACE, uap->path, vfs_context_current());
+ error = statfs64_common(mp, sp, uap->buf);
- return(open1(vfs_context_current(), &nd, uap->flags, &va, retval));
+ return (error);
}
-
-/*
- * Create a special file.
+/*
+ * Get file system statistics in 64-bit mode
*/
-static int mkfifo1(vfs_context_t ctx, user_addr_t upath, struct vnode_attr *vap);
-
int
-mknod(proc_t p, struct mknod_args *uap, __unused register_t *retval)
+fstatfs64(__unused struct proc *p, struct fstatfs64_args *uap, __unused int32_t *retval)
{
- struct vnode_attr va;
- vfs_context_t ctx = vfs_context_current();
+ struct vnode *vp;
+ struct mount *mp;
+ struct vfsstatfs *sp;
int error;
- int whiteout = 0;
- struct nameidata nd;
- vnode_t vp, dvp;
-
- VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, (uap->mode & ALLPERMS) & ~p->p_fd->fd_cmask);
- VATTR_SET(&va, va_rdev, uap->dev);
-
- /* If it's a mknod() of a FIFO, call mkfifo1() instead */
- if ((uap->mode & S_IFMT) == S_IFIFO)
- return(mkfifo1(ctx, uap->path, &va));
- AUDIT_ARG(mode, uap->mode);
- AUDIT_ARG(dev, uap->dev);
+ AUDIT_ARG(fd, uap->fd);
- if ((error = suser(vfs_context_ucred(ctx), &p->p_acflag)))
- return (error);
- NDINIT(&nd, CREATE, LOCKPARENT | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
+ if ( (error = file_vnode(uap->fd, &vp)) )
return (error);
- dvp = nd.ni_dvp;
- vp = nd.ni_vp;
- if (vp != NULL) {
- error = EEXIST;
- goto out;
+ error = vnode_getwithref(vp);
+ if (error) {
+ file_drop(uap->fd);
+ return (error);
}
- switch (uap->mode & S_IFMT) {
- case S_IFMT: /* used by badsect to flag bad sectors */
- VATTR_SET(&va, va_type, VBAD);
- break;
- case S_IFCHR:
- VATTR_SET(&va, va_type, VCHR);
- break;
- case S_IFBLK:
- VATTR_SET(&va, va_type, VBLK);
- break;
- case S_IFWHT:
- whiteout = 1;
- break;
- default:
- error = EINVAL;
+ AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+
+ mp = vp->v_mount;
+ if (!mp) {
+ error = EBADF;
goto out;
}
-
-#if CONFIG_MACF
- if (!whiteout) {
- error = mac_vnode_check_create(ctx,
- nd.ni_dvp, &nd.ni_cnd, &va);
- if (error)
- goto out;
+ sp = &mp->mnt_vfsstat;
+ if ((error = vfs_update_vfsstat(mp, vfs_context_current(), VFS_USER_EVENT)) != 0) {
+ goto out;
}
-#endif
- if ((error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
- goto out;
+ error = statfs64_common(mp, sp, uap->buf);
- if (whiteout) {
- error = VNOP_WHITEOUT(dvp, &nd.ni_cnd, CREATE, ctx);
- } else {
- error = vn_create(dvp, &vp, &nd.ni_cnd, &va, 0, ctx);
- }
- if (error)
- goto out;
+out:
+ file_drop(uap->fd);
+ vnode_put(vp);
- if (vp) {
- int update_flags = 0;
+ return (error);
+}
- // Make sure the name & parent pointers are hooked up
- if (vp->v_name == NULL)
- update_flags |= VNODE_UPDATE_NAME;
- if (vp->v_parent == NULLVP)
- update_flags |= VNODE_UPDATE_PARENT;
+struct getfsstat_struct {
+ user_addr_t sfsp;
+ user_addr_t *mp;
+ int count;
+ int maxcount;
+ int flags;
+ int error;
+};
- if (update_flags)
- vnode_update_identity(vp, dvp, nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, nd.ni_cnd.cn_hash, update_flags);
-#if CONFIG_FSE
- add_fsevent(FSE_CREATE_FILE, ctx,
- FSE_ARG_VNODE, vp,
- FSE_ARG_DONE);
-#endif
- }
+static int
+getfsstat_callback(mount_t mp, void * arg)
+{
+
+ struct getfsstat_struct *fstp = (struct getfsstat_struct *)arg;
+ struct vfsstatfs *sp;
+ int error, my_size;
+ vfs_context_t ctx = vfs_context_current();
-out:
- /*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
- */
- nameidone(&nd);
+ if (fstp->sfsp && fstp->count < fstp->maxcount) {
+ sp = &mp->mnt_vfsstat;
+ /*
+ * If MNT_NOWAIT is specified, do not refresh the
+ * fsstat cache. MNT_WAIT/MNT_DWAIT overrides MNT_NOWAIT.
+ */
+ if (((fstp->flags & MNT_NOWAIT) == 0 || (fstp->flags & (MNT_WAIT | MNT_DWAIT))) &&
+ (error = vfs_update_vfsstat(mp, ctx,
+ VFS_USER_EVENT))) {
+ KAUTH_DEBUG("vfs_update_vfsstat returned %d", error);
+ return(VFS_RETURNED);
+ }
- if (vp)
- vnode_put(vp);
- vnode_put(dvp);
+ /*
+ * Need to handle LP64 version of struct statfs
+ */
+ error = munge_statfs(mp, sp, fstp->sfsp, &my_size, IS_64BIT_PROCESS(vfs_context_proc(ctx)), FALSE);
+ if (error) {
+ fstp->error = error;
+ return(VFS_RETURNED_DONE);
+ }
+ fstp->sfsp += my_size;
- return (error);
+ if (fstp->mp) {
+ error = mac_mount_label_get(mp, *fstp->mp);
+ if (error) {
+ fstp->error = error;
+ return(VFS_RETURNED_DONE);
+ }
+ fstp->mp++;
+ }
+ }
+ fstp->count++;
+ return(VFS_RETURNED);
}
/*
- * Create a named pipe.
- *
- * Returns: 0 Success
- * EEXIST
- * namei:???
- * vnode_authorize:???
- * vn_create:???
+ * Get statistics on all filesystems.
*/
-static int
-mkfifo1(vfs_context_t ctx, user_addr_t upath, struct vnode_attr *vap)
+int
+getfsstat(__unused proc_t p, struct getfsstat_args *uap, int *retval)
{
- vnode_t vp, dvp;
- int error;
- struct nameidata nd;
-
- NDINIT(&nd, CREATE, LOCKPARENT | AUDITVNPATH1,
- UIO_USERSPACE, upath, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- dvp = nd.ni_dvp;
- vp = nd.ni_vp;
-
- /* check that this is a new file and authorize addition */
- if (vp != NULL) {
- error = EEXIST;
- goto out;
- }
- VATTR_SET(vap, va_type, VFIFO);
-
-#if CONFIG_MACF
- error = mac_vnode_check_create(ctx, nd.ni_dvp,
- &nd.ni_cnd, vap);
- if (error)
- goto out;
-#endif
-
-
- if ((error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
- goto out;
-
-
- error = vn_create(dvp, &vp, &nd.ni_cnd, vap, 0, ctx);
-out:
- /*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
- */
- nameidone(&nd);
+ struct __mac_getfsstat_args muap;
- if (vp)
- vnode_put(vp);
- vnode_put(dvp);
+ muap.buf = uap->buf;
+ muap.bufsize = uap->bufsize;
+ muap.mac = USER_ADDR_NULL;
+ muap.macsize = 0;
+ muap.flags = uap->flags;
- return error;
+ return (__mac_getfsstat(p, &muap, retval));
}
-
/*
- * A mkfifo system call using an extended argument list compared to the regular
- * system call 'mkfifo'.
- *
- * Parameters: p Process requesting the open
- * uap User argument descriptor (see below)
- * retval (Ignored)
+ * __mac_getfsstat: Get MAC-related file system statistics
*
- * Indirect: uap->path Path to fifo (same as 'mkfifo')
- * uap->uid UID to set
- * uap->gid GID to set
- * uap->mode File mode to set (same as 'mkfifo')
- * uap->xsecurity ACL to set, if creating
+ * Parameters: p (ignored)
+ * uap User argument descriptor (see below)
+ * retval Count of file system statistics (N stats)
*
- * Returns: 0 Success
- * !0 errno value
+ * Indirect: uap->bufsize Buffer size
+ * uap->macsize MAC info size
+ * uap->buf Buffer where information will be returned
+ * uap->mac MAC info
+ * uap->flags File system flags
+ *
*
- * Notes: The kauth_filesec_t in 'va', if any, is in host byte order.
+ * Returns: 0 Success
+ * !0 Not success
*
- * XXX: We should enummerate the possible errno values here, and where
- * in the code they originated.
*/
int
-mkfifo_extended(proc_t p, struct mkfifo_extended_args *uap, __unused register_t *retval)
+__mac_getfsstat(__unused proc_t p, struct __mac_getfsstat_args *uap, int *retval)
{
- int ciferror;
- kauth_filesec_t xsecdst;
- struct vnode_attr va;
+ user_addr_t sfsp;
+ user_addr_t *mp;
+ size_t count, maxcount, bufsize, macsize;
+ struct getfsstat_struct fst;
- xsecdst = KAUTH_FILESEC_NONE;
- if (uap->xsecurity != USER_ADDR_NULL) {
- if ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
- return ciferror;
+ bufsize = (size_t) uap->bufsize;
+ macsize = (size_t) uap->macsize;
+
+ if (IS_64BIT_PROCESS(p)) {
+ maxcount = bufsize / sizeof(struct user64_statfs);
+ }
+ else {
+ maxcount = bufsize / sizeof(struct user32_statfs);
}
+ sfsp = uap->buf;
+ count = 0;
- VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, (uap->mode & ALLPERMS) & ~p->p_fd->fd_cmask);
- if (uap->uid != KAUTH_UID_NONE)
- VATTR_SET(&va, va_uid, uap->uid);
- if (uap->gid != KAUTH_GID_NONE)
- VATTR_SET(&va, va_gid, uap->gid);
- if (xsecdst != KAUTH_FILESEC_NONE)
- VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+ mp = NULL;
- ciferror = mkfifo1(vfs_context_current(), uap->path, &va);
+#if CONFIG_MACF
+ if (uap->mac != USER_ADDR_NULL) {
+ u_int32_t *mp0;
+ int error;
+ unsigned int i;
- if (xsecdst != KAUTH_FILESEC_NONE)
- kauth_filesec_free(xsecdst);
- return ciferror;
-}
+ count = (macsize / (IS_64BIT_PROCESS(p) ? 8 : 4));
+ if (count != maxcount)
+ return (EINVAL);
-/* ARGSUSED */
-int
-mkfifo(proc_t p, struct mkfifo_args *uap, __unused register_t *retval)
-{
- struct vnode_attr va;
+ /* Copy in the array */
+ MALLOC(mp0, u_int32_t *, macsize, M_MACTEMP, M_WAITOK);
+ if (mp0 == NULL) {
+ return (ENOMEM);
+ }
- VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, (uap->mode & ALLPERMS) & ~p->p_fd->fd_cmask);
+ error = copyin(uap->mac, mp0, macsize);
+ if (error) {
+ FREE(mp0, M_MACTEMP);
+ return (error);
+ }
- return(mkfifo1(vfs_context_current(), uap->path, &va));
-}
+ /* Normalize to an array of user_addr_t */
+ MALLOC(mp, user_addr_t *, count * sizeof(user_addr_t), M_MACTEMP, M_WAITOK);
+ if (mp == NULL) {
+ FREE(mp0, M_MACTEMP);
+ return (ENOMEM);
+ }
-/*
- * Make a hard file link.
- *
- * Returns: 0 Success
- * EPERM
- * EEXIST
- * EXDEV
- * namei:???
- * vnode_authorize:???
- * VNOP_LINK:???
- */
-/* ARGSUSED */
-int
-link(__unused proc_t p, struct link_args *uap, __unused register_t *retval)
-{
- vnode_t vp, dvp, lvp;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
- int error;
- fse_info finfo;
- int need_event, has_listeners;
- char *target_path = NULL;
+ for (i = 0; i < count; i++) {
+ if (IS_64BIT_PROCESS(p))
+ mp[i] = ((user_addr_t *)mp0)[i];
+ else
+ mp[i] = (user_addr_t)mp0[i];
+ }
+ FREE(mp0, M_MACTEMP);
+ }
+#endif
- vp = dvp = lvp = NULLVP;
- /* look up the object we are linking to */
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- vp = nd.ni_vp;
+ fst.sfsp = sfsp;
+ fst.mp = mp;
+ fst.flags = uap->flags;
+ fst.count = 0;
+ fst.error = 0;
+ fst.maxcount = maxcount;
- nameidone(&nd);
+
+ vfs_iterate(0, getfsstat_callback, &fst);
- /*
- * Normally, linking to directories is not supported.
- * However, some file systems may have limited support.
- */
- if (vp->v_type == VDIR) {
- if (!(vp->v_mount->mnt_vtable->vfc_vfsflags & VFC_VFSDIRLINKS)) {
- error = EPERM; /* POSIX */
- goto out;
- }
- /* Linking to a directory requires ownership. */
- if (!kauth_cred_issuser(vfs_context_ucred(ctx))) {
- struct vnode_attr dva;
+ if (mp)
+ FREE(mp, M_MACTEMP);
- VATTR_INIT(&dva);
- VATTR_WANTED(&dva, va_uid);
- if (vnode_getattr(vp, &dva, ctx) != 0 ||
- !VATTR_IS_SUPPORTED(&dva, va_uid) ||
- (dva.va_uid != kauth_cred_getuid(vfs_context_ucred(ctx)))) {
- error = EACCES;
- goto out;
- }
- }
+ if (fst.error ) {
+ KAUTH_DEBUG("ERROR - %s gets %d", p->p_comm, fst.error);
+ return(fst.error);
}
- /* lookup the target node */
- nd.ni_cnd.cn_nameiop = CREATE;
- nd.ni_cnd.cn_flags = LOCKPARENT | AUDITVNPATH2 | CN_NBMOUNTLOOK;
- nd.ni_dirp = uap->link;
- error = namei(&nd);
- if (error != 0)
- goto out;
- dvp = nd.ni_dvp;
- lvp = nd.ni_vp;
+ if (fst.sfsp && fst.count > fst.maxcount)
+ *retval = fst.maxcount;
+ else
+ *retval = fst.count;
+ return (0);
+}
-#if CONFIG_MACF
- if ((error = mac_vnode_check_link(ctx, dvp, vp, &nd.ni_cnd)) != 0)
- goto out2;
-#endif
+static int
+getfsstat64_callback(mount_t mp, void * arg)
+{
+ struct getfsstat_struct *fstp = (struct getfsstat_struct *)arg;
+ struct vfsstatfs *sp;
+ int error;
- /* or to anything that kauth doesn't want us to (eg. immutable items) */
- if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_LINKTARGET, ctx)) != 0)
- goto out2;
+ if (fstp->sfsp && fstp->count < fstp->maxcount) {
+ sp = &mp->mnt_vfsstat;
+ /*
+ * If MNT_NOWAIT is specified, do not refresh the fsstat
+ * cache. MNT_WAIT overrides MNT_NOWAIT.
+ *
+ * We treat MNT_DWAIT as MNT_WAIT for all instances of
+ * getfsstat, since the constants are out of the same
+ * namespace.
+ */
+ if (((fstp->flags & MNT_NOWAIT) == 0 ||
+ (fstp->flags & (MNT_WAIT | MNT_DWAIT))) &&
+ (error = vfs_update_vfsstat(mp, vfs_context_current(), VFS_USER_EVENT))) {
+ KAUTH_DEBUG("vfs_update_vfsstat returned %d", error);
+ return(VFS_RETURNED);
+ }
- /* target node must not exist */
- if (lvp != NULLVP) {
- error = EEXIST;
- goto out2;
+ error = statfs64_common(mp, sp, fstp->sfsp);
+ if (error) {
+ fstp->error = error;
+ return(VFS_RETURNED_DONE);
+ }
+ fstp->sfsp += sizeof(struct statfs64);
}
- /* cannot link across mountpoints */
- if (vnode_mount(vp) != vnode_mount(dvp)) {
- error = EXDEV;
- goto out2;
- }
-
- /* authorize creation of the target note */
- if ((error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
- goto out2;
+ fstp->count++;
+ return(VFS_RETURNED);
+}
- /* and finally make the link */
- error = VNOP_LINK(vp, dvp, &nd.ni_cnd, ctx);
- if (error)
- goto out2;
+/*
+ * Get statistics on all file systems in 64 bit mode.
+ */
+int
+getfsstat64(__unused proc_t p, struct getfsstat64_args *uap, int *retval)
+{
+ user_addr_t sfsp;
+ int count, maxcount;
+ struct getfsstat_struct fst;
-#if CONFIG_FSE
- need_event = need_fsevent(FSE_CREATE_FILE, dvp);
-#else
- need_event = 0;
-#endif
- has_listeners = kauth_authorize_fileop_has_listeners();
+ maxcount = uap->bufsize / sizeof(struct statfs64);
- if (need_event || has_listeners) {
- char *link_to_path = NULL;
- int len, link_name_len;
+ sfsp = uap->buf;
+ count = 0;
- /* build the path to the new link file */
- GET_PATH(target_path);
- if (target_path == NULL) {
- error = ENOMEM;
- goto out2;
- }
+ fst.sfsp = sfsp;
+ fst.flags = uap->flags;
+ fst.count = 0;
+ fst.error = 0;
+ fst.maxcount = maxcount;
- len = MAXPATHLEN;
- vn_getpath(dvp, target_path, &len);
- if ((len + 1 + nd.ni_cnd.cn_namelen + 1) < MAXPATHLEN) {
- target_path[len-1] = '/';
- strlcpy(&target_path[len], nd.ni_cnd.cn_nameptr, MAXPATHLEN-len);
- len += nd.ni_cnd.cn_namelen;
- }
+ vfs_iterate(0, getfsstat64_callback, &fst);
- if (has_listeners) {
- /* build the path to file we are linking to */
- GET_PATH(link_to_path);
- if (link_to_path == NULL) {
- error = ENOMEM;
- goto out2;
- }
+ if (fst.error ) {
+ KAUTH_DEBUG("ERROR - %s gets %d", p->p_comm, fst.error);
+ return(fst.error);
+ }
- link_name_len = MAXPATHLEN;
- vn_getpath(vp, link_to_path, &link_name_len);
+ if (fst.sfsp && fst.count > fst.maxcount)
+ *retval = fst.maxcount;
+ else
+ *retval = fst.count;
- /*
- * Call out to allow 3rd party notification of rename.
- * Ignore result of kauth_authorize_fileop call.
- */
- kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_LINK,
- (uintptr_t)link_to_path, (uintptr_t)target_path);
- if (link_to_path != NULL) {
- RELEASE_PATH(link_to_path);
- }
- }
-#if CONFIG_FSE
- if (need_event) {
- /* construct fsevent */
- if (get_fse_info(vp, &finfo, ctx) == 0) {
- // build the path to the destination of the link
- add_fsevent(FSE_CREATE_FILE, ctx,
- FSE_ARG_STRING, len, target_path,
- FSE_ARG_FINFO, &finfo,
- FSE_ARG_DONE);
- }
- }
-#endif
- }
-out2:
- /*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
- */
- nameidone(&nd);
- if (target_path != NULL) {
- RELEASE_PATH(target_path);
- }
-out:
- if (lvp)
- vnode_put(lvp);
- if (dvp)
- vnode_put(dvp);
- vnode_put(vp);
- return (error);
+ return (0);
}
/*
- * Make a symbolic link.
- *
- * We could add support for ACLs here too...
+ * Change current working directory to a given file descriptor.
*/
/* ARGSUSED */
-int
-symlink(proc_t p, struct symlink_args *uap, __unused register_t *retval)
+static int
+common_fchdir(proc_t p, struct fchdir_args *uap, int per_thread)
{
- struct vnode_attr va;
- char *path;
+ struct filedesc *fdp = p->p_fd;
+ vnode_t vp;
+ vnode_t tdp;
+ vnode_t tvp;
+ struct mount *mp;
int error;
- struct nameidata nd;
vfs_context_t ctx = vfs_context_current();
- vnode_t vp, dvp;
- size_t dummy=0;
-
- MALLOC_ZONE(path, char *, MAXPATHLEN, M_NAMEI, M_WAITOK);
- error = copyinstr(uap->path, path, MAXPATHLEN, &dummy);
- if (error)
- goto out;
- AUDIT_ARG(text, path); /* This is the link string */
-
- NDINIT(&nd, CREATE, LOCKPARENT | AUDITVNPATH1,
- UIO_USERSPACE, uap->link, ctx);
- error = namei(&nd);
- if (error)
- goto out;
- dvp = nd.ni_dvp;
- vp = nd.ni_vp;
- VATTR_INIT(&va);
- VATTR_SET(&va, va_type, VLNK);
- VATTR_SET(&va, va_mode, ACCESSPERMS & ~p->p_fd->fd_cmask);
-#if CONFIG_MACF
- error = mac_vnode_check_create(ctx,
- dvp, &nd.ni_cnd, &va);
-#endif
- if (error != 0) {
- goto skipit;
+ AUDIT_ARG(fd, uap->fd);
+ if (per_thread && uap->fd == -1) {
+ /*
+ * Switching back from per-thread to per process CWD; verify we
+ * in fact have one before proceeding. The only success case
+ * for this code path is to return 0 preemptively after zapping
+ * the thread structure contents.
+ */
+ thread_t th = vfs_context_thread(ctx);
+ if (th) {
+ uthread_t uth = get_bsdthread_info(th);
+ tvp = uth->uu_cdir;
+ uth->uu_cdir = NULLVP;
+ if (tvp != NULLVP) {
+ vnode_rele(tvp);
+ return (0);
+ }
+ }
+ return (EBADF);
}
- if (vp != NULL) {
- error = EEXIST;
- goto skipit;
+ if ( (error = file_vnode(uap->fd, &vp)) )
+ return(error);
+ if ( (error = vnode_getwithref(vp)) ) {
+ file_drop(uap->fd);
+ return(error);
}
- /* authorize */
- if (error == 0)
- error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx);
- /* get default ownership, etc. */
- if (error == 0)
- error = vnode_authattr_new(dvp, &va, 0, ctx);
- if (error == 0)
- error = VNOP_SYMLINK(dvp, &vp, &nd.ni_cnd, &va, path, ctx);
-
- /* do fallback attribute handling */
- if (error == 0)
- error = vnode_setattr_fallback(vp, &va, ctx);
-
- if (error == 0) {
- int update_flags = 0;
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- if (vp == NULL) {
- nd.ni_cnd.cn_nameiop = LOOKUP;
- nd.ni_cnd.cn_flags = 0;
- error = namei(&nd);
- vp = nd.ni_vp;
+ if (vp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
- if (vp == NULL)
- goto skipit;
- }
-
-#if 0 /* XXX - kauth_todo - is KAUTH_FILEOP_SYMLINK needed? */
- /* call out to allow 3rd party notification of rename.
- * Ignore result of kauth_authorize_fileop call.
- */
- if (kauth_authorize_fileop_has_listeners() &&
- namei(&nd) == 0) {
- char *new_link_path = NULL;
- int len;
-
- /* build the path to the new link file */
- new_link_path = get_pathbuff();
- len = MAXPATHLEN;
- vn_getpath(dvp, new_link_path, &len);
- if ((len + 1 + nd.ni_cnd.cn_namelen + 1) < MAXPATHLEN) {
- new_link_path[len - 1] = '/';
- strlcpy(&new_link_path[len], nd.ni_cnd.cn_nameptr, MAXPATHLEN-len);
- }
-
- kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_SYMLINK,
- (uintptr_t)path, (uintptr_t)new_link_path);
- if (new_link_path != NULL)
- release_pathbuff(new_link_path);
+#if CONFIG_MACF
+ error = mac_vnode_check_chdir(ctx, vp);
+ if (error)
+ goto out;
+#endif
+ error = vnode_authorize(vp, NULL, KAUTH_VNODE_SEARCH, ctx);
+ if (error)
+ goto out;
+
+ while (!error && (mp = vp->v_mountedhere) != NULL) {
+ if (vfs_busy(mp, LK_NOWAIT)) {
+ error = EACCES;
+ goto out;
}
-#endif
- // Make sure the name & parent pointers are hooked up
- if (vp->v_name == NULL)
- update_flags |= VNODE_UPDATE_NAME;
- if (vp->v_parent == NULLVP)
- update_flags |= VNODE_UPDATE_PARENT;
-
- if (update_flags)
- vnode_update_identity(vp, dvp, nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, nd.ni_cnd.cn_hash, update_flags);
+ error = VFS_ROOT(mp, &tdp, ctx);
+ vfs_unbusy(mp);
+ if (error)
+ break;
+ vnode_put(vp);
+ vp = tdp;
+ }
+ if (error)
+ goto out;
+ if ( (error = vnode_ref(vp)) )
+ goto out;
+ vnode_put(vp);
-#if CONFIG_FSE
- add_fsevent(FSE_CREATE_FILE, ctx,
- FSE_ARG_VNODE, vp,
- FSE_ARG_DONE);
-#endif
+ if (per_thread) {
+ thread_t th = vfs_context_thread(ctx);
+ if (th) {
+ uthread_t uth = get_bsdthread_info(th);
+ tvp = uth->uu_cdir;
+ uth->uu_cdir = vp;
+ OSBitOrAtomic(P_THCWD, &p->p_flag);
+ } else {
+ vnode_rele(vp);
+ return (ENOENT);
+ }
+ } else {
+ proc_fdlock(p);
+ tvp = fdp->fd_cdir;
+ fdp->fd_cdir = vp;
+ proc_fdunlock(p);
}
-skipit:
- /*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
- */
- nameidone(&nd);
+ if (tvp)
+ vnode_rele(tvp);
+ file_drop(uap->fd);
- if (vp)
- vnode_put(vp);
- vnode_put(dvp);
+ return (0);
out:
- FREE_ZONE(path, MAXPATHLEN, M_NAMEI);
+ vnode_put(vp);
+ file_drop(uap->fd);
- return (error);
+ return(error);
+}
+
+int
+fchdir(proc_t p, struct fchdir_args *uap, __unused int32_t *retval)
+{
+ return common_fchdir(p, uap, 0);
+}
+
+int
+__pthread_fchdir(proc_t p, struct __pthread_fchdir_args *uap, __unused int32_t *retval)
+{
+ return common_fchdir(p, (void *)uap, 1);
}
/*
- * Delete a whiteout from the filesystem.
+ * Change current working directory (".").
+ *
+ * Returns: 0 Success
+ * change_dir:ENOTDIR
+ * change_dir:???
+ * vnode_ref:ENOENT No such file or directory
*/
/* ARGSUSED */
-#warning XXX authorization not implmented for whiteouts
-int
-undelete(__unused proc_t p, struct undelete_args *uap, __unused register_t *retval)
+static int
+common_chdir(proc_t p, struct chdir_args *uap, int per_thread)
{
+ struct filedesc *fdp = p->p_fd;
int error;
struct nameidata nd;
+ vnode_t tvp;
vfs_context_t ctx = vfs_context_current();
- vnode_t vp, dvp;
- NDINIT(&nd, DELETE, LOCKPARENT|DOWHITEOUT|AUDITVNPATH1,
+ NDINIT(&nd, LOOKUP, OP_CHDIR, FOLLOW | AUDITVNPATH1,
UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
+ error = change_dir(&nd, ctx);
if (error)
return (error);
- dvp = nd.ni_dvp;
- vp = nd.ni_vp;
-
- if (vp == NULLVP && (nd.ni_cnd.cn_flags & ISWHITEOUT)) {
- error = VNOP_WHITEOUT(dvp, &nd.ni_cnd, DELETE, ctx);
- } else
- error = EEXIST;
-
+ if ( (error = vnode_ref(nd.ni_vp)) ) {
+ vnode_put(nd.ni_vp);
+ return (error);
+ }
/*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
+ * drop the iocount we picked up in change_dir
*/
- nameidone(&nd);
+ vnode_put(nd.ni_vp);
- if (vp)
- vnode_put(vp);
- vnode_put(dvp);
+ if (per_thread) {
+ thread_t th = vfs_context_thread(ctx);
+ if (th) {
+ uthread_t uth = get_bsdthread_info(th);
+ tvp = uth->uu_cdir;
+ uth->uu_cdir = nd.ni_vp;
+ OSBitOrAtomic(P_THCWD, &p->p_flag);
+ } else {
+ vnode_rele(nd.ni_vp);
+ return (ENOENT);
+ }
+ } else {
+ proc_fdlock(p);
+ tvp = fdp->fd_cdir;
+ fdp->fd_cdir = nd.ni_vp;
+ proc_fdunlock(p);
+ }
- return (error);
+ if (tvp)
+ vnode_rele(tvp);
+
+ return (0);
}
+
/*
- * Delete a name from the filesystem.
+ * chdir
+ *
+ * Change current working directory (".") for the entire process
+ *
+ * Parameters: p Process requesting the call
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect parameters: uap->path Directory path
+ *
+ * Returns: 0 Success
+ * common_chdir: ENOTDIR
+ * common_chdir: ENOENT No such file or directory
+ * common_chdir: ???
+ *
+ */
+int
+chdir(proc_t p, struct chdir_args *uap, __unused int32_t *retval)
+{
+ return common_chdir(p, (void *)uap, 0);
+}
+
+/*
+ * __pthread_chdir
+ *
+ * Change current working directory (".") for a single thread
+ *
+ * Parameters: p Process requesting the call
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect parameters: uap->path Directory path
+ *
+ * Returns: 0 Success
+ * common_chdir: ENOTDIR
+ * common_chdir: ENOENT No such file or directory
+ * common_chdir: ???
+ *
+ */
+int
+__pthread_chdir(proc_t p, struct __pthread_chdir_args *uap, __unused int32_t *retval)
+{
+ return common_chdir(p, (void *)uap, 1);
+}
+
+
+/*
+ * Change notion of root (``/'') directory.
*/
/* ARGSUSED */
int
-unlink1(vfs_context_t ctx, struct nameidata *ndp, int nodelbusy)
+chroot(proc_t p, struct chroot_args *uap, __unused int32_t *retval)
{
- vnode_t vp, dvp;
+ struct filedesc *fdp = p->p_fd;
int error;
- struct componentname *cnp;
- char *path = NULL;
- int len;
- fse_info finfo;
- int flags = 0;
- int need_event = 0;
- int has_listeners = 0;
+ struct nameidata nd;
+ vnode_t tvp;
+ vfs_context_t ctx = vfs_context_current();
- ndp->ni_cnd.cn_flags |= LOCKPARENT;
- cnp = &ndp->ni_cnd;
+ if ((error = suser(kauth_cred_get(), &p->p_acflag)))
+ return (error);
- error = namei(ndp);
+ NDINIT(&nd, LOOKUP, OP_CHROOT, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = change_dir(&nd, ctx);
if (error)
return (error);
- dvp = ndp->ni_dvp;
- vp = ndp->ni_vp;
- /* With Carbon delete semantics, busy files cannot be deleted */
- if (nodelbusy) {
- flags |= VNODE_REMOVE_NODELETEBUSY;
+#if CONFIG_MACF
+ error = mac_vnode_check_chroot(ctx, nd.ni_vp,
+ &nd.ni_cnd);
+ if (error) {
+ vnode_put(nd.ni_vp);
+ return (error);
}
+#endif
- /*
- * Normally, unlinking of directories is not supported.
- * However, some file systems may have limited support.
- */
- if ((vp->v_type == VDIR) &&
- !(vp->v_mount->mnt_vtable->vfc_vfsflags & VFC_VFSDIRLINKS)) {
- error = EPERM; /* POSIX */
+ if ( (error = vnode_ref(nd.ni_vp)) ) {
+ vnode_put(nd.ni_vp);
+ return (error);
}
+ vnode_put(nd.ni_vp);
- /*
- * The root of a mounted filesystem cannot be deleted.
- */
- if (vp->v_flag & VROOT) {
- error = EBUSY;
- }
- if (error)
- goto out;
+ proc_fdlock(p);
+ tvp = fdp->fd_rdir;
+ fdp->fd_rdir = nd.ni_vp;
+ fdp->fd_flags |= FD_CHROOT;
+ proc_fdunlock(p);
+ if (tvp != NULL)
+ vnode_rele(tvp);
- /* authorize the delete operation */
-#if CONFIG_MACF
- if (!error)
- error = mac_vnode_check_unlink(ctx,
- dvp, vp, cnp);
-#endif /* MAC */
- if (!error)
- error = vnode_authorize(vp, ndp->ni_dvp, KAUTH_VNODE_DELETE, ctx);
- if (error)
- goto out;
-
-#if CONFIG_FSE
- need_event = need_fsevent(FSE_DELETE, dvp);
- if (need_event) {
- if ((vp->v_flag & VISHARDLINK) == 0) {
- get_fse_info(vp, &finfo, ctx);
- }
- }
-#endif
- has_listeners = kauth_authorize_fileop_has_listeners();
- if (need_event || has_listeners) {
- GET_PATH(path);
- if (path == NULL) {
- error = ENOMEM;
- goto out;
- }
- len = MAXPATHLEN;
- vn_getpath(vp, path, &len);
- }
-
-#if NAMEDRSRCFORK
- if (ndp->ni_cnd.cn_flags & CN_WANTSRSRCFORK)
- error = vnode_removenamedstream(dvp, vp, XATTR_RESOURCEFORK_NAME, 0, ctx);
- else
-#endif
- error = VNOP_REMOVE(dvp, vp, &ndp->ni_cnd, flags, ctx);
-
- /*
- * Call out to allow 3rd party notification of delete.
- * Ignore result of kauth_authorize_fileop call.
- */
- if (!error) {
- if (has_listeners) {
- kauth_authorize_fileop(vfs_context_ucred(ctx),
- KAUTH_FILEOP_DELETE,
- (uintptr_t)vp,
- (uintptr_t)path);
- }
-
- if (vp->v_flag & VISHARDLINK) {
- //
- // if a hardlink gets deleted we want to blow away the
- // v_parent link because the path that got us to this
- // instance of the link is no longer valid. this will
- // force the next call to get the path to ask the file
- // system instead of just following the v_parent link.
- //
- vnode_update_identity(vp, NULL, NULL, 0, 0, VNODE_UPDATE_PARENT);
- }
-
-#if CONFIG_FSE
- if (need_event) {
- if (vp->v_flag & VISHARDLINK) {
- get_fse_info(vp, &finfo, ctx);
- }
- add_fsevent(FSE_DELETE, ctx,
- FSE_ARG_STRING, len, path,
- FSE_ARG_FINFO, &finfo,
- FSE_ARG_DONE);
- }
-#endif
- }
- if (path != NULL)
- RELEASE_PATH(path);
-
- /*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
- */
-out:
- nameidone(ndp);
- vnode_put(dvp);
- vnode_put(vp);
- return (error);
-}
-
-/*
- * Delete a name from the filesystem using POSIX semantics.
- */
-int
-unlink(__unused proc_t p, struct unlink_args *uap, __unused register_t *retval)
-{
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
-
- NDINIT(&nd, DELETE, AUDITVNPATH1, UIO_USERSPACE, uap->path, ctx);
- return unlink1(ctx, &nd, 0);
-}
-
-/*
- * Delete a name from the filesystem using Carbon semantics.
- */
-int
-delete(__unused proc_t p, struct delete_args *uap, __unused register_t *retval)
-{
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
-
- NDINIT(&nd, DELETE, AUDITVNPATH1, UIO_USERSPACE, uap->path, ctx);
- return unlink1(ctx, &nd, 1);
+ return (0);
}
/*
- * Reposition read/write file offset.
+ * Common routine for chroot and chdir.
+ *
+ * Returns: 0 Success
+ * ENOTDIR Not a directory
+ * namei:??? [anything namei can return]
+ * vnode_authorize:??? [anything vnode_authorize can return]
*/
-int
-lseek(proc_t p, struct lseek_args *uap, off_t *retval)
+static int
+change_dir(struct nameidata *ndp, vfs_context_t ctx)
{
- struct fileproc *fp;
vnode_t vp;
- struct vfs_context *ctx;
- off_t offset = uap->offset, file_size;
int error;
- if ( (error = fp_getfvp(p,uap->fd, &fp, &vp)) ) {
- if (error == ENOTSUP)
- return (ESPIPE);
+ if ((error = namei(ndp)))
return (error);
- }
- if (vnode_isfifo(vp)) {
- file_drop(uap->fd);
- return(ESPIPE);
- }
+ nameidone(ndp);
+ vp = ndp->ni_vp;
+ if (vp->v_type != VDIR) {
+ vnode_put(vp);
+ return (ENOTDIR);
+ }
- ctx = vfs_context_current();
#if CONFIG_MACF
- if (uap->whence == L_INCR && uap->offset == 0)
- error = mac_file_check_get_offset(vfs_context_ucred(ctx),
- fp->f_fglob);
- else
- error = mac_file_check_change_offset(vfs_context_ucred(ctx),
- fp->f_fglob);
+ error = mac_vnode_check_chdir(ctx, vp);
if (error) {
- file_drop(uap->fd);
+ vnode_put(vp);
return (error);
}
#endif
- if ( (error = vnode_getwithref(vp)) ) {
- file_drop(uap->fd);
- return(error);
- }
- switch (uap->whence) {
- case L_INCR:
- offset += fp->f_fglob->fg_offset;
- break;
- case L_XTND:
- if ((error = vnode_size(vp, &file_size, ctx)) != 0)
- break;
- offset += file_size;
- break;
- case L_SET:
- break;
- default:
- error = EINVAL;
- }
- if (error == 0) {
- if (uap->offset > 0 && offset < 0) {
- /* Incremented/relative move past max size */
- error = EOVERFLOW;
- } else {
- /*
- * Allow negative offsets on character devices, per
- * POSIX 1003.1-2001. Most likely for writing disk
- * labels.
- */
- if (offset < 0 && vp->v_type != VCHR) {
- /* Decremented/relative move before start */
- error = EINVAL;
- } else {
- /* Success */
- fp->f_fglob->fg_offset = offset;
- *retval = fp->f_fglob->fg_offset;
- }
- }
+ error = vnode_authorize(vp, NULL, KAUTH_VNODE_SEARCH, ctx);
+ if (error) {
+ vnode_put(vp);
+ return (error);
}
- (void)vnode_put(vp);
- file_drop(uap->fd);
+
return (error);
}
-
/*
- * Check access permissions.
+ * Check permissions, allocate an open file structure,
+ * and call the device open routine if any.
*
* Returns: 0 Success
- * vnode_authorize:???
+ * EINVAL
+ * EINTR
+ * falloc:ENFILE
+ * falloc:EMFILE
+ * falloc:ENOMEM
+ * vn_open_auth:???
+ * dupfdopen:???
+ * VNOP_ADVLOCK:???
+ * vnode_setsize:???
+ *
+ * XXX Need to implement uid, gid
*/
-static int
-access1(vnode_t vp, vnode_t dvp, int uflags, vfs_context_t ctx)
+int
+open1(vfs_context_t ctx, struct nameidata *ndp, int uflags, struct vnode_attr *vap, int32_t *retval)
{
- kauth_action_t action;
- int error;
-
- /*
- * If just the regular access bits, convert them to something
- * that vnode_authorize will understand.
- */
- if (!(uflags & _ACCESS_EXTENDED_MASK)) {
- action = 0;
- if (uflags & R_OK)
- action |= KAUTH_VNODE_READ_DATA; /* aka KAUTH_VNODE_LIST_DIRECTORY */
- if (uflags & W_OK) {
- if (vnode_isdir(vp)) {
- action |= KAUTH_VNODE_ADD_FILE |
- KAUTH_VNODE_ADD_SUBDIRECTORY;
- /* might want delete rights here too */
- } else {
- action |= KAUTH_VNODE_WRITE_DATA;
- }
- }
- if (uflags & X_OK) {
- if (vnode_isdir(vp)) {
- action |= KAUTH_VNODE_SEARCH;
- } else {
- action |= KAUTH_VNODE_EXECUTE;
- }
- }
- } else {
- /* take advantage of definition of uflags */
- action = uflags >> 8;
- }
-
-#if CONFIG_MACF
- error = mac_vnode_check_access(ctx, vp, uflags);
- if (error)
- return (error);
-#endif /* MAC */
-
- /* action == 0 means only check for existence */
- if (action != 0) {
- error = vnode_authorize(vp, dvp, action | KAUTH_VNODE_ACCESS, ctx);
- } else {
- error = 0;
- }
+ proc_t p = vfs_context_proc(ctx);
+ uthread_t uu = get_bsdthread_info(vfs_context_thread(ctx));
+ struct filedesc *fdp = p->p_fd;
+ struct fileproc *fp;
+ vnode_t vp;
+ int flags, oflags;
+ struct fileproc *nfp;
+ int type, indx, error;
+ struct flock lf;
+ int no_controlling_tty = 0;
+ int deny_controlling_tty = 0;
+ struct session *sessp = SESSION_NULL;
+ struct vfs_context context = *vfs_context_current(); /* local copy */
- return(error);
-}
+ oflags = uflags;
+ if ((oflags & O_ACCMODE) == O_ACCMODE)
+ return(EINVAL);
+ flags = FFLAGS(uflags);
+ AUDIT_ARG(fflags, oflags);
+ AUDIT_ARG(mode, vap->va_mode);
-/*
- * access_extended
+ if ( (error = falloc(p, &nfp, &indx, ctx)) ) {
+ return (error);
+ }
+ fp = nfp;
+ uu->uu_dupfd = -indx - 1;
+
+ if (!(p->p_flag & P_CONTROLT)) {
+ sessp = proc_session(p);
+ no_controlling_tty = 1;
+ /*
+ * If conditions would warrant getting a controlling tty if
+ * the device being opened is a tty (see ttyopen in tty.c),
+ * but the open flags deny it, set a flag in the session to
+ * prevent it.
+ */
+ if (SESS_LEADER(p, sessp) &&
+ sessp->s_ttyvp == NULL &&
+ (flags & O_NOCTTY)) {
+ session_lock(sessp);
+ sessp->s_flags |= S_NOCTTY;
+ session_unlock(sessp);
+ deny_controlling_tty = 1;
+ }
+ }
+
+ if ((error = vn_open_auth(ndp, &flags, vap))) {
+ if ((error == ENODEV || error == ENXIO) && (uu->uu_dupfd >= 0)){ /* XXX from fdopen */
+ if ((error = dupfdopen(fdp, indx, uu->uu_dupfd, flags, error)) == 0) {
+ fp_drop(p, indx, NULL, 0);
+ *retval = indx;
+ if (deny_controlling_tty) {
+ session_lock(sessp);
+ sessp->s_flags &= ~S_NOCTTY;
+ session_unlock(sessp);
+ }
+ if (sessp != SESSION_NULL)
+ session_rele(sessp);
+ return (0);
+ }
+ }
+ if (error == ERESTART)
+ error = EINTR;
+ fp_free(p, indx, fp);
+
+ if (deny_controlling_tty) {
+ session_lock(sessp);
+ sessp->s_flags &= ~S_NOCTTY;
+ session_unlock(sessp);
+ }
+ if (sessp != SESSION_NULL)
+ session_rele(sessp);
+ return (error);
+ }
+ uu->uu_dupfd = 0;
+ vp = ndp->ni_vp;
+
+ fp->f_fglob->fg_flag = flags & (FMASK | O_EVTONLY);
+ fp->f_fglob->fg_type = DTYPE_VNODE;
+ fp->f_fglob->fg_ops = &vnops;
+ fp->f_fglob->fg_data = (caddr_t)vp;
+
+#if CONFIG_PROTECT
+ if (VATTR_IS_ACTIVE (vap, va_dataprotect_flags)) {
+ if (vap->va_dataprotect_flags & VA_DP_RAWENCRYPTED) {
+ fp->f_fglob->fg_flag |= FENCRYPTED;
+ }
+ }
+#endif
+
+ if (flags & (O_EXLOCK | O_SHLOCK)) {
+ lf.l_whence = SEEK_SET;
+ lf.l_start = 0;
+ lf.l_len = 0;
+ if (flags & O_EXLOCK)
+ lf.l_type = F_WRLCK;
+ else
+ lf.l_type = F_RDLCK;
+ type = F_FLOCK;
+ if ((flags & FNONBLOCK) == 0)
+ type |= F_WAIT;
+#if CONFIG_MACF
+ error = mac_file_check_lock(vfs_context_ucred(ctx), fp->f_fglob,
+ F_SETLK, &lf);
+ if (error)
+ goto bad;
+#endif
+ if ((error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, type, ctx)))
+ goto bad;
+ fp->f_fglob->fg_flag |= FHASLOCK;
+ }
+
+ /* try to truncate by setting the size attribute */
+ if ((flags & O_TRUNC) && ((error = vnode_setsize(vp, (off_t)0, 0, ctx)) != 0))
+ goto bad;
+
+ /*
+ * If the open flags denied the acquisition of a controlling tty,
+ * clear the flag in the session structure that prevented the lower
+ * level code from assigning one.
+ */
+ if (deny_controlling_tty) {
+ session_lock(sessp);
+ sessp->s_flags &= ~S_NOCTTY;
+ session_unlock(sessp);
+ }
+
+ /*
+ * If a controlling tty was set by the tty line discipline, then we
+ * want to set the vp of the tty into the session structure. We have
+ * a race here because we can't get to the vp for the tp in ttyopen,
+ * because it's not passed as a parameter in the open path.
+ */
+ if (no_controlling_tty && (p->p_flag & P_CONTROLT)) {
+ vnode_t ttyvp;
+
+ /*
+ * We already have a ref from vn_open_auth(), so we can demand another reference.
+ */
+ error = vnode_ref_ext(vp, 0, VNODE_REF_FORCE);
+ if (error != 0) {
+ panic("vnode_ref_ext() with VNODE_REF_FORCE failed?!");
+ }
+
+ session_lock(sessp);
+ ttyvp = sessp->s_ttyvp;
+ sessp->s_ttyvp = vp;
+ sessp->s_ttyvid = vnode_vid(vp);
+ session_unlock(sessp);
+ if (ttyvp != NULLVP)
+ vnode_rele(ttyvp);
+ }
+
+ vnode_put(vp);
+
+ proc_fdlock(p);
+ if (flags & O_CLOEXEC)
+ *fdflags(p, indx) |= UF_EXCLOSE;
+ procfdtbl_releasefd(p, indx, NULL);
+ fp_drop(p, indx, fp, 1);
+ proc_fdunlock(p);
+
+ *retval = indx;
+
+ if (sessp != SESSION_NULL)
+ session_rele(sessp);
+ return (0);
+bad:
+ if (deny_controlling_tty) {
+ session_lock(sessp);
+ sessp->s_flags &= ~S_NOCTTY;
+ session_unlock(sessp);
+ }
+ if (sessp != SESSION_NULL)
+ session_rele(sessp);
+
+ /* Modify local copy (to not damage thread copy) */
+ context.vc_ucred = fp->f_fglob->fg_cred;
+
+ vn_close(vp, fp->f_fglob->fg_flag, &context);
+ vnode_put(vp);
+ fp_free(p, indx, fp);
+
+ return (error);
+
+}
+
+/*
+ * open_extended: open a file given a path name; with extended argument list (including extended security (ACL)).
+ *
+ * Parameters: p Process requesting the open
+ * uap User argument descriptor (see below)
+ * retval Pointer to an area to receive the
+ * return calue from the system call
+ *
+ * Indirect: uap->path Path to open (same as 'open')
+ * uap->flags Flags to open (same as 'open'
+ * uap->uid UID to set, if creating
+ * uap->gid GID to set, if creating
+ * uap->mode File mode, if creating (same as 'open')
+ * uap->xsecurity ACL to set, if creating
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ * Notes: The kauth_filesec_t in 'va', if any, is in host byte order.
+ *
+ * XXX: We should enummerate the possible errno values here, and where
+ * in the code they originated.
+ */
+int
+open_extended(proc_t p, struct open_extended_args *uap, int32_t *retval)
+{
+ struct filedesc *fdp = p->p_fd;
+ int ciferror;
+ kauth_filesec_t xsecdst;
+ struct vnode_attr va;
+ struct nameidata nd;
+ int cmode;
+
+ AUDIT_ARG(owner, uap->uid, uap->gid);
+
+ xsecdst = NULL;
+ if ((uap->xsecurity != USER_ADDR_NULL) &&
+ ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0))
+ return ciferror;
+
+ VATTR_INIT(&va);
+ cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
+ VATTR_SET(&va, va_mode, cmode);
+ if (uap->uid != KAUTH_UID_NONE)
+ VATTR_SET(&va, va_uid, uap->uid);
+ if (uap->gid != KAUTH_GID_NONE)
+ VATTR_SET(&va, va_gid, uap->gid);
+ if (xsecdst != NULL)
+ VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+
+ NDINIT(&nd, LOOKUP, OP_OPEN, FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, vfs_context_current());
+
+ ciferror = open1(vfs_context_current(), &nd, uap->flags, &va, retval);
+ if (xsecdst != NULL)
+ kauth_filesec_free(xsecdst);
+
+ return ciferror;
+}
+
+/*
+ * Go through the data-protected atomically controlled open (2)
+ *
+ * int open_dprotected_np(user_addr_t path, int flags, int class, int dpflags, int mode)
+ */
+int open_dprotected_np (__unused proc_t p, struct open_dprotected_np_args *uap, int32_t *retval) {
+ int flags = uap->flags;
+ int class = uap->class;
+ int dpflags = uap->dpflags;
+
+ /*
+ * Follow the same path as normal open(2)
+ * Look up the item if it exists, and acquire the vnode.
+ */
+ struct filedesc *fdp = p->p_fd;
+ struct vnode_attr va;
+ struct nameidata nd;
+ int cmode;
+ int error;
+
+ VATTR_INIT(&va);
+ /* Mask off all but regular access permissions */
+ cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
+ VATTR_SET(&va, va_mode, cmode & ACCESSPERMS);
+
+ NDINIT(&nd, LOOKUP, OP_OPEN, FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, vfs_context_current());
+
+ /*
+ * Initialize the extra fields in vnode_attr to pass down our
+ * extra fields.
+ * 1. target cprotect class.
+ * 2. set a flag to mark it as requiring open-raw-encrypted semantics.
+ */
+ if (flags & O_CREAT) {
+ VATTR_SET(&va, va_dataprotect_class, class);
+ }
+
+ if (dpflags & O_DP_GETRAWENCRYPTED) {
+ if ( flags & (O_RDWR | O_WRONLY)) {
+ /* Not allowed to write raw encrypted bytes */
+ return EINVAL;
+ }
+ VATTR_SET(&va, va_dataprotect_flags, VA_DP_RAWENCRYPTED);
+ }
+
+ error = open1(vfs_context_current(), &nd, uap->flags, &va, retval);
+
+ return error;
+}
+
+
+int
+open(proc_t p, struct open_args *uap, int32_t *retval)
+{
+ __pthread_testcancel(1);
+ return(open_nocancel(p, (struct open_nocancel_args *)uap, retval));
+}
+
+int
+open_nocancel(proc_t p, struct open_nocancel_args *uap, int32_t *retval)
+{
+ struct filedesc *fdp = p->p_fd;
+ struct vnode_attr va;
+ struct nameidata nd;
+ int cmode;
+
+ VATTR_INIT(&va);
+ /* Mask off all but regular access permissions */
+ cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) & ~S_ISTXT;
+ VATTR_SET(&va, va_mode, cmode & ACCESSPERMS);
+
+ NDINIT(&nd, LOOKUP, OP_OPEN, FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, vfs_context_current());
+
+ return(open1(vfs_context_current(), &nd, uap->flags, &va, retval));
+}
+
+
+/*
+ * Create a special file.
+ */
+static int mkfifo1(vfs_context_t ctx, user_addr_t upath, struct vnode_attr *vap);
+
+int
+mknod(proc_t p, struct mknod_args *uap, __unused int32_t *retval)
+{
+ struct vnode_attr va;
+ vfs_context_t ctx = vfs_context_current();
+ int error;
+ struct nameidata nd;
+ vnode_t vp, dvp;
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, (uap->mode & ALLPERMS) & ~p->p_fd->fd_cmask);
+ VATTR_SET(&va, va_rdev, uap->dev);
+
+ /* If it's a mknod() of a FIFO, call mkfifo1() instead */
+ if ((uap->mode & S_IFMT) == S_IFIFO)
+ return(mkfifo1(ctx, uap->path, &va));
+
+ AUDIT_ARG(mode, uap->mode);
+ AUDIT_ARG(value32, uap->dev);
+
+ if ((error = suser(vfs_context_ucred(ctx), &p->p_acflag)))
+ return (error);
+ NDINIT(&nd, CREATE, OP_MKNOD, LOCKPARENT | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ dvp = nd.ni_dvp;
+ vp = nd.ni_vp;
+
+ if (vp != NULL) {
+ error = EEXIST;
+ goto out;
+ }
+
+ switch (uap->mode & S_IFMT) {
+ case S_IFMT: /* used by badsect to flag bad sectors */
+ VATTR_SET(&va, va_type, VBAD);
+ break;
+ case S_IFCHR:
+ VATTR_SET(&va, va_type, VCHR);
+ break;
+ case S_IFBLK:
+ VATTR_SET(&va, va_type, VBLK);
+ break;
+ default:
+ error = EINVAL;
+ goto out;
+ }
+
+#if CONFIG_MACF
+ error = mac_vnode_check_create(ctx,
+ nd.ni_dvp, &nd.ni_cnd, &va);
+ if (error)
+ goto out;
+#endif
+
+ if ((error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
+ goto out;
+
+ if ((error = vn_create(dvp, &vp, &nd, &va, 0, 0, NULL, ctx)) != 0)
+ goto out;
+
+ if (vp) {
+ int update_flags = 0;
+
+ // Make sure the name & parent pointers are hooked up
+ if (vp->v_name == NULL)
+ update_flags |= VNODE_UPDATE_NAME;
+ if (vp->v_parent == NULLVP)
+ update_flags |= VNODE_UPDATE_PARENT;
+
+ if (update_flags)
+ vnode_update_identity(vp, dvp, nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, nd.ni_cnd.cn_hash, update_flags);
+
+#if CONFIG_FSE
+ add_fsevent(FSE_CREATE_FILE, ctx,
+ FSE_ARG_VNODE, vp,
+ FSE_ARG_DONE);
+#endif
+ }
+
+out:
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(&nd);
+
+ if (vp)
+ vnode_put(vp);
+ vnode_put(dvp);
+
+ return (error);
+}
+
+/*
+ * Create a named pipe.
+ *
+ * Returns: 0 Success
+ * EEXIST
+ * namei:???
+ * vnode_authorize:???
+ * vn_create:???
+ */
+static int
+mkfifo1(vfs_context_t ctx, user_addr_t upath, struct vnode_attr *vap)
+{
+ vnode_t vp, dvp;
+ int error;
+ struct nameidata nd;
+
+ NDINIT(&nd, CREATE, OP_MKFIFO, LOCKPARENT | AUDITVNPATH1,
+ UIO_USERSPACE, upath, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ dvp = nd.ni_dvp;
+ vp = nd.ni_vp;
+
+ /* check that this is a new file and authorize addition */
+ if (vp != NULL) {
+ error = EEXIST;
+ goto out;
+ }
+ VATTR_SET(vap, va_type, VFIFO);
+
+ if ((error = vn_authorize_create(dvp, &nd.ni_cnd, vap, ctx, NULL)) != 0)
+ goto out;
+
+ error = vn_create(dvp, &vp, &nd, vap, 0, 0, NULL, ctx);
+out:
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(&nd);
+
+ if (vp)
+ vnode_put(vp);
+ vnode_put(dvp);
+
+ return error;
+}
+
+
+/*
+ * mkfifo_extended: Create a named pipe; with extended argument list (including extended security (ACL)).
+ *
+ * Parameters: p Process requesting the open
+ * uap User argument descriptor (see below)
+ * retval (Ignored)
+ *
+ * Indirect: uap->path Path to fifo (same as 'mkfifo')
+ * uap->uid UID to set
+ * uap->gid GID to set
+ * uap->mode File mode to set (same as 'mkfifo')
+ * uap->xsecurity ACL to set, if creating
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ * Notes: The kauth_filesec_t in 'va', if any, is in host byte order.
+ *
+ * XXX: We should enummerate the possible errno values here, and where
+ * in the code they originated.
+ */
+int
+mkfifo_extended(proc_t p, struct mkfifo_extended_args *uap, __unused int32_t *retval)
+{
+ int ciferror;
+ kauth_filesec_t xsecdst;
+ struct vnode_attr va;
+
+ AUDIT_ARG(owner, uap->uid, uap->gid);
+
+ xsecdst = KAUTH_FILESEC_NONE;
+ if (uap->xsecurity != USER_ADDR_NULL) {
+ if ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
+ return ciferror;
+ }
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, (uap->mode & ALLPERMS) & ~p->p_fd->fd_cmask);
+ if (uap->uid != KAUTH_UID_NONE)
+ VATTR_SET(&va, va_uid, uap->uid);
+ if (uap->gid != KAUTH_GID_NONE)
+ VATTR_SET(&va, va_gid, uap->gid);
+ if (xsecdst != KAUTH_FILESEC_NONE)
+ VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+
+ ciferror = mkfifo1(vfs_context_current(), uap->path, &va);
+
+ if (xsecdst != KAUTH_FILESEC_NONE)
+ kauth_filesec_free(xsecdst);
+ return ciferror;
+}
+
+/* ARGSUSED */
+int
+mkfifo(proc_t p, struct mkfifo_args *uap, __unused int32_t *retval)
+{
+ struct vnode_attr va;
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, (uap->mode & ALLPERMS) & ~p->p_fd->fd_cmask);
+
+ return(mkfifo1(vfs_context_current(), uap->path, &va));
+}
+
+
+static char *
+my_strrchr(char *p, int ch)
+{
+ char *save;
+
+ for (save = NULL;; ++p) {
+ if (*p == ch)
+ save = p;
+ if (!*p)
+ return(save);
+ }
+ /* NOTREACHED */
+}
+
+extern int safe_getpath(struct vnode *dvp, char *leafname, char *path, int _len, int *truncated_path);
+
+int
+safe_getpath(struct vnode *dvp, char *leafname, char *path, int _len, int *truncated_path)
+{
+ int ret, len = _len;
+
+ *truncated_path = 0;
+ ret = vn_getpath(dvp, path, &len);
+ if (ret == 0 && len < (MAXPATHLEN - 1)) {
+ if (leafname) {
+ path[len-1] = '/';
+ len += strlcpy(&path[len], leafname, MAXPATHLEN-len) + 1;
+ if (len > MAXPATHLEN) {
+ char *ptr;
+
+ // the string got truncated!
+ *truncated_path = 1;
+ ptr = my_strrchr(path, '/');
+ if (ptr) {
+ *ptr = '\0'; // chop off the string at the last directory component
+ }
+ len = strlen(path) + 1;
+ }
+ }
+ } else if (ret == 0) {
+ *truncated_path = 1;
+ } else if (ret != 0) {
+ struct vnode *mydvp=dvp;
+
+ if (ret != ENOSPC) {
+ printf("safe_getpath: failed to get the path for vp %p (%s) : err %d\n",
+ dvp, dvp->v_name ? dvp->v_name : "no-name", ret);
+ }
+ *truncated_path = 1;
+
+ do {
+ if (mydvp->v_parent != NULL) {
+ mydvp = mydvp->v_parent;
+ } else if (mydvp->v_mount) {
+ strlcpy(path, mydvp->v_mount->mnt_vfsstat.f_mntonname, _len);
+ break;
+ } else {
+ // no parent and no mount point? only thing is to punt and say "/" changed
+ strlcpy(path, "/", _len);
+ len = 2;
+ mydvp = NULL;
+ }
+
+ if (mydvp == NULL) {
+ break;
+ }
+
+ len = _len;
+ ret = vn_getpath(mydvp, path, &len);
+ } while (ret == ENOSPC);
+ }
+
+ return len;
+}
+
+
+/*
+ * Make a hard file link.
+ *
+ * Returns: 0 Success
+ * EPERM
+ * EEXIST
+ * EXDEV
+ * namei:???
+ * vnode_authorize:???
+ * VNOP_LINK:???
+ */
+/* ARGSUSED */
+int
+link(__unused proc_t p, struct link_args *uap, __unused int32_t *retval)
+{
+ vnode_t vp, dvp, lvp;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+ int error;
+#if CONFIG_FSE
+ fse_info finfo;
+#endif
+ int need_event, has_listeners;
+ char *target_path = NULL;
+ int truncated=0;
+
+ vp = dvp = lvp = NULLVP;
+
+ /* look up the object we are linking to */
+ NDINIT(&nd, LOOKUP, OP_LOOKUP, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ vp = nd.ni_vp;
+
+ nameidone(&nd);
+
+ /*
+ * Normally, linking to directories is not supported.
+ * However, some file systems may have limited support.
+ */
+ if (vp->v_type == VDIR) {
+ if (!(vp->v_mount->mnt_vtable->vfc_vfsflags & VFC_VFSDIRLINKS)) {
+ error = EPERM; /* POSIX */
+ goto out;
+ }
+ /* Linking to a directory requires ownership. */
+ if (!kauth_cred_issuser(vfs_context_ucred(ctx))) {
+ struct vnode_attr dva;
+
+ VATTR_INIT(&dva);
+ VATTR_WANTED(&dva, va_uid);
+ if (vnode_getattr(vp, &dva, ctx) != 0 ||
+ !VATTR_IS_SUPPORTED(&dva, va_uid) ||
+ (dva.va_uid != kauth_cred_getuid(vfs_context_ucred(ctx)))) {
+ error = EACCES;
+ goto out;
+ }
+ }
+ }
+
+ /* lookup the target node */
+#if CONFIG_TRIGGERS
+ nd.ni_op = OP_LINK;
+#endif
+ nd.ni_cnd.cn_nameiop = CREATE;
+ nd.ni_cnd.cn_flags = LOCKPARENT | AUDITVNPATH2 | CN_NBMOUNTLOOK;
+ nd.ni_dirp = uap->link;
+ error = namei(&nd);
+ if (error != 0)
+ goto out;
+ dvp = nd.ni_dvp;
+ lvp = nd.ni_vp;
+
+#if CONFIG_MACF
+ if ((error = mac_vnode_check_link(ctx, dvp, vp, &nd.ni_cnd)) != 0)
+ goto out2;
+#endif
+
+ /* or to anything that kauth doesn't want us to (eg. immutable items) */
+ if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_LINKTARGET, ctx)) != 0)
+ goto out2;
+
+ /* target node must not exist */
+ if (lvp != NULLVP) {
+ error = EEXIST;
+ goto out2;
+ }
+ /* cannot link across mountpoints */
+ if (vnode_mount(vp) != vnode_mount(dvp)) {
+ error = EXDEV;
+ goto out2;
+ }
+
+ /* authorize creation of the target note */
+ if ((error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
+ goto out2;
+
+ /* and finally make the link */
+ error = VNOP_LINK(vp, dvp, &nd.ni_cnd, ctx);
+ if (error)
+ goto out2;
+
+#if CONFIG_FSE
+ need_event = need_fsevent(FSE_CREATE_FILE, dvp);
+#else
+ need_event = 0;
+#endif
+ has_listeners = kauth_authorize_fileop_has_listeners();
+
+ if (need_event || has_listeners) {
+ char *link_to_path = NULL;
+ int len, link_name_len;
+
+ /* build the path to the new link file */
+ GET_PATH(target_path);
+ if (target_path == NULL) {
+ error = ENOMEM;
+ goto out2;
+ }
+
+ len = safe_getpath(dvp, nd.ni_cnd.cn_nameptr, target_path, MAXPATHLEN, &truncated);
+
+ if (has_listeners) {
+ /* build the path to file we are linking to */
+ GET_PATH(link_to_path);
+ if (link_to_path == NULL) {
+ error = ENOMEM;
+ goto out2;
+ }
+
+ link_name_len = MAXPATHLEN;
+ vn_getpath(vp, link_to_path, &link_name_len);
+
+ /*
+ * Call out to allow 3rd party notification of rename.
+ * Ignore result of kauth_authorize_fileop call.
+ */
+ kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_LINK,
+ (uintptr_t)link_to_path, (uintptr_t)target_path);
+ if (link_to_path != NULL) {
+ RELEASE_PATH(link_to_path);
+ }
+ }
+#if CONFIG_FSE
+ if (need_event) {
+ /* construct fsevent */
+ if (get_fse_info(vp, &finfo, ctx) == 0) {
+ if (truncated) {
+ finfo.mode |= FSE_TRUNCATED_PATH;
+ }
+
+ // build the path to the destination of the link
+ add_fsevent(FSE_CREATE_FILE, ctx,
+ FSE_ARG_STRING, len, target_path,
+ FSE_ARG_FINFO, &finfo,
+ FSE_ARG_DONE);
+ }
+ if (vp->v_parent) {
+ add_fsevent(FSE_STAT_CHANGED, ctx,
+ FSE_ARG_VNODE, vp->v_parent,
+ FSE_ARG_DONE);
+ }
+ }
+#endif
+ }
+out2:
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(&nd);
+ if (target_path != NULL) {
+ RELEASE_PATH(target_path);
+ }
+out:
+ if (lvp)
+ vnode_put(lvp);
+ if (dvp)
+ vnode_put(dvp);
+ vnode_put(vp);
+ return (error);
+}
+
+/*
+ * Make a symbolic link.
+ *
+ * We could add support for ACLs here too...
+ */
+/* ARGSUSED */
+int
+symlink(proc_t p, struct symlink_args *uap, __unused int32_t *retval)
+{
+ struct vnode_attr va;
+ char *path;
+ int error;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+ vnode_t vp, dvp;
+ size_t dummy=0;
+
+ MALLOC_ZONE(path, char *, MAXPATHLEN, M_NAMEI, M_WAITOK);
+ error = copyinstr(uap->path, path, MAXPATHLEN, &dummy);
+ if (error)
+ goto out;
+ AUDIT_ARG(text, path); /* This is the link string */
+
+ NDINIT(&nd, CREATE, OP_SYMLINK, LOCKPARENT | AUDITVNPATH1,
+ UIO_USERSPACE, uap->link, ctx);
+ error = namei(&nd);
+ if (error)
+ goto out;
+ dvp = nd.ni_dvp;
+ vp = nd.ni_vp;
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_type, VLNK);
+ VATTR_SET(&va, va_mode, ACCESSPERMS & ~p->p_fd->fd_cmask);
+#if CONFIG_MACF
+ error = mac_vnode_check_create(ctx,
+ dvp, &nd.ni_cnd, &va);
+#endif
+ if (error != 0) {
+ goto skipit;
+ }
+
+ if (vp != NULL) {
+ error = EEXIST;
+ goto skipit;
+ }
+
+ /* authorize */
+ if (error == 0)
+ error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_FILE, ctx);
+ /* get default ownership, etc. */
+ if (error == 0)
+ error = vnode_authattr_new(dvp, &va, 0, ctx);
+ if (error == 0)
+ error = VNOP_SYMLINK(dvp, &vp, &nd.ni_cnd, &va, path, ctx);
+
+ /* do fallback attribute handling */
+ if (error == 0)
+ error = vnode_setattr_fallback(vp, &va, ctx);
+
+ if (error == 0) {
+ int update_flags = 0;
+
+ if (vp == NULL) {
+ nd.ni_cnd.cn_nameiop = LOOKUP;
+#if CONFIG_TRIGGERS
+ nd.ni_op = OP_LOOKUP;
+#endif
+ nd.ni_cnd.cn_flags = 0;
+ error = namei(&nd);
+ vp = nd.ni_vp;
+
+ if (vp == NULL)
+ goto skipit;
+ }
+
+#if 0 /* XXX - kauth_todo - is KAUTH_FILEOP_SYMLINK needed? */
+ /* call out to allow 3rd party notification of rename.
+ * Ignore result of kauth_authorize_fileop call.
+ */
+ if (kauth_authorize_fileop_has_listeners() &&
+ namei(&nd) == 0) {
+ char *new_link_path = NULL;
+ int len;
+
+ /* build the path to the new link file */
+ new_link_path = get_pathbuff();
+ len = MAXPATHLEN;
+ vn_getpath(dvp, new_link_path, &len);
+ if ((len + 1 + nd.ni_cnd.cn_namelen + 1) < MAXPATHLEN) {
+ new_link_path[len - 1] = '/';
+ strlcpy(&new_link_path[len], nd.ni_cnd.cn_nameptr, MAXPATHLEN-len);
+ }
+
+ kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_SYMLINK,
+ (uintptr_t)path, (uintptr_t)new_link_path);
+ if (new_link_path != NULL)
+ release_pathbuff(new_link_path);
+ }
+#endif
+ // Make sure the name & parent pointers are hooked up
+ if (vp->v_name == NULL)
+ update_flags |= VNODE_UPDATE_NAME;
+ if (vp->v_parent == NULLVP)
+ update_flags |= VNODE_UPDATE_PARENT;
+
+ if (update_flags)
+ vnode_update_identity(vp, dvp, nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, nd.ni_cnd.cn_hash, update_flags);
+
+#if CONFIG_FSE
+ add_fsevent(FSE_CREATE_FILE, ctx,
+ FSE_ARG_VNODE, vp,
+ FSE_ARG_DONE);
+#endif
+ }
+
+skipit:
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(&nd);
+
+ if (vp)
+ vnode_put(vp);
+ vnode_put(dvp);
+out:
+ FREE_ZONE(path, MAXPATHLEN, M_NAMEI);
+
+ return (error);
+}
+
+/*
+ * Delete a whiteout from the filesystem.
+ * XXX authorization not implmented for whiteouts
+ */
+int
+undelete(__unused proc_t p, struct undelete_args *uap, __unused int32_t *retval)
+{
+ int error;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+ vnode_t vp, dvp;
+
+ NDINIT(&nd, DELETE, OP_UNLINK, LOCKPARENT | DOWHITEOUT | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ dvp = nd.ni_dvp;
+ vp = nd.ni_vp;
+
+ if (vp == NULLVP && (nd.ni_cnd.cn_flags & ISWHITEOUT)) {
+ error = VNOP_WHITEOUT(dvp, &nd.ni_cnd, DELETE, ctx);
+ } else
+ error = EEXIST;
+
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(&nd);
+
+ if (vp)
+ vnode_put(vp);
+ vnode_put(dvp);
+
+ return (error);
+}
+
+
+/*
+ * Delete a name from the filesystem.
+ */
+/* ARGSUSED */
+int
+unlink1(vfs_context_t ctx, struct nameidata *ndp, int unlink_flags)
+{
+ vnode_t vp, dvp;
+ int error;
+ struct componentname *cnp;
+ char *path = NULL;
+ int len=0;
+#if CONFIG_FSE
+ fse_info finfo;
+ struct vnode_attr va;
+#endif
+ int flags = 0;
+ int need_event = 0;
+ int has_listeners = 0;
+ int truncated_path=0;
+ int batched;
+ struct vnode_attr *vap = NULL;
+
+#if NAMEDRSRCFORK
+ /* unlink or delete is allowed on rsrc forks and named streams */
+ ndp->ni_cnd.cn_flags |= CN_ALLOWRSRCFORK;
+#endif
+
+ ndp->ni_cnd.cn_flags |= LOCKPARENT;
+ ndp->ni_flag |= NAMEI_COMPOUNDREMOVE;
+ cnp = &ndp->ni_cnd;
+
+lookup_continue:
+ error = namei(ndp);
+ if (error)
+ return (error);
+
+ dvp = ndp->ni_dvp;
+ vp = ndp->ni_vp;
+
+
+ /* With Carbon delete semantics, busy files cannot be deleted */
+ if (unlink_flags & VNODE_REMOVE_NODELETEBUSY) {
+ flags |= VNODE_REMOVE_NODELETEBUSY;
+ }
+
+ /* If we're told to, then skip any potential future upcalls */
+ if (unlink_flags & VNODE_REMOVE_SKIP_NAMESPACE_EVENT) {
+ flags |= VNODE_REMOVE_SKIP_NAMESPACE_EVENT;
+ }
+
+
+ if (vp) {
+ batched = vnode_compound_remove_available(vp);
+ /*
+ * The root of a mounted filesystem cannot be deleted.
+ */
+ if (vp->v_flag & VROOT) {
+ error = EBUSY;
+ }
+
+ if (!batched) {
+ error = vn_authorize_unlink(dvp, vp, cnp, ctx, NULL);
+ if (error) {
+ goto out;
+ }
+ }
+ } else {
+ batched = 1;
+
+ if (!vnode_compound_remove_available(dvp)) {
+ panic("No vp, but no compound remove?");
+ }
+ }
+
+#if CONFIG_FSE
+ need_event = need_fsevent(FSE_DELETE, dvp);
+ if (need_event) {
+ if (!batched) {
+ if ((vp->v_flag & VISHARDLINK) == 0) {
+ /* XXX need to get these data in batched VNOP */
+ get_fse_info(vp, &finfo, ctx);
+ }
+ } else {
+ error = vfs_get_notify_attributes(&va);
+ if (error) {
+ goto out;
+ }
+
+ vap = &va;
+ }
+ }
+#endif
+ has_listeners = kauth_authorize_fileop_has_listeners();
+ if (need_event || has_listeners) {
+ if (path == NULL) {
+ GET_PATH(path);
+ if (path == NULL) {
+ error = ENOMEM;
+ goto out;
+ }
+ }
+ len = safe_getpath(dvp, ndp->ni_cnd.cn_nameptr, path, MAXPATHLEN, &truncated_path);
+ }
+
+#if NAMEDRSRCFORK
+ if (ndp->ni_cnd.cn_flags & CN_WANTSRSRCFORK)
+ error = vnode_removenamedstream(dvp, vp, XATTR_RESOURCEFORK_NAME, 0, ctx);
+ else
+#endif
+ {
+ error = vn_remove(dvp, &ndp->ni_vp, ndp, flags, vap, ctx);
+ vp = ndp->ni_vp;
+ if (error == EKEEPLOOKING) {
+ if (!batched) {
+ panic("EKEEPLOOKING, but not a filesystem that supports compound VNOPs?");
+ }
+
+ if ((ndp->ni_flag & NAMEI_CONTLOOKUP) == 0) {
+ panic("EKEEPLOOKING, but continue flag not set?");
+ }
+
+ if (vnode_isdir(vp)) {
+ error = EISDIR;
+ goto out;
+ }
+ goto lookup_continue;
+ }
+ }
+
+ /*
+ * Call out to allow 3rd party notification of delete.
+ * Ignore result of kauth_authorize_fileop call.
+ */
+ if (!error) {
+ if (has_listeners) {
+ kauth_authorize_fileop(vfs_context_ucred(ctx),
+ KAUTH_FILEOP_DELETE,
+ (uintptr_t)vp,
+ (uintptr_t)path);
+ }
+
+ if (vp->v_flag & VISHARDLINK) {
+ //
+ // if a hardlink gets deleted we want to blow away the
+ // v_parent link because the path that got us to this
+ // instance of the link is no longer valid. this will
+ // force the next call to get the path to ask the file
+ // system instead of just following the v_parent link.
+ //
+ vnode_update_identity(vp, NULL, NULL, 0, 0, VNODE_UPDATE_PARENT);
+ }
+
+#if CONFIG_FSE
+ if (need_event) {
+ if (vp->v_flag & VISHARDLINK) {
+ get_fse_info(vp, &finfo, ctx);
+ } else if (vap) {
+ vnode_get_fse_info_from_vap(vp, &finfo, vap);
+ }
+ if (truncated_path) {
+ finfo.mode |= FSE_TRUNCATED_PATH;
+ }
+ add_fsevent(FSE_DELETE, ctx,
+ FSE_ARG_STRING, len, path,
+ FSE_ARG_FINFO, &finfo,
+ FSE_ARG_DONE);
+ }
+#endif
+ }
+
+out:
+ if (path != NULL)
+ RELEASE_PATH(path);
+
+#if NAMEDRSRCFORK
+ /* recycle the deleted rsrc fork vnode to force a reclaim, which
+ * will cause its shadow file to go away if necessary.
+ */
+ if (vp && (vnode_isnamedstream(vp)) &&
+ (vp->v_parent != NULLVP) &&
+ vnode_isshadow(vp)) {
+ vnode_recycle(vp);
+ }
+#endif
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(ndp);
+ vnode_put(dvp);
+ if (vp) {
+ vnode_put(vp);
+ }
+ return (error);
+}
+
+/*
+ * Delete a name from the filesystem using POSIX semantics.
+ */
+int
+unlink(__unused proc_t p, struct unlink_args *uap, __unused int32_t *retval)
+{
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+
+ NDINIT(&nd, DELETE, OP_UNLINK, AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, ctx);
+ return unlink1(ctx, &nd, 0);
+}
+
+/*
+ * Delete a name from the filesystem using Carbon semantics.
+ */
+int
+delete(__unused proc_t p, struct delete_args *uap, __unused int32_t *retval)
+{
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+
+ NDINIT(&nd, DELETE, OP_UNLINK, AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, ctx);
+ return unlink1(ctx, &nd, VNODE_REMOVE_NODELETEBUSY);
+}
+
+/*
+ * Reposition read/write file offset.
+ */
+int
+lseek(proc_t p, struct lseek_args *uap, off_t *retval)
+{
+ struct fileproc *fp;
+ vnode_t vp;
+ struct vfs_context *ctx;
+ off_t offset = uap->offset, file_size;
+ int error;
+
+ if ( (error = fp_getfvp(p,uap->fd, &fp, &vp)) ) {
+ if (error == ENOTSUP)
+ return (ESPIPE);
+ return (error);
+ }
+ if (vnode_isfifo(vp)) {
+ file_drop(uap->fd);
+ return(ESPIPE);
+ }
+
+
+ ctx = vfs_context_current();
+#if CONFIG_MACF
+ if (uap->whence == L_INCR && uap->offset == 0)
+ error = mac_file_check_get_offset(vfs_context_ucred(ctx),
+ fp->f_fglob);
+ else
+ error = mac_file_check_change_offset(vfs_context_ucred(ctx),
+ fp->f_fglob);
+ if (error) {
+ file_drop(uap->fd);
+ return (error);
+ }
+#endif
+ if ( (error = vnode_getwithref(vp)) ) {
+ file_drop(uap->fd);
+ return(error);
+ }
+
+ switch (uap->whence) {
+ case L_INCR:
+ offset += fp->f_fglob->fg_offset;
+ break;
+ case L_XTND:
+ if ((error = vnode_size(vp, &file_size, ctx)) != 0)
+ break;
+ offset += file_size;
+ break;
+ case L_SET:
+ break;
+ default:
+ error = EINVAL;
+ }
+ if (error == 0) {
+ if (uap->offset > 0 && offset < 0) {
+ /* Incremented/relative move past max size */
+ error = EOVERFLOW;
+ } else {
+ /*
+ * Allow negative offsets on character devices, per
+ * POSIX 1003.1-2001. Most likely for writing disk
+ * labels.
+ */
+ if (offset < 0 && vp->v_type != VCHR) {
+ /* Decremented/relative move before start */
+ error = EINVAL;
+ } else {
+ /* Success */
+ fp->f_fglob->fg_offset = offset;
+ *retval = fp->f_fglob->fg_offset;
+ }
+ }
+ }
+
+ /*
+ * An lseek can affect whether data is "available to read." Use
+ * hint of NOTE_NONE so no EVFILT_VNODE events fire
+ */
+ post_event_if_success(vp, error, NOTE_NONE);
+ (void)vnode_put(vp);
+ file_drop(uap->fd);
+ return (error);
+}
+
+
+/*
+ * Check access permissions.
+ *
+ * Returns: 0 Success
+ * vnode_authorize:???
+ */
+static int
+access1(vnode_t vp, vnode_t dvp, int uflags, vfs_context_t ctx)
+{
+ kauth_action_t action;
+ int error;
+
+ /*
+ * If just the regular access bits, convert them to something
+ * that vnode_authorize will understand.
+ */
+ if (!(uflags & _ACCESS_EXTENDED_MASK)) {
+ action = 0;
+ if (uflags & R_OK)
+ action |= KAUTH_VNODE_READ_DATA; /* aka KAUTH_VNODE_LIST_DIRECTORY */
+ if (uflags & W_OK) {
+ if (vnode_isdir(vp)) {
+ action |= KAUTH_VNODE_ADD_FILE |
+ KAUTH_VNODE_ADD_SUBDIRECTORY;
+ /* might want delete rights here too */
+ } else {
+ action |= KAUTH_VNODE_WRITE_DATA;
+ }
+ }
+ if (uflags & X_OK) {
+ if (vnode_isdir(vp)) {
+ action |= KAUTH_VNODE_SEARCH;
+ } else {
+ action |= KAUTH_VNODE_EXECUTE;
+ }
+ }
+ } else {
+ /* take advantage of definition of uflags */
+ action = uflags >> 8;
+ }
+
+#if CONFIG_MACF
+ error = mac_vnode_check_access(ctx, vp, uflags);
+ if (error)
+ return (error);
+#endif /* MAC */
+
+ /* action == 0 means only check for existence */
+ if (action != 0) {
+ error = vnode_authorize(vp, dvp, action | KAUTH_VNODE_ACCESS, ctx);
+ } else {
+ error = 0;
+ }
+
+ return(error);
+}
+
+
+
+/*
+ * access_extended: Check access permissions in bulk.
*
- * Description: uap->entries Pointer to argument descriptor
- * uap->size Size of the area pointed to by
- * the descriptor
- * uap->results Pointer to the results array
+ * Description: uap->entries Pointer to an array of accessx
+ * descriptor structs, plus one or
+ * more NULL terminated strings (see
+ * "Notes" section below).
+ * uap->size Size of the area pointed to by
+ * uap->entries.
+ * uap->results Pointer to the results array.
*
* Returns: 0 Success
* ENOMEM Insufficient memory
* uap->results Array contents modified
*
* Notes: The uap->entries are structured as an arbitrary length array
- * of accessx descriptors, followed by one or more NULL terniated
+ * of accessx descriptors, followed by one or more NULL terminated
* strings
*
* struct accessx_descriptor[0]
* char name_data[0];
*
* We determine the entry count by walking the buffer containing
- * the uap->entries argument descriptor. For each descrptor we
+ * the uap->entries argument descriptor. For each descriptor we
* see, the valid values for the offset ad_name_offset will be
* in the byte range:
*
* [ uap->entries + uap->size - 2 ]
*
* since we must have at least one string, and the string must
- * be at least one character plus the NUL terminator in length.
+ * be at least one character plus the NULL terminator in length.
*
* XXX: Need to support the check-as uid argument
*/
int
-access_extended(__unused proc_t p, struct access_extended_args *uap, __unused register_t *retval)
+access_extended(__unused proc_t p, struct access_extended_args *uap, __unused int32_t *retval)
{
struct accessx_descriptor *input = NULL;
errno_t *result = NULL;
if (error)
goto out;
+ AUDIT_ARG(opaque, input, uap->size);
+
/*
* Force NUL termination of the copyin buffer to avoid nami() running
* off the end. If the caller passes us bogus data, they may get a
}
/*
- * An offset of 0 means use the previous descriptor's offset;
- * this is used to chain multiple requests for the same file
- * to avoid multiple lookups.
+ * An offset of 0 means use the previous descriptor's offset;
+ * this is used to chain multiple requests for the same file
+ * to avoid multiple lookups.
+ */
+ if (j == 0) {
+ /* This is not valid for the first entry */
+ if (i == 0) {
+ error = EINVAL;
+ goto out;
+ }
+ continue;
+ }
+
+ /*
+ * If the offset of the string for this descriptor is before
+ * what we believe is the current actual last descriptor,
+ * then we need to adjust our estimate downward; this permits
+ * the string table following the last descriptor to be out
+ * of order relative to the descriptor list.
+ */
+ if (j < desc_actual)
+ desc_actual = j;
+ }
+
+ /*
+ * We limit the actual number of descriptors we are willing to process
+ * to a hard maximum of ACCESSX_MAX_DESCRIPTORS. If the number being
+ * requested does not exceed this limit,
+ */
+ if (desc_actual > ACCESSX_MAX_DESCRIPTORS) {
+ error = ENOMEM;
+ goto out;
+ }
+ MALLOC(result, errno_t *, desc_actual * sizeof(errno_t), M_TEMP, M_WAITOK);
+ if (result == NULL) {
+ error = ENOMEM;
+ goto out;
+ }
+
+ /*
+ * Do the work by iterating over the descriptor entries we know to
+ * at least appear to contain valid data.
+ */
+ error = 0;
+ for (i = 0; i < desc_actual; i++) {
+ /*
+ * If the ad_name_offset is 0, then we use the previous
+ * results to make the check; otherwise, we are looking up
+ * a new file name.
+ */
+ if (input[i].ad_name_offset != 0) {
+ /* discard old vnodes */
+ if (vp) {
+ vnode_put(vp);
+ vp = NULL;
+ }
+ if (dvp) {
+ vnode_put(dvp);
+ dvp = NULL;
+ }
+
+ /*
+ * Scan forward in the descriptor list to see if we
+ * need the parent vnode. We will need it if we are
+ * deleting, since we must have rights to remove
+ * entries in the parent directory, as well as the
+ * rights to delete the object itself.
+ */
+ wantdelete = input[i].ad_flags & _DELETE_OK;
+ for (j = i + 1; (j < desc_actual) && (input[j].ad_name_offset == 0); j++)
+ if (input[j].ad_flags & _DELETE_OK)
+ wantdelete = 1;
+
+ niopts = FOLLOW | AUDITVNPATH1;
+
+ /* need parent for vnode_authorize for deletion test */
+ if (wantdelete)
+ niopts |= WANTPARENT;
+
+ /* do the lookup */
+ NDINIT(&nd, LOOKUP, OP_ACCESS, niopts, UIO_SYSSPACE,
+ CAST_USER_ADDR_T(((const char *)input) + input[i].ad_name_offset),
+ &context);
+ error = namei(&nd);
+ if (!error) {
+ vp = nd.ni_vp;
+ if (wantdelete)
+ dvp = nd.ni_dvp;
+ }
+ nameidone(&nd);
+ }
+
+ /*
+ * Handle lookup errors.
+ */
+ switch(error) {
+ case ENOENT:
+ case EACCES:
+ case EPERM:
+ case ENOTDIR:
+ result[i] = error;
+ break;
+ case 0:
+ /* run this access check */
+ result[i] = access1(vp, dvp, input[i].ad_flags, &context);
+ break;
+ default:
+ /* fatal lookup error */
+
+ goto out;
+ }
+ }
+
+ AUDIT_ARG(data, result, sizeof(errno_t), desc_actual);
+
+ /* copy out results */
+ error = copyout(result, uap->results, desc_actual * sizeof(errno_t));
+
+out:
+ if (input && input != stack_input)
+ FREE(input, M_TEMP);
+ if (result)
+ FREE(result, M_TEMP);
+ if (vp)
+ vnode_put(vp);
+ if (dvp)
+ vnode_put(dvp);
+ if (IS_VALID_CRED(context.vc_ucred))
+ kauth_cred_unref(&context.vc_ucred);
+ return(error);
+}
+
+
+/*
+ * Returns: 0 Success
+ * namei:EFAULT Bad address
+ * namei:ENAMETOOLONG Filename too long
+ * namei:ENOENT No such file or directory
+ * namei:ELOOP Too many levels of symbolic links
+ * namei:EBADF Bad file descriptor
+ * namei:ENOTDIR Not a directory
+ * namei:???
+ * access1:
+ */
+int
+access(__unused proc_t p, struct access_args *uap, __unused int32_t *retval)
+{
+ int error;
+ struct nameidata nd;
+ int niopts;
+ struct vfs_context context;
+#if NAMEDRSRCFORK
+ int is_namedstream = 0;
+#endif
+
+ /*
+ * Access is defined as checking against the process'
+ * real identity, even if operations are checking the
+ * effective identity. So we need to tweak the credential
+ * in the context.
+ */
+ context.vc_ucred = kauth_cred_copy_real(kauth_cred_get());
+ context.vc_thread = current_thread();
+
+ niopts = FOLLOW | AUDITVNPATH1;
+ /* need parent for vnode_authorize for deletion test */
+ if (uap->flags & _DELETE_OK)
+ niopts |= WANTPARENT;
+ NDINIT(&nd, LOOKUP, OP_ACCESS, niopts, UIO_USERSPACE,
+ uap->path, &context);
+
+#if NAMEDRSRCFORK
+ /* access(F_OK) calls are allowed for resource forks. */
+ if (uap->flags == F_OK)
+ nd.ni_cnd.cn_flags |= CN_ALLOWRSRCFORK;
+#endif
+ error = namei(&nd);
+ if (error)
+ goto out;
+
+#if NAMEDRSRCFORK
+ /* Grab reference on the shadow stream file vnode to
+ * force an inactive on release which will mark it
+ * for recycle.
+ */
+ if (vnode_isnamedstream(nd.ni_vp) &&
+ (nd.ni_vp->v_parent != NULLVP) &&
+ vnode_isshadow(nd.ni_vp)) {
+ is_namedstream = 1;
+ vnode_ref(nd.ni_vp);
+ }
+#endif
+
+ error = access1(nd.ni_vp, nd.ni_dvp, uap->flags, &context);
+
+#if NAMEDRSRCFORK
+ if (is_namedstream) {
+ vnode_rele(nd.ni_vp);
+ }
+#endif
+
+ vnode_put(nd.ni_vp);
+ if (uap->flags & _DELETE_OK)
+ vnode_put(nd.ni_dvp);
+ nameidone(&nd);
+
+out:
+ kauth_cred_unref(&context.vc_ucred);
+ return(error);
+}
+
+
+/*
+ * Returns: 0 Success
+ * EFAULT
+ * copyout:EFAULT
+ * namei:???
+ * vn_stat:???
+ */
+static int
+stat2(vfs_context_t ctx, struct nameidata *ndp, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
+{
+ union {
+ struct stat sb;
+ struct stat64 sb64;
+ } source;
+ union {
+ struct user64_stat user64_sb;
+ struct user32_stat user32_sb;
+ struct user64_stat64 user64_sb64;
+ struct user32_stat64 user32_sb64;
+ } dest;
+ caddr_t sbp;
+ int error, my_size;
+ kauth_filesec_t fsec;
+ size_t xsecurity_bufsize;
+ void * statptr;
+
+#if NAMEDRSRCFORK
+ int is_namedstream = 0;
+ /* stat calls are allowed for resource forks. */
+ ndp->ni_cnd.cn_flags |= CN_ALLOWRSRCFORK;
+#endif
+ error = namei(ndp);
+ if (error)
+ return (error);
+ fsec = KAUTH_FILESEC_NONE;
+
+ statptr = (void *)&source;
+
+#if NAMEDRSRCFORK
+ /* Grab reference on the shadow stream file vnode to
+ * force an inactive on release which will mark it
+ * for recycle.
+ */
+ if (vnode_isnamedstream(ndp->ni_vp) &&
+ (ndp->ni_vp->v_parent != NULLVP) &&
+ vnode_isshadow(ndp->ni_vp)) {
+ is_namedstream = 1;
+ vnode_ref(ndp->ni_vp);
+ }
+#endif
+
+ error = vn_stat(ndp->ni_vp, statptr, (xsecurity != USER_ADDR_NULL ? &fsec : NULL), isstat64, ctx);
+
+#if NAMEDRSRCFORK
+ if (is_namedstream) {
+ vnode_rele(ndp->ni_vp);
+ }
+#endif
+ vnode_put(ndp->ni_vp);
+ nameidone(ndp);
+
+ if (error)
+ return (error);
+ /* Zap spare fields */
+ if (isstat64 != 0) {
+ source.sb64.st_lspare = 0;
+ source.sb64.st_qspare[0] = 0LL;
+ source.sb64.st_qspare[1] = 0LL;
+ if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) {
+ munge_user64_stat64(&source.sb64, &dest.user64_sb64);
+ my_size = sizeof(dest.user64_sb64);
+ sbp = (caddr_t)&dest.user64_sb64;
+ } else {
+ munge_user32_stat64(&source.sb64, &dest.user32_sb64);
+ my_size = sizeof(dest.user32_sb64);
+ sbp = (caddr_t)&dest.user32_sb64;
+ }
+ /*
+ * Check if we raced (post lookup) against the last unlink of a file.
*/
- if (j == 0) {
- /* This is not valid for the first entry */
- if (i == 0) {
- error = EINVAL;
- goto out;
- }
- continue;
+ if ((source.sb64.st_nlink == 0) && S_ISREG(source.sb64.st_mode)) {
+ source.sb64.st_nlink = 1;
+ }
+ } else {
+ source.sb.st_lspare = 0;
+ source.sb.st_qspare[0] = 0LL;
+ source.sb.st_qspare[1] = 0LL;
+ if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) {
+ munge_user64_stat(&source.sb, &dest.user64_sb);
+ my_size = sizeof(dest.user64_sb);
+ sbp = (caddr_t)&dest.user64_sb;
+ } else {
+ munge_user32_stat(&source.sb, &dest.user32_sb);
+ my_size = sizeof(dest.user32_sb);
+ sbp = (caddr_t)&dest.user32_sb;
}
/*
- * If the offset of the string for this descriptor is before
- * what we believe is the current actual last descriptor,
- * then we need to adjust our estimate downward; this permits
- * the string table following the last descriptor to be out
- * of order relative to the descriptor list.
+ * Check if we raced (post lookup) against the last unlink of a file.
*/
- if (j < desc_actual)
- desc_actual = j;
- }
-
- /*
- * We limit the actual number of descriptors we are willing to process
- * to a hard maximum of ACCESSX_MAX_DESCRIPTORS. If the number being
- * requested does not exceed this limit,
- */
- if (desc_actual > ACCESSX_MAX_DESCRIPTORS) {
- error = ENOMEM;
- goto out;
+ if ((source.sb.st_nlink == 0) && S_ISREG(source.sb.st_mode)) {
+ source.sb.st_nlink = 1;
+ }
}
- MALLOC(result, errno_t *, desc_actual * sizeof(errno_t), M_TEMP, M_WAITOK);
- if (result == NULL) {
- error = ENOMEM;
+ if ((error = copyout(sbp, ub, my_size)) != 0)
goto out;
- }
-
- /*
- * Do the work by iterating over the descriptor entries we know to
- * at least appear to contain valid data.
- */
- error = 0;
- for (i = 0; i < desc_actual; i++) {
- /*
- * If the ad_name_offset is 0, then we use the previous
- * results to make the check; otherwise, we are looking up
- * a new file name.
- */
- if (input[i].ad_name_offset != 0) {
- /* discard old vnodes */
- if (vp) {
- vnode_put(vp);
- vp = NULL;
- }
- if (dvp) {
- vnode_put(dvp);
- dvp = NULL;
- }
-
- /*
- * Scan forward in the descriptor list to see if we
- * need the parent vnode. We will need it if we are
- * deleting, since we must have rights to remove
- * entries in the parent directory, as well as the
- * rights to delete the object itself.
- */
- wantdelete = input[i].ad_flags & _DELETE_OK;
- for (j = i + 1; (j < desc_actual) && (input[j].ad_name_offset == 0); j++)
- if (input[j].ad_flags & _DELETE_OK)
- wantdelete = 1;
-
- niopts = FOLLOW | AUDITVNPATH1;
- /* need parent for vnode_authorize for deletion test */
- if (wantdelete)
- niopts |= WANTPARENT;
+ /* caller wants extended security information? */
+ if (xsecurity != USER_ADDR_NULL) {
- /* do the lookup */
- NDINIT(&nd, LOOKUP, niopts, UIO_SYSSPACE, CAST_USER_ADDR_T(((const char *)input) + input[i].ad_name_offset), &context);
- error = namei(&nd);
- if (!error) {
- vp = nd.ni_vp;
- if (wantdelete)
- dvp = nd.ni_dvp;
+ /* did we get any? */
+ if (fsec == KAUTH_FILESEC_NONE) {
+ if (susize(xsecurity_size, 0) != 0) {
+ error = EFAULT;
+ goto out;
}
- nameidone(&nd);
- }
+ } else {
+ /* find the user buffer size */
+ xsecurity_bufsize = fusize(xsecurity_size);
- /*
- * Handle lookup errors.
- */
- switch(error) {
- case ENOENT:
- case EACCES:
- case EPERM:
- case ENOTDIR:
- result[i] = error;
- break;
- case 0:
- /* run this access check */
- result[i] = access1(vp, dvp, input[i].ad_flags, &context);
- break;
- default:
- /* fatal lookup error */
+ /* copy out the actual data size */
+ if (susize(xsecurity_size, KAUTH_FILESEC_COPYSIZE(fsec)) != 0) {
+ error = EFAULT;
+ goto out;
+ }
- goto out;
+ /* if the caller supplied enough room, copy out to it */
+ if (xsecurity_bufsize >= KAUTH_FILESEC_COPYSIZE(fsec))
+ error = copyout(fsec, xsecurity, KAUTH_FILESEC_COPYSIZE(fsec));
}
}
-
- /* copy out results */
- error = copyout(result, uap->results, desc_actual * sizeof(errno_t));
-
out:
- if (input && input != stack_input)
- FREE(input, M_TEMP);
- if (result)
- FREE(result, M_TEMP);
- if (vp)
- vnode_put(vp);
- if (dvp)
- vnode_put(dvp);
- if (IS_VALID_CRED(context.vc_ucred))
- kauth_cred_unref(&context.vc_ucred);
- return(error);
+ if (fsec != KAUTH_FILESEC_NONE)
+ kauth_filesec_free(fsec);
+ return (error);
+}
+
+/*
+ * Get file status; this version follows links.
+ *
+ * Returns: 0 Success
+ * stat2:??? [see stat2() in this file]
+ */
+static int
+stat1(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
+{
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+
+ NDINIT(&nd, LOOKUP, OP_GETATTR, NOTRIGGER | FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, path, ctx);
+ return(stat2(ctx, &nd, ub, xsecurity, xsecurity_size, isstat64));
+}
+
+/*
+ * stat_extended: Get file status; with extended security (ACL).
+ *
+ * Parameters: p (ignored)
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->path Path of file to get status from
+ * uap->ub User buffer (holds file status info)
+ * uap->xsecurity ACL to get (extended security)
+ * uap->xsecurity_size Size of ACL
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ */
+int
+stat_extended(__unused proc_t p, struct stat_extended_args *uap, __unused int32_t *retval)
+{
+ return (stat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 0));
+}
+
+/*
+ * Returns: 0 Success
+ * stat1:??? [see stat1() in this file]
+ */
+int
+stat(__unused proc_t p, struct stat_args *uap, __unused int32_t *retval)
+{
+ return(stat1(uap->path, uap->ub, 0, 0, 0));
+}
+
+int
+stat64(__unused proc_t p, struct stat64_args *uap, __unused int32_t *retval)
+{
+ return(stat1(uap->path, uap->ub, 0, 0, 1));
+}
+
+/*
+ * stat64_extended: Get file status; can handle large inode numbers; with extended security (ACL).
+ *
+ * Parameters: p (ignored)
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->path Path of file to get status from
+ * uap->ub User buffer (holds file status info)
+ * uap->xsecurity ACL to get (extended security)
+ * uap->xsecurity_size Size of ACL
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ */
+int
+stat64_extended(__unused proc_t p, struct stat64_extended_args *uap, __unused int32_t *retval)
+{
+ return (stat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 1));
+}
+/*
+ * Get file status; this version does not follow links.
+ */
+static int
+lstat1(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
+{
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+
+ NDINIT(&nd, LOOKUP, OP_GETATTR, NOTRIGGER | NOFOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, path, ctx);
+
+ return(stat2(ctx, &nd, ub, xsecurity, xsecurity_size, isstat64));
+}
+
+/*
+ * lstat_extended: Get file status; does not follow links; with extended security (ACL).
+ *
+ * Parameters: p (ignored)
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->path Path of file to get status from
+ * uap->ub User buffer (holds file status info)
+ * uap->xsecurity ACL to get (extended security)
+ * uap->xsecurity_size Size of ACL
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ */
+int
+lstat_extended(__unused proc_t p, struct lstat_extended_args *uap, __unused int32_t *retval)
+{
+ return (lstat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 0));
+}
+
+int
+lstat(__unused proc_t p, struct lstat_args *uap, __unused int32_t *retval)
+{
+ return(lstat1(uap->path, uap->ub, 0, 0, 0));
+}
+
+int
+lstat64(__unused proc_t p, struct lstat64_args *uap, __unused int32_t *retval)
+{
+ return(lstat1(uap->path, uap->ub, 0, 0, 1));
+}
+
+/*
+ * lstat64_extended: Get file status; can handle large inode numbers; does not
+ * follow links; with extended security (ACL).
+ *
+ * Parameters: p (ignored)
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->path Path of file to get status from
+ * uap->ub User buffer (holds file status info)
+ * uap->xsecurity ACL to get (extended security)
+ * uap->xsecurity_size Size of ACL
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ */
+int
+lstat64_extended(__unused proc_t p, struct lstat64_extended_args *uap, __unused int32_t *retval)
+{
+ return (lstat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 1));
}
+/*
+ * Get configurable pathname variables.
+ *
+ * Returns: 0 Success
+ * namei:???
+ * vn_pathconf:???
+ *
+ * Notes: Global implementation constants are intended to be
+ * implemented in this function directly; all other constants
+ * are per-FS implementation, and therefore must be handled in
+ * each respective FS, instead.
+ *
+ * XXX We implement some things globally right now that should actually be
+ * XXX per-FS; we will need to deal with this at some point.
+ */
+/* ARGSUSED */
+int
+pathconf(__unused proc_t p, struct pathconf_args *uap, int32_t *retval)
+{
+ int error;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
+
+ NDINIT(&nd, LOOKUP, OP_PATHCONF, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+
+ error = vn_pathconf(nd.ni_vp, uap->name, retval, ctx);
+
+ vnode_put(nd.ni_vp);
+ nameidone(&nd);
+ return (error);
+}
/*
- * Returns: 0 Success
- * namei:EFAULT Bad address
- * namei:ENAMETOOLONG Filename too long
- * namei:ENOENT No such file or directory
- * namei:ELOOP Too many levels of symbolic links
- * namei:EBADF Bad file descriptor
- * namei:ENOTDIR Not a directory
- * namei:???
- * access1:
+ * Return target name of a symbolic link.
*/
+/* ARGSUSED */
int
-access(__unused proc_t p, struct access_args *uap, __unused register_t *retval)
+readlink(proc_t p, struct readlink_args *uap, int32_t *retval)
{
+ vnode_t vp;
+ uio_t auio;
+ int spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
int error;
struct nameidata nd;
- int niopts;
- struct vfs_context context;
+ vfs_context_t ctx = vfs_context_current();
+ char uio_buf[ UIO_SIZEOF(1) ];
- /*
- * Access is defined as checking against the process'
- * real identity, even if operations are checking the
- * effective identity. So we need to tweak the credential
- * in the context.
- */
- context.vc_ucred = kauth_cred_copy_real(kauth_cred_get());
- context.vc_thread = current_thread();
+ NDINIT(&nd, LOOKUP, OP_READLINK, NOFOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
+ return (error);
+ vp = nd.ni_vp;
- niopts = FOLLOW | AUDITVNPATH1;
- /* need parent for vnode_authorize for deletion test */
- if (uap->flags & _DELETE_OK)
- niopts |= WANTPARENT;
- NDINIT(&nd, LOOKUP, niopts, UIO_USERSPACE, uap->path, &context);
+ nameidone(&nd);
-#if NAMEDRSRCFORK
- /* access(F_OK) calls are allowed for resource forks. */
- if (uap->flags == F_OK)
- nd.ni_cnd.cn_flags |= CN_ALLOWRSRCFORK;
+ auio = uio_createwithbuffer(1, 0, spacetype, UIO_READ,
+ &uio_buf[0], sizeof(uio_buf));
+ uio_addiov(auio, uap->buf, uap->count);
+ if (vp->v_type != VLNK)
+ error = EINVAL;
+ else {
+#if CONFIG_MACF
+ error = mac_vnode_check_readlink(ctx,
+ vp);
#endif
- error = namei(&nd);
- if (error)
- goto out;
+ if (error == 0)
+ error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_DATA, ctx);
+ if (error == 0)
+ error = VNOP_READLINK(vp, auio, ctx);
+ }
+ vnode_put(vp);
- error = access1(nd.ni_vp, nd.ni_dvp, uap->flags, &context);
-
- vnode_put(nd.ni_vp);
- if (uap->flags & _DELETE_OK)
- vnode_put(nd.ni_dvp);
- nameidone(&nd);
-
-out:
- kauth_cred_unref(&context.vc_ucred);
- return(error);
+ /* Safe: uio_resid() is bounded above by "count", and "count" is an int */
+ *retval = uap->count - (int)uio_resid(auio);
+ return (error);
}
-
/*
- * Returns: 0 Success
- * EFAULT
- * copyout:EFAULT
- * namei:???
- * vn_stat:???
+ * Change file flags.
*/
static int
-stat2(vfs_context_t ctx, struct nameidata *ndp, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
+chflags1(vnode_t vp, int flags, vfs_context_t ctx)
{
- struct stat sb;
- struct stat64 sb64;
- struct user_stat user_sb;
- struct user_stat64 user_sb64;
- caddr_t sbp;
- int error, my_size;
- kauth_filesec_t fsec;
- size_t xsecurity_bufsize;
- void * statptr;
+ struct vnode_attr va;
+ kauth_action_t action;
+ int error;
-#if NAMEDRSRCFORK
- /* stat calls are allowed for resource forks. */
- ndp->ni_cnd.cn_flags |= CN_ALLOWRSRCFORK;
-#endif
- error = namei(ndp);
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_flags, flags);
+
+#if CONFIG_MACF
+ error = mac_vnode_check_setflags(ctx, vp, flags);
if (error)
- return (error);
- fsec = KAUTH_FILESEC_NONE;
- if (isstat64 != 0)
- statptr = (void *)&sb64;
- else
- statptr = (void *)&sb;
- error = vn_stat(ndp->ni_vp, statptr, (xsecurity != USER_ADDR_NULL ? &fsec : NULL), isstat64, ctx);
+ goto out;
+#endif
-#if NAMEDRSRCFORK
- /* Clean up resource fork shadow file if needed. */
- if ((ndp->ni_vp->v_flag & VISNAMEDSTREAM) &&
- (ndp->ni_vp->v_parent != NULLVP) &&
- !(ndp->ni_vp->v_parent->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS)) {
- (void) vnode_relenamedstream(ndp->ni_vp->v_parent, ndp->ni_vp, ctx);
+ /* request authorisation, disregard immutability */
+ if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
+ goto out;
+ /*
+ * Request that the auth layer disregard those file flags it's allowed to when
+ * authorizing this operation; we need to do this in order to be able to
+ * clear immutable flags.
+ */
+ if (action && ((error = vnode_authorize(vp, NULL, action | KAUTH_VNODE_NOIMMUTABLE, ctx)) != 0))
+ goto out;
+ error = vnode_setattr(vp, &va, ctx);
+
+ if ((error == 0) && !VATTR_IS_SUPPORTED(&va, va_flags)) {
+ error = ENOTSUP;
}
-#endif
- vnode_put(ndp->ni_vp);
- nameidone(ndp);
+out:
+ vnode_put(vp);
+ return(error);
+}
+
+/*
+ * Change flags of a file given a path name.
+ */
+/* ARGSUSED */
+int
+chflags(__unused proc_t p, struct chflags_args *uap, __unused int32_t *retval)
+{
+ vnode_t vp;
+ vfs_context_t ctx = vfs_context_current();
+ int error;
+ struct nameidata nd;
+ AUDIT_ARG(fflags, uap->flags);
+ NDINIT(&nd, LOOKUP, OP_SETATTR, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
if (error)
return (error);
- /* Zap spare fields */
- if (isstat64 != 0) {
- sb64.st_lspare = 0;
- sb64.st_qspare[0] = 0LL;
- sb64.st_qspare[1] = 0LL;
- if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) {
- munge_stat64(&sb64, &user_sb64);
- my_size = sizeof(user_sb64);
- sbp = (caddr_t)&user_sb64;
- } else {
- my_size = sizeof(sb64);
- sbp = (caddr_t)&sb64;
- }
- /*
- * Check if we raced (post lookup) against the last unlink of a file.
- */
- if ((sb64.st_nlink == 0) && S_ISREG(sb64.st_mode)) {
- sb64.st_nlink = 1;
- }
- } else {
- sb.st_lspare = 0;
- sb.st_qspare[0] = 0LL;
- sb.st_qspare[1] = 0LL;
- if (IS_64BIT_PROCESS(vfs_context_proc(ctx))) {
- munge_stat(&sb, &user_sb);
- my_size = sizeof(user_sb);
- sbp = (caddr_t)&user_sb;
- } else {
- my_size = sizeof(sb);
- sbp = (caddr_t)&sb;
- }
+ vp = nd.ni_vp;
+ nameidone(&nd);
- /*
- * Check if we raced (post lookup) against the last unlink of a file.
- */
- if ((sb.st_nlink == 0) && S_ISREG(sb.st_mode)) {
- sb.st_nlink = 1;
- }
- }
- if ((error = copyout(sbp, ub, my_size)) != 0)
- goto out;
+ error = chflags1(vp, uap->flags, ctx);
- /* caller wants extended security information? */
- if (xsecurity != USER_ADDR_NULL) {
+ return(error);
+}
- /* did we get any? */
- if (fsec == KAUTH_FILESEC_NONE) {
- if (susize(xsecurity_size, 0) != 0) {
- error = EFAULT;
- goto out;
- }
- } else {
- /* find the user buffer size */
- xsecurity_bufsize = fusize(xsecurity_size);
+/*
+ * Change flags of a file given a file descriptor.
+ */
+/* ARGSUSED */
+int
+fchflags(__unused proc_t p, struct fchflags_args *uap, __unused int32_t *retval)
+{
+ vnode_t vp;
+ int error;
- /* copy out the actual data size */
- if (susize(xsecurity_size, KAUTH_FILESEC_COPYSIZE(fsec)) != 0) {
- error = EFAULT;
- goto out;
- }
+ AUDIT_ARG(fd, uap->fd);
+ AUDIT_ARG(fflags, uap->flags);
+ if ( (error = file_vnode(uap->fd, &vp)) )
+ return (error);
- /* if the caller supplied enough room, copy out to it */
- if (xsecurity_bufsize >= KAUTH_FILESEC_COPYSIZE(fsec))
- error = copyout(fsec, xsecurity, KAUTH_FILESEC_COPYSIZE(fsec));
- }
+ if ((error = vnode_getwithref(vp))) {
+ file_drop(uap->fd);
+ return(error);
}
-out:
- if (fsec != KAUTH_FILESEC_NONE)
- kauth_filesec_free(fsec);
+
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+
+ error = chflags1(vp, uap->flags, vfs_context_current());
+
+ file_drop(uap->fd);
return (error);
}
/*
- * Get file status; this version follows links.
+ * Change security information on a filesystem object.
*
* Returns: 0 Success
- * stat2:??? [see stat2() in this file]
+ * EPERM Operation not permitted
+ * vnode_authattr:??? [anything vnode_authattr can return]
+ * vnode_authorize:??? [anything vnode_authorize can return]
+ * vnode_setattr:??? [anything vnode_setattr can return]
+ *
+ * Notes: If vnode_authattr or vnode_authorize return EACCES, it will be
+ * translated to EPERM before being returned.
*/
static int
-stat1(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
+chmod2(vfs_context_t ctx, vnode_t vp, struct vnode_attr *vap)
{
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
+ kauth_action_t action;
+ int error;
+
+ AUDIT_ARG(mode, vap->va_mode);
+ /* XXX audit new args */
+
+#if NAMEDSTREAMS
+ /* chmod calls are not allowed for resource forks. */
+ if (vp->v_flag & VISNAMEDSTREAM) {
+ return (EPERM);
+ }
+#endif
+
+#if CONFIG_MACF
+ if (VATTR_IS_ACTIVE(vap, va_mode) &&
+ (error = mac_vnode_check_setmode(ctx, vp, (mode_t)vap->va_mode)) != 0)
+ return (error);
+#endif
+
+ /* make sure that the caller is allowed to set this security information */
+ if (((error = vnode_authattr(vp, vap, &action, ctx)) != 0) ||
+ ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)) {
+ if (error == EACCES)
+ error = EPERM;
+ return(error);
+ }
+
+ error = vnode_setattr(vp, vap, ctx);
- NDINIT(&nd, LOOKUP, NOTRIGGER | FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, path, ctx);
- return(stat2(ctx, &nd, ub, xsecurity, xsecurity_size, isstat64));
+ return (error);
}
-int
-stat_extended(__unused proc_t p, struct stat_extended_args *uap, __unused register_t *retval)
-{
- return (stat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 0));
-}
/*
+ * Change mode of a file given a path name.
+ *
* Returns: 0 Success
- * stat1:??? [see stat1() in this file]
+ * namei:??? [anything namei can return]
+ * chmod2:??? [anything chmod2 can return]
*/
-int
-stat(__unused proc_t p, struct stat_args *uap, __unused register_t *retval)
+static int
+chmod1(vfs_context_t ctx, user_addr_t path, struct vnode_attr *vap)
{
- return(stat1(uap->path, uap->ub, 0, 0, 0));
-}
+ struct nameidata nd;
+ int error;
-int
-stat64(__unused proc_t p, struct stat64_args *uap, __unused register_t *retval)
-{
- return(stat1(uap->path, uap->ub, 0, 0, 1));
+ NDINIT(&nd, LOOKUP, OP_SETATTR, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, path, ctx);
+ if ((error = namei(&nd)))
+ return (error);
+ error = chmod2(ctx, nd.ni_vp, vap);
+ vnode_put(nd.ni_vp);
+ nameidone(&nd);
+ return(error);
}
-int
-stat64_extended(__unused proc_t p, struct stat64_extended_args *uap, __unused register_t *retval)
-{
- return (stat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 1));
-}
/*
- * Get file status; this version does not follow links.
+ * chmod_extended: Change the mode of a file given a path name; with extended
+ * argument list (including extended security (ACL)).
+ *
+ * Parameters: p Process requesting the open
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->path Path to object (same as 'chmod')
+ * uap->uid UID to set
+ * uap->gid GID to set
+ * uap->mode File mode to set (same as 'chmod')
+ * uap->xsecurity ACL to set (or delete)
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
+ * Notes: The kauth_filesec_t in 'va', if any, is in host byte order.
+ *
+ * XXX: We should enummerate the possible errno values here, and where
+ * in the code they originated.
*/
-static int
-lstat1(user_addr_t path, user_addr_t ub, user_addr_t xsecurity, user_addr_t xsecurity_size, int isstat64)
+int
+chmod_extended(__unused proc_t p, struct chmod_extended_args *uap, __unused int32_t *retval)
{
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
+ int error;
+ struct vnode_attr va;
+ kauth_filesec_t xsecdst;
- NDINIT(&nd, LOOKUP, NOTRIGGER | NOFOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, path, ctx);
+ AUDIT_ARG(owner, uap->uid, uap->gid);
- return(stat2(ctx, &nd, ub, xsecurity, xsecurity_size, isstat64));
-}
+ VATTR_INIT(&va);
+ if (uap->mode != -1)
+ VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
+ if (uap->uid != KAUTH_UID_NONE)
+ VATTR_SET(&va, va_uid, uap->uid);
+ if (uap->gid != KAUTH_GID_NONE)
+ VATTR_SET(&va, va_gid, uap->gid);
-int
-lstat_extended(__unused proc_t p, struct lstat_extended_args *uap, __unused register_t *retval)
-{
- return (lstat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 0));
-}
+ xsecdst = NULL;
+ switch(uap->xsecurity) {
+ /* explicit remove request */
+ case CAST_USER_ADDR_T((void *)1): /* _FILESEC_REMOVE_ACL */
+ VATTR_SET(&va, va_acl, NULL);
+ break;
+ /* not being set */
+ case USER_ADDR_NULL:
+ break;
+ default:
+ if ((error = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
+ return(error);
+ VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+ KAUTH_DEBUG("CHMOD - setting ACL with %d entries", va.va_acl->acl_entrycount);
+ }
-int
-lstat(__unused proc_t p, struct lstat_args *uap, __unused register_t *retval)
-{
- return(lstat1(uap->path, uap->ub, 0, 0, 0));
-}
-int
-lstat64(__unused proc_t p, struct lstat64_args *uap, __unused register_t *retval)
-{
- return(lstat1(uap->path, uap->ub, 0, 0, 1));
-}
+ error = chmod1(vfs_context_current(), uap->path, &va);
-int
-lstat64_extended(__unused proc_t p, struct lstat64_extended_args *uap, __unused register_t *retval)
-{
- return (lstat1(uap->path, uap->ub, uap->xsecurity, uap->xsecurity_size, 1));
+ if (xsecdst != NULL)
+ kauth_filesec_free(xsecdst);
+ return(error);
}
/*
- * Get configurable pathname variables.
- *
* Returns: 0 Success
- * namei:???
- * vn_pathconf:???
- *
- * Notes: Global implementation constants are intended to be
- * implemented in this function directly; all other constants
- * are per-FS implementation, and therefore must be handled in
- * each respective FS, instead.
- *
- * XXX We implement some things globally right now that should actually be
- * XXX per-FS; we will need to deal with this at some point.
+ * chmod1:??? [anything chmod1 can return]
*/
-/* ARGSUSED */
int
-pathconf(__unused proc_t p, struct pathconf_args *uap, register_t *retval)
+chmod(__unused proc_t p, struct chmod_args *uap, __unused int32_t *retval)
{
- int error;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
-
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
+ struct vnode_attr va;
- error = vn_pathconf(nd.ni_vp, uap->name, retval, ctx);
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
- vnode_put(nd.ni_vp);
- nameidone(&nd);
- return (error);
+ return(chmod1(vfs_context_current(), uap->path, &va));
}
/*
- * Return target name of a symbolic link.
+ * Change mode of a file given a file descriptor.
*/
-/* ARGSUSED */
-int
-readlink(proc_t p, struct readlink_args *uap, register_t *retval)
+static int
+fchmod1(__unused proc_t p, int fd, struct vnode_attr *vap)
{
vnode_t vp;
- uio_t auio;
- int spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
int error;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
- char uio_buf[ UIO_SIZEOF(1) ];
- NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
+ AUDIT_ARG(fd, fd);
+
+ if ((error = file_vnode(fd, &vp)) != 0)
return (error);
- vp = nd.ni_vp;
+ if ((error = vnode_getwithref(vp)) != 0) {
+ file_drop(fd);
+ return(error);
+ }
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- nameidone(&nd);
+ error = chmod2(vfs_context_current(), vp, vap);
+ (void)vnode_put(vp);
+ file_drop(fd);
- auio = uio_createwithbuffer(1, 0, spacetype, UIO_READ,
- &uio_buf[0], sizeof(uio_buf));
- uio_addiov(auio, uap->buf, uap->count);
- if (vp->v_type != VLNK)
- error = EINVAL;
- else {
-#if CONFIG_MACF
- error = mac_vnode_check_readlink(ctx,
- vp);
-#endif
- if (error == 0)
- error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_DATA, ctx);
- if (error == 0)
- error = VNOP_READLINK(vp, auio, ctx);
- }
- vnode_put(vp);
- // LP64todo - fix this
- *retval = uap->count - (int)uio_resid(auio);
return (error);
}
/*
- * Change file flags.
+ * fchmod_extended: Change mode of a file given a file descriptor; with
+ * extended argument list (including extended security (ACL)).
+ *
+ * Parameters: p Process requesting to change file mode
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->mode File mode to set (same as 'chmod')
+ * uap->uid UID to set
+ * uap->gid GID to set
+ * uap->xsecurity ACL to set (or delete)
+ * uap->fd File descriptor of file to change mode
+ *
+ * Returns: 0 Success
+ * !0 errno value
+ *
*/
-static int
-chflags1(vnode_t vp, int flags, vfs_context_t ctx)
+int
+fchmod_extended(proc_t p, struct fchmod_extended_args *uap, __unused int32_t *retval)
{
- struct vnode_attr va;
- kauth_action_t action;
int error;
+ struct vnode_attr va;
+ kauth_filesec_t xsecdst;
+
+ AUDIT_ARG(owner, uap->uid, uap->gid);
VATTR_INIT(&va);
- VATTR_SET(&va, va_flags, flags);
+ if (uap->mode != -1)
+ VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
+ if (uap->uid != KAUTH_UID_NONE)
+ VATTR_SET(&va, va_uid, uap->uid);
+ if (uap->gid != KAUTH_GID_NONE)
+ VATTR_SET(&va, va_gid, uap->gid);
-#if CONFIG_MACF
- error = mac_vnode_check_setflags(ctx, vp, flags);
- if (error)
- goto out;
-#endif
+ xsecdst = NULL;
+ switch(uap->xsecurity) {
+ case USER_ADDR_NULL:
+ VATTR_SET(&va, va_acl, NULL);
+ break;
+ case CAST_USER_ADDR_T(-1):
+ break;
+ default:
+ if ((error = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
+ return(error);
+ VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+ }
- /* request authorisation, disregard immutability */
- if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
- goto out;
- /*
- * Request that the auth layer disregard those file flags it's allowed to when
- * authorizing this operation; we need to do this in order to be able to
- * clear immutable flags.
- */
- if (action && ((error = vnode_authorize(vp, NULL, action | KAUTH_VNODE_NOIMMUTABLE, ctx)) != 0))
- goto out;
- error = vnode_setattr(vp, &va, ctx);
+ error = fchmod1(p, uap->fd, &va);
- if ((error == 0) && !VATTR_IS_SUPPORTED(&va, va_flags)) {
- error = ENOTSUP;
+
+ switch(uap->xsecurity) {
+ case USER_ADDR_NULL:
+ case CAST_USER_ADDR_T(-1):
+ break;
+ default:
+ if (xsecdst != NULL)
+ kauth_filesec_free(xsecdst);
}
-out:
- vnode_put(vp);
return(error);
}
+int
+fchmod(proc_t p, struct fchmod_args *uap, __unused int32_t *retval)
+{
+ struct vnode_attr va;
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
+
+ return(fchmod1(p, uap->fd, &va));
+}
+
+
/*
- * Change flags of a file given a path name.
+ * Set ownership given a path name.
*/
/* ARGSUSED */
-int
-chflags(__unused proc_t p, struct chflags_args *uap, __unused register_t *retval)
+static int
+chown1(vfs_context_t ctx, struct chown_args *uap, __unused int32_t *retval, int follow)
{
vnode_t vp;
- vfs_context_t ctx = vfs_context_current();
+ struct vnode_attr va;
int error;
struct nameidata nd;
+ kauth_action_t action;
- AUDIT_ARG(fflags, uap->flags);
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
+ AUDIT_ARG(owner, uap->uid, uap->gid);
+
+ NDINIT(&nd, LOOKUP, OP_SETATTR,
+ (follow ? FOLLOW : 0) | NOTRIGGER | AUDITVNPATH1,
UIO_USERSPACE, uap->path, ctx);
error = namei(&nd);
if (error)
return (error);
vp = nd.ni_vp;
+
nameidone(&nd);
- error = chflags1(vp, uap->flags, ctx);
+ VATTR_INIT(&va);
+ if (uap->uid != VNOVAL)
+ VATTR_SET(&va, va_uid, uap->uid);
+ if (uap->gid != VNOVAL)
+ VATTR_SET(&va, va_gid, uap->gid);
- return(error);
+#if CONFIG_MACF
+ error = mac_vnode_check_setowner(ctx, vp, uap->uid, uap->gid);
+ if (error)
+ goto out;
+#endif
+
+ /* preflight and authorize attribute changes */
+ if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
+ goto out;
+ if (action && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0))
+ goto out;
+ error = vnode_setattr(vp, &va, ctx);
+
+out:
+ /*
+ * EACCES is only allowed from namei(); permissions failure should
+ * return EPERM, so we need to translate the error code.
+ */
+ if (error == EACCES)
+ error = EPERM;
+
+ vnode_put(vp);
+ return (error);
+}
+
+int
+chown(__unused proc_t p, struct chown_args *uap, int32_t *retval)
+{
+ return chown1(vfs_context_current(), uap, retval, 1);
+}
+
+int
+lchown(__unused proc_t p, struct lchown_args *uap, int32_t *retval)
+{
+ /* Argument list identical, but machine generated; cast for chown1() */
+ return chown1(vfs_context_current(), (struct chown_args *)uap, retval, 0);
}
/*
- * Change flags of a file given a file descriptor.
+ * Set ownership given a file descriptor.
*/
/* ARGSUSED */
int
-fchflags(__unused proc_t p, struct fchflags_args *uap, __unused register_t *retval)
+fchown(__unused proc_t p, struct fchown_args *uap, __unused int32_t *retval)
{
+ struct vnode_attr va;
+ vfs_context_t ctx = vfs_context_current();
vnode_t vp;
int error;
+ kauth_action_t action;
+ AUDIT_ARG(owner, uap->uid, uap->gid);
AUDIT_ARG(fd, uap->fd);
- AUDIT_ARG(fflags, uap->flags);
+
if ( (error = file_vnode(uap->fd, &vp)) )
return (error);
- if ((error = vnode_getwithref(vp))) {
+ if ( (error = vnode_getwithref(vp)) ) {
file_drop(uap->fd);
return(error);
}
-
AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- error = chflags1(vp, uap->flags, vfs_context_current());
+ VATTR_INIT(&va);
+ if (uap->uid != VNOVAL)
+ VATTR_SET(&va, va_uid, uap->uid);
+ if (uap->gid != VNOVAL)
+ VATTR_SET(&va, va_gid, uap->gid);
+
+#if NAMEDSTREAMS
+ /* chown calls are not allowed for resource forks. */
+ if (vp->v_flag & VISNAMEDSTREAM) {
+ error = EPERM;
+ goto out;
+ }
+#endif
+
+#if CONFIG_MACF
+ error = mac_vnode_check_setowner(ctx, vp, uap->uid, uap->gid);
+ if (error)
+ goto out;
+#endif
+
+ /* preflight and authorize attribute changes */
+ if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
+ goto out;
+ if (action && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)) {
+ if (error == EACCES)
+ error = EPERM;
+ goto out;
+ }
+ error = vnode_setattr(vp, &va, ctx);
+out:
+ (void)vnode_put(vp);
file_drop(uap->fd);
return (error);
}
-/*
- * Change security information on a filesystem object.
- *
- * Returns: 0 Success
- * EPERM Operation not permitted
- * vnode_authattr:??? [anything vnode_authattr can return]
- * vnode_authorize:??? [anything vnode_authorize can return]
- * vnode_setattr:??? [anything vnode_setattr can return]
- *
- * Notes: If vnode_authattr or vnode_authorize return EACCES, it will be
- * translated to EPERM before being returned.
- */
static int
-chmod2(vfs_context_t ctx, vnode_t vp, struct vnode_attr *vap)
+getutimes(user_addr_t usrtvp, struct timespec *tsp)
{
- kauth_action_t action;
int error;
-
- AUDIT_ARG(mode, (mode_t)vap->va_mode);
-#warning XXX audit new args
+
+ if (usrtvp == USER_ADDR_NULL) {
+ struct timeval old_tv;
+ /* XXX Y2038 bug because of microtime argument */
+ microtime(&old_tv);
+ TIMEVAL_TO_TIMESPEC(&old_tv, &tsp[0]);
+ tsp[1] = tsp[0];
+ } else {
+ if (IS_64BIT_PROCESS(current_proc())) {
+ struct user64_timeval tv[2];
+ error = copyin(usrtvp, (void *)tv, sizeof(tv));
+ if (error)
+ return (error);
+ TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
+ TIMEVAL_TO_TIMESPEC(&tv[1], &tsp[1]);
+ } else {
+ struct user32_timeval tv[2];
+ error = copyin(usrtvp, (void *)tv, sizeof(tv));
+ if (error)
+ return (error);
+ TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
+ TIMEVAL_TO_TIMESPEC(&tv[1], &tsp[1]);
+ }
+ }
+ return 0;
+}
+
+static int
+setutimes(vfs_context_t ctx, vnode_t vp, const struct timespec *ts,
+ int nullflag)
+{
+ int error;
+ struct vnode_attr va;
+ kauth_action_t action;
+
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_access_time, ts[0]);
+ VATTR_SET(&va, va_modify_time, ts[1]);
+ if (nullflag)
+ va.va_vaflags |= VA_UTIMES_NULL;
#if NAMEDSTREAMS
- /* chmod calls are not allowed for resource forks. */
+ /* utimes calls are not allowed for resource forks. */
if (vp->v_flag & VISNAMEDSTREAM) {
- return (EPERM);
+ error = EPERM;
+ goto out;
}
#endif
#if CONFIG_MACF
- error = mac_vnode_check_setmode(ctx, vp, (mode_t)vap->va_mode);
+ error = mac_vnode_check_setutimes(ctx, vp, ts[0], ts[1]);
if (error)
- return (error);
+ goto out;
#endif
+ if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0) {
+ if (!nullflag && error == EACCES)
+ error = EPERM;
+ goto out;
+ }
- /* make sure that the caller is allowed to set this security information */
- if (((error = vnode_authattr(vp, vap, &action, ctx)) != 0) ||
- ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)) {
- if (error == EACCES)
+ /* since we may not need to auth anything, check here */
+ if ((action != 0) && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)) {
+ if (!nullflag && error == EACCES)
error = EPERM;
- return(error);
+ goto out;
}
-
- error = vnode_setattr(vp, vap, ctx);
+ error = vnode_setattr(vp, &va, ctx);
- return (error);
+out:
+ return error;
}
-
/*
- * Change mode of a file given path name.
- *
- * Returns: 0 Success
- * namei:??? [anything namei can return]
- * chmod2:??? [anything chmod2 can return]
+ * Set the access and modification times of a file.
*/
-static int
-chmod1(vfs_context_t ctx, user_addr_t path, struct vnode_attr *vap)
+/* ARGSUSED */
+int
+utimes(__unused proc_t p, struct utimes_args *uap, __unused int32_t *retval)
{
- struct nameidata nd;
+ struct timespec ts[2];
+ user_addr_t usrtvp;
int error;
+ struct nameidata nd;
+ vfs_context_t ctx = vfs_context_current();
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, path, ctx);
- if ((error = namei(&nd)))
+ /*
+ * AUDIT: Needed to change the order of operations to do the
+ * name lookup first because auditing wants the path.
+ */
+ NDINIT(&nd, LOOKUP, OP_SETATTR, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ error = namei(&nd);
+ if (error)
return (error);
- error = chmod2(ctx, nd.ni_vp, vap);
- vnode_put(nd.ni_vp);
nameidone(&nd);
- return(error);
+
+ /*
+ * Fetch the user-supplied time. If usrtvp is USER_ADDR_NULL, we fetch
+ * the current time instead.
+ */
+ usrtvp = uap->tptr;
+ if ((error = getutimes(usrtvp, ts)) != 0)
+ goto out;
+
+ error = setutimes(ctx, nd.ni_vp, ts, usrtvp == USER_ADDR_NULL);
+
+out:
+ vnode_put(nd.ni_vp);
+ return (error);
}
/*
- * A chmod system call using an extended argument list compared to the regular
- * system call 'mkfifo'.
- *
- * Parameters: p Process requesting the open
- * uap User argument descriptor (see below)
- * retval (ignored)
- *
- * Indirect: uap->path Path to object (same as 'chmod')
- * uap->uid UID to set
- * uap->gid GID to set
- * uap->mode File mode to set (same as 'chmod')
- * uap->xsecurity ACL to set (or delete)
- *
- * Returns: 0 Success
- * !0 errno value
- *
- * Notes: The kauth_filesec_t in 'va', if any, is in host byte order.
- *
- * XXX: We should enummerate the possible errno values here, and where
- * in the code they originated.
+ * Set the access and modification times of a file.
*/
+/* ARGSUSED */
int
-chmod_extended(__unused proc_t p, struct chmod_extended_args *uap, __unused register_t *retval)
+futimes(__unused proc_t p, struct futimes_args *uap, __unused int32_t *retval)
{
- int error;
- struct vnode_attr va;
- kauth_filesec_t xsecdst;
-
- VATTR_INIT(&va);
- if (uap->mode != -1)
- VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
- if (uap->uid != KAUTH_UID_NONE)
- VATTR_SET(&va, va_uid, uap->uid);
- if (uap->gid != KAUTH_GID_NONE)
- VATTR_SET(&va, va_gid, uap->gid);
-
- xsecdst = NULL;
- switch(uap->xsecurity) {
- /* explicit remove request */
- case CAST_USER_ADDR_T((void *)1): /* _FILESEC_REMOVE_ACL */
- VATTR_SET(&va, va_acl, NULL);
- break;
- /* not being set */
- case USER_ADDR_NULL:
- break;
- default:
- if ((error = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
- return(error);
- VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
- KAUTH_DEBUG("CHMOD - setting ACL with %d entries", va.va_acl->acl_entrycount);
- }
+ struct timespec ts[2];
+ vnode_t vp;
+ user_addr_t usrtvp;
+ int error;
- error = chmod1(vfs_context_current(), uap->path, &va);
+ AUDIT_ARG(fd, uap->fd);
+ usrtvp = uap->tptr;
+ if ((error = getutimes(usrtvp, ts)) != 0)
+ return (error);
+ if ((error = file_vnode(uap->fd, &vp)) != 0)
+ return (error);
+ if((error = vnode_getwithref(vp))) {
+ file_drop(uap->fd);
+ return(error);
+ }
- if (xsecdst != NULL)
- kauth_filesec_free(xsecdst);
+ error = setutimes(vfs_context_current(), vp, ts, usrtvp == 0);
+ vnode_put(vp);
+ file_drop(uap->fd);
return(error);
}
/*
- * Returns: 0 Success
- * chmod1:??? [anything chmod1 can return]
+ * Truncate a file given its path name.
*/
+/* ARGSUSED */
int
-chmod(__unused proc_t p, struct chmod_args *uap, __unused register_t *retval)
+truncate(__unused proc_t p, struct truncate_args *uap, __unused int32_t *retval)
{
+ vnode_t vp;
struct vnode_attr va;
+ vfs_context_t ctx = vfs_context_current();
+ int error;
+ struct nameidata nd;
+ kauth_action_t action;
+
+ if (uap->length < 0)
+ return(EINVAL);
+ NDINIT(&nd, LOOKUP, OP_TRUNCATE, FOLLOW | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ if ((error = namei(&nd)))
+ return (error);
+ vp = nd.ni_vp;
+
+ nameidone(&nd);
VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
+ VATTR_SET(&va, va_data_size, uap->length);
- return(chmod1(vfs_context_current(), uap->path, &va));
+#if CONFIG_MACF
+ error = mac_vnode_check_truncate(ctx, NOCRED, vp);
+ if (error)
+ goto out;
+#endif
+
+ if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
+ goto out;
+ if ((action != 0) && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0))
+ goto out;
+ error = vnode_setattr(vp, &va, ctx);
+out:
+ vnode_put(vp);
+ return (error);
}
/*
- * Change mode of a file given a file descriptor.
+ * Truncate a file given a file descriptor.
*/
-static int
-fchmod1(__unused proc_t p, int fd, struct vnode_attr *vap)
+/* ARGSUSED */
+int
+ftruncate(proc_t p, struct ftruncate_args *uap, int32_t *retval)
{
+ vfs_context_t ctx = vfs_context_current();
+ struct vnode_attr va;
vnode_t vp;
- int error;
+ struct fileproc *fp;
+ int error ;
+ int fd = uap->fd;
- AUDIT_ARG(fd, fd);
+ AUDIT_ARG(fd, uap->fd);
+ if (uap->length < 0)
+ return(EINVAL);
+
+ if ( (error = fp_lookup(p,fd,&fp,0)) ) {
+ return(error);
+ }
+
+ if (fp->f_fglob->fg_type == DTYPE_PSXSHM) {
+ error = pshm_truncate(p, fp, uap->fd, uap->length, retval);
+ goto out;
+ }
+ if (fp->f_fglob->fg_type != DTYPE_VNODE) {
+ error = EINVAL;
+ goto out;
+ }
+
+ vp = (vnode_t)fp->f_fglob->fg_data;
+
+ if ((fp->f_fglob->fg_flag & FWRITE) == 0) {
+ AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+ error = EINVAL;
+ goto out;
+ }
- if ((error = file_vnode(fd, &vp)) != 0)
- return (error);
if ((error = vnode_getwithref(vp)) != 0) {
- file_drop(fd);
- return(error);
+ goto out;
}
+
AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- error = chmod2(vfs_context_current(), vp, vap);
+#if CONFIG_MACF
+ error = mac_vnode_check_truncate(ctx,
+ fp->f_fglob->fg_cred, vp);
+ if (error) {
+ (void)vnode_put(vp);
+ goto out;
+ }
+#endif
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_data_size, uap->length);
+ error = vnode_setattr(vp, &va, ctx);
(void)vnode_put(vp);
+out:
file_drop(fd);
-
return (error);
}
+
+/*
+ * Sync an open file with synchronized I/O _file_ integrity completion
+ */
+/* ARGSUSED */
int
-fchmod_extended(proc_t p, struct fchmod_extended_args *uap, __unused register_t *retval)
+fsync(proc_t p, struct fsync_args *uap, __unused int32_t *retval)
{
- int error;
- struct vnode_attr va;
- kauth_filesec_t xsecdst;
-
- VATTR_INIT(&va);
- if (uap->mode != -1)
- VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
- if (uap->uid != KAUTH_UID_NONE)
- VATTR_SET(&va, va_uid, uap->uid);
- if (uap->gid != KAUTH_GID_NONE)
- VATTR_SET(&va, va_gid, uap->gid);
-
- xsecdst = NULL;
- switch(uap->xsecurity) {
- case USER_ADDR_NULL:
- VATTR_SET(&va, va_acl, NULL);
- break;
- case CAST_USER_ADDR_T(-1):
- break;
- default:
- if ((error = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
- return(error);
- VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
- }
+ __pthread_testcancel(1);
+ return(fsync_common(p, uap, MNT_WAIT));
+}
- error = fchmod1(p, uap->fd, &va);
-
- switch(uap->xsecurity) {
- case USER_ADDR_NULL:
- case CAST_USER_ADDR_T(-1):
- break;
- default:
- if (xsecdst != NULL)
- kauth_filesec_free(xsecdst);
- }
- return(error);
+/*
+ * Sync an open file with synchronized I/O _file_ integrity completion
+ *
+ * Notes: This is a legacy support function that does not test for
+ * thread cancellation points.
+ */
+/* ARGSUSED */
+int
+fsync_nocancel(proc_t p, struct fsync_nocancel_args *uap, __unused int32_t *retval)
+{
+ return(fsync_common(p, (struct fsync_args *)uap, MNT_WAIT));
}
+
+/*
+ * Sync an open file with synchronized I/O _data_ integrity completion
+ */
+/* ARGSUSED */
int
-fchmod(proc_t p, struct fchmod_args *uap, __unused register_t *retval)
+fdatasync(proc_t p, struct fdatasync_args *uap, __unused int32_t *retval)
{
- struct vnode_attr va;
-
- VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, uap->mode & ALLPERMS);
-
- return(fchmod1(p, uap->fd, &va));
+ __pthread_testcancel(1);
+ return(fsync_common(p, (struct fsync_args *)uap, MNT_DWAIT));
}
/*
- * Set ownership given a path name.
+ * fsync_common
+ *
+ * Common fsync code to support both synchronized I/O file integrity completion
+ * (normal fsync) and synchronized I/O data integrity completion (fdatasync).
+ *
+ * If 'flags' is MNT_DWAIT, the caller is requesting data integrity, which
+ * will only guarantee that the file data contents are retrievable. If
+ * 'flags' is MNT_WAIT, the caller is rewuesting file integrity, which also
+ * includes additional metadata unnecessary for retrieving the file data
+ * contents, such as atime, mtime, ctime, etc., also be committed to stable
+ * storage.
+ *
+ * Parameters: p The process
+ * uap->fd The descriptor to synchronize
+ * flags The data integrity flags
+ *
+ * Returns: int Success
+ * fp_getfvp:EBADF Bad file descriptor
+ * fp_getfvp:ENOTSUP fd does not refer to a vnode
+ * VNOP_FSYNC:??? unspecified
+ *
+ * Notes: We use struct fsync_args because it is a short name, and all
+ * caller argument structures are otherwise identical.
*/
-/* ARGSUSED */
static int
-chown1(vfs_context_t ctx, struct chown_args *uap, __unused register_t *retval, int follow)
+fsync_common(proc_t p, struct fsync_args *uap, int flags)
{
vnode_t vp;
- struct vnode_attr va;
+ struct fileproc *fp;
+ vfs_context_t ctx = vfs_context_current();
int error;
- struct nameidata nd;
- kauth_action_t action;
- AUDIT_ARG(owner, uap->uid, uap->gid);
+ AUDIT_ARG(fd, uap->fd);
- NDINIT(&nd, LOOKUP, (follow ? FOLLOW : 0) | NOTRIGGER | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
+ if ( (error = fp_getfvp(p, uap->fd, &fp, &vp)) )
return (error);
- vp = nd.ni_vp;
+ if ( (error = vnode_getwithref(vp)) ) {
+ file_drop(uap->fd);
+ return(error);
+ }
- nameidone(&nd);
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- VATTR_INIT(&va);
- if (uap->uid != VNOVAL)
- VATTR_SET(&va, va_uid, uap->uid);
- if (uap->gid != VNOVAL)
- VATTR_SET(&va, va_gid, uap->gid);
+ error = VNOP_FSYNC(vp, flags, ctx);
-#if CONFIG_MACF
- error = mac_vnode_check_setowner(ctx, vp, uap->uid, uap->gid);
- if (error)
- goto out;
+#if NAMEDRSRCFORK
+ /* Sync resource fork shadow file if necessary. */
+ if ((error == 0) &&
+ (vp->v_flag & VISNAMEDSTREAM) &&
+ (vp->v_parent != NULLVP) &&
+ vnode_isshadow(vp) &&
+ (fp->f_flags & FP_WRITTEN)) {
+ (void) vnode_flushnamedstream(vp->v_parent, vp, ctx);
+ }
#endif
- /* preflight and authorize attribute changes */
- if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
+ (void)vnode_put(vp);
+ file_drop(uap->fd);
+ return (error);
+}
+
+/*
+ * Duplicate files. Source must be a file, target must be a file or
+ * must not exist.
+ *
+ * XXX Copyfile authorisation checking is woefully inadequate, and will not
+ * perform inheritance correctly.
+ */
+/* ARGSUSED */
+int
+copyfile(__unused proc_t p, struct copyfile_args *uap, __unused int32_t *retval)
+{
+ vnode_t tvp, fvp, tdvp, sdvp;
+ struct nameidata fromnd, tond;
+ int error;
+ vfs_context_t ctx = vfs_context_current();
+
+ /* Check that the flags are valid. */
+
+ if (uap->flags & ~CPF_MASK) {
+ return(EINVAL);
+ }
+
+ NDINIT(&fromnd, LOOKUP, OP_COPYFILE, SAVESTART | AUDITVNPATH1,
+ UIO_USERSPACE, uap->from, ctx);
+ if ((error = namei(&fromnd)))
+ return (error);
+ fvp = fromnd.ni_vp;
+
+ NDINIT(&tond, CREATE, OP_LINK,
+ LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | AUDITVNPATH2 | CN_NBMOUNTLOOK,
+ UIO_USERSPACE, uap->to, ctx);
+ if ((error = namei(&tond))) {
+ goto out1;
+ }
+ tdvp = tond.ni_dvp;
+ tvp = tond.ni_vp;
+
+ if (tvp != NULL) {
+ if (!(uap->flags & CPF_OVERWRITE)) {
+ error = EEXIST;
+ goto out;
+ }
+ }
+ if (fvp->v_type == VDIR || (tvp && tvp->v_type == VDIR)) {
+ error = EISDIR;
goto out;
- if (action && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0))
+ }
+
+ if ((error = vnode_authorize(tdvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
goto out;
- error = vnode_setattr(vp, &va, ctx);
-
+
+ if (fvp == tdvp)
+ error = EINVAL;
+ /*
+ * If source is the same as the destination (that is the
+ * same inode number) then there is nothing to do.
+ * (fixed to have POSIX semantics - CSM 3/2/98)
+ */
+ if (fvp == tvp)
+ error = -1;
+ if (!error)
+ error = VNOP_COPYFILE(fvp, tdvp, tvp, &tond.ni_cnd, uap->mode, uap->flags, ctx);
out:
+ sdvp = tond.ni_startdir;
/*
- * EACCES is only allowed from namei(); permissions failure should
- * return EPERM, so we need to translate the error code.
+ * nameidone has to happen before we vnode_put(tdvp)
+ * since it may need to release the fs_nodelock on the tdvp
*/
- if (error == EACCES)
- error = EPERM;
-
- vnode_put(vp);
- return (error);
-}
+ nameidone(&tond);
-int
-chown(__unused proc_t p, struct chown_args *uap, register_t *retval)
-{
- return chown1(vfs_context_current(), uap, retval, 1);
-}
+ if (tvp)
+ vnode_put(tvp);
+ vnode_put(tdvp);
+ vnode_put(sdvp);
+out1:
+ vnode_put(fvp);
-int
-lchown(__unused proc_t p, struct lchown_args *uap, register_t *retval)
-{
- /* Argument list identical, but machine generated; cast for chown1() */
- return chown1(vfs_context_current(), (struct chown_args *)uap, retval, 0);
+ if (fromnd.ni_startdir)
+ vnode_put(fromnd.ni_startdir);
+ nameidone(&fromnd);
+
+ if (error == -1)
+ return (0);
+ return (error);
}
+
/*
- * Set ownership given a file descriptor.
+ * Rename files. Source and destination must either both be directories,
+ * or both not be directories. If target is a directory, it must be empty.
*/
/* ARGSUSED */
int
-fchown(__unused proc_t p, struct fchown_args *uap, __unused register_t *retval)
+rename(__unused proc_t p, struct rename_args *uap, __unused int32_t *retval)
{
- struct vnode_attr va;
+ vnode_t tvp, tdvp;
+ vnode_t fvp, fdvp;
+ struct nameidata *fromnd, *tond;
vfs_context_t ctx = vfs_context_current();
- vnode_t vp;
int error;
- kauth_action_t action;
+ int do_retry;
+ int mntrename;
+ int need_event;
+ const char *oname = NULL;
+ char *from_name = NULL, *to_name = NULL;
+ int from_len=0, to_len=0;
+ int holding_mntlock;
+ mount_t locked_mp = NULL;
+ vnode_t oparent = NULLVP;
+#if CONFIG_FSE
+ fse_info from_finfo, to_finfo;
+#endif
+ int from_truncated=0, to_truncated;
+ int batched = 0;
+ struct vnode_attr *fvap, *tvap;
+ int continuing = 0;
+ /* carving out a chunk for structs that are too big to be on stack. */
+ struct {
+ struct nameidata from_node, to_node;
+ struct vnode_attr fv_attr, tv_attr;
+ } * __rename_data;
+ MALLOC(__rename_data, void *, sizeof(*__rename_data), M_TEMP, M_WAITOK);
+ fromnd = &__rename_data->from_node;
+ tond = &__rename_data->to_node;
- AUDIT_ARG(owner, uap->uid, uap->gid);
- AUDIT_ARG(fd, uap->fd);
+ holding_mntlock = 0;
+ do_retry = 0;
+retry:
+ fvp = tvp = NULL;
+ fdvp = tdvp = NULL;
+ fvap = tvap = NULL;
+ mntrename = FALSE;
- if ( (error = file_vnode(uap->fd, &vp)) )
- return (error);
+ NDINIT(fromnd, DELETE, OP_UNLINK, WANTPARENT | AUDITVNPATH1,
+ UIO_USERSPACE, uap->from, ctx);
+ fromnd->ni_flag = NAMEI_COMPOUNDRENAME;
+
+ NDINIT(tond, RENAME, OP_RENAME, WANTPARENT | AUDITVNPATH2 | CN_NBMOUNTLOOK,
+ UIO_USERSPACE, uap->to, ctx);
+ tond->ni_flag = NAMEI_COMPOUNDRENAME;
+
+continue_lookup:
+ if ((fromnd->ni_flag & NAMEI_CONTLOOKUP) != 0 || !continuing) {
+ if ( (error = namei(fromnd)) )
+ goto out1;
+ fdvp = fromnd->ni_dvp;
+ fvp = fromnd->ni_vp;
- if ( (error = vnode_getwithref(vp)) ) {
- file_drop(uap->fd);
- return(error);
+ if (fvp && fvp->v_type == VDIR)
+ tond->ni_cnd.cn_flags |= WILLBEDIR;
}
- AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- VATTR_INIT(&va);
- if (uap->uid != VNOVAL)
- VATTR_SET(&va, va_uid, uap->uid);
- if (uap->gid != VNOVAL)
- VATTR_SET(&va, va_gid, uap->gid);
+ if ((tond->ni_flag & NAMEI_CONTLOOKUP) != 0 || !continuing) {
+ if ( (error = namei(tond)) ) {
+ /*
+ * Translate error code for rename("dir1", "dir2/.").
+ */
+ if (error == EISDIR && fvp->v_type == VDIR)
+ error = EINVAL;
+ goto out1;
+ }
+ tdvp = tond->ni_dvp;
+ tvp = tond->ni_vp;
+ }
-#if NAMEDSTREAMS
- /* chown calls are not allowed for resource forks. */
- if (vp->v_flag & VISNAMEDSTREAM) {
- error = EPERM;
- goto out;
+ batched = vnode_compound_rename_available(fdvp);
+ if (!fvp) {
+ /*
+ * Claim: this check will never reject a valid rename.
+ * For success, either fvp must be on the same mount as tdvp, or fvp must sit atop a vnode on the same mount as tdvp.
+ * Suppose fdvp and tdvp are not on the same mount.
+ * If fvp is on the same mount as tdvp, then fvp is not on the same mount as fdvp, so fvp is the root of its filesystem. If fvp is the root,
+ * then you can't move it to within another dir on the same mountpoint.
+ * If fvp sits atop a vnode on the same mount as fdvp, then that vnode must be part of the same mount as fdvp, which is a contradiction.
+ *
+ * If this check passes, then we are safe to pass these vnodes to the same FS.
+ */
+ if (fdvp->v_mount != tdvp->v_mount) {
+ error = EXDEV;
+ goto out1;
+ }
+ goto skipped_lookup;
}
-#endif
-#if CONFIG_MACF
- error = mac_vnode_check_setowner(ctx, vp, uap->uid, uap->gid);
- if (error)
- goto out;
-#endif
+ if (!batched) {
+ error = vn_authorize_rename(fdvp, fvp, &fromnd->ni_cnd, tdvp, tvp, &tond->ni_cnd, ctx, NULL);
+ if (error) {
+ if (error == ENOENT) {
+ /*
+ * We encountered a race where after doing the namei, tvp stops
+ * being valid. If so, simply re-drive the rename call from the
+ * top.
+ */
+ do_retry = 1;
+ }
+ goto out1;
+ }
+ }
- /* preflight and authorize attribute changes */
- if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
- goto out;
- if (action && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)) {
- if (error == EACCES)
- error = EPERM;
- goto out;
+ /*
+ * If the source and destination are the same (i.e. they're
+ * links to the same vnode) and the target file system is
+ * case sensitive, then there is nothing to do.
+ *
+ * XXX Come back to this.
+ */
+ if (fvp == tvp) {
+ int pathconf_val;
+
+ /*
+ * Note: if _PC_CASE_SENSITIVE selector isn't supported,
+ * then assume that this file system is case sensitive.
+ */
+ if (VNOP_PATHCONF(fvp, _PC_CASE_SENSITIVE, &pathconf_val, ctx) != 0 ||
+ pathconf_val != 0) {
+ goto out1;
+ }
}
- error = vnode_setattr(vp, &va, ctx);
-out:
- (void)vnode_put(vp);
- file_drop(uap->fd);
- return (error);
-}
+ /*
+ * Allow the renaming of mount points.
+ * - target must not exist
+ * - target must reside in the same directory as source
+ * - union mounts cannot be renamed
+ * - "/" cannot be renamed
+ *
+ * XXX Handle this in VFS after a continued lookup (if we missed
+ * in the cache to start off)
+ */
+ if ((fvp->v_flag & VROOT) &&
+ (fvp->v_type == VDIR) &&
+ (tvp == NULL) &&
+ (fvp->v_mountedhere == NULL) &&
+ (fdvp == tdvp) &&
+ ((fvp->v_mount->mnt_flag & (MNT_UNION | MNT_ROOTFS)) == 0) &&
+ (fvp->v_mount->mnt_vnodecovered != NULLVP)) {
+ vnode_t coveredvp;
+
+ /* switch fvp to the covered vnode */
+ coveredvp = fvp->v_mount->mnt_vnodecovered;
+ if ( (vnode_getwithref(coveredvp)) ) {
+ error = ENOENT;
+ goto out1;
+ }
+ vnode_put(fvp);
-static int
-getutimes(user_addr_t usrtvp, struct timespec *tsp)
-{
- struct user_timeval tv[2];
- int error;
+ fvp = coveredvp;
+ mntrename = TRUE;
+ }
+ /*
+ * Check for cross-device rename.
+ */
+ if ((fvp->v_mount != tdvp->v_mount) ||
+ (tvp && (fvp->v_mount != tvp->v_mount))) {
+ error = EXDEV;
+ goto out1;
+ }
- if (usrtvp == USER_ADDR_NULL) {
- struct timeval old_tv;
- /* XXX Y2038 bug because of microtime argument */
- microtime(&old_tv);
- TIMEVAL_TO_TIMESPEC(&old_tv, &tsp[0]);
- tsp[1] = tsp[0];
- } else {
- if (IS_64BIT_PROCESS(current_proc())) {
- error = copyin(usrtvp, (void *)tv, sizeof(tv));
- } else {
- struct timeval old_tv[2];
- error = copyin(usrtvp, (void *)old_tv, sizeof(old_tv));
- tv[0].tv_sec = old_tv[0].tv_sec;
- tv[0].tv_usec = old_tv[0].tv_usec;
- tv[1].tv_sec = old_tv[1].tv_sec;
- tv[1].tv_usec = old_tv[1].tv_usec;
+ /*
+ * If source is the same as the destination (that is the
+ * same inode number) then there is nothing to do...
+ * EXCEPT if the underlying file system supports case
+ * insensitivity and is case preserving. In this case
+ * the file system needs to handle the special case of
+ * getting the same vnode as target (fvp) and source (tvp).
+ *
+ * Only file systems that support pathconf selectors _PC_CASE_SENSITIVE
+ * and _PC_CASE_PRESERVING can have this exception, and they need to
+ * handle the special case of getting the same vnode as target and
+ * source. NOTE: Then the target is unlocked going into vnop_rename,
+ * so not to cause locking problems. There is a single reference on tvp.
+ *
+ * NOTE - that fvp == tvp also occurs if they are hard linked and
+ * that correct behaviour then is just to return success without doing
+ * anything.
+ *
+ * XXX filesystem should take care of this itself, perhaps...
+ */
+ if (fvp == tvp && fdvp == tdvp) {
+ if (fromnd->ni_cnd.cn_namelen == tond->ni_cnd.cn_namelen &&
+ !bcmp(fromnd->ni_cnd.cn_nameptr, tond->ni_cnd.cn_nameptr,
+ fromnd->ni_cnd.cn_namelen)) {
+ goto out1;
}
- if (error)
- return (error);
- TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
- TIMEVAL_TO_TIMESPEC(&tv[1], &tsp[1]);
}
- return 0;
-}
-
-static int
-setutimes(vfs_context_t ctx, vnode_t vp, const struct timespec *ts,
- int nullflag)
-{
- int error;
- struct vnode_attr va;
- kauth_action_t action;
-
- AUDIT_ARG(vnpath, vp, ARG_VNODE1);
- VATTR_INIT(&va);
- VATTR_SET(&va, va_access_time, ts[0]);
- VATTR_SET(&va, va_modify_time, ts[1]);
- if (nullflag)
- va.va_vaflags |= VA_UTIMES_NULL;
+ if (holding_mntlock && fvp->v_mount != locked_mp) {
+ /*
+ * we're holding a reference and lock
+ * on locked_mp, but it no longer matches
+ * what we want to do... so drop our hold
+ */
+ mount_unlock_renames(locked_mp);
+ mount_drop(locked_mp, 0);
+ holding_mntlock = 0;
+ }
+ if (tdvp != fdvp && fvp->v_type == VDIR) {
+ /*
+ * serialize renames that re-shape
+ * the tree... if holding_mntlock is
+ * set, then we're ready to go...
+ * otherwise we
+ * first need to drop the iocounts
+ * we picked up, second take the
+ * lock to serialize the access,
+ * then finally start the lookup
+ * process over with the lock held
+ */
+ if (!holding_mntlock) {
+ /*
+ * need to grab a reference on
+ * the mount point before we
+ * drop all the iocounts... once
+ * the iocounts are gone, the mount
+ * could follow
+ */
+ locked_mp = fvp->v_mount;
+ mount_ref(locked_mp, 0);
-#if NAMEDSTREAMS
- /* utimes calls are not allowed for resource forks. */
- if (vp->v_flag & VISNAMEDSTREAM) {
- error = EPERM;
- goto out;
- }
-#endif
+ /*
+ * nameidone has to happen before we vnode_put(tvp)
+ * since it may need to release the fs_nodelock on the tvp
+ */
+ nameidone(tond);
-#if CONFIG_MACF
- error = mac_vnode_check_setutimes(ctx, vp, ts[0], ts[1]);
- if (error)
- goto out;
-#endif
- if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0) {
- if (!nullflag && error == EACCES)
- error = EPERM;
- goto out;
- }
+ if (tvp)
+ vnode_put(tvp);
+ vnode_put(tdvp);
- /* since we may not need to auth anything, check here */
- if ((action != 0) && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)) {
- if (!nullflag && error == EACCES)
- error = EPERM;
- goto out;
- }
- error = vnode_setattr(vp, &va, ctx);
+ /*
+ * nameidone has to happen before we vnode_put(fdvp)
+ * since it may need to release the fs_nodelock on the fvp
+ */
+ nameidone(fromnd);
-out:
- return error;
-}
+ vnode_put(fvp);
+ vnode_put(fdvp);
-/*
- * Set the access and modification times of a file.
- */
-/* ARGSUSED */
-int
-utimes(__unused proc_t p, struct utimes_args *uap, __unused register_t *retval)
-{
- struct timespec ts[2];
- user_addr_t usrtvp;
- int error;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
+ mount_lock_renames(locked_mp);
+ holding_mntlock = 1;
- /*
- * AUDIT: Needed to change the order of operations to do the
- * name lookup first because auditing wants the path.
- */
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- nameidone(&nd);
+ goto retry;
+ }
+ } else {
+ /*
+ * when we dropped the iocounts to take
+ * the lock, we allowed the identity of
+ * the various vnodes to change... if they did,
+ * we may no longer be dealing with a rename
+ * that reshapes the tree... once we're holding
+ * the iocounts, the vnodes can't change type
+ * so we're free to drop the lock at this point
+ * and continue on
+ */
+ if (holding_mntlock) {
+ mount_unlock_renames(locked_mp);
+ mount_drop(locked_mp, 0);
+ holding_mntlock = 0;
+ }
+ }
- /*
- * Fetch the user-supplied time. If usrtvp is USER_ADDR_NULL, we fetch
- * the current time instead.
- */
- usrtvp = uap->tptr;
- if ((error = getutimes(usrtvp, ts)) != 0)
- goto out;
+ // save these off so we can later verify that fvp is the same
+ oname = fvp->v_name;
+ oparent = fvp->v_parent;
- error = setutimes(ctx, nd.ni_vp, ts, usrtvp == USER_ADDR_NULL);
+skipped_lookup:
+#if CONFIG_FSE
+ need_event = need_fsevent(FSE_RENAME, fdvp);
+ if (need_event) {
+ if (fvp) {
+ get_fse_info(fvp, &from_finfo, ctx);
+ } else {
+ error = vfs_get_notify_attributes(&__rename_data->fv_attr);
+ if (error) {
+ goto out1;
+ }
-out:
- vnode_put(nd.ni_vp);
- return (error);
-}
+ fvap = &__rename_data->fv_attr;
+ }
-/*
- * Set the access and modification times of a file.
- */
-/* ARGSUSED */
-int
-futimes(__unused proc_t p, struct futimes_args *uap, __unused register_t *retval)
-{
- struct timespec ts[2];
- vnode_t vp;
- user_addr_t usrtvp;
- int error;
+ if (tvp) {
+ get_fse_info(tvp, &to_finfo, ctx);
+ } else if (batched) {
+ error = vfs_get_notify_attributes(&__rename_data->tv_attr);
+ if (error) {
+ goto out1;
+ }
- AUDIT_ARG(fd, uap->fd);
- usrtvp = uap->tptr;
- if ((error = getutimes(usrtvp, ts)) != 0)
- return (error);
- if ((error = file_vnode(uap->fd, &vp)) != 0)
- return (error);
- if((error = vnode_getwithref(vp))) {
- file_drop(uap->fd);
- return(error);
+ tvap = &__rename_data->tv_attr;
+ }
}
+#else
+ need_event = 0;
+#endif /* CONFIG_FSE */
- error = setutimes(vfs_context_current(), vp, ts, usrtvp == 0);
- vnode_put(vp);
- file_drop(uap->fd);
- return(error);
-}
+ if (need_event || kauth_authorize_fileop_has_listeners()) {
+ if (from_name == NULL) {
+ GET_PATH(from_name);
+ if (from_name == NULL) {
+ error = ENOMEM;
+ goto out1;
+ }
+ }
-/*
- * Truncate a file given its path name.
- */
-/* ARGSUSED */
-int
-truncate(__unused proc_t p, struct truncate_args *uap, __unused register_t *retval)
-{
- vnode_t vp;
- struct vnode_attr va;
- vfs_context_t ctx = vfs_context_current();
- int error;
- struct nameidata nd;
- kauth_action_t action;
+ from_len = safe_getpath(fdvp, fromnd->ni_cnd.cn_nameptr, from_name, MAXPATHLEN, &from_truncated);
- if (uap->length < 0)
- return(EINVAL);
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- if ((error = namei(&nd)))
- return (error);
- vp = nd.ni_vp;
+ if (to_name == NULL) {
+ GET_PATH(to_name);
+ if (to_name == NULL) {
+ error = ENOMEM;
+ goto out1;
+ }
+ }
- nameidone(&nd);
+ to_len = safe_getpath(tdvp, tond->ni_cnd.cn_nameptr, to_name, MAXPATHLEN, &to_truncated);
+ }
+
+ error = vn_rename(fdvp, &fvp, &fromnd->ni_cnd, fvap,
+ tdvp, &tvp, &tond->ni_cnd, tvap,
+ 0, ctx);
- VATTR_INIT(&va);
- VATTR_SET(&va, va_data_size, uap->length);
+ if (holding_mntlock) {
+ /*
+ * we can drop our serialization
+ * lock now
+ */
+ mount_unlock_renames(locked_mp);
+ mount_drop(locked_mp, 0);
+ holding_mntlock = 0;
+ }
+ if (error) {
+ if (error == EKEEPLOOKING) {
+ if ((fromnd->ni_flag & NAMEI_CONTLOOKUP) == 0) {
+ if ((tond->ni_flag & NAMEI_CONTLOOKUP) == 0) {
+ panic("EKEEPLOOKING without NAMEI_CONTLOOKUP on either ndp?");
+ }
+ }
-#if CONFIG_MACF
- error = mac_vnode_check_truncate(ctx, NOCRED, vp);
- if (error)
- goto out;
-#endif
+ fromnd->ni_vp = fvp;
+ tond->ni_vp = tvp;
+
+ goto continue_lookup;
+ }
- if ((error = vnode_authattr(vp, &va, &action, ctx)) != 0)
- goto out;
- if ((action != 0) && ((error = vnode_authorize(vp, NULL, action, ctx)) != 0))
- goto out;
- error = vnode_setattr(vp, &va, ctx);
-out:
- vnode_put(vp);
- return (error);
-}
+ /*
+ * We may encounter a race in the VNOP where the destination didn't
+ * exist when we did the namei, but it does by the time we go and
+ * try to create the entry. In this case, we should re-drive this rename
+ * call from the top again. Currently, only HFS bubbles out ERECYCLE,
+ * but other filesystems susceptible to this race could return it, too.
+ */
+ if (error == ERECYCLE) {
+ do_retry = 1;
+ }
-/*
- * Truncate a file given a file descriptor.
- */
-/* ARGSUSED */
-int
-ftruncate(proc_t p, struct ftruncate_args *uap, register_t *retval)
-{
- vfs_context_t ctx = vfs_context_current();
- struct vnode_attr va;
- vnode_t vp;
- struct fileproc *fp;
- int error ;
- int fd = uap->fd;
+ goto out1;
+ }
+
+ /* call out to allow 3rd party notification of rename.
+ * Ignore result of kauth_authorize_fileop call.
+ */
+ kauth_authorize_fileop(vfs_context_ucred(ctx),
+ KAUTH_FILEOP_RENAME,
+ (uintptr_t)from_name, (uintptr_t)to_name);
- AUDIT_ARG(fd, uap->fd);
- if (uap->length < 0)
- return(EINVAL);
-
- if ( (error = fp_lookup(p,fd,&fp,0)) ) {
- return(error);
- }
+#if CONFIG_FSE
+ if (from_name != NULL && to_name != NULL) {
+ if (from_truncated || to_truncated) {
+ // set it here since only the from_finfo gets reported up to user space
+ from_finfo.mode |= FSE_TRUNCATED_PATH;
+ }
- if (fp->f_fglob->fg_type == DTYPE_PSXSHM) {
- error = pshm_truncate(p, fp, uap->fd, uap->length, retval);
- goto out;
- }
- if (fp->f_fglob->fg_type != DTYPE_VNODE) {
- error = EINVAL;
- goto out;
+ if (tvap && tvp) {
+ vnode_get_fse_info_from_vap(tvp, &to_finfo, tvap);
+ }
+ if (fvap) {
+ vnode_get_fse_info_from_vap(fvp, &from_finfo, fvap);
+ }
+
+ if (tvp) {
+ add_fsevent(FSE_RENAME, ctx,
+ FSE_ARG_STRING, from_len, from_name,
+ FSE_ARG_FINFO, &from_finfo,
+ FSE_ARG_STRING, to_len, to_name,
+ FSE_ARG_FINFO, &to_finfo,
+ FSE_ARG_DONE);
+ } else {
+ add_fsevent(FSE_RENAME, ctx,
+ FSE_ARG_STRING, from_len, from_name,
+ FSE_ARG_FINFO, &from_finfo,
+ FSE_ARG_STRING, to_len, to_name,
+ FSE_ARG_DONE);
+ }
}
+#endif /* CONFIG_FSE */
+
+ /*
+ * update filesystem's mount point data
+ */
+ if (mntrename) {
+ char *cp, *pathend, *mpname;
+ char * tobuf;
+ struct mount *mp;
+ int maxlen;
+ size_t len = 0;
- vp = (vnode_t)fp->f_fglob->fg_data;
-
- if ((fp->f_fglob->fg_flag & FWRITE) == 0) {
- AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
- error = EINVAL;
- goto out;
- }
+ mp = fvp->v_mountedhere;
- if ((error = vnode_getwithref(vp)) != 0) {
- goto out;
- }
+ if (vfs_busy(mp, LK_NOWAIT)) {
+ error = EBUSY;
+ goto out1;
+ }
+ MALLOC_ZONE(tobuf, char *, MAXPATHLEN, M_NAMEI, M_WAITOK);
- AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+ error = copyinstr(uap->to, tobuf, MAXPATHLEN, &len);
+ if (!error) {
+ /* find current mount point prefix */
+ pathend = &mp->mnt_vfsstat.f_mntonname[0];
+ for (cp = pathend; *cp != '\0'; ++cp) {
+ if (*cp == '/')
+ pathend = cp + 1;
+ }
+ /* find last component of target name */
+ for (mpname = cp = tobuf; *cp != '\0'; ++cp) {
+ if (*cp == '/')
+ mpname = cp + 1;
+ }
+ /* append name to prefix */
+ maxlen = MAXPATHLEN - (pathend - mp->mnt_vfsstat.f_mntonname);
+ bzero(pathend, maxlen);
+ strlcpy(pathend, mpname, maxlen);
+ }
+ FREE_ZONE(tobuf, MAXPATHLEN, M_NAMEI);
-#if CONFIG_MACF
- error = mac_vnode_check_truncate(ctx,
- fp->f_fglob->fg_cred, vp);
- if (error) {
- (void)vnode_put(vp);
- goto out;
+ vfs_unbusy(mp);
}
-#endif
- VATTR_INIT(&va);
- VATTR_SET(&va, va_data_size, uap->length);
- error = vnode_setattr(vp, &va, ctx);
- (void)vnode_put(vp);
-out:
- file_drop(fd);
- return (error);
-}
-
+ /*
+ * fix up name & parent pointers. note that we first
+ * check that fvp has the same name/parent pointers it
+ * had before the rename call... this is a 'weak' check
+ * at best...
+ *
+ * XXX oparent and oname may not be set in the compound vnop case
+ */
+ if (batched || (oname == fvp->v_name && oparent == fvp->v_parent)) {
+ int update_flags;
-/*
- * Sync an open file.
- */
-/* ARGSUSED */
-int
-fsync(proc_t p, struct fsync_args *uap, register_t *retval)
-{
- __pthread_testcancel(1);
- return(fsync_nocancel(p, (struct fsync_nocancel_args *)uap, retval));
-}
+ update_flags = VNODE_UPDATE_NAME;
-int
-fsync_nocancel(proc_t p, struct fsync_nocancel_args *uap, __unused register_t *retval)
-{
- vnode_t vp;
- struct fileproc *fp;
- vfs_context_t ctx = vfs_context_current();
- int error;
+ if (fdvp != tdvp)
+ update_flags |= VNODE_UPDATE_PARENT;
- if ( (error = fp_getfvp(p, uap->fd, &fp, &vp)) )
- return (error);
- if ( (error = vnode_getwithref(vp)) ) {
- file_drop(uap->fd);
- return(error);
+ vnode_update_identity(fvp, tdvp, tond->ni_cnd.cn_nameptr, tond->ni_cnd.cn_namelen, tond->ni_cnd.cn_hash, update_flags);
+ }
+out1:
+ if (to_name != NULL) {
+ RELEASE_PATH(to_name);
+ to_name = NULL;
+ }
+ if (from_name != NULL) {
+ RELEASE_PATH(from_name);
+ from_name = NULL;
+ }
+ if (holding_mntlock) {
+ mount_unlock_renames(locked_mp);
+ mount_drop(locked_mp, 0);
+ holding_mntlock = 0;
}
+ if (tdvp) {
+ /*
+ * nameidone has to happen before we vnode_put(tdvp)
+ * since it may need to release the fs_nodelock on the tdvp
+ */
+ nameidone(tond);
- error = VNOP_FSYNC(vp, MNT_WAIT, ctx);
+ if (tvp)
+ vnode_put(tvp);
+ vnode_put(tdvp);
+ }
+ if (fdvp) {
+ /*
+ * nameidone has to happen before we vnode_put(fdvp)
+ * since it may need to release the fs_nodelock on the fdvp
+ */
+ nameidone(fromnd);
-#if NAMEDRSRCFORK
- /* Sync resource fork shadow file if necessary. */
- if ((error == 0) &&
- (vp->v_flag & VISNAMEDSTREAM) &&
- (vp->v_parent != NULLVP) &&
- !(vp->v_parent->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) &&
- (fp->f_flags & FP_WRITTEN)) {
- (void) vnode_flushnamedstream(vp->v_parent, vp, ctx);
+ if (fvp)
+ vnode_put(fvp);
+ vnode_put(fdvp);
+ }
+
+
+ /*
+ * If things changed after we did the namei, then we will re-drive
+ * this rename call from the top.
+ */
+ if (do_retry) {
+ do_retry = 0;
+ goto retry;
}
-#endif
- (void)vnode_put(vp);
- file_drop(uap->fd);
+ FREE(__rename_data, M_TEMP);
return (error);
}
/*
- * Duplicate files. Source must be a file, target must be a file or
- * must not exist.
+ * Make a directory file.
*
- * XXX Copyfile authorisation checking is woefully inadequate, and will not
- * perform inheritance correctly.
+ * Returns: 0 Success
+ * EEXIST
+ * namei:???
+ * vnode_authorize:???
+ * vn_create:???
*/
/* ARGSUSED */
-int
-copyfile(__unused proc_t p, struct copyfile_args *uap, __unused register_t *retval)
+static int
+mkdir1(vfs_context_t ctx, user_addr_t path, struct vnode_attr *vap)
{
- vnode_t tvp, fvp, tdvp, sdvp;
- struct nameidata fromnd, tond;
+ vnode_t vp, dvp;
int error;
- vfs_context_t ctx = vfs_context_current();
-
- /* Check that the flags are valid. */
+ int update_flags = 0;
+ int batched;
+ struct nameidata nd;
- if (uap->flags & ~CPF_MASK) {
- return(EINVAL);
- }
+ AUDIT_ARG(mode, vap->va_mode);
+ NDINIT(&nd, CREATE, OP_MKDIR, LOCKPARENT | AUDITVNPATH1, UIO_USERSPACE,
+ path, ctx);
+ nd.ni_cnd.cn_flags |= WILLBEDIR;
+ nd.ni_flag = NAMEI_COMPOUNDMKDIR;
- NDINIT(&fromnd, LOOKUP, SAVESTART | AUDITVNPATH1,
- UIO_USERSPACE, uap->from, ctx);
- if ((error = namei(&fromnd)))
+continue_lookup:
+ error = namei(&nd);
+ if (error)
return (error);
- fvp = fromnd.ni_vp;
+ dvp = nd.ni_dvp;
+ vp = nd.ni_vp;
- NDINIT(&tond, CREATE, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | AUDITVNPATH2 | CN_NBMOUNTLOOK,
- UIO_USERSPACE, uap->to, ctx);
- if ((error = namei(&tond))) {
- goto out1;
- }
- tdvp = tond.ni_dvp;
- tvp = tond.ni_vp;
+ if (vp != NULL) {
+ error = EEXIST;
+ goto out;
+ }
+
+ batched = vnode_compound_mkdir_available(dvp);
- if (tvp != NULL) {
- if (!(uap->flags & CPF_OVERWRITE)) {
- error = EEXIST;
- goto out;
+ VATTR_SET(vap, va_type, VDIR);
+
+ /*
+ * XXX
+ * Don't authorize in VFS for compound VNOP.... mkdir -p today assumes that it will
+ * only get EXISTS or EISDIR for existing path components, and not that it could see
+ * EACCESS/EPERM--so if we authorize for mkdir on "/" for "mkdir -p /tmp/foo/bar/baz"
+ * it will fail in a spurious manner. Need to figure out if this is valid behavior.
+ */
+ if ((error = vn_authorize_mkdir(dvp, &nd.ni_cnd, vap, ctx, NULL)) != 0) {
+ if (error == EACCES || error == EPERM) {
+ int error2;
+
+ nameidone(&nd);
+ vnode_put(dvp);
+ dvp = NULLVP;
+
+ /*
+ * Try a lookup without "NAMEI_COMPOUNDVNOP" to make sure we return EEXIST
+ * rather than EACCESS if the target exists.
+ */
+ NDINIT(&nd, LOOKUP, OP_MKDIR, AUDITVNPATH1, UIO_USERSPACE,
+ path, ctx);
+ error2 = namei(&nd);
+ if (error2) {
+ goto out;
+ } else {
+ vp = nd.ni_vp;
+ error = EEXIST;
+ goto out;
+ }
}
- }
- if (fvp->v_type == VDIR || (tvp && tvp->v_type == VDIR)) {
- error = EISDIR;
- goto out;
- }
- if ((error = vnode_authorize(tdvp, NULL, KAUTH_VNODE_ADD_FILE, ctx)) != 0)
goto out;
+ }
- if (fvp == tdvp)
- error = EINVAL;
/*
- * If source is the same as the destination (that is the
- * same inode number) then there is nothing to do.
- * (fixed to have POSIX semantics - CSM 3/2/98)
+ * make the directory
*/
- if (fvp == tvp)
- error = -1;
- if (!error)
- error = VNOP_COPYFILE(fvp, tdvp, tvp, &tond.ni_cnd, uap->mode, uap->flags, ctx);
+ if ((error = vn_create(dvp, &vp, &nd, vap, 0, 0, NULL, ctx)) != 0) {
+ if (error == EKEEPLOOKING) {
+ nd.ni_vp = vp;
+ goto continue_lookup;
+ }
+
+ goto out;
+ }
+
+ // Make sure the name & parent pointers are hooked up
+ if (vp->v_name == NULL)
+ update_flags |= VNODE_UPDATE_NAME;
+ if (vp->v_parent == NULLVP)
+ update_flags |= VNODE_UPDATE_PARENT;
+
+ if (update_flags)
+ vnode_update_identity(vp, dvp, nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, nd.ni_cnd.cn_hash, update_flags);
+
+#if CONFIG_FSE
+ add_fsevent(FSE_CREATE_DIR, ctx, FSE_ARG_VNODE, vp, FSE_ARG_DONE);
+#endif
+
out:
- sdvp = tond.ni_startdir;
/*
- * nameidone has to happen before we vnode_put(tdvp)
- * since it may need to release the fs_nodelock on the tdvp
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
*/
- nameidone(&tond);
+ nameidone(&nd);
+
+ if (vp)
+ vnode_put(vp);
+ if (dvp)
+ vnode_put(dvp);
+
+ return (error);
+}
+
+/*
+ * mkdir_extended: Create a directory; with extended security (ACL).
+ *
+ * Parameters: p Process requesting to create the directory
+ * uap User argument descriptor (see below)
+ * retval (ignored)
+ *
+ * Indirect: uap->path Path of directory to create
+ * uap->mode Access permissions to set
+ * uap->xsecurity ACL to set
+ *
+ * Returns: 0 Success
+ * !0 Not success
+ *
+ */
+int
+mkdir_extended(proc_t p, struct mkdir_extended_args *uap, __unused int32_t *retval)
+{
+ int ciferror;
+ kauth_filesec_t xsecdst;
+ struct vnode_attr va;
- if (tvp)
- vnode_put(tvp);
- vnode_put(tdvp);
- vnode_put(sdvp);
-out1:
- vnode_put(fvp);
+ AUDIT_ARG(owner, uap->uid, uap->gid);
- if (fromnd.ni_startdir)
- vnode_put(fromnd.ni_startdir);
- nameidone(&fromnd);
+ xsecdst = NULL;
+ if ((uap->xsecurity != USER_ADDR_NULL) &&
+ ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0))
+ return ciferror;
- if (error == -1)
- return (0);
- return (error);
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, (uap->mode & ACCESSPERMS) & ~p->p_fd->fd_cmask);
+ if (xsecdst != NULL)
+ VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+
+ ciferror = mkdir1(vfs_context_current(), uap->path, &va);
+ if (xsecdst != NULL)
+ kauth_filesec_free(xsecdst);
+ return ciferror;
}
+int
+mkdir(proc_t p, struct mkdir_args *uap, __unused int32_t *retval)
+{
+ struct vnode_attr va;
+
+ VATTR_INIT(&va);
+ VATTR_SET(&va, va_mode, (uap->mode & ACCESSPERMS) & ~p->p_fd->fd_cmask);
+
+ return(mkdir1(vfs_context_current(), uap->path, &va));
+}
/*
- * Rename files. Source and destination must either both be directories,
- * or both not be directories. If target is a directory, it must be empty.
+ * Remove a directory file.
*/
/* ARGSUSED */
int
-rename(__unused proc_t p, struct rename_args *uap, __unused register_t *retval)
+rmdir(__unused proc_t p, struct rmdir_args *uap, __unused int32_t *retval)
{
- vnode_t tvp, tdvp;
- vnode_t fvp, fdvp;
- struct nameidata fromnd, tond;
- vfs_context_t ctx = vfs_context_current();
+ vnode_t vp, dvp;
int error;
- int mntrename;
- int need_event;
- const char *oname;
- char *from_name = NULL, *to_name = NULL;
- int from_len, to_len;
- int holding_mntlock;
- mount_t locked_mp = NULL;
- vnode_t oparent;
- fse_info from_finfo, to_finfo;
-
- holding_mntlock = 0;
-retry:
- fvp = tvp = NULL;
- fdvp = tdvp = NULL;
- mntrename = FALSE;
+ struct nameidata nd;
+ char *path = NULL;
+ int len=0;
+ int has_listeners = 0;
+ int need_event = 0;
+ int truncated = 0;
+ vfs_context_t ctx = vfs_context_current();
+#if CONFIG_FSE
+ struct vnode_attr va;
+#endif /* CONFIG_FSE */
+ struct vnode_attr *vap = NULL;
+ int batched;
- NDINIT(&fromnd, DELETE, WANTPARENT | AUDITVNPATH1, UIO_USERSPACE, uap->from, ctx);
-
- if ( (error = namei(&fromnd)) )
- goto out1;
- fdvp = fromnd.ni_dvp;
- fvp = fromnd.ni_vp;
+ int restart_flag;
-#if CONFIG_MACF
- error = mac_vnode_check_rename_from(ctx, fdvp, fvp, &fromnd.ni_cnd);
- if (error)
- goto out1;
-#endif
+ /*
+ * This loop exists to restart rmdir in the unlikely case that two
+ * processes are simultaneously trying to remove the same directory
+ * containing orphaned appleDouble files.
+ */
+ do {
+ NDINIT(&nd, DELETE, OP_RMDIR, LOCKPARENT | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ nd.ni_flag = NAMEI_COMPOUNDRMDIR;
+continue_lookup:
+ restart_flag = 0;
+ vap = NULL;
- NDINIT(&tond, RENAME, WANTPARENT | AUDITVNPATH2 | CN_NBMOUNTLOOK , UIO_USERSPACE, uap->to, ctx);
- if (fvp->v_type == VDIR)
- tond.ni_cnd.cn_flags |= WILLBEDIR;
+ error = namei(&nd);
+ if (error)
+ return (error);
- if ( (error = namei(&tond)) ) {
- /*
- * Translate error code for rename("dir1", "dir2/.").
- */
- if (error == EISDIR && fvp->v_type == VDIR)
- error = EINVAL;
- goto out1;
- }
- tdvp = tond.ni_dvp;
- tvp = tond.ni_vp;
+ dvp = nd.ni_dvp;
+ vp = nd.ni_vp;
-#if CONFIG_MACF
- error = mac_vnode_check_rename_to(ctx,
- tdvp, tvp, fdvp == tdvp, &tond.ni_cnd);
- if (error)
- goto out1;
-#endif
+ if (vp) {
+ batched = vnode_compound_rmdir_available(vp);
- if (tvp != NULL) {
- if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
- error = ENOTDIR;
- goto out1;
- } else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
- error = EISDIR;
- goto out1;
- }
- }
- if (fvp == tdvp) {
- error = EINVAL;
- goto out1;
- }
- /*
- * If the source and destination are the same (i.e. they're
- * links to the same vnode) and the target file system is
- * case sensitive, then there is nothing to do.
- */
- if (fvp == tvp) {
- int pathconf_val;
-
- /*
- * Note: if _PC_CASE_SENSITIVE selector isn't supported,
- * then assume that this file system is case sensitive.
- */
- if (VNOP_PATHCONF(fvp, _PC_CASE_SENSITIVE, &pathconf_val, ctx) != 0 ||
- pathconf_val != 0) {
- goto out1;
- }
- }
+ if (vp->v_flag & VROOT) {
+ /*
+ * The root of a mounted filesystem cannot be deleted.
+ */
+ error = EBUSY;
+ goto out;
+ }
- /*
- * Authorization.
- *
- * If tvp is a directory and not the same as fdvp, or tdvp is not
- * the same as fdvp, the node is moving between directories and we
- * need rights to remove from the old and add to the new.
- *
- * If tvp already exists and is not a directory, we need to be
- * allowed to delete it.
- *
- * Note that we do not inherit when renaming.
- *
- * XXX This needs to be revisited to implement the deferred-inherit bit
- */
- {
- int moving = 0;
+ /*
+ * Removed a check here; we used to abort if vp's vid
+ * was not the same as what we'd seen the last time around.
+ * I do not think that check was valid, because if we retry
+ * and all dirents are gone, the directory could legitimately
+ * be recycled but still be present in a situation where we would
+ * have had permission to delete. Therefore, we won't make
+ * an effort to preserve that check now that we may not have a
+ * vp here.
+ */
- error = 0;
- if ((tvp != NULL) && vnode_isdir(tvp)) {
- if (tvp != fdvp)
- moving = 1;
- } else if (tdvp != fdvp) {
- moving = 1;
- }
- /*
- * must have delete rights to remove the old name even in
- * the simple case of fdvp == tdvp.
- *
- * If fvp is a directory, and we are changing it's parent,
- * then we also need rights to rewrite its ".." entry as well.
- */
- if (vnode_isdir(fvp)) {
- if ((error = vnode_authorize(fvp, fdvp, KAUTH_VNODE_DELETE | KAUTH_VNODE_ADD_SUBDIRECTORY, ctx)) != 0)
- goto auth_exit;
- } else {
- if ((error = vnode_authorize(fvp, fdvp, KAUTH_VNODE_DELETE, ctx)) != 0)
- goto auth_exit;
- }
- if (moving) {
- /* moving into tdvp or tvp, must have rights to add */
- if ((error = vnode_authorize(((tvp != NULL) && vnode_isdir(tvp)) ? tvp : tdvp,
- NULL,
- vnode_isdir(fvp) ? KAUTH_VNODE_ADD_SUBDIRECTORY : KAUTH_VNODE_ADD_FILE,
- ctx)) != 0)
- goto auth_exit;
+ if (!batched) {
+ error = vn_authorize_rmdir(dvp, vp, &nd.ni_cnd, ctx, NULL);
+ if (error) {
+ goto out;
+ }
+ }
} else {
- /* node staying in same directory, must be allowed to add new name */
- if ((error = vnode_authorize(fdvp, NULL,
- vnode_isdir(fvp) ? KAUTH_VNODE_ADD_SUBDIRECTORY : KAUTH_VNODE_ADD_FILE, ctx)) != 0)
- goto auth_exit;
- }
- /* overwriting tvp */
- if ((tvp != NULL) && !vnode_isdir(tvp) &&
- ((error = vnode_authorize(tvp, tdvp, KAUTH_VNODE_DELETE, ctx)) != 0))
- goto auth_exit;
-
- /* XXX more checks? */
-
-auth_exit:
- /* authorization denied */
- if (error != 0)
- goto out1;
- }
- /*
- * Allow the renaming of mount points.
- * - target must not exist
- * - target must reside in the same directory as source
- * - union mounts cannot be renamed
- * - "/" cannot be renamed
- */
- if ((fvp->v_flag & VROOT) &&
- (fvp->v_type == VDIR) &&
- (tvp == NULL) &&
- (fvp->v_mountedhere == NULL) &&
- (fdvp == tdvp) &&
- ((fvp->v_mount->mnt_flag & (MNT_UNION | MNT_ROOTFS)) == 0) &&
- (fvp->v_mount->mnt_vnodecovered != NULLVP)) {
- vnode_t coveredvp;
-
- /* switch fvp to the covered vnode */
- coveredvp = fvp->v_mount->mnt_vnodecovered;
- if ( (vnode_getwithref(coveredvp)) ) {
- error = ENOENT;
- goto out1;
+ batched = 1;
+
+ if (!vnode_compound_rmdir_available(dvp)) {
+ panic("No error, but no compound rmdir?");
+ }
}
- vnode_put(fvp);
- fvp = coveredvp;
- mntrename = TRUE;
- }
- /*
- * Check for cross-device rename.
- */
- if ((fvp->v_mount != tdvp->v_mount) ||
- (tvp && (fvp->v_mount != tvp->v_mount))) {
- error = EXDEV;
- goto out1;
- }
- /*
- * Avoid renaming "." and "..".
- */
- if (fvp->v_type == VDIR &&
- ((fdvp == fvp) ||
- (fromnd.ni_cnd.cn_namelen == 1 && fromnd.ni_cnd.cn_nameptr[0] == '.') ||
- ((fromnd.ni_cnd.cn_flags | tond.ni_cnd.cn_flags) & ISDOTDOT)) ) {
- error = EINVAL;
- goto out1;
- }
- /*
- * The following edge case is caught here:
- * (to cannot be a descendent of from)
- *
- * o fdvp
- * /
- * /
- * o fvp
- * \
- * \
- * o tdvp
- * /
- * /
- * o tvp
- */
- if (tdvp->v_parent == fvp) {
- error = EINVAL;
- goto out1;
- }
+#if CONFIG_FSE
+ fse_info finfo;
- /*
- * If source is the same as the destination (that is the
- * same inode number) then there is nothing to do...
- * EXCEPT if the underlying file system supports case
- * insensitivity and is case preserving. In this case
- * the file system needs to handle the special case of
- * getting the same vnode as target (fvp) and source (tvp).
- *
- * Only file systems that support pathconf selectors _PC_CASE_SENSITIVE
- * and _PC_CASE_PRESERVING can have this exception, and they need to
- * handle the special case of getting the same vnode as target and
- * source. NOTE: Then the target is unlocked going into vnop_rename,
- * so not to cause locking problems. There is a single reference on tvp.
- *
- * NOTE - that fvp == tvp also occurs if they are hard linked - NOTE
- * that correct behaviour then is just to remove the source (link)
- */
- if (fvp == tvp && fdvp == tdvp) {
- if (fromnd.ni_cnd.cn_namelen == tond.ni_cnd.cn_namelen &&
- !bcmp(fromnd.ni_cnd.cn_nameptr, tond.ni_cnd.cn_nameptr,
- fromnd.ni_cnd.cn_namelen)) {
- goto out1;
- }
- }
+ need_event = need_fsevent(FSE_DELETE, dvp);
+ if (need_event) {
+ if (!batched) {
+ get_fse_info(vp, &finfo, ctx);
+ } else {
+ error = vfs_get_notify_attributes(&va);
+ if (error) {
+ goto out;
+ }
- if (holding_mntlock && fvp->v_mount != locked_mp) {
- /*
- * we're holding a reference and lock
- * on locked_mp, but it no longer matches
- * what we want to do... so drop our hold
- */
- mount_unlock_renames(locked_mp);
- mount_drop(locked_mp, 0);
- holding_mntlock = 0;
- }
- if (tdvp != fdvp && fvp->v_type == VDIR) {
- /*
- * serialize renames that re-shape
- * the tree... if holding_mntlock is
- * set, then we're ready to go...
- * otherwise we
- * first need to drop the iocounts
- * we picked up, second take the
- * lock to serialize the access,
- * then finally start the lookup
- * process over with the lock held
- */
- if (!holding_mntlock) {
- /*
- * need to grab a reference on
- * the mount point before we
- * drop all the iocounts... once
- * the iocounts are gone, the mount
- * could follow
- */
- locked_mp = fvp->v_mount;
- mount_ref(locked_mp, 0);
+ vap = &va;
+ }
+ }
+#endif
+ has_listeners = kauth_authorize_fileop_has_listeners();
+ if (need_event || has_listeners) {
+ if (path == NULL) {
+ GET_PATH(path);
+ if (path == NULL) {
+ error = ENOMEM;
+ goto out;
+ }
+ }
- /*
- * nameidone has to happen before we vnode_put(tvp)
- * since it may need to release the fs_nodelock on the tvp
- */
- nameidone(&tond);
+ len = safe_getpath(dvp, nd.ni_cnd.cn_nameptr, path, MAXPATHLEN, &truncated);
+#if CONFIG_FSE
+ if (truncated) {
+ finfo.mode |= FSE_TRUNCATED_PATH;
+ }
+#endif
+ }
- if (tvp)
- vnode_put(tvp);
- vnode_put(tdvp);
+ error = vn_rmdir(dvp, &vp, &nd, vap, ctx);
+ nd.ni_vp = vp;
+ if (vp == NULLVP) {
+ /* Couldn't find a vnode */
+ goto out;
+ }
- /*
- * nameidone has to happen before we vnode_put(fdvp)
- * since it may need to release the fs_nodelock on the fvp
- */
- nameidone(&fromnd);
+ if (error == EKEEPLOOKING) {
+ goto continue_lookup;
+ }
- vnode_put(fvp);
- vnode_put(fdvp);
+ /*
+ * Special case to remove orphaned AppleDouble
+ * files. I don't like putting this in the kernel,
+ * but carbon does not like putting this in carbon either,
+ * so here we are.
+ */
+ if (error == ENOTEMPTY) {
+ error = rmdir_remove_orphaned_appleDouble(vp, ctx, &restart_flag);
+ if (error == EBUSY) {
+ goto out;
+ }
- mount_lock_renames(locked_mp);
- holding_mntlock = 1;
- goto retry;
+ /*
+ * Assuming everything went well, we will try the RMDIR again
+ */
+ if (!error)
+ error = vn_rmdir(dvp, &vp, &nd, vap, ctx);
}
- } else {
- /*
- * when we dropped the iocounts to take
- * the lock, we allowed the identity of
- * the various vnodes to change... if they did,
- * we may no longer be dealing with a rename
- * that reshapes the tree... once we're holding
- * the iocounts, the vnodes can't change type
- * so we're free to drop the lock at this point
- * and continue on
+
+ /*
+ * Call out to allow 3rd party notification of delete.
+ * Ignore result of kauth_authorize_fileop call.
*/
- if (holding_mntlock) {
- mount_unlock_renames(locked_mp);
- mount_drop(locked_mp, 0);
- holding_mntlock = 0;
- }
- }
- // save these off so we can later verify that fvp is the same
- oname = fvp->v_name;
- oparent = fvp->v_parent;
+ if (!error) {
+ if (has_listeners) {
+ kauth_authorize_fileop(vfs_context_ucred(ctx),
+ KAUTH_FILEOP_DELETE,
+ (uintptr_t)vp,
+ (uintptr_t)path);
+ }
-#if CONFIG_FSE
- need_event = need_fsevent(FSE_RENAME, fvp);
- if (need_event) {
- get_fse_info(fvp, &from_finfo, ctx);
+ if (vp->v_flag & VISHARDLINK) {
+ // see the comment in unlink1() about why we update
+ // the parent of a hard link when it is removed
+ vnode_update_identity(vp, NULL, NULL, 0, 0, VNODE_UPDATE_PARENT);
+ }
- if (tvp) {
- get_fse_info(tvp, &to_finfo, ctx);
+#if CONFIG_FSE
+ if (need_event) {
+ if (vap) {
+ vnode_get_fse_info_from_vap(vp, &finfo, vap);
+ }
+ add_fsevent(FSE_DELETE, ctx,
+ FSE_ARG_STRING, len, path,
+ FSE_ARG_FINFO, &finfo,
+ FSE_ARG_DONE);
+ }
+#endif
}
- }
-#else
- need_event = 0;
-#endif /* CONFIG_FSE */
- if (need_event || kauth_authorize_fileop_has_listeners()) {
- GET_PATH(from_name);
- if (from_name == NULL) {
- error = ENOMEM;
- goto out1;
- }
- from_len = MAXPATHLEN;
- vn_getpath(fdvp, from_name, &from_len);
- if ((from_len + 1 + fromnd.ni_cnd.cn_namelen + 1) < MAXPATHLEN) {
- if (from_len > 2) {
- from_name[from_len-1] = '/';
- } else {
- from_len--;
- }
- strlcpy(&from_name[from_len], fromnd.ni_cnd.cn_nameptr, MAXPATHLEN-from_len);
- from_len += fromnd.ni_cnd.cn_namelen + 1;
- from_name[from_len] = '\0';
+out:
+ if (path != NULL) {
+ RELEASE_PATH(path);
+ path = NULL;
}
+ /*
+ * nameidone has to happen before we vnode_put(dvp)
+ * since it may need to release the fs_nodelock on the dvp
+ */
+ nameidone(&nd);
+ vnode_put(dvp);
- GET_PATH(to_name);
- if (to_name == NULL) {
- error = ENOMEM;
- goto out1;
+ if (vp)
+ vnode_put(vp);
+
+ if (restart_flag == 0) {
+ wakeup_one((caddr_t)vp);
+ return (error);
}
+ tsleep(vp, PVFS, "rm AD", 1);
+
+ } while (restart_flag != 0);
+
+ return (error);
- to_len = MAXPATHLEN;
- vn_getpath(tdvp, to_name, &to_len);
- // if the path is not just "/", then append a "/"
- if ((to_len + 1 + tond.ni_cnd.cn_namelen + 1) < MAXPATHLEN) {
- if (to_len > 2) {
- to_name[to_len-1] = '/';
- } else {
- to_len--;
- }
- strlcpy(&to_name[to_len], tond.ni_cnd.cn_nameptr, MAXPATHLEN-to_len);
- to_len += tond.ni_cnd.cn_namelen + 1;
- to_name[to_len] = '\0';
+}
+
+/* Get direntry length padded to 8 byte alignment */
+#define DIRENT64_LEN(namlen) \
+ ((sizeof(struct direntry) + (namlen) - (MAXPATHLEN-1) + 7) & ~7)
+
+static errno_t
+vnode_readdir64(struct vnode *vp, struct uio *uio, int flags, int *eofflag,
+ int *numdirent, vfs_context_t ctxp)
+{
+ /* Check if fs natively supports VNODE_READDIR_EXTENDED */
+ if ((vp->v_mount->mnt_vtable->vfc_vfsflags & VFC_VFSREADDIR_EXTENDED) &&
+ ((vp->v_mount->mnt_kern_flag & MNTK_DENY_READDIREXT) == 0)) {
+ return VNOP_READDIR(vp, uio, flags, eofflag, numdirent, ctxp);
+ } else {
+ size_t bufsize;
+ void * bufptr;
+ uio_t auio;
+ struct direntry entry64;
+ struct dirent *dep;
+ int bytesread;
+ int error;
+
+ /*
+ * Our kernel buffer needs to be smaller since re-packing
+ * will expand each dirent. The worse case (when the name
+ * length is 3) corresponds to a struct direntry size of 32
+ * bytes (8-byte aligned) and a struct dirent size of 12 bytes
+ * (4-byte aligned). So having a buffer that is 3/8 the size
+ * will prevent us from reading more than we can pack.
+ *
+ * Since this buffer is wired memory, we will limit the
+ * buffer size to a maximum of 32K. We would really like to
+ * use 32K in the MIN(), but we use magic number 87371 to
+ * prevent uio_resid() * 3 / 8 from overflowing.
+ */
+ bufsize = 3 * MIN((user_size_t)uio_resid(uio), 87371u) / 8;
+ MALLOC(bufptr, void *, bufsize, M_TEMP, M_WAITOK);
+ if (bufptr == NULL) {
+ return ENOMEM;
}
- }
-
- error = VNOP_RENAME(fdvp, fvp, &fromnd.ni_cnd,
- tdvp, tvp, &tond.ni_cnd,
- ctx);
- if (holding_mntlock) {
+ auio = uio_create(1, 0, UIO_SYSSPACE, UIO_READ);
+ uio_addiov(auio, (uintptr_t)bufptr, bufsize);
+ auio->uio_offset = uio->uio_offset;
+
+ error = VNOP_READDIR(vp, auio, 0, eofflag, numdirent, ctxp);
+
+ dep = (struct dirent *)bufptr;
+ bytesread = bufsize - uio_resid(auio);
+
/*
- * we can drop our serialization
- * lock now
+ * Convert all the entries and copy them out to user's buffer.
*/
- mount_unlock_renames(locked_mp);
- mount_drop(locked_mp, 0);
- holding_mntlock = 0;
+ while (error == 0 && (char *)dep < ((char *)bufptr + bytesread)) {
+ /* Convert a dirent to a dirent64. */
+ entry64.d_ino = dep->d_ino;
+ entry64.d_seekoff = 0;
+ entry64.d_reclen = DIRENT64_LEN(dep->d_namlen);
+ entry64.d_namlen = dep->d_namlen;
+ entry64.d_type = dep->d_type;
+ bcopy(dep->d_name, entry64.d_name, dep->d_namlen + 1);
+
+ /* Move to next entry. */
+ dep = (struct dirent *)((char *)dep + dep->d_reclen);
+
+ /* Copy entry64 to user's buffer. */
+ error = uiomove((caddr_t)&entry64, entry64.d_reclen, uio);
+ }
+
+ /* Update the real offset using the offset we got from VNOP_READDIR. */
+ if (error == 0) {
+ uio->uio_offset = auio->uio_offset;
+ }
+ uio_free(auio);
+ FREE(bufptr, M_TEMP);
+ return (error);
}
+}
+
+/*
+ * Read a block of directory entries in a file system independent format.
+ */
+static int
+getdirentries_common(int fd, user_addr_t bufp, user_size_t bufsize, ssize_t *bytesread,
+ off_t *offset, int flags)
+{
+ vnode_t vp;
+ struct vfs_context context = *vfs_context_current(); /* local copy */
+ struct fileproc *fp;
+ uio_t auio;
+ int spacetype = proc_is64bit(vfs_context_proc(&context)) ? UIO_USERSPACE64 : UIO_USERSPACE32;
+ off_t loff;
+ int error, eofflag, numdirent;
+ char uio_buf[ UIO_SIZEOF(1) ];
+
+ error = fp_getfvp(vfs_context_proc(&context), fd, &fp, &vp);
if (error) {
+ return (error);
+ }
+ if ((fp->f_fglob->fg_flag & FREAD) == 0) {
+ AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+ error = EBADF;
+ goto out;
+ }
- goto out1;
- }
-
- /* call out to allow 3rd party notification of rename.
- * Ignore result of kauth_authorize_fileop call.
- */
- kauth_authorize_fileop(vfs_context_ucred(ctx),
- KAUTH_FILEOP_RENAME,
- (uintptr_t)from_name, (uintptr_t)to_name);
+#if CONFIG_MACF
+ error = mac_file_check_change_offset(vfs_context_ucred(&context), fp->f_fglob);
+ if (error)
+ goto out;
+#endif
+ if ( (error = vnode_getwithref(vp)) ) {
+ goto out;
+ }
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
-#if CONFIG_FSE
- if (from_name != NULL && to_name != NULL) {
- if (tvp) {
- add_fsevent(FSE_RENAME, ctx,
- FSE_ARG_STRING, from_len, from_name,
- FSE_ARG_FINFO, &from_finfo,
- FSE_ARG_STRING, to_len, to_name,
- FSE_ARG_FINFO, &to_finfo,
- FSE_ARG_DONE);
- } else {
- add_fsevent(FSE_RENAME, ctx,
- FSE_ARG_STRING, from_len, from_name,
- FSE_ARG_FINFO, &from_finfo,
- FSE_ARG_STRING, to_len, to_name,
- FSE_ARG_DONE);
- }
+unionread:
+ if (vp->v_type != VDIR) {
+ (void)vnode_put(vp);
+ error = EINVAL;
+ goto out;
}
-#endif /* CONFIG_FSE */
-
- /*
- * update filesystem's mount point data
- */
- if (mntrename) {
- char *cp, *pathend, *mpname;
- char * tobuf;
- struct mount *mp;
- int maxlen;
- size_t len = 0;
- mp = fvp->v_mountedhere;
+#if CONFIG_MACF
+ error = mac_vnode_check_readdir(&context, vp);
+ if (error != 0) {
+ (void)vnode_put(vp);
+ goto out;
+ }
+#endif /* MAC */
+
+ loff = fp->f_fglob->fg_offset;
+ auio = uio_createwithbuffer(1, loff, spacetype, UIO_READ, &uio_buf[0], sizeof(uio_buf));
+ uio_addiov(auio, bufp, bufsize);
+
+ if (flags & VNODE_READDIR_EXTENDED) {
+ error = vnode_readdir64(vp, auio, flags, &eofflag, &numdirent, &context);
+ fp->f_fglob->fg_offset = uio_offset(auio);
+ } else {
+ error = VNOP_READDIR(vp, auio, 0, &eofflag, &numdirent, &context);
+ fp->f_fglob->fg_offset = uio_offset(auio);
+ }
+ if (error) {
+ (void)vnode_put(vp);
+ goto out;
+ }
- if (vfs_busy(mp, LK_NOWAIT)) {
- error = EBUSY;
- goto out1;
+ if ((user_ssize_t)bufsize == uio_resid(auio)){
+ if (union_dircheckp) {
+ error = union_dircheckp(&vp, fp, &context);
+ if (error == -1)
+ goto unionread;
+ if (error)
+ goto out;
}
- MALLOC_ZONE(tobuf, char *, MAXPATHLEN, M_NAMEI, M_WAITOK);
- error = copyinstr(uap->to, tobuf, MAXPATHLEN, &len);
- if (!error) {
- /* find current mount point prefix */
- pathend = &mp->mnt_vfsstat.f_mntonname[0];
- for (cp = pathend; *cp != '\0'; ++cp) {
- if (*cp == '/')
- pathend = cp + 1;
- }
- /* find last component of target name */
- for (mpname = cp = tobuf; *cp != '\0'; ++cp) {
- if (*cp == '/')
- mpname = cp + 1;
- }
- /* append name to prefix */
- maxlen = MAXPATHLEN - (pathend - mp->mnt_vfsstat.f_mntonname);
- bzero(pathend, maxlen);
- strlcpy(pathend, mpname, maxlen);
+ if ((vp->v_flag & VROOT) && (vp->v_mount->mnt_flag & MNT_UNION)) {
+ struct vnode *tvp = vp;
+ vp = vp->v_mount->mnt_vnodecovered;
+ vnode_getwithref(vp);
+ vnode_ref(vp);
+ fp->f_fglob->fg_data = (caddr_t) vp;
+ fp->f_fglob->fg_offset = 0;
+ vnode_rele(tvp);
+ vnode_put(tvp);
+ goto unionread;
}
- FREE_ZONE(tobuf, MAXPATHLEN, M_NAMEI);
+ }
- vfs_unbusy(mp);
+ vnode_put(vp);
+ if (offset) {
+ *offset = loff;
}
- /*
- * fix up name & parent pointers. note that we first
- * check that fvp has the same name/parent pointers it
- * had before the rename call... this is a 'weak' check
- * at best...
- */
- if (oname == fvp->v_name && oparent == fvp->v_parent) {
- int update_flags;
+
+ *bytesread = bufsize - uio_resid(auio);
+out:
+ file_drop(fd);
+ return (error);
+}
- update_flags = VNODE_UPDATE_NAME;
- if (fdvp != tdvp)
- update_flags |= VNODE_UPDATE_PARENT;
+int
+getdirentries(__unused struct proc *p, struct getdirentries_args *uap, int32_t *retval)
+{
+ off_t offset;
+ ssize_t bytesread;
+ int error;
- vnode_update_identity(fvp, tdvp, tond.ni_cnd.cn_nameptr, tond.ni_cnd.cn_namelen, tond.ni_cnd.cn_hash, update_flags);
- }
-out1:
- if (to_name != NULL)
- RELEASE_PATH(to_name);
- if (from_name != NULL)
- RELEASE_PATH(from_name);
+ AUDIT_ARG(fd, uap->fd);
+ error = getdirentries_common(uap->fd, uap->buf, uap->count, &bytesread, &offset, 0);
- if (holding_mntlock) {
- mount_unlock_renames(locked_mp);
- mount_drop(locked_mp, 0);
+ if (error == 0) {
+ if (proc_is64bit(p)) {
+ user64_long_t base = (user64_long_t)offset;
+ error = copyout((caddr_t)&base, uap->basep, sizeof(user64_long_t));
+ } else {
+ user32_long_t base = (user32_long_t)offset;
+ error = copyout((caddr_t)&base, uap->basep, sizeof(user32_long_t));
+ }
+ *retval = bytesread;
}
- if (tdvp) {
- /*
- * nameidone has to happen before we vnode_put(tdvp)
- * since it may need to release the fs_nodelock on the tdvp
- */
- nameidone(&tond);
+ return (error);
+}
- if (tvp)
- vnode_put(tvp);
- vnode_put(tdvp);
- }
- if (fdvp) {
- /*
- * nameidone has to happen before we vnode_put(fdvp)
- * since it may need to release the fs_nodelock on the fdvp
- */
- nameidone(&fromnd);
+int
+getdirentries64(__unused struct proc *p, struct getdirentries64_args *uap, user_ssize_t *retval)
+{
+ off_t offset;
+ ssize_t bytesread;
+ int error;
- if (fvp)
- vnode_put(fvp);
- vnode_put(fdvp);
+ AUDIT_ARG(fd, uap->fd);
+ error = getdirentries_common(uap->fd, uap->buf, uap->bufsize, &bytesread, &offset, VNODE_READDIR_EXTENDED);
+
+ if (error == 0) {
+ *retval = bytesread;
+ error = copyout((caddr_t)&offset, uap->position, sizeof(off_t));
}
return (error);
}
+
/*
- * Make a directory file.
+ * Set the mode mask for creation of filesystem nodes.
+ * XXX implement xsecurity
+ */
+#define UMASK_NOXSECURITY (void *)1 /* leave existing xsecurity alone */
+static int
+umask1(proc_t p, int newmask, __unused kauth_filesec_t fsec, int32_t *retval)
+{
+ struct filedesc *fdp;
+
+ AUDIT_ARG(mask, newmask);
+ proc_fdlock(p);
+ fdp = p->p_fd;
+ *retval = fdp->fd_cmask;
+ fdp->fd_cmask = newmask & ALLPERMS;
+ proc_fdunlock(p);
+ return (0);
+}
+
+/*
+ * umask_extended: Set the mode mask for creation of filesystem nodes; with extended security (ACL).
*
- * Returns: 0 Success
- * EEXIST
- * namei:???
- * vnode_authorize:???
- * vn_create:???
+ * Parameters: p Process requesting to set the umask
+ * uap User argument descriptor (see below)
+ * retval umask of the process (parameter p)
+ *
+ * Indirect: uap->newmask umask to set
+ * uap->xsecurity ACL to set
+ *
+ * Returns: 0 Success
+ * !0 Not success
+ *
+ */
+int
+umask_extended(proc_t p, struct umask_extended_args *uap, int32_t *retval)
+{
+ int ciferror;
+ kauth_filesec_t xsecdst;
+
+ xsecdst = KAUTH_FILESEC_NONE;
+ if (uap->xsecurity != USER_ADDR_NULL) {
+ if ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
+ return ciferror;
+ } else {
+ xsecdst = KAUTH_FILESEC_NONE;
+ }
+
+ ciferror = umask1(p, uap->newmask, xsecdst, retval);
+
+ if (xsecdst != KAUTH_FILESEC_NONE)
+ kauth_filesec_free(xsecdst);
+ return ciferror;
+}
+
+int
+umask(proc_t p, struct umask_args *uap, int32_t *retval)
+{
+ return(umask1(p, uap->newmask, UMASK_NOXSECURITY, retval));
+}
+
+/*
+ * Void all references to file by ripping underlying filesystem
+ * away from vnode.
*/
/* ARGSUSED */
-static int
-mkdir1(vfs_context_t ctx, user_addr_t path, struct vnode_attr *vap)
+int
+revoke(proc_t p, struct revoke_args *uap, __unused int32_t *retval)
{
- vnode_t vp, dvp;
+ vnode_t vp;
+ struct vnode_attr va;
+ vfs_context_t ctx = vfs_context_current();
int error;
- int update_flags = 0;
struct nameidata nd;
- AUDIT_ARG(mode, vap->va_mode);
- NDINIT(&nd, CREATE, LOCKPARENT | AUDITVNPATH1,
- UIO_USERSPACE, path, ctx);
- nd.ni_cnd.cn_flags |= WILLBEDIR;
+ NDINIT(&nd, LOOKUP, OP_REVOKE, FOLLOW | AUDITVNPATH1, UIO_USERSPACE,
+ uap->path, ctx);
error = namei(&nd);
if (error)
return (error);
- dvp = nd.ni_dvp;
- vp = nd.ni_vp;
+ vp = nd.ni_vp;
+
+ nameidone(&nd);
+
+ if (!(vnode_ischr(vp) || vnode_isblk(vp))) {
+ error = ENOTSUP;
+ goto out;
+ }
+
+ if (vnode_isblk(vp) && vnode_ismountedon(vp)) {
+ error = EBUSY;
+ goto out;
+ }
+
+#if CONFIG_MACF
+ error = mac_vnode_check_revoke(ctx, vp);
+ if (error)
+ goto out;
+#endif
+
+ VATTR_INIT(&va);
+ VATTR_WANTED(&va, va_uid);
+ if ((error = vnode_getattr(vp, &va, ctx)))
+ goto out;
+ if (kauth_cred_getuid(vfs_context_ucred(ctx)) != va.va_uid &&
+ (error = suser(vfs_context_ucred(ctx), &p->p_acflag)))
+ goto out;
+ if (vp->v_usecount > 0 || (vnode_isaliased(vp)))
+ VNOP_REVOKE(vp, REVOKEALL, ctx);
+out:
+ vnode_put(vp);
+ return (error);
+}
+
+
+/*
+ * HFS/HFS PlUS SPECIFIC SYSTEM CALLS
+ * The following system calls are designed to support features
+ * which are specific to the HFS & HFS Plus volume formats
+ */
+
+
+/*
+* Obtain attribute information on objects in a directory while enumerating
+* the directory. This call does not yet support union mounted directories.
+* TO DO
+* 1.union mounted directories.
+*/
+
+/* ARGSUSED */
+int
+getdirentriesattr (proc_t p, struct getdirentriesattr_args *uap, int32_t *retval)
+{
+ vnode_t vp;
+ struct fileproc *fp;
+ uio_t auio = NULL;
+ int spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
+ uint32_t count;
+ uint32_t newstate;
+ int error, eofflag;
+ uint32_t loff;
+ struct attrlist attributelist;
+ vfs_context_t ctx = vfs_context_current();
+ int fd = uap->fd;
+ char uio_buf[ UIO_SIZEOF(1) ];
+ kauth_action_t action;
+
+ AUDIT_ARG(fd, fd);
+
+ /* Get the attributes into kernel space */
+ if ((error = copyin(uap->alist, (caddr_t)&attributelist, sizeof(attributelist)))) {
+ return(error);
+ }
+ if ((error = copyin(uap->count, (caddr_t)&count, sizeof(count)))) {
+ return(error);
+ }
+ if ( (error = fp_getfvp(p, fd, &fp, &vp)) ) {
+ return (error);
+ }
+ if ((fp->f_fglob->fg_flag & FREAD) == 0) {
+ AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
+ error = EBADF;
+ goto out;
+ }
- if (vp != NULL) {
- error = EEXIST;
- goto out;
- }
- VATTR_SET(vap, va_type, VDIR);
-
#if CONFIG_MACF
- error = mac_vnode_check_create(ctx,
- nd.ni_dvp, &nd.ni_cnd, vap);
+ error = mac_file_check_change_offset(vfs_context_ucred(ctx),
+ fp->f_fglob);
if (error)
goto out;
#endif
- /* authorize addition of a directory to the parent */
- if ((error = vnode_authorize(dvp, NULL, KAUTH_VNODE_ADD_SUBDIRECTORY, ctx)) != 0)
- goto out;
-
-
- /* make the directory */
- if ((error = vn_create(dvp, &vp, &nd.ni_cnd, vap, 0, ctx)) != 0)
- goto out;
-
- // Make sure the name & parent pointers are hooked up
- if (vp->v_name == NULL)
- update_flags |= VNODE_UPDATE_NAME;
- if (vp->v_parent == NULLVP)
- update_flags |= VNODE_UPDATE_PARENT;
- if (update_flags)
- vnode_update_identity(vp, dvp, nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, nd.ni_cnd.cn_hash, update_flags);
+ if ( (error = vnode_getwithref(vp)) )
+ goto out;
-#if CONFIG_FSE
- add_fsevent(FSE_CREATE_DIR, ctx, FSE_ARG_VNODE, vp, FSE_ARG_DONE);
-#endif
+ AUDIT_ARG(vnpath, vp, ARG_VNODE1);
-out:
+ if (vp->v_type != VDIR) {
+ (void)vnode_put(vp);
+ error = EINVAL;
+ goto out;
+ }
+
+#if CONFIG_MACF
+ error = mac_vnode_check_readdir(ctx, vp);
+ if (error != 0) {
+ (void)vnode_put(vp);
+ goto out;
+ }
+#endif /* MAC */
+
+ /* set up the uio structure which will contain the users return buffer */
+ loff = fp->f_fglob->fg_offset;
+ auio = uio_createwithbuffer(1, loff, spacetype, UIO_READ,
+ &uio_buf[0], sizeof(uio_buf));
+ uio_addiov(auio, uap->buffer, uap->buffersize);
+
/*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
+ * If the only item requested is file names, we can let that past with
+ * just LIST_DIRECTORY. If they want any other attributes, that means
+ * they need SEARCH as well.
*/
- nameidone(&nd);
-
- if (vp)
- vnode_put(vp);
- vnode_put(dvp);
+ action = KAUTH_VNODE_LIST_DIRECTORY;
+ if ((attributelist.commonattr & ~ATTR_CMN_NAME) ||
+ attributelist.fileattr || attributelist.dirattr)
+ action |= KAUTH_VNODE_SEARCH;
+
+ if ((error = vnode_authorize(vp, NULL, action, ctx)) == 0) {
- return (error);
-}
+ /* Believe it or not, uap->options only has 32-bits of valid
+ * info, so truncate before extending again */
+ error = VNOP_READDIRATTR(vp, &attributelist, auio,
+ count,
+ (u_long)(uint32_t)uap->options, &newstate, &eofflag,
+ &count, ctx);
+ }
+ (void)vnode_put(vp);
+ if (error)
+ goto out;
+ fp->f_fglob->fg_offset = uio_offset(auio); /* should be multiple of dirent, not variable */
-int
-mkdir_extended(proc_t p, struct mkdir_extended_args *uap, __unused register_t *retval)
-{
- int ciferror;
- kauth_filesec_t xsecdst;
- struct vnode_attr va;
+ if ((error = copyout((caddr_t) &count, uap->count, sizeof(count))))
+ goto out;
+ if ((error = copyout((caddr_t) &newstate, uap->newstate, sizeof(newstate))))
+ goto out;
+ if ((error = copyout((caddr_t) &loff, uap->basep, sizeof(loff))))
+ goto out;
- xsecdst = NULL;
- if ((uap->xsecurity != USER_ADDR_NULL) &&
- ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0))
- return ciferror;
+ *retval = eofflag; /* similar to getdirentries */
+ error = 0;
+out:
+ file_drop(fd);
+ return (error); /* return error earlier, an retval of 0 or 1 now */
- VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, (uap->mode & ACCESSPERMS) & ~p->p_fd->fd_cmask);
- if (xsecdst != NULL)
- VATTR_SET(&va, va_acl, &xsecdst->fsec_acl);
+} /* end of getdirentryattr system call */
- ciferror = mkdir1(vfs_context_current(), uap->path, &va);
- if (xsecdst != NULL)
- kauth_filesec_free(xsecdst);
- return ciferror;
-}
+/*
+* Exchange data between two files
+*/
+/* ARGSUSED */
int
-mkdir(proc_t p, struct mkdir_args *uap, __unused register_t *retval)
+exchangedata (__unused proc_t p, struct exchangedata_args *uap, __unused int32_t *retval)
{
- struct vnode_attr va;
- VATTR_INIT(&va);
- VATTR_SET(&va, va_mode, (uap->mode & ACCESSPERMS) & ~p->p_fd->fd_cmask);
+ struct nameidata fnd, snd;
+ vfs_context_t ctx = vfs_context_current();
+ vnode_t fvp;
+ vnode_t svp;
+ int error;
+ u_int32_t nameiflags;
+ char *fpath = NULL;
+ char *spath = NULL;
+ int flen=0, slen=0;
+ int from_truncated=0, to_truncated=0;
+#if CONFIG_FSE
+ fse_info f_finfo, s_finfo;
+#endif
+
+ nameiflags = 0;
+ if ((uap->options & FSOPT_NOFOLLOW) == 0) nameiflags |= FOLLOW;
- return(mkdir1(vfs_context_current(), uap->path, &va));
-}
+ NDINIT(&fnd, LOOKUP, OP_EXCHANGEDATA, nameiflags | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path1, ctx);
-/*
- * Remove a directory file.
- */
-/* ARGSUSED */
-int
-rmdir(__unused proc_t p, struct rmdir_args *uap, __unused register_t *retval)
-{
- vnode_t vp, dvp;
- int error;
- struct nameidata nd;
- vfs_context_t ctx = vfs_context_current();
+ error = namei(&fnd);
+ if (error)
+ goto out2;
- int restart_flag, oldvp_id = -1;
+ nameidone(&fnd);
+ fvp = fnd.ni_vp;
- /*
- * This loop exists to restart rmdir in the unlikely case that two
- * processes are simultaneously trying to remove the same directory
- * containing orphaned appleDouble files.
+ NDINIT(&snd, LOOKUP, OP_EXCHANGEDATA, CN_NBMOUNTLOOK | nameiflags | AUDITVNPATH2,
+ UIO_USERSPACE, uap->path2, ctx);
+
+ error = namei(&snd);
+ if (error) {
+ vnode_put(fvp);
+ goto out2;
+ }
+ nameidone(&snd);
+ svp = snd.ni_vp;
+
+ /*
+ * if the files are the same, return an inval error
*/
- do {
- restart_flag = 0;
+ if (svp == fvp) {
+ error = EINVAL;
+ goto out;
+ }
- NDINIT(&nd, DELETE, LOCKPARENT | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
+ /*
+ * if the files are on different volumes, return an error
+ */
+ if (svp->v_mount != fvp->v_mount) {
+ error = EXDEV;
+ goto out;
+ }
- dvp = nd.ni_dvp;
- vp = nd.ni_vp;
+ /*
+ * if the two vnodes are not files, return an error.
+ */
+ if ( (vnode_isreg(svp) == 0) || (vnode_isreg(fvp) == 0) ) {
+ error = EINVAL;
+ goto out;
+ }
- /*
- * If being restarted check if the new vp
- * still has the same v_id.
- */
- if (oldvp_id != -1 && oldvp_id != vp->v_id) {
- error = ENOENT;
+#if CONFIG_MACF
+ error = mac_vnode_check_exchangedata(ctx,
+ fvp, svp);
+ if (error)
+ goto out;
+#endif
+ if (((error = vnode_authorize(fvp, NULL, KAUTH_VNODE_READ_DATA | KAUTH_VNODE_WRITE_DATA, ctx)) != 0) ||
+ ((error = vnode_authorize(svp, NULL, KAUTH_VNODE_READ_DATA | KAUTH_VNODE_WRITE_DATA, ctx)) != 0))
+ goto out;
+
+ if (
+#if CONFIG_FSE
+ need_fsevent(FSE_EXCHANGE, fvp) ||
+#endif
+ kauth_authorize_fileop_has_listeners()) {
+ GET_PATH(fpath);
+ GET_PATH(spath);
+ if (fpath == NULL || spath == NULL) {
+ error = ENOMEM;
goto out;
}
- if (vp->v_type != VDIR) {
- /*
- * rmdir only deals with directories
- */
- error = ENOTDIR;
- } else if (dvp == vp) {
- /*
- * No rmdir "." please.
- */
- error = EINVAL;
- } else if (vp->v_flag & VROOT) {
- /*
- * The root of a mounted filesystem cannot be deleted.
- */
- error = EBUSY;
- } else {
-#if CONFIG_MACF
- error = mac_vnode_check_unlink(ctx, dvp,
- vp, &nd.ni_cnd);
- if (!error)
-#endif
- error = vnode_authorize(vp, nd.ni_dvp, KAUTH_VNODE_DELETE, ctx);
+ flen = safe_getpath(fvp, NULL, fpath, MAXPATHLEN, &from_truncated);
+ slen = safe_getpath(svp, NULL, spath, MAXPATHLEN, &to_truncated);
+
+#if CONFIG_FSE
+ get_fse_info(fvp, &f_finfo, ctx);
+ get_fse_info(svp, &s_finfo, ctx);
+ if (from_truncated || to_truncated) {
+ // set it here since only the f_finfo gets reported up to user space
+ f_finfo.mode |= FSE_TRUNCATED_PATH;
}
- if (!error) {
- char *path = NULL;
- int len;
- fse_info finfo;
- int has_listeners = 0;
- int need_event = 0;
+#endif
+ }
+ /* Ok, make the call */
+ error = VNOP_EXCHANGE(fvp, svp, 0, ctx);
+
+ if (error == 0) {
+ const char *tmpname;
+
+ if (fpath != NULL && spath != NULL) {
+ /* call out to allow 3rd party notification of exchangedata.
+ * Ignore result of kauth_authorize_fileop call.
+ */
+ kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_EXCHANGE,
+ (uintptr_t)fpath, (uintptr_t)spath);
+ }
+ name_cache_lock();
+
+ tmpname = fvp->v_name;
+ fvp->v_name = svp->v_name;
+ svp->v_name = tmpname;
+
+ if (fvp->v_parent != svp->v_parent) {
+ vnode_t tmp;
+
+ tmp = fvp->v_parent;
+ fvp->v_parent = svp->v_parent;
+ svp->v_parent = tmp;
+ }
+ name_cache_unlock();
#if CONFIG_FSE
- need_event = need_fsevent(FSE_DELETE, dvp);
- if (need_event) {
- get_fse_info(vp, &finfo, ctx);
- }
+ if (fpath != NULL && spath != NULL) {
+ add_fsevent(FSE_EXCHANGE, ctx,
+ FSE_ARG_STRING, flen, fpath,
+ FSE_ARG_FINFO, &f_finfo,
+ FSE_ARG_STRING, slen, spath,
+ FSE_ARG_FINFO, &s_finfo,
+ FSE_ARG_DONE);
+ }
#endif
- has_listeners = kauth_authorize_fileop_has_listeners();
- if (need_event || has_listeners) {
- GET_PATH(path);
- if (path == NULL) {
- error = ENOMEM;
- goto out;
- }
- len = MAXPATHLEN;
- vn_getpath(vp, path, &len);
- }
-
- error = VNOP_RMDIR(dvp, vp, &nd.ni_cnd, ctx);
-
- /*
- * Special case to remove orphaned AppleDouble
- * files. I don't like putting this in the kernel,
- * but carbon does not like putting this in carbon either,
- * so here we are.
- */
- if (error == ENOTEMPTY) {
- error = rmdir_remove_orphaned_appleDouble(vp, ctx, &restart_flag);
- if (error == EBUSY) {
- oldvp_id = vp->v_id;
- goto out;
- }
+ }
+out:
+ if (fpath != NULL)
+ RELEASE_PATH(fpath);
+ if (spath != NULL)
+ RELEASE_PATH(spath);
+ vnode_put(svp);
+ vnode_put(fvp);
+out2:
+ return (error);
+}
- /*
- * Assuming everything went well, we will try the RMDIR again
- */
- if (!error)
- error = VNOP_RMDIR(dvp, vp, &nd.ni_cnd, ctx);
- }
+#if CONFIG_SEARCHFS
- /*
- * Call out to allow 3rd party notification of delete.
- * Ignore result of kauth_authorize_fileop call.
- */
- if (!error) {
- if (has_listeners) {
- kauth_authorize_fileop(vfs_context_ucred(ctx),
- KAUTH_FILEOP_DELETE,
- (uintptr_t)vp,
- (uintptr_t)path);
- }
+/* ARGSUSED */
- if (vp->v_flag & VISHARDLINK) {
- // see the comment in unlink1() about why we update
- // the parent of a hard link when it is removed
- vnode_update_identity(vp, NULL, NULL, 0, 0, VNODE_UPDATE_PARENT);
- }
+int
+searchfs(proc_t p, struct searchfs_args *uap, __unused int32_t *retval)
+{
+ vnode_t vp;
+ int error=0;
+ int fserror = 0;
+ struct nameidata nd;
+ struct user64_fssearchblock searchblock;
+ struct searchstate *state;
+ struct attrlist *returnattrs;
+ struct timeval timelimit;
+ void *searchparams1,*searchparams2;
+ uio_t auio = NULL;
+ int spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
+ uint32_t nummatches;
+ int mallocsize;
+ uint32_t nameiflags;
+ vfs_context_t ctx = vfs_context_current();
+ char uio_buf[ UIO_SIZEOF(1) ];
-#if CONFIG_FSE
- if (need_event) {
- add_fsevent(FSE_DELETE, ctx,
- FSE_ARG_STRING, len, path,
- FSE_ARG_FINFO, &finfo,
- FSE_ARG_DONE);
- }
-#endif
- }
- if (path != NULL)
- RELEASE_PATH(path);
- }
+ /* Start by copying in fsearchblock paramater list */
+ if (IS_64BIT_PROCESS(p)) {
+ error = copyin(uap->searchblock, (caddr_t) &searchblock, sizeof(searchblock));
+ timelimit.tv_sec = searchblock.timelimit.tv_sec;
+ timelimit.tv_usec = searchblock.timelimit.tv_usec;
+ }
+ else {
+ struct user32_fssearchblock tmp_searchblock;
-out:
- /*
- * nameidone has to happen before we vnode_put(dvp)
- * since it may need to release the fs_nodelock on the dvp
+ error = copyin(uap->searchblock, (caddr_t) &tmp_searchblock, sizeof(tmp_searchblock));
+ // munge into 64-bit version
+ searchblock.returnattrs = CAST_USER_ADDR_T(tmp_searchblock.returnattrs);
+ searchblock.returnbuffer = CAST_USER_ADDR_T(tmp_searchblock.returnbuffer);
+ searchblock.returnbuffersize = tmp_searchblock.returnbuffersize;
+ searchblock.maxmatches = tmp_searchblock.maxmatches;
+ /*
+ * These casts are safe. We will promote the tv_sec into a 64 bit long if necessary
+ * from a 32 bit long, and tv_usec is already a signed 32 bit int.
*/
- nameidone(&nd);
-
- vnode_put(dvp);
- vnode_put(vp);
+ timelimit.tv_sec = (__darwin_time_t) tmp_searchblock.timelimit.tv_sec;
+ timelimit.tv_usec = (__darwin_useconds_t) tmp_searchblock.timelimit.tv_usec;
+ searchblock.searchparams1 = CAST_USER_ADDR_T(tmp_searchblock.searchparams1);
+ searchblock.sizeofsearchparams1 = tmp_searchblock.sizeofsearchparams1;
+ searchblock.searchparams2 = CAST_USER_ADDR_T(tmp_searchblock.searchparams2);
+ searchblock.sizeofsearchparams2 = tmp_searchblock.sizeofsearchparams2;
+ searchblock.searchattrs = tmp_searchblock.searchattrs;
+ }
+ if (error)
+ return(error);
- if (restart_flag == 0) {
- wakeup_one((caddr_t)vp);
- return (error);
- }
- tsleep(vp, PVFS, "rm AD", 1);
+ /* Do a sanity check on sizeofsearchparams1 and sizeofsearchparams2.
+ */
+ if (searchblock.sizeofsearchparams1 > SEARCHFS_MAX_SEARCHPARMS ||
+ searchblock.sizeofsearchparams2 > SEARCHFS_MAX_SEARCHPARMS)
+ return(EINVAL);
+
+ /* Now malloc a big bunch of space to hold the search parameters, the attrlists and the search state. */
+ /* It all has to do into local memory and it's not that big so we might as well put it all together. */
+ /* Searchparams1 shall be first so we might as well use that to hold the base address of the allocated*/
+ /* block. */
+
+ mallocsize = searchblock.sizeofsearchparams1 + searchblock.sizeofsearchparams2 +
+ sizeof(struct attrlist) + sizeof(struct searchstate);
- } while (restart_flag != 0);
+ MALLOC(searchparams1, void *, mallocsize, M_TEMP, M_WAITOK);
- return (error);
+ /* Now set up the various pointers to the correct place in our newly allocated memory */
-}
+ searchparams2 = (void *) (((caddr_t) searchparams1) + searchblock.sizeofsearchparams1);
+ returnattrs = (struct attrlist *) (((caddr_t) searchparams2) + searchblock.sizeofsearchparams2);
+ state = (struct searchstate *) (((caddr_t) returnattrs) + sizeof (struct attrlist));
-/* Get direntry length padded to 8 byte alignment */
-#define DIRENT64_LEN(namlen) \
- ((sizeof(struct direntry) + (namlen) - (MAXPATHLEN-1) + 7) & ~7)
+ /* Now copy in the stuff given our local variables. */
-static errno_t
-vnode_readdir64(struct vnode *vp, struct uio *uio, int flags, int *eofflag,
- int *numdirent, vfs_context_t ctxp)
-{
- /* Check if fs natively supports VNODE_READDIR_EXTENDED */
- if (vp->v_mount->mnt_vtable->vfc_vfsflags & VFC_VFSREADDIR_EXTENDED) {
- return VNOP_READDIR(vp, uio, flags, eofflag, numdirent, ctxp);
- } else {
- size_t bufsize;
- void * bufptr;
- uio_t auio;
- struct direntry entry64;
- struct dirent *dep;
- int bytesread;
- int error;
+ if ((error = copyin(searchblock.searchparams1, searchparams1, searchblock.sizeofsearchparams1)))
+ goto freeandexit;
- /*
- * Our kernel buffer needs to be smaller since re-packing
- * will expand each dirent. The worse case (when the name
- * length is 3) corresponds to a struct direntry size of 32
- * bytes (8-byte aligned) and a struct dirent size of 12 bytes
- * (4-byte aligned). So having a buffer that is 3/8 the size
- * will prevent us from reading more than we can pack.
- *
- * Since this buffer is wired memory, we will limit the
- * buffer size to a maximum of 32K. We would really like to
- * use 32K in the MIN(), but we use magic number 87371 to
- * prevent uio_resid() * 3 / 8 from overflowing.
- */
- bufsize = 3 * MIN(uio_resid(uio), 87371) / 8;
- MALLOC(bufptr, void *, bufsize, M_TEMP, M_WAITOK);
+ if ((error = copyin(searchblock.searchparams2, searchparams2, searchblock.sizeofsearchparams2)))
+ goto freeandexit;
- auio = uio_create(1, 0, UIO_SYSSPACE32, UIO_READ);
- uio_addiov(auio, (uintptr_t)bufptr, bufsize);
- auio->uio_offset = uio->uio_offset;
+ if ((error = copyin(searchblock.returnattrs, (caddr_t) returnattrs, sizeof(struct attrlist))))
+ goto freeandexit;
+
+ if ((error = copyin(uap->state, (caddr_t) state, sizeof(struct searchstate))))
+ goto freeandexit;
- error = VNOP_READDIR(vp, auio, 0, eofflag, numdirent, ctxp);
- dep = (struct dirent *)bufptr;
- bytesread = bufsize - uio_resid(auio);
+ /*
+ * Because searchparams1 and searchparams2 may contain an ATTR_CMN_NAME search parameter,
+ * which is passed in with an attrreference_t, we need to inspect the buffer manually here.
+ * The KPI does not provide us the ability to pass in the length of the buffers searchparams1
+ * and searchparams2. To obviate the need for all searchfs-supporting filesystems to
+ * validate the user-supplied data offset of the attrreference_t, we'll do it here.
+ */
- /*
- * Convert all the entries and copy them out to user's buffer.
- */
- while (error == 0 && (char *)dep < ((char *)bufptr + bytesread)) {
- /* Convert a dirent to a dirent64. */
- entry64.d_ino = dep->d_ino;
- entry64.d_seekoff = 0;
- entry64.d_reclen = DIRENT64_LEN(dep->d_namlen);
- entry64.d_namlen = dep->d_namlen;
- entry64.d_type = dep->d_type;
- bcopy(dep->d_name, entry64.d_name, dep->d_namlen + 1);
+ if (searchblock.searchattrs.commonattr & ATTR_CMN_NAME) {
+ attrreference_t* string_ref;
+ u_int32_t* start_length;
+ user64_size_t param_length;
- /* Move to next entry. */
- dep = (struct dirent *)((char *)dep + dep->d_reclen);
+ /* validate searchparams1 */
+ param_length = searchblock.sizeofsearchparams1;
+ /* skip the word that specifies length of the buffer */
+ start_length= (u_int32_t*) searchparams1;
+ start_length= start_length+1;
+ string_ref= (attrreference_t*) start_length;
- /* Copy entry64 to user's buffer. */
- error = uiomove((caddr_t)&entry64, entry64.d_reclen, uio);
+ /* ensure no negative offsets or too big offsets */
+ if (string_ref->attr_dataoffset < 0 ) {
+ error = EINVAL;
+ goto freeandexit;
+ }
+ if (string_ref->attr_length > MAXPATHLEN) {
+ error = EINVAL;
+ goto freeandexit;
+ }
+
+ /* Check for pointer overflow in the string ref */
+ if (((char*) string_ref + string_ref->attr_dataoffset) < (char*) string_ref) {
+ error = EINVAL;
+ goto freeandexit;
}
- /* Update the real offset using the offset we got from VNOP_READDIR. */
- if (error == 0) {
- uio->uio_offset = auio->uio_offset;
+ if (((char*) string_ref + string_ref->attr_dataoffset) > ((char*)searchparams1 + param_length)) {
+ error = EINVAL;
+ goto freeandexit;
+ }
+ if (((char*)string_ref + string_ref->attr_dataoffset + string_ref->attr_length) > ((char*)searchparams1 + param_length)) {
+ error = EINVAL;
+ goto freeandexit;
}
- uio_free(auio);
- FREE(bufptr, M_TEMP);
- return (error);
}
-}
-/*
- * Read a block of directory entries in a file system independent format.
- */
-static int
-getdirentries_common(int fd, user_addr_t bufp, user_size_t bufsize, ssize_t *bytesread,
- off_t *offset, int flags)
-{
- vnode_t vp;
- struct vfs_context context = *vfs_context_current(); /* local copy */
- struct fileproc *fp;
- uio_t auio;
- int spacetype = proc_is64bit(vfs_context_proc(&context)) ? UIO_USERSPACE64 : UIO_USERSPACE32;
- off_t loff;
- int error, eofflag, numdirent;
- char uio_buf[ UIO_SIZEOF(1) ];
+ /* set up the uio structure which will contain the users return buffer */
+ auio = uio_createwithbuffer(1, 0, spacetype, UIO_READ,
+ &uio_buf[0], sizeof(uio_buf));
+ uio_addiov(auio, searchblock.returnbuffer, searchblock.returnbuffersize);
+
+ nameiflags = 0;
+ if ((uap->options & FSOPT_NOFOLLOW) == 0) nameiflags |= FOLLOW;
+ NDINIT(&nd, LOOKUP, OP_SEARCHFS, nameiflags | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+
+ error = namei(&nd);
+ if (error)
+ goto freeandexit;
+
+ nameidone(&nd);
+ vp = nd.ni_vp;
+
+#if CONFIG_MACF
+ error = mac_vnode_check_searchfs(ctx, vp, &searchblock.searchattrs);
+ if (error) {
+ vnode_put(vp);
+ goto freeandexit;
+ }
+#endif
+
+
+ /*
+ * If searchblock.maxmatches == 0, then skip the search. This has happened
+ * before and sometimes the underlyning code doesnt deal with it well.
+ */
+ if (searchblock.maxmatches == 0) {
+ nummatches = 0;
+ goto saveandexit;
+ }
+
+ /*
+ Allright, we have everything we need, so lets make that call.
+
+ We keep special track of the return value from the file system:
+ EAGAIN is an acceptable error condition that shouldn't keep us
+ from copying out any results...
+ */
+
+ fserror = VNOP_SEARCHFS(vp,
+ searchparams1,
+ searchparams2,
+ &searchblock.searchattrs,
+ (u_long)searchblock.maxmatches,
+ &timelimit,
+ returnattrs,
+ &nummatches,
+ (u_long)uap->scriptcode,
+ (u_long)uap->options,
+ auio,
+ state,
+ ctx);
+
+saveandexit:
- error = fp_getfvp(vfs_context_proc(&context), fd, &fp, &vp);
- if (error) {
- return (error);
- }
- if ((fp->f_fglob->fg_flag & FREAD) == 0) {
- AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
- error = EBADF;
- goto out;
- }
+ vnode_put(vp);
-#if CONFIG_MACF
- error = mac_file_check_change_offset(vfs_context_ucred(&context), fp->f_fglob);
- if (error)
- goto out;
-#endif
- if ( (error = vnode_getwithref(vp)) ) {
- goto out;
- }
- AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+ /* Now copy out the stuff that needs copying out. That means the number of matches, the
+ search state. Everything was already put into he return buffer by the vop call. */
-unionread:
- if (vp->v_type != VDIR) {
- (void)vnode_put(vp);
- error = EINVAL;
- goto out;
- }
+ if ((error = copyout((caddr_t) state, uap->state, sizeof(struct searchstate))) != 0)
+ goto freeandexit;
-#if CONFIG_MACF
- error = mac_vnode_check_readdir(&context, vp);
- if (error != 0) {
- (void)vnode_put(vp);
- goto out;
- }
-#endif /* MAC */
+ if ((error = suulong(uap->nummatches, (uint64_t)nummatches)) != 0)
+ goto freeandexit;
+
+ error = fserror;
- loff = fp->f_fglob->fg_offset;
- auio = uio_createwithbuffer(1, loff, spacetype, UIO_READ, &uio_buf[0], sizeof(uio_buf));
- uio_addiov(auio, bufp, bufsize);
+freeandexit:
- if (flags & VNODE_READDIR_EXTENDED) {
- error = vnode_readdir64(vp, auio, flags, &eofflag, &numdirent, &context);
- fp->f_fglob->fg_offset = uio_offset(auio);
- } else {
- error = VNOP_READDIR(vp, auio, 0, &eofflag, &numdirent, &context);
- fp->f_fglob->fg_offset = uio_offset(auio);
- }
- if (error) {
- (void)vnode_put(vp);
- goto out;
- }
+ FREE(searchparams1,M_TEMP);
- if ((user_ssize_t)bufsize == uio_resid(auio)){
- if (union_dircheckp) {
- error = union_dircheckp(&vp, fp, &context);
- if (error == -1)
- goto unionread;
- if (error)
- goto out;
- }
+ return(error);
- if ((vp->v_flag & VROOT) && (vp->v_mount->mnt_flag & MNT_UNION)) {
- struct vnode *tvp = vp;
- vp = vp->v_mount->mnt_vnodecovered;
- vnode_getwithref(vp);
- vnode_ref(vp);
- fp->f_fglob->fg_data = (caddr_t) vp;
- fp->f_fglob->fg_offset = 0;
- vnode_rele(tvp);
- vnode_put(tvp);
- goto unionread;
- }
- }
- vnode_put(vp);
- if (offset) {
- *offset = loff;
- }
- // LP64todo - fix this
- *bytesread = bufsize - uio_resid(auio);
-out:
- file_drop(fd);
- return (error);
-}
+} /* end of searchfs system call */
+#else /* CONFIG_SEARCHFS */
int
-getdirentries(__unused struct proc *p, struct getdirentries_args *uap, register_t *retval)
+searchfs(__unused proc_t p, __unused struct searchfs_args *uap, __unused int32_t *retval)
{
- off_t offset;
- long loff;
- ssize_t bytesread;
- int error;
+ return (ENOTSUP);
+}
- AUDIT_ARG(fd, uap->fd);
- error = getdirentries_common(uap->fd, uap->buf, uap->count, &bytesread, &offset, 0);
+#endif /* CONFIG_SEARCHFS */
- if (error == 0) {
- loff = (long)offset;
- error = copyout((caddr_t)&loff, uap->basep, sizeof(long));
- *retval = bytesread;
- }
- return (error);
-}
-int
-getdirentries64(__unused struct proc *p, struct getdirentries64_args *uap, user_ssize_t *retval)
-{
- off_t offset;
- ssize_t bytesread;
- int error;
+lck_grp_attr_t * nspace_group_attr;
+lck_attr_t * nspace_lock_attr;
+lck_grp_t * nspace_mutex_group;
- AUDIT_ARG(fd, uap->fd);
- error = getdirentries_common(uap->fd, uap->buf, uap->bufsize, &bytesread, &offset, VNODE_READDIR_EXTENDED);
+lck_mtx_t nspace_handler_lock;
+lck_mtx_t nspace_handler_exclusion_lock;
- if (error == 0) {
- *retval = bytesread;
- error = copyout((caddr_t)&offset, uap->position, sizeof(off_t));
+time_t snapshot_timestamp=0;
+int nspace_allow_virtual_devs=0;
+
+void nspace_handler_init(void);
+
+typedef struct nspace_item_info {
+ struct vnode *vp;
+ void *arg;
+ uint64_t op;
+ uint32_t vid;
+ uint32_t flags;
+ uint32_t token;
+ uint32_t refcount;
+} nspace_item_info;
+
+#define MAX_NSPACE_ITEMS 128
+nspace_item_info nspace_items[MAX_NSPACE_ITEMS];
+uint32_t nspace_item_idx=0; // also used as the sleep/wakeup rendezvous address
+uint32_t nspace_token_id=0;
+uint32_t nspace_handler_timeout = 15; // seconds
+
+#define NSPACE_ITEM_NEW 0x0001
+#define NSPACE_ITEM_PROCESSING 0x0002
+#define NSPACE_ITEM_DEAD 0x0004
+#define NSPACE_ITEM_CANCELLED 0x0008
+#define NSPACE_ITEM_DONE 0x0010
+#define NSPACE_ITEM_RESET_TIMER 0x0020
+
+#define NSPACE_ITEM_NSPACE_EVENT 0x0040
+#define NSPACE_ITEM_SNAPSHOT_EVENT 0x0080
+#define NSPACE_ITEM_TRACK_EVENT 0x0100
+
+#define NSPACE_ITEM_ALL_EVENT_TYPES (NSPACE_ITEM_NSPACE_EVENT | NSPACE_ITEM_SNAPSHOT_EVENT | NSPACE_ITEM_TRACK_EVENT)
+
+//#pragma optimization_level 0
+
+typedef enum {
+ NSPACE_HANDLER_NSPACE = 0,
+ NSPACE_HANDLER_SNAPSHOT = 1,
+ NSPACE_HANDLER_TRACK = 2,
+
+ NSPACE_HANDLER_COUNT,
+} nspace_type_t;
+
+typedef struct {
+ uint64_t handler_tid;
+ struct proc *handler_proc;
+ int handler_busy;
+} nspace_handler_t;
+
+nspace_handler_t nspace_handlers[NSPACE_HANDLER_COUNT];
+
+static inline int nspace_flags_matches_handler(uint32_t event_flags, nspace_type_t nspace_type)
+{
+ switch(nspace_type) {
+ case NSPACE_HANDLER_NSPACE:
+ return (event_flags & NSPACE_ITEM_ALL_EVENT_TYPES) == NSPACE_ITEM_NSPACE_EVENT;
+ case NSPACE_HANDLER_SNAPSHOT:
+ return (event_flags & NSPACE_ITEM_ALL_EVENT_TYPES) == NSPACE_ITEM_SNAPSHOT_EVENT;
+ case NSPACE_HANDLER_TRACK:
+ return (event_flags & NSPACE_ITEM_ALL_EVENT_TYPES) == NSPACE_ITEM_TRACK_EVENT;
+ default:
+ printf("nspace_flags_matches_handler: invalid type %u\n", (int)nspace_type);
+ return 0;
}
- return (error);
}
+static inline int nspace_item_flags_for_type(nspace_type_t nspace_type)
+{
+ switch(nspace_type) {
+ case NSPACE_HANDLER_NSPACE:
+ return NSPACE_ITEM_NSPACE_EVENT;
+ case NSPACE_HANDLER_SNAPSHOT:
+ return NSPACE_ITEM_SNAPSHOT_EVENT;
+ case NSPACE_HANDLER_TRACK:
+ return NSPACE_ITEM_TRACK_EVENT;
+ default:
+ printf("nspace_item_flags_for_type: invalid type %u\n", (int)nspace_type);
+ return 0;
+ }
+}
-/*
- * Set the mode mask for creation of filesystem nodes.
- */
-#warning XXX implement xsecurity
-
-#define UMASK_NOXSECURITY (void *)1 /* leave existing xsecurity alone */
-static int
-umask1(proc_t p, int newmask, __unused kauth_filesec_t fsec, register_t *retval)
+static inline int nspace_open_flags_for_type(nspace_type_t nspace_type)
{
- struct filedesc *fdp;
+ switch(nspace_type) {
+ case NSPACE_HANDLER_NSPACE:
+ return FREAD | FWRITE | O_EVTONLY;
+ case NSPACE_HANDLER_SNAPSHOT:
+ case NSPACE_HANDLER_TRACK:
+ return FREAD | O_EVTONLY;
+ default:
+ printf("nspace_open_flags_for_type: invalid type %u\n", (int)nspace_type);
+ return 0;
+ }
+}
- AUDIT_ARG(mask, newmask);
- proc_fdlock(p);
- fdp = p->p_fd;
- *retval = fdp->fd_cmask;
- fdp->fd_cmask = newmask & ALLPERMS;
- proc_fdunlock(p);
- return (0);
+static inline nspace_type_t nspace_type_for_op(uint64_t op)
+{
+ switch(op & NAMESPACE_HANDLER_EVENT_TYPE_MASK) {
+ case NAMESPACE_HANDLER_NSPACE_EVENT:
+ return NSPACE_HANDLER_NSPACE;
+ case NAMESPACE_HANDLER_SNAPSHOT_EVENT:
+ return NSPACE_HANDLER_SNAPSHOT;
+ case NAMESPACE_HANDLER_TRACK_EVENT:
+ return NSPACE_HANDLER_TRACK;
+ default:
+ printf("nspace_type_for_op: invalid op mask %llx\n", op & NAMESPACE_HANDLER_EVENT_TYPE_MASK);
+ return NSPACE_HANDLER_NSPACE;
+ }
}
+static inline int nspace_is_special_process(struct proc *proc)
+{
+ int i;
+ for (i = 0; i < NSPACE_HANDLER_COUNT; i++) {
+ if (proc == nspace_handlers[i].handler_proc)
+ return 1;
+ }
+ return 0;
+}
-int
-umask_extended(proc_t p, struct umask_extended_args *uap, register_t *retval)
+void
+nspace_handler_init(void)
{
- int ciferror;
- kauth_filesec_t xsecdst;
+ nspace_lock_attr = lck_attr_alloc_init();
+ nspace_group_attr = lck_grp_attr_alloc_init();
+ nspace_mutex_group = lck_grp_alloc_init("nspace-mutex", nspace_group_attr);
+ lck_mtx_init(&nspace_handler_lock, nspace_mutex_group, nspace_lock_attr);
+ lck_mtx_init(&nspace_handler_exclusion_lock, nspace_mutex_group, nspace_lock_attr);
+ memset(&nspace_items[0], 0, sizeof(nspace_items));
+}
- xsecdst = KAUTH_FILESEC_NONE;
- if (uap->xsecurity != USER_ADDR_NULL) {
- if ((ciferror = kauth_copyinfilesec(uap->xsecurity, &xsecdst)) != 0)
- return ciferror;
- } else {
- xsecdst = KAUTH_FILESEC_NONE;
+void
+nspace_proc_exit(struct proc *p)
+{
+ int i, event_mask = 0;
+
+ for (i = 0; i < NSPACE_HANDLER_COUNT; i++) {
+ if (p == nspace_handlers[i].handler_proc) {
+ event_mask |= nspace_item_flags_for_type(i);
+ nspace_handlers[i].handler_tid = 0;
+ nspace_handlers[i].handler_proc = NULL;
+ }
}
- ciferror = umask1(p, uap->newmask, xsecdst, retval);
-
- if (xsecdst != KAUTH_FILESEC_NONE)
- kauth_filesec_free(xsecdst);
- return ciferror;
+ if (event_mask == 0) {
+ return;
+ }
+
+ if (event_mask & NSPACE_ITEM_SNAPSHOT_EVENT) {
+ // if this process was the snapshot handler, zero snapshot_timeout
+ snapshot_timestamp = 0;
+ }
+
+ //
+ // unblock anyone that's waiting for the handler that died
+ //
+ lck_mtx_lock(&nspace_handler_lock);
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].flags & (NSPACE_ITEM_NEW | NSPACE_ITEM_PROCESSING)) {
+
+ if ( nspace_items[i].flags & event_mask ) {
+
+ if (nspace_items[i].vp && (nspace_items[i].vp->v_flag & VNEEDSSNAPSHOT)) {
+ vnode_lock_spin(nspace_items[i].vp);
+ nspace_items[i].vp->v_flag &= ~VNEEDSSNAPSHOT;
+ vnode_unlock(nspace_items[i].vp);
+ }
+ nspace_items[i].vp = NULL;
+ nspace_items[i].vid = 0;
+ nspace_items[i].flags = NSPACE_ITEM_DONE;
+ nspace_items[i].token = 0;
+
+ wakeup((caddr_t)&(nspace_items[i].vp));
+ }
+ }
+ }
+
+ wakeup((caddr_t)&nspace_item_idx);
+ lck_mtx_unlock(&nspace_handler_lock);
}
-int
-umask(proc_t p, struct umask_args *uap, register_t *retval)
+
+int
+resolve_nspace_item(struct vnode *vp, uint64_t op)
{
- return(umask1(p, uap->newmask, UMASK_NOXSECURITY, retval));
+ return resolve_nspace_item_ext(vp, op, NULL);
}
-/*
- * Void all references to file by ripping underlying filesystem
- * away from vnode.
- */
-/* ARGSUSED */
-int
-revoke(proc_t p, struct revoke_args *uap, __unused register_t *retval)
+int
+resolve_nspace_item_ext(struct vnode *vp, uint64_t op, void *arg)
{
- vnode_t vp;
- struct vnode_attr va;
- vfs_context_t ctx = vfs_context_current();
- int error;
- struct nameidata nd;
+ int i, error, keep_waiting;
+ struct timespec ts;
+ nspace_type_t nspace_type = nspace_type_for_op(op);
- NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
- error = namei(&nd);
- if (error)
- return (error);
- vp = nd.ni_vp;
+ // only allow namespace events on regular files, directories and symlinks.
+ if (vp->v_type != VREG && vp->v_type != VDIR && vp->v_type != VLNK) {
+ return 0;
+ }
- nameidone(&nd);
+ //
+ // if this is a snapshot event and the vnode is on a
+ // disk image just pretend nothing happened since any
+ // change to the disk image will cause the disk image
+ // itself to get backed up and this avoids multi-way
+ // deadlocks between the snapshot handler and the ever
+ // popular diskimages-helper process. the variable
+ // nspace_allow_virtual_devs allows this behavior to
+ // be overridden (for use by the Mobile TimeMachine
+ // testing infrastructure which uses disk images)
+ //
+ if ( (op & NAMESPACE_HANDLER_SNAPSHOT_EVENT)
+ && (vp->v_mount != NULL)
+ && (vp->v_mount->mnt_kern_flag & MNTK_VIRTUALDEV)
+ && !nspace_allow_virtual_devs) {
-#if CONFIG_MACF
- error = mac_vnode_check_revoke(ctx, vp);
- if (error)
- goto out;
-#endif
+ return 0;
+ }
- VATTR_INIT(&va);
- VATTR_WANTED(&va, va_uid);
- if ((error = vnode_getattr(vp, &va, ctx)))
- goto out;
- if (kauth_cred_getuid(vfs_context_ucred(ctx)) != va.va_uid &&
- (error = suser(vfs_context_ucred(ctx), &p->p_acflag)))
- goto out;
- if (vp->v_usecount > 1 || (vp->v_flag & VALIASED))
- VNOP_REVOKE(vp, REVOKEALL, ctx);
-out:
- vnode_put(vp);
- return (error);
-}
+ // if (thread_tid(current_thread()) == namespace_handler_tid) {
+ if (nspace_handlers[nspace_type].handler_proc == NULL) {
+ return 0;
+ }
+ if (nspace_is_special_process(current_proc())) {
+ return EDEADLK;
+ }
-/*
- * HFS/HFS PlUS SPECIFIC SYSTEM CALLS
- * The following system calls are designed to support features
- * which are specific to the HFS & HFS Plus volume formats
- */
+ lck_mtx_lock(&nspace_handler_lock);
-#ifdef __APPLE_API_OBSOLETE
+retry:
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (vp == nspace_items[i].vp && op == nspace_items[i].op) {
+ break;
+ }
+ }
-/************************************************/
-/* *** Following calls will be deleted soon *** */
-/************************************************/
+ if (i >= MAX_NSPACE_ITEMS) {
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].flags == 0) {
+ break;
+ }
+ }
+ } else {
+ nspace_items[i].refcount++;
+ }
+
+ if (i >= MAX_NSPACE_ITEMS) {
+ ts.tv_sec = nspace_handler_timeout;
+ ts.tv_nsec = 0;
-/*
- * Make a complex file. A complex file is one with multiple forks (data streams)
- */
-/* ARGSUSED */
-int
-mkcomplex(__unused proc_t p, __unused struct mkcomplex_args *uap, __unused register_t *retval)
-{
- return (ENOTSUP);
+ error = msleep((caddr_t)&nspace_token_id, &nspace_handler_lock, PVFS|PCATCH, "nspace-no-space", &ts);
+ if (error == 0) {
+ // an entry got free'd up, go see if we can get a slot
+ goto retry;
+ } else {
+ lck_mtx_unlock(&nspace_handler_lock);
+ return error;
+ }
+ }
+
+ //
+ // if it didn't already exist, add it. if it did exist
+ // we'll get woken up when someone does a wakeup() on
+ // the slot in the nspace_items table.
+ //
+ if (vp != nspace_items[i].vp) {
+ nspace_items[i].vp = vp;
+ nspace_items[i].arg = arg;
+ nspace_items[i].op = op;
+ nspace_items[i].vid = vnode_vid(vp);
+ nspace_items[i].flags = NSPACE_ITEM_NEW;
+ nspace_items[i].flags |= nspace_item_flags_for_type(nspace_type);
+ if (nspace_items[i].flags & NSPACE_ITEM_SNAPSHOT_EVENT) {
+ if (arg) {
+ vnode_lock_spin(vp);
+ vp->v_flag |= VNEEDSSNAPSHOT;
+ vnode_unlock(vp);
+ }
+ }
+
+ nspace_items[i].token = 0;
+ nspace_items[i].refcount = 1;
+
+ wakeup((caddr_t)&nspace_item_idx);
+ }
+
+ //
+ // Now go to sleep until the handler does a wakeup on this
+ // slot in the nspace_items table (or we timeout).
+ //
+ keep_waiting = 1;
+ while(keep_waiting) {
+ ts.tv_sec = nspace_handler_timeout;
+ ts.tv_nsec = 0;
+ error = msleep((caddr_t)&(nspace_items[i].vp), &nspace_handler_lock, PVFS|PCATCH, "namespace-done", &ts);
+
+ if (nspace_items[i].flags & NSPACE_ITEM_DONE) {
+ error = 0;
+ } else if (nspace_items[i].flags & NSPACE_ITEM_CANCELLED) {
+ error = nspace_items[i].token;
+ } else if (error == EWOULDBLOCK || error == ETIMEDOUT) {
+ if (nspace_items[i].flags & NSPACE_ITEM_RESET_TIMER) {
+ nspace_items[i].flags &= ~NSPACE_ITEM_RESET_TIMER;
+ continue;
+ } else {
+ error = ETIMEDOUT;
+ }
+ } else if (error == 0) {
+ // hmmm, why did we get woken up?
+ printf("woken up for token %d but it's not done, cancelled or timedout and error == 0.\n",
+ nspace_items[i].token);
+ }
+
+ if (--nspace_items[i].refcount == 0) {
+ nspace_items[i].vp = NULL; // clear this so that no one will match on it again
+ nspace_items[i].arg = NULL;
+ nspace_items[i].token = 0; // clear this so that the handler will not find it anymore
+ nspace_items[i].flags = 0; // this clears it for re-use
+ }
+ wakeup(&nspace_token_id);
+ keep_waiting = 0;
+ }
+
+ lck_mtx_unlock(&nspace_handler_lock);
+
+ return error;
}
-/*
- * Extended stat call which returns volumeid and vnodeid as well as other info
- */
-/* ARGSUSED */
+
int
-statv(__unused proc_t p,
- __unused struct statv_args *uap,
- __unused register_t *retval)
+get_nspace_item_status(struct vnode *vp, int32_t *status)
{
- return (ENOTSUP); /* We'll just return an error for now */
+ int i;
-} /* end of statv system call */
+ lck_mtx_lock(&nspace_handler_lock);
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].vp == vp) {
+ break;
+ }
+ }
-/*
-* Extended lstat call which returns volumeid and vnodeid as well as other info
-*/
-/* ARGSUSED */
-int
-lstatv(__unused proc_t p,
- __unused struct lstatv_args *uap,
- __unused register_t *retval)
-{
- return (ENOTSUP); /* We'll just return an error for now */
-} /* end of lstatv system call */
+ if (i >= MAX_NSPACE_ITEMS) {
+ lck_mtx_unlock(&nspace_handler_lock);
+ return ENOENT;
+ }
-/*
-* Extended fstat call which returns volumeid and vnodeid as well as other info
-*/
-/* ARGSUSED */
-int
-fstatv(__unused proc_t p,
- __unused struct fstatv_args *uap,
- __unused register_t *retval)
-{
- return (ENOTSUP); /* We'll just return an error for now */
-} /* end of fstatv system call */
+ *status = nspace_items[i].flags;
+ lck_mtx_unlock(&nspace_handler_lock);
+ return 0;
+}
+
+#if 0
+static int
+build_volfs_path(struct vnode *vp, char *path, int *len)
+{
+ struct vnode_attr va;
+ int ret;
-/************************************************/
-/* *** Preceding calls will be deleted soon *** */
-/************************************************/
+ VATTR_INIT(&va);
+ VATTR_WANTED(&va, va_fsid);
+ VATTR_WANTED(&va, va_fileid);
-#endif /* __APPLE_API_OBSOLETE */
+ if (vnode_getattr(vp, &va, vfs_context_kernel()) != 0) {
+ *len = snprintf(path, *len, "/non/existent/path/because/vnode_getattr/failed") + 1;
+ ret = -1;
+ } else {
+ *len = snprintf(path, *len, "/.vol/%d/%lld", (dev_t)va.va_fsid, va.va_fileid) + 1;
+ ret = 0;
+ }
-/*
-* Obtain attribute information on objects in a directory while enumerating
-* the directory. This call does not yet support union mounted directories.
-* TO DO
-* 1.union mounted directories.
-*/
+ return ret;
+}
+#endif
-/* ARGSUSED */
-int
-getdirentriesattr (proc_t p, struct getdirentriesattr_args *uap, register_t *retval)
+//
+// Note: this function does NOT check permissions on all of the
+// parent directories leading to this vnode. It should only be
+// called on behalf of a root process. Otherwise a process may
+// get access to a file because the file itself is readable even
+// though its parent directories would prevent access.
+//
+static int
+vn_open_with_vp(vnode_t vp, int fmode, vfs_context_t ctx)
{
- vnode_t vp;
- struct fileproc *fp;
- uio_t auio = NULL;
- int spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
- uint32_t count;
- uint32_t newstate;
- int error, eofflag;
- uint32_t loff;
- struct attrlist attributelist;
- vfs_context_t ctx = vfs_context_current();
- int fd = uap->fd;
- char uio_buf[ UIO_SIZEOF(1) ];
- kauth_action_t action;
+ int error, action;
- AUDIT_ARG(fd, fd);
-
- /* Get the attributes into kernel space */
- if ((error = copyin(uap->alist, (caddr_t)&attributelist, sizeof(attributelist)))) {
- return(error);
- }
- if ((error = copyin(uap->count, (caddr_t)&count, sizeof(count)))) {
- return(error);
- }
- if ( (error = fp_getfvp(p, fd, &fp, &vp)) ) {
- return (error);
- }
- if ((fp->f_fglob->fg_flag & FREAD) == 0) {
- AUDIT_ARG(vnpath_withref, vp, ARG_VNODE1);
- error = EBADF;
- goto out;
+ if ((error = suser(kauth_cred_get(), &(current_proc()->p_acflag)))) {
+ return error;
}
-
#if CONFIG_MACF
- error = mac_file_check_change_offset(vfs_context_ucred(ctx),
- fp->f_fglob);
+ error = mac_vnode_check_open(ctx, vp, fmode);
if (error)
- goto out;
+ return error;
#endif
+ /* compute action to be authorized */
+ action = 0;
+ if (fmode & FREAD) {
+ action |= KAUTH_VNODE_READ_DATA;
+ }
+ if (fmode & (FWRITE | O_TRUNC)) {
+ /*
+ * If we are writing, appending, and not truncating,
+ * indicate that we are appending so that if the
+ * UF_APPEND or SF_APPEND bits are set, we do not deny
+ * the open.
+ */
+ if ((fmode & O_APPEND) && !(fmode & O_TRUNC)) {
+ action |= KAUTH_VNODE_APPEND_DATA;
+ } else {
+ action |= KAUTH_VNODE_WRITE_DATA;
+ }
+ }
- if ( (error = vnode_getwithref(vp)) )
- goto out;
-
- AUDIT_ARG(vnpath, vp, ARG_VNODE1);
+ if ((error = vnode_authorize(vp, NULL, action, ctx)) != 0)
+ return error;
+
- if (vp->v_type != VDIR) {
- (void)vnode_put(vp);
- error = EINVAL;
- goto out;
+ //
+ // if the vnode is tagged VOPENEVT and the current process
+ // has the P_CHECKOPENEVT flag set, then we or in the O_EVTONLY
+ // flag to the open mode so that this open won't count against
+ // the vnode when carbon delete() does a vnode_isinuse() to see
+ // if a file is currently in use. this allows spotlight
+ // importers to not interfere with carbon apps that depend on
+ // the no-delete-if-busy semantics of carbon delete().
+ //
+ if ((vp->v_flag & VOPENEVT) && (current_proc()->p_flag & P_CHECKOPENEVT)) {
+ fmode |= O_EVTONLY;
}
-#if CONFIG_MACF
- error = mac_vnode_check_readdir(ctx, vp);
- if (error != 0) {
- (void)vnode_put(vp);
- goto out;
+ if ( (error = VNOP_OPEN(vp, fmode, ctx)) ) {
+ return error;
+ }
+ if ( (error = vnode_ref_ext(vp, fmode, 0)) ) {
+ VNOP_CLOSE(vp, fmode, ctx);
+ return error;
}
-#endif /* MAC */
- /* set up the uio structure which will contain the users return buffer */
- loff = fp->f_fglob->fg_offset;
- auio = uio_createwithbuffer(1, loff, spacetype, UIO_READ,
- &uio_buf[0], sizeof(uio_buf));
- uio_addiov(auio, uap->buffer, uap->buffersize);
-
- /*
- * If the only item requested is file names, we can let that past with
- * just LIST_DIRECTORY. If they want any other attributes, that means
- * they need SEARCH as well.
+ /* Call out to allow 3rd party notification of open.
+ * Ignore result of kauth_authorize_fileop call.
*/
- action = KAUTH_VNODE_LIST_DIRECTORY;
- if ((attributelist.commonattr & ~ATTR_CMN_NAME) ||
- attributelist.fileattr || attributelist.dirattr)
- action |= KAUTH_VNODE_SEARCH;
-
- if ((error = vnode_authorize(vp, NULL, action, ctx)) == 0) {
- u_long ulcount = count;
+#if CONFIG_MACF
+ mac_vnode_notify_open(ctx, vp, fmode);
+#endif
+ kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_OPEN,
+ (uintptr_t)vp, 0);
- error = VNOP_READDIRATTR(vp, &attributelist, auio,
- count,
- uap->options, (unsigned long *)&newstate, &eofflag,
- &ulcount, ctx);
- if (!error)
- count = ulcount;
- }
- (void)vnode_put(vp);
- if (error)
- goto out;
- fp->f_fglob->fg_offset = uio_offset(auio); /* should be multiple of dirent, not variable */
+ return 0;
+}
- if ((error = copyout((caddr_t) &count, uap->count, sizeof(count))))
- goto out;
- if ((error = copyout((caddr_t) &newstate, uap->newstate, sizeof(newstate))))
- goto out;
- if ((error = copyout((caddr_t) &loff, uap->basep, sizeof(loff))))
- goto out;
+static int
+wait_for_namespace_event(namespace_handler_info_ext *nhi, nspace_type_t nspace_type)
+{
+ int i, error=0, unblock=0;
+ task_t curtask;
+
+ lck_mtx_lock(&nspace_handler_exclusion_lock);
+ if (nspace_handlers[nspace_type].handler_busy) {
+ lck_mtx_unlock(&nspace_handler_exclusion_lock);
+ return EBUSY;
+ }
+ nspace_handlers[nspace_type].handler_busy = 1;
+ lck_mtx_unlock(&nspace_handler_exclusion_lock);
+
+ /*
+ * Any process that gets here will be one of the namespace handlers.
+ * As such, they should be prevented from acquiring DMG vnodes during vnode reclamation
+ * as we can cause deadlocks to occur, because the namespace handler may prevent
+ * VNOP_INACTIVE from proceeding. Mark the current task as a P_DEPENDENCY_CAPABLE
+ * process.
+ */
+ curtask = current_task();
+ bsd_set_dependency_capable (curtask);
+
+ lck_mtx_lock(&nspace_handler_lock);
+ if (nspace_handlers[nspace_type].handler_proc == NULL) {
+ nspace_handlers[nspace_type].handler_tid = thread_tid(current_thread());
+ nspace_handlers[nspace_type].handler_proc = current_proc();
+ }
+
+ while (error == 0) {
+
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].flags & NSPACE_ITEM_NEW) {
+ if (!nspace_flags_matches_handler(nspace_items[i].flags, nspace_type)) {
+ continue;
+ }
+ break;
+ }
+ }
+
+ if (i < MAX_NSPACE_ITEMS) {
+ nspace_items[i].flags &= ~NSPACE_ITEM_NEW;
+ nspace_items[i].flags |= NSPACE_ITEM_PROCESSING;
+ nspace_items[i].token = ++nspace_token_id;
+
+ if (nspace_items[i].vp) {
+ struct fileproc *fp;
+ int32_t indx, fmode;
+ struct proc *p = current_proc();
+ vfs_context_t ctx = vfs_context_current();
+
+ fmode = nspace_open_flags_for_type(nspace_type);
+
+ error = vnode_getwithvid(nspace_items[i].vp, nspace_items[i].vid);
+ if (error) {
+ unblock = 1;
+ break;
+ }
+ error = vn_open_with_vp(nspace_items[i].vp, fmode, ctx);
+ if (error) {
+ unblock = 1;
+ vnode_put(nspace_items[i].vp);
+ break;
+ }
+
+ if ((error = falloc(p, &fp, &indx, ctx))) {
+ vn_close(nspace_items[i].vp, fmode, ctx);
+ vnode_put(nspace_items[i].vp);
+ unblock = 1;
+ break;
+ }
+
+ fp->f_fglob->fg_flag = fmode;
+ fp->f_fglob->fg_type = DTYPE_VNODE;
+ fp->f_fglob->fg_ops = &vnops;
+ fp->f_fglob->fg_data = (caddr_t)nspace_items[i].vp;
+
+ proc_fdlock(p);
+ procfdtbl_releasefd(p, indx, NULL);
+ fp_drop(p, indx, fp, 1);
+ proc_fdunlock(p);
+
+ error = copyout(&nspace_items[i].token, nhi->token, sizeof(uint32_t));
+ error = copyout(&nspace_items[i].op, nhi->flags, sizeof(uint64_t));
+ error = copyout(&indx, nhi->fdptr, sizeof(uint32_t));
+ if (nhi->infoptr) {
+ uio_t uio = (uio_t)nspace_items[i].arg;
+ uint64_t u_offset, u_length;
+
+ if (uio) {
+ u_offset = uio_offset(uio);
+ u_length = uio_resid(uio);
+ } else {
+ u_offset = 0;
+ u_length = 0;
+ }
+ error = copyout(&u_offset, nhi->infoptr, sizeof(uint64_t));
+ error = copyout(&u_length, nhi->infoptr+sizeof(uint64_t), sizeof(uint64_t));
+ }
+ if (error) {
+ vn_close(nspace_items[i].vp, fmode, ctx);
+ fp_free(p, indx, fp);
+ unblock = 1;
+ }
+
+ vnode_put(nspace_items[i].vp);
+
+ break;
+ } else {
+ printf("wait_for_nspace_event: failed (nspace_items[%d] == %p error %d, name %s)\n",
+ i, nspace_items[i].vp, error, nspace_items[i].vp->v_name);
+ }
+
+ } else {
+ error = msleep((caddr_t)&nspace_item_idx, &nspace_handler_lock, PVFS|PCATCH, "namespace-items", 0);
+ if ((nspace_type == NSPACE_HANDLER_SNAPSHOT) && (snapshot_timestamp == 0 || snapshot_timestamp == ~0)) {
+ error = EINVAL;
+ break;
+ }
+
+ }
+ }
+
+ if (unblock) {
+ if (nspace_items[i].vp && (nspace_items[i].vp->v_flag & VNEEDSSNAPSHOT)) {
+ vnode_lock_spin(nspace_items[i].vp);
+ nspace_items[i].vp->v_flag &= ~VNEEDSSNAPSHOT;
+ vnode_unlock(nspace_items[i].vp);
+ }
+ nspace_items[i].vp = NULL;
+ nspace_items[i].vid = 0;
+ nspace_items[i].flags = NSPACE_ITEM_DONE;
+ nspace_items[i].token = 0;
+
+ wakeup((caddr_t)&(nspace_items[i].vp));
+ }
+
+ if (nspace_type == NSPACE_HANDLER_SNAPSHOT) {
+ // just go through every snapshot event and unblock it immediately.
+ if (error && (snapshot_timestamp == 0 || snapshot_timestamp == ~0)) {
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].flags & NSPACE_ITEM_NEW) {
+ if (nspace_flags_matches_handler(nspace_items[i].flags, nspace_type)) {
+ nspace_items[i].vp = NULL;
+ nspace_items[i].vid = 0;
+ nspace_items[i].flags = NSPACE_ITEM_DONE;
+ nspace_items[i].token = 0;
+
+ wakeup((caddr_t)&(nspace_items[i].vp));
+ }
+ }
+ }
+ }
+ }
+
+ lck_mtx_unlock(&nspace_handler_lock);
+
+ lck_mtx_lock(&nspace_handler_exclusion_lock);
+ nspace_handlers[nspace_type].handler_busy = 0;
+ lck_mtx_unlock(&nspace_handler_exclusion_lock);
+
+ return error;
+}
- *retval = eofflag; /* similar to getdirentries */
- error = 0;
-out:
- file_drop(fd);
- return (error); /* return error earlier, an retval of 0 or 1 now */
-} /* end of getdirentryattr system call */
+static int process_namespace_fsctl(nspace_type_t nspace_type, int is64bit, u_int size, caddr_t data)
+{
+ int error = 0;
+ namespace_handler_info_ext nhi;
+
+ if (nspace_type == NSPACE_HANDLER_SNAPSHOT && (snapshot_timestamp == 0 || snapshot_timestamp == ~0)) {
+ return EINVAL;
+ }
+
+ if ((error = suser(kauth_cred_get(), &(current_proc()->p_acflag)))) {
+ return error;
+ }
+
+ if ( (is64bit && size != sizeof(user64_namespace_handler_info) && size != sizeof(user64_namespace_handler_info_ext))
+ || (is64bit == 0 && size != sizeof(user32_namespace_handler_info) && size != sizeof(user32_namespace_handler_info_ext))) {
+
+ // either you're 64-bit and passed a 64-bit struct or
+ // you're 32-bit and passed a 32-bit struct. otherwise
+ // it's not ok.
+ return EINVAL;
+ }
+
+ if (is64bit) {
+ nhi.token = (user_addr_t)((user64_namespace_handler_info *)data)->token;
+ nhi.flags = (user_addr_t)((user64_namespace_handler_info *)data)->flags;
+ nhi.fdptr = (user_addr_t)((user64_namespace_handler_info *)data)->fdptr;
+ if (size == sizeof(user64_namespace_handler_info_ext)) {
+ nhi.infoptr = (user_addr_t)((user64_namespace_handler_info_ext *)data)->infoptr;
+ } else {
+ nhi.infoptr = 0;
+ }
+ } else {
+ nhi.token = CAST_USER_ADDR_T(((user32_namespace_handler_info *)data)->token);
+ nhi.flags = CAST_USER_ADDR_T(((user32_namespace_handler_info *)data)->flags);
+ nhi.fdptr = CAST_USER_ADDR_T(((user32_namespace_handler_info *)data)->fdptr);
+ if (size == sizeof(user32_namespace_handler_info_ext)) {
+ nhi.infoptr = CAST_USER_ADDR_T(((user32_namespace_handler_info_ext *)data)->infoptr);
+ } else {
+ nhi.infoptr = 0;
+ }
+ }
+
+ return wait_for_namespace_event(&nhi, nspace_type);
+}
/*
-* Exchange data between two files
-*/
-
+ * Make a filesystem-specific control call:
+ */
/* ARGSUSED */
-int
-exchangedata (__unused proc_t p, struct exchangedata_args *uap, __unused register_t *retval)
+static int
+fsctl_internal(proc_t p, vnode_t *arg_vp, u_long cmd, user_addr_t udata, u_long options, vfs_context_t ctx)
{
+ int error=0;
+ boolean_t is64bit;
+ u_int size;
+#define STK_PARAMS 128
+ char stkbuf[STK_PARAMS];
+ caddr_t data, memp;
+ vnode_t vp = *arg_vp;
- struct nameidata fnd, snd;
- vfs_context_t ctx = vfs_context_current();
- vnode_t fvp;
- vnode_t svp;
- int error;
- u_long nameiflags;
- char *fpath = NULL;
- char *spath = NULL;
- int flen, slen;
- fse_info f_finfo, s_finfo;
-
- nameiflags = 0;
- if ((uap->options & FSOPT_NOFOLLOW) == 0) nameiflags |= FOLLOW;
-
- NDINIT(&fnd, LOOKUP, nameiflags | AUDITVNPATH1,
- UIO_USERSPACE, uap->path1, ctx);
-
- error = namei(&fnd);
- if (error)
- goto out2;
-
- nameidone(&fnd);
- fvp = fnd.ni_vp;
-
- NDINIT(&snd, LOOKUP | CN_NBMOUNTLOOK, nameiflags | AUDITVNPATH2,
- UIO_USERSPACE, uap->path2, ctx);
-
- error = namei(&snd);
- if (error) {
- vnode_put(fvp);
- goto out2;
- }
- nameidone(&snd);
- svp = snd.ni_vp;
-
- /*
- * if the files are the same, return an inval error
- */
- if (svp == fvp) {
- error = EINVAL;
- goto out;
- }
+ size = IOCPARM_LEN(cmd);
+ if (size > IOCPARM_MAX) return (EINVAL);
- /*
- * if the files are on different volumes, return an error
- */
- if (svp->v_mount != fvp->v_mount) {
- error = EXDEV;
- goto out;
+ is64bit = proc_is64bit(p);
+
+ memp = NULL;
+ if (size > sizeof (stkbuf)) {
+ if ((memp = (caddr_t)kalloc(size)) == 0) return ENOMEM;
+ data = memp;
+ } else {
+ data = &stkbuf[0];
+ };
+
+ if (cmd & IOC_IN) {
+ if (size) {
+ error = copyin(udata, data, size);
+ if (error) goto FSCtl_Exit;
+ } else {
+ if (is64bit) {
+ *(user_addr_t *)data = udata;
+ }
+ else {
+ *(uint32_t *)data = (uint32_t)udata;
+ }
+ };
+ } else if ((cmd & IOC_OUT) && size) {
+ /*
+ * Zero the buffer so the user always
+ * gets back something deterministic.
+ */
+ bzero(data, size);
+ } else if (cmd & IOC_VOID) {
+ if (is64bit) {
+ *(user_addr_t *)data = udata;
+ }
+ else {
+ *(uint32_t *)data = (uint32_t)udata;
+ }
}
-#if CONFIG_MACF
- error = mac_vnode_check_exchangedata(ctx,
- fvp, svp);
- if (error)
- goto out;
-#endif
- if (((error = vnode_authorize(fvp, NULL, KAUTH_VNODE_READ_DATA | KAUTH_VNODE_WRITE_DATA, ctx)) != 0) ||
- ((error = vnode_authorize(svp, NULL, KAUTH_VNODE_READ_DATA | KAUTH_VNODE_WRITE_DATA, ctx)) != 0))
- goto out;
+ /* Check to see if it's a generic command */
+ if (IOCBASECMD(cmd) == FSCTL_SYNC_VOLUME) {
+ mount_t mp = vp->v_mount;
+ int arg = *(uint32_t*)data;
+
+ /* record vid of vp so we can drop it below. */
+ uint32_t vvid = vp->v_id;
- if (
-#if CONFIG_FSE
- need_fsevent(FSE_EXCHANGE, fvp) ||
-#endif
- kauth_authorize_fileop_has_listeners()) {
- GET_PATH(fpath);
- GET_PATH(spath);
- if (fpath == NULL || spath == NULL) {
- error = ENOMEM;
- goto out;
- }
- flen = MAXPATHLEN;
- slen = MAXPATHLEN;
- if (vn_getpath(fvp, fpath, &flen) != 0 || fpath[0] == '\0') {
- printf("exchange: vn_getpath(fvp=%p) failed <<%s>>\n",
- fvp, fpath);
+ /*
+ * Then grab mount_iterref so that we can release the vnode.
+ * Without this, a thread may call vnode_iterate_prepare then
+ * get into a deadlock because we've never released the root vp
+ */
+ error = mount_iterref (mp, 0);
+ if (error) {
+ goto FSCtl_Exit;
}
- if (vn_getpath(svp, spath, &slen) != 0 || spath[0] == '\0') {
- printf("exchange: vn_getpath(svp=%p) failed <<%s>>\n",
- svp, spath);
+ vnode_put(vp);
+
+ /* issue the sync for this volume */
+ (void)sync_callback(mp, (arg & FSCTL_SYNC_WAIT) ? &arg : NULL);
+
+ /*
+ * Then release the mount_iterref once we're done syncing; it's not
+ * needed for the VNOP_IOCTL below
+ */
+ mount_iterdrop(mp);
+
+ if (arg & FSCTL_SYNC_FULLSYNC) {
+ /* re-obtain vnode iocount on the root vp, if possible */
+ error = vnode_getwithvid (vp, vvid);
+ if (error == 0) {
+ error = VNOP_IOCTL(vp, F_FULLFSYNC, (caddr_t)NULL, 0, ctx);
+ vnode_put (vp);
+ }
}
-#if CONFIG_FSE
- get_fse_info(fvp, &f_finfo, ctx);
- get_fse_info(svp, &s_finfo, ctx);
-#endif
- }
- /* Ok, make the call */
- error = VNOP_EXCHANGE(fvp, svp, 0, ctx);
+ /* mark the argument VP as having been released */
+ *arg_vp = NULL;
- if (error == 0) {
- const char *tmpname;
+ } else if (IOCBASECMD(cmd) == FSCTL_SET_PACKAGE_EXTS) {
+ user_addr_t ext_strings;
+ uint32_t num_entries;
+ uint32_t max_width;
+
+ if ( (is64bit && size != sizeof(user64_package_ext_info))
+ || (is64bit == 0 && size != sizeof(user32_package_ext_info))) {
- if (fpath != NULL && spath != NULL) {
- /* call out to allow 3rd party notification of exchangedata.
- * Ignore result of kauth_authorize_fileop call.
- */
- kauth_authorize_fileop(vfs_context_ucred(ctx), KAUTH_FILEOP_EXCHANGE,
- (uintptr_t)fpath, (uintptr_t)spath);
- }
- name_cache_lock();
+ // either you're 64-bit and passed a 64-bit struct or
+ // you're 32-bit and passed a 32-bit struct. otherwise
+ // it's not ok.
+ error = EINVAL;
+ goto FSCtl_Exit;
+ }
- tmpname = fvp->v_name;
- fvp->v_name = svp->v_name;
- svp->v_name = tmpname;
+ if (is64bit) {
+ ext_strings = ((user64_package_ext_info *)data)->strings;
+ num_entries = ((user64_package_ext_info *)data)->num_entries;
+ max_width = ((user64_package_ext_info *)data)->max_width;
+ } else {
+ ext_strings = CAST_USER_ADDR_T(((user32_package_ext_info *)data)->strings);
+ num_entries = ((user32_package_ext_info *)data)->num_entries;
+ max_width = ((user32_package_ext_info *)data)->max_width;
+ }
- if (fvp->v_parent != svp->v_parent) {
- vnode_t tmp;
+ error = set_package_extensions_table(ext_strings, num_entries, max_width);
- tmp = fvp->v_parent;
- fvp->v_parent = svp->v_parent;
- svp->v_parent = tmp;
- }
- name_cache_unlock();
+ } else if (IOCBASECMD(cmd) == FSCTL_WAIT_FOR_SYNC) {
+ error = tsleep((caddr_t)&sync_wait_time, PVFS|PCATCH, "sync-wait", 0);
+ if (error == 0) {
+ *(uint32_t *)data = (uint32_t)sync_wait_time;
+ error = 0;
+ } else {
+ error *= -1;
+ }
+
+ } else if (IOCBASECMD(cmd) == FSCTL_NAMESPACE_HANDLER_GET) {
+ error = process_namespace_fsctl(NSPACE_HANDLER_NSPACE, is64bit, size, data);
+ } else if (IOCBASECMD(cmd) == FSCTL_OLD_SNAPSHOT_HANDLER_GET) {
+ error = process_namespace_fsctl(NSPACE_HANDLER_SNAPSHOT, is64bit, size, data);
+ } else if (IOCBASECMD(cmd) == FSCTL_SNAPSHOT_HANDLER_GET_EXT) {
+ error = process_namespace_fsctl(NSPACE_HANDLER_SNAPSHOT, is64bit, size, data);
+ } else if (IOCBASECMD(cmd) == FSCTL_TRACKED_HANDLER_GET) {
+ error = process_namespace_fsctl(NSPACE_HANDLER_TRACK, is64bit, size, data);
+ } else if (IOCBASECMD(cmd) == FSCTL_NAMESPACE_HANDLER_UPDATE) {
+ uint32_t token, val;
+ int i;
-#if CONFIG_FSE
- if (fpath != NULL && spath != NULL) {
- add_fsevent(FSE_EXCHANGE, ctx,
- FSE_ARG_STRING, flen, fpath,
- FSE_ARG_FINFO, &f_finfo,
- FSE_ARG_STRING, slen, spath,
- FSE_ARG_FINFO, &s_finfo,
- FSE_ARG_DONE);
- }
-#endif
- }
+ if ((error = suser(kauth_cred_get(), &(p->p_acflag)))) {
+ goto FSCtl_Exit;
+ }
-out:
- if (fpath != NULL)
- RELEASE_PATH(fpath);
- if (spath != NULL)
- RELEASE_PATH(spath);
- vnode_put(svp);
- vnode_put(fvp);
-out2:
- return (error);
-}
+ if (!nspace_is_special_process(p)) {
+ error = EINVAL;
+ goto FSCtl_Exit;
+ }
+ token = ((uint32_t *)data)[0];
+ val = ((uint32_t *)data)[1];
-/* ARGSUSED */
+ lck_mtx_lock(&nspace_handler_lock);
-int
-searchfs(proc_t p, struct searchfs_args *uap, __unused register_t *retval)
-{
- vnode_t vp;
- int error=0;
- int fserror = 0;
- struct nameidata nd;
- struct user_fssearchblock searchblock;
- struct searchstate *state;
- struct attrlist *returnattrs;
- void *searchparams1,*searchparams2;
- uio_t auio = NULL;
- int spacetype = proc_is64bit(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
- u_long nummatches;
- int mallocsize;
- u_long nameiflags;
- vfs_context_t ctx = vfs_context_current();
- char uio_buf[ UIO_SIZEOF(1) ];
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].token == token) {
+ break;
+ }
+ }
- /* Start by copying in fsearchblock paramater list */
- if (IS_64BIT_PROCESS(p)) {
- error = copyin(uap->searchblock, (caddr_t) &searchblock, sizeof(searchblock));
- }
- else {
- struct fssearchblock tmp_searchblock;
- error = copyin(uap->searchblock, (caddr_t) &tmp_searchblock, sizeof(tmp_searchblock));
- // munge into 64-bit version
- searchblock.returnattrs = CAST_USER_ADDR_T(tmp_searchblock.returnattrs);
- searchblock.returnbuffer = CAST_USER_ADDR_T(tmp_searchblock.returnbuffer);
- searchblock.returnbuffersize = tmp_searchblock.returnbuffersize;
- searchblock.maxmatches = tmp_searchblock.maxmatches;
- searchblock.timelimit.tv_sec = tmp_searchblock.timelimit.tv_sec;
- searchblock.timelimit.tv_usec = tmp_searchblock.timelimit.tv_usec;
- searchblock.searchparams1 = CAST_USER_ADDR_T(tmp_searchblock.searchparams1);
- searchblock.sizeofsearchparams1 = tmp_searchblock.sizeofsearchparams1;
- searchblock.searchparams2 = CAST_USER_ADDR_T(tmp_searchblock.searchparams2);
- searchblock.sizeofsearchparams2 = tmp_searchblock.sizeofsearchparams2;
- searchblock.searchattrs = tmp_searchblock.searchattrs;
- }
- if (error)
- return(error);
+ if (i >= MAX_NSPACE_ITEMS) {
+ error = ENOENT;
+ } else {
+ //
+ // if this bit is set, when resolve_nspace_item() times out
+ // it will loop and go back to sleep.
+ //
+ nspace_items[i].flags |= NSPACE_ITEM_RESET_TIMER;
+ }
- /* Do a sanity check on sizeofsearchparams1 and sizeofsearchparams2.
- */
- if (searchblock.sizeofsearchparams1 > SEARCHFS_MAX_SEARCHPARMS ||
- searchblock.sizeofsearchparams2 > SEARCHFS_MAX_SEARCHPARMS)
- return(EINVAL);
-
- /* Now malloc a big bunch of space to hold the search parameters, the attrlists and the search state. */
- /* It all has to do into local memory and it's not that big so we might as well put it all together. */
- /* Searchparams1 shall be first so we might as well use that to hold the base address of the allocated*/
- /* block. */
-
- mallocsize = searchblock.sizeofsearchparams1 + searchblock.sizeofsearchparams2 +
- sizeof(struct attrlist) + sizeof(struct searchstate);
+ lck_mtx_unlock(&nspace_handler_lock);
- MALLOC(searchparams1, void *, mallocsize, M_TEMP, M_WAITOK);
+ if (error) {
+ printf("nspace-handler-update: did not find token %u\n", token);
+ }
- /* Now set up the various pointers to the correct place in our newly allocated memory */
+ } else if (IOCBASECMD(cmd) == FSCTL_NAMESPACE_HANDLER_UNBLOCK) {
+ uint32_t token, val;
+ int i;
- searchparams2 = (void *) (((caddr_t) searchparams1) + searchblock.sizeofsearchparams1);
- returnattrs = (struct attrlist *) (((caddr_t) searchparams2) + searchblock.sizeofsearchparams2);
- state = (struct searchstate *) (((caddr_t) returnattrs) + sizeof (struct attrlist));
+ if ((error = suser(kauth_cred_get(), &(p->p_acflag)))) {
+ goto FSCtl_Exit;
+ }
- /* Now copy in the stuff given our local variables. */
+ if (!nspace_is_special_process(p)) {
+ error = EINVAL;
+ goto FSCtl_Exit;
+ }
- if ((error = copyin(searchblock.searchparams1, searchparams1, searchblock.sizeofsearchparams1)))
- goto freeandexit;
+ token = ((uint32_t *)data)[0];
+ val = ((uint32_t *)data)[1];
- if ((error = copyin(searchblock.searchparams2, searchparams2, searchblock.sizeofsearchparams2)))
- goto freeandexit;
+ lck_mtx_lock(&nspace_handler_lock);
- if ((error = copyin(searchblock.returnattrs, (caddr_t) returnattrs, sizeof(struct attrlist))))
- goto freeandexit;
-
- if ((error = copyin(uap->state, (caddr_t) state, sizeof(struct searchstate))))
- goto freeandexit;
-
- /* set up the uio structure which will contain the users return buffer */
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].token == token) {
+ break;
+ }
+ }
- auio = uio_createwithbuffer(1, 0, spacetype, UIO_READ,
- &uio_buf[0], sizeof(uio_buf));
- uio_addiov(auio, searchblock.returnbuffer, searchblock.returnbuffersize);
+ if (i >= MAX_NSPACE_ITEMS) {
+ printf("nspace-handler-unblock: did not find token %u\n", token);
+ error = ENOENT;
+ } else {
+ if (val == 0 && nspace_items[i].vp) {
+ vnode_lock_spin(nspace_items[i].vp);
+ nspace_items[i].vp->v_flag &= ~VNEEDSSNAPSHOT;
+ vnode_unlock(nspace_items[i].vp);
+ }
- nameiflags = 0;
- if ((uap->options & FSOPT_NOFOLLOW) == 0) nameiflags |= FOLLOW;
- NDINIT(&nd, LOOKUP, nameiflags | AUDITVNPATH1,
- UIO_USERSPACE, uap->path, ctx);
+ nspace_items[i].vp = NULL;
+ nspace_items[i].arg = NULL;
+ nspace_items[i].op = 0;
+ nspace_items[i].vid = 0;
+ nspace_items[i].flags = NSPACE_ITEM_DONE;
+ nspace_items[i].token = 0;
- error = namei(&nd);
- if (error)
- goto freeandexit;
+ wakeup((caddr_t)&(nspace_items[i].vp));
+ }
- nameidone(&nd);
- vp = nd.ni_vp;
+ lck_mtx_unlock(&nspace_handler_lock);
-
- /*
- * If searchblock.maxmatches == 0, then skip the search. This has happened
- * before and sometimes the underlyning code doesnt deal with it well.
- */
- if (searchblock.maxmatches == 0) {
- nummatches = 0;
- goto saveandexit;
- }
+ } else if (IOCBASECMD(cmd) == FSCTL_NAMESPACE_HANDLER_CANCEL) {
+ uint32_t token, val;
+ int i;
- /*
- Allright, we have everything we need, so lets make that call.
-
- We keep special track of the return value from the file system:
- EAGAIN is an acceptable error condition that shouldn't keep us
- from copying out any results...
- */
+ if ((error = suser(kauth_cred_get(), &(p->p_acflag)))) {
+ goto FSCtl_Exit;
+ }
- fserror = VNOP_SEARCHFS(vp,
- searchparams1,
- searchparams2,
- &searchblock.searchattrs,
- searchblock.maxmatches,
- &searchblock.timelimit,
- returnattrs,
- &nummatches,
- uap->scriptcode,
- uap->options,
- auio,
- state,
- ctx);
-
-saveandexit:
+ if (!nspace_is_special_process(p)) {
+ error = EINVAL;
+ goto FSCtl_Exit;
+ }
- vnode_put(vp);
+ token = ((uint32_t *)data)[0];
+ val = ((uint32_t *)data)[1];
- /* Now copy out the stuff that needs copying out. That means the number of matches, the
- search state. Everything was already put into he return buffer by the vop call. */
+ lck_mtx_lock(&nspace_handler_lock);
- if ((error = copyout((caddr_t) state, uap->state, sizeof(struct searchstate))) != 0)
- goto freeandexit;
+ for(i=0; i < MAX_NSPACE_ITEMS; i++) {
+ if (nspace_items[i].token == token) {
+ break;
+ }
+ }
+
+ if (i >= MAX_NSPACE_ITEMS) {
+ printf("nspace-handler-cancel: did not find token %u\n", token);
+ error = ENOENT;
+ } else {
+ if (nspace_items[i].vp) {
+ vnode_lock_spin(nspace_items[i].vp);
+ nspace_items[i].vp->v_flag &= ~VNEEDSSNAPSHOT;
+ vnode_unlock(nspace_items[i].vp);
+ }
- if ((error = suulong(uap->nummatches, (uint64_t)nummatches)) != 0)
- goto freeandexit;
-
- error = fserror;
+ nspace_items[i].vp = NULL;
+ nspace_items[i].arg = NULL;
+ nspace_items[i].vid = 0;
+ nspace_items[i].token = val;
+ nspace_items[i].flags &= ~NSPACE_ITEM_PROCESSING;
+ nspace_items[i].flags |= NSPACE_ITEM_CANCELLED;
-freeandexit:
+ wakeup((caddr_t)&(nspace_items[i].vp));
+ }
- FREE(searchparams1,M_TEMP);
+ lck_mtx_unlock(&nspace_handler_lock);
+ } else if (IOCBASECMD(cmd) == FSCTL_NAMESPACE_HANDLER_SET_SNAPSHOT_TIME) {
+ if ((error = suser(kauth_cred_get(), &(current_proc()->p_acflag)))) {
+ goto FSCtl_Exit;
+ }
- return(error);
+ // we explicitly do not do the namespace_handler_proc check here
+ lck_mtx_lock(&nspace_handler_lock);
+ snapshot_timestamp = ((uint32_t *)data)[0];
+ wakeup(&nspace_item_idx);
+ lck_mtx_unlock(&nspace_handler_lock);
+ printf("nspace-handler-set-snapshot-time: %d\n", (int)snapshot_timestamp);
-} /* end of searchfs system call */
+ } else if (IOCBASECMD(cmd) == FSCTL_NAMESPACE_ALLOW_DMG_SNAPSHOT_EVENTS) {
+ if ((error = suser(kauth_cred_get(), &(current_proc()->p_acflag)))) {
+ goto FSCtl_Exit;
+ }
+ lck_mtx_lock(&nspace_handler_lock);
+ nspace_allow_virtual_devs = ((uint32_t *)data)[0];
+ lck_mtx_unlock(&nspace_handler_lock);
+ printf("nspace-snapshot-handler will%s allow events on disk-images\n",
+ nspace_allow_virtual_devs ? "" : " NOT");
+ error = 0;
+
+ } else if (IOCBASECMD(cmd) == FSCTL_SET_FSTYPENAME_OVERRIDE) {
+ if ((error = suser(kauth_cred_get(), &(current_proc()->p_acflag)))) {
+ goto FSCtl_Exit;
+ }
+ if (vp->v_mount) {
+ mount_lock(vp->v_mount);
+ if (data[0] != 0) {
+ strlcpy(&vp->v_mount->fstypename_override[0], data, MFSTYPENAMELEN);
+ vp->v_mount->mnt_kern_flag |= MNTK_TYPENAME_OVERRIDE;
+ if (vfs_isrdonly(vp->v_mount) && strcmp(vp->v_mount->fstypename_override, "mtmfs") == 0) {
+ vp->v_mount->mnt_kern_flag |= MNTK_EXTENDED_SECURITY;
+ vp->v_mount->mnt_kern_flag &= ~MNTK_AUTH_OPAQUE;
+ }
+ } else {
+ if (strcmp(vp->v_mount->fstypename_override, "mtmfs") == 0) {
+ vp->v_mount->mnt_kern_flag &= ~MNTK_EXTENDED_SECURITY;
+ }
+ vp->v_mount->mnt_kern_flag &= ~MNTK_TYPENAME_OVERRIDE;
+ vp->v_mount->fstypename_override[0] = '\0';
+ }
+ mount_unlock(vp->v_mount);
+ }
+ } else {
+ /* Invoke the filesystem-specific code */
+ error = VNOP_IOCTL(vp, IOCBASECMD(cmd), data, options, ctx);
+ }
+
+
+ /*
+ * Copy any data to user, size was
+ * already set and checked above.
+ */
+ if (error == 0 && (cmd & IOC_OUT) && size)
+ error = copyout(data, udata, size);
+
+FSCtl_Exit:
+ if (memp) kfree(memp, size);
+
+ return error;
+}
-/*
- * Make a filesystem-specific control call:
- */
/* ARGSUSED */
int
-fsctl (proc_t p, struct fsctl_args *uap, __unused register_t *retval)
+fsctl (proc_t p, struct fsctl_args *uap, __unused int32_t *retval)
{
int error;
- boolean_t is64bit;
struct nameidata nd;
u_long nameiflags;
- u_long cmd = uap->cmd;
- u_int size;
-#define STK_PARAMS 128
- char stkbuf[STK_PARAMS];
- caddr_t data, memp;
+ vnode_t vp = NULL;
vfs_context_t ctx = vfs_context_current();
- size = IOCPARM_LEN(cmd);
- if (size > IOCPARM_MAX) return (EINVAL);
-
- is64bit = proc_is64bit(p);
-
- memp = NULL;
- if (size > sizeof (stkbuf)) {
- if ((memp = (caddr_t)kalloc(size)) == 0) return ENOMEM;
- data = memp;
- } else {
- data = &stkbuf[0];
- };
-
- if (cmd & IOC_IN) {
- if (size) {
- error = copyin(uap->data, data, size);
- if (error) goto FSCtl_Exit;
- } else {
- if (is64bit) {
- *(user_addr_t *)data = uap->data;
- }
- else {
- *(uint32_t *)data = (uint32_t)uap->data;
- }
- };
- } else if ((cmd & IOC_OUT) && size) {
- /*
- * Zero the buffer so the user always
- * gets back something deterministic.
- */
- bzero(data, size);
- } else if (cmd & IOC_VOID) {
- if (is64bit) {
- *(user_addr_t *)data = uap->data;
- }
- else {
- *(uint32_t *)data = (uint32_t)uap->data;
- }
- }
-
+ AUDIT_ARG(cmd, uap->cmd);
+ AUDIT_ARG(value32, uap->options);
/* Get the vnode for the file we are getting info on: */
nameiflags = 0;
if ((uap->options & FSOPT_NOFOLLOW) == 0) nameiflags |= FOLLOW;
- NDINIT(&nd, LOOKUP, nameiflags, UIO_USERSPACE, uap->path, ctx);
- if ((error = namei(&nd))) goto FSCtl_Exit;
+ NDINIT(&nd, LOOKUP, OP_FSCTL, nameiflags | AUDITVNPATH1,
+ UIO_USERSPACE, uap->path, ctx);
+ if ((error = namei(&nd))) goto done;
+ vp = nd.ni_vp;
+ nameidone(&nd);
#if CONFIG_MACF
- error = mac_mount_check_fsctl(ctx, vnode_mount(nd.ni_vp), cmd);
+ error = mac_mount_check_fsctl(ctx, vnode_mount(vp), uap->cmd);
if (error) {
- vnode_put(nd.ni_vp);
- nameidone(&nd);
- goto FSCtl_Exit;
+ goto done;
}
#endif
- /* Invoke the filesystem-specific code */
- error = VNOP_IOCTL(nd.ni_vp, IOCBASECMD(cmd), data, uap->options, ctx);
-
- vnode_put(nd.ni_vp);
- nameidone(&nd);
-
- /*
- * Copy any data to user, size was
- * already set and checked above.
- */
- if (error == 0 && (cmd & IOC_OUT) && size)
- error = copyout(data, uap->data, size);
-
-FSCtl_Exit:
- if (memp) kfree(memp, size);
+ error = fsctl_internal(p, &vp, uap->cmd, (user_addr_t)uap->data, uap->options, ctx);
+
+done:
+ if (vp)
+ vnode_put(vp);
+ return error;
+}
+/* ARGSUSED */
+int
+ffsctl (proc_t p, struct ffsctl_args *uap, __unused int32_t *retval)
+{
+ int error;
+ vnode_t vp = NULL;
+ vfs_context_t ctx = vfs_context_current();
+ int fd = -1;
+
+ AUDIT_ARG(fd, uap->fd);
+ AUDIT_ARG(cmd, uap->cmd);
+ AUDIT_ARG(value32, uap->options);
+ /* Get the vnode for the file we are getting info on: */
+ if ((error = file_vnode(uap->fd, &vp)))
+ goto done;
+ fd = uap->fd;
+ if ((error = vnode_getwithref(vp))) {
+ goto done;
+ }
+
+#if CONFIG_MACF
+ error = mac_mount_check_fsctl(ctx, vnode_mount(vp), uap->cmd);
+ if (error) {
+ goto done;
+ }
+#endif
+
+ error = fsctl_internal(p, &vp, uap->cmd, (user_addr_t)uap->data, uap->options, ctx);
+
+done:
+ if (fd != -1)
+ file_drop(fd);
+
+ if (vp)
+ vnode_put(vp);
return error;
}
/* end of fsctl system call */
int spacetype = IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
size_t attrsize = 0;
size_t namelen;
- u_long nameiflags;
+ u_int32_t nameiflags;
int error;
char uio_buf[ UIO_SIZEOF(1) ];
return (EINVAL);
nameiflags = (uap->options & XATTR_NOFOLLOW) ? 0 : FOLLOW;
- NDINIT(&nd, LOOKUP, nameiflags, spacetype, uap->path, ctx);
+ NDINIT(&nd, LOOKUP, OP_GETXATTR, nameiflags, spacetype, uap->path, ctx);
if ((error = namei(&nd))) {
return (error);
}
goto out;
}
if (xattr_protected(attrname)) {
- error = EPERM;
- goto out;
+ if (!vfs_context_issuser(ctx) || strcmp(attrname, "com.apple.system.Security") != 0) {
+ error = EPERM;
+ goto out;
+ }
}
- if (uap->value && uap->size > 0) {
+ /*
+ * the specific check for 0xffffffff is a hack to preserve
+ * binaray compatibilty in K64 with applications that discovered
+ * that passing in a buf pointer and a size of -1 resulted in
+ * just the size of the indicated extended attribute being returned.
+ * this isn't part of the documented behavior, but because of the
+ * original implemtation's check for "uap->size > 0", this behavior
+ * was allowed. In K32 that check turned into a signed comparison
+ * even though uap->size is unsigned... in K64, we blow by that
+ * check because uap->size is unsigned and doesn't get sign smeared
+ * in the munger for a 32 bit user app. we also need to add a
+ * check to limit the maximum size of the buffer being passed in...
+ * unfortunately, the underlying fileystems seem to just malloc
+ * the requested size even if the actual extended attribute is tiny.
+ * because that malloc is for kernel wired memory, we have to put a
+ * sane limit on it.
+ *
+ * U32 running on K64 will yield 0x00000000ffffffff for uap->size
+ * U64 running on K64 will yield -1 (64 bits wide)
+ * U32/U64 running on K32 will yield -1 (32 bits wide)
+ */
+ if (uap->size == 0xffffffff || uap->size == (size_t)-1)
+ goto no_uio;
+
+ if (uap->value) {
+ if (uap->size > (size_t)XATTR_MAXSIZE)
+ uap->size = XATTR_MAXSIZE;
+
auio = uio_createwithbuffer(1, uap->position, spacetype, UIO_READ,
&uio_buf[0], sizeof(uio_buf));
uio_addiov(auio, uap->value, uap->size);
}
-
+no_uio:
error = vn_getxattr(vp, attrname, auio, &attrsize, uap->options, ctx);
out:
vnode_put(vp);
uio_t auio = NULL;
int spacetype = IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
size_t namelen;
- u_long nameiflags;
+ u_int32_t nameiflags;
int error;
char uio_buf[ UIO_SIZEOF(1) ];
return (EINVAL);
if ((error = copyinstr(uap->attrname, attrname, sizeof(attrname), &namelen) != 0)) {
- return (error);
+ if (error == EPERM) {
+ /* if the string won't fit in attrname, copyinstr emits EPERM */
+ return (ENAMETOOLONG);
+ }
+ /* Otherwise return the default error from copyinstr to detect ERANGE, etc */
+ return error;
}
if (xattr_protected(attrname))
return(EPERM);
}
nameiflags = (uap->options & XATTR_NOFOLLOW) ? 0 : FOLLOW;
- NDINIT(&nd, LOOKUP, nameiflags, spacetype, uap->path, ctx);
+ NDINIT(&nd, LOOKUP, OP_SETXATTR, nameiflags, spacetype, uap->path, ctx);
if ((error = namei(&nd))) {
return (error);
}
size_t namelen;
int error;
char uio_buf[ UIO_SIZEOF(1) ];
+#if CONFIG_FSE
vfs_context_t ctx = vfs_context_current();
+#endif
if (uap->options & (XATTR_NOFOLLOW | XATTR_NOSECURITY | XATTR_NODEFAULT))
return (EINVAL);
/*
* Remove an extended attribute.
+ * XXX Code duplication here.
*/
-#warning "code duplication"
int
removexattr(proc_t p, struct removexattr_args *uap, int *retval)
{
int spacetype = IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
vfs_context_t ctx = vfs_context_current();
size_t namelen;
- u_long nameiflags;
+ u_int32_t nameiflags;
int error;
if (uap->options & (XATTR_NOSECURITY | XATTR_NODEFAULT))
if (xattr_protected(attrname))
return(EPERM);
nameiflags = (uap->options & XATTR_NOFOLLOW) ? 0 : FOLLOW;
- NDINIT(&nd, LOOKUP, nameiflags, spacetype, uap->path, ctx);
+ NDINIT(&nd, LOOKUP, OP_REMOVEXATTR, nameiflags, spacetype, uap->path, ctx);
if ((error = namei(&nd))) {
return (error);
}
/*
* Remove an extended attribute.
+ * XXX Code duplication here.
*/
-#warning "code duplication"
int
fremovexattr(__unused proc_t p, struct fremovexattr_args *uap, int *retval)
{
char attrname[XATTR_MAXNAMELEN+1];
size_t namelen;
int error;
+#if CONFIG_FSE
vfs_context_t ctx = vfs_context_current();
+#endif
if (uap->options & (XATTR_NOFOLLOW | XATTR_NOSECURITY | XATTR_NODEFAULT))
return (EINVAL);
/*
* Retrieve the list of extended attribute names.
+ * XXX Code duplication here.
*/
-#warning "code duplication"
int
listxattr(proc_t p, struct listxattr_args *uap, user_ssize_t *retval)
{
uio_t auio = NULL;
int spacetype = IS_64BIT_PROCESS(p) ? UIO_USERSPACE64 : UIO_USERSPACE32;
size_t attrsize = 0;
- u_long nameiflags;
+ u_int32_t nameiflags;
int error;
char uio_buf[ UIO_SIZEOF(1) ];
return (EINVAL);
nameiflags = ((uap->options & XATTR_NOFOLLOW) ? 0 : FOLLOW) | NOTRIGGER;
- NDINIT(&nd, LOOKUP, nameiflags, spacetype, uap->path, ctx);
+ NDINIT(&nd, LOOKUP, OP_LISTXATTR, nameiflags, spacetype, uap->path, ctx);
if ((error = namei(&nd))) {
return (error);
}
vp = nd.ni_vp;
nameidone(&nd);
if (uap->namebuf != 0 && uap->bufsize > 0) {
- // LP64todo - fix this!
- auio = uio_createwithbuffer(1, 0, spacetype,
- UIO_READ, &uio_buf[0], sizeof(uio_buf));
+ auio = uio_createwithbuffer(1, 0, spacetype, UIO_READ,
+ &uio_buf[0], sizeof(uio_buf));
uio_addiov(auio, uap->namebuf, uap->bufsize);
}
/*
* Retrieve the list of extended attribute names.
+ * XXX Code duplication here.
*/
-#warning "code duplication"
int
flistxattr(proc_t p, struct flistxattr_args *uap, user_ssize_t *retval)
{
return(error);
}
if (uap->namebuf != 0 && uap->bufsize > 0) {
- // LP64todo - fix this!
auio = uio_createwithbuffer(1, 0, spacetype,
UIO_READ, &uio_buf[0], sizeof(uio_buf));
uio_addiov(auio, uap->namebuf, uap->bufsize);
return (error);
}
+/*
+ * Obtain the full pathname of a file system object by id.
+ *
+ * This is a private SPI used by the File Manager.
+ */
+__private_extern__
+int
+fsgetpath(__unused proc_t p, struct fsgetpath_args *uap, user_ssize_t *retval)
+{
+ vnode_t vp;
+ struct mount *mp = NULL;
+ vfs_context_t ctx = vfs_context_current();
+ fsid_t fsid;
+ char *realpath;
+ int bpflags;
+ int length;
+ int error;
+
+ if ((error = copyin(uap->fsid, (caddr_t)&fsid, sizeof(fsid)))) {
+ return (error);
+ }
+ AUDIT_ARG(value32, fsid.val[0]);
+ AUDIT_ARG(value64, uap->objid);
+ /* Restrict output buffer size for now. */
+ if (uap->bufsize > PAGE_SIZE) {
+ return (EINVAL);
+ }
+ MALLOC(realpath, char *, uap->bufsize, M_TEMP, M_WAITOK);
+ if (realpath == NULL) {
+ return (ENOMEM);
+ }
+ /* Find the target mountpoint. */
+ if ((mp = mount_lookupby_volfsid(fsid.val[0], 1)) == NULL) {
+ error = ENOTSUP; /* unexpected failure */
+ goto out;
+ }
+ /* Find the target vnode. */
+ if (uap->objid == 2) {
+ error = VFS_ROOT(mp, &vp, ctx);
+ } else {
+ error = VFS_VGET(mp, (ino64_t)uap->objid, &vp, ctx);
+ }
+ vfs_unbusy(mp);
+ if (error) {
+ goto out;
+ }
+#if CONFIG_MACF
+ error = mac_vnode_check_fsgetpath(ctx, vp);
+ if (error) {
+ vnode_put(vp);
+ goto out;
+ }
+#endif
+ /* Obtain the absolute path to this vnode. */
+ bpflags = vfs_context_suser(ctx) ? BUILDPATH_CHECKACCESS : 0;
+ bpflags |= BUILDPATH_CHECK_MOVED;
+ error = build_path(vp, realpath, uap->bufsize, &length, bpflags, ctx);
+ vnode_put(vp);
+ if (error) {
+ goto out;
+ }
+ AUDIT_ARG(text, realpath);
+ error = copyout((caddr_t)realpath, uap->buf, length);
+
+ *retval = (user_ssize_t)length; /* may be superseded by error */
+out:
+ if (realpath) {
+ FREE(realpath, M_TEMP);
+ }
+ return (error);
+}
+
/*
* Common routine to handle various flavors of statfs data heading out
* to user space.
int my_size, copy_size;
if (is_64_bit) {
- struct user_statfs sfs;
+ struct user64_statfs sfs;
my_size = copy_size = sizeof(sfs);
bzero(&sfs, my_size);
sfs.f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
sfs.f_type = mp->mnt_vtable->vfc_typenum;
sfs.f_reserved1 = (short)sfsp->f_fssubtype;
- sfs.f_bsize = (user_long_t)sfsp->f_bsize;
- sfs.f_iosize = (user_long_t)sfsp->f_iosize;
- sfs.f_blocks = (user_long_t)sfsp->f_blocks;
- sfs.f_bfree = (user_long_t)sfsp->f_bfree;
- sfs.f_bavail = (user_long_t)sfsp->f_bavail;
- sfs.f_files = (user_long_t)sfsp->f_files;
- sfs.f_ffree = (user_long_t)sfsp->f_ffree;
+ sfs.f_bsize = (user64_long_t)sfsp->f_bsize;
+ sfs.f_iosize = (user64_long_t)sfsp->f_iosize;
+ sfs.f_blocks = (user64_long_t)sfsp->f_blocks;
+ sfs.f_bfree = (user64_long_t)sfsp->f_bfree;
+ sfs.f_bavail = (user64_long_t)sfsp->f_bavail;
+ sfs.f_files = (user64_long_t)sfsp->f_files;
+ sfs.f_ffree = (user64_long_t)sfsp->f_ffree;
sfs.f_fsid = sfsp->f_fsid;
sfs.f_owner = sfsp->f_owner;
- strlcpy(&sfs.f_fstypename[0], &sfsp->f_fstypename[0], MFSNAMELEN);
+ if (mp->mnt_kern_flag & MNTK_TYPENAME_OVERRIDE) {
+ strlcpy(&sfs.f_fstypename[0], &mp->fstypename_override[0], MFSTYPENAMELEN);
+ } else {
+ strlcpy(&sfs.f_fstypename[0], &sfsp->f_fstypename[0], MFSNAMELEN);
+ }
strlcpy(&sfs.f_mntonname[0], &sfsp->f_mntonname[0], MNAMELEN);
strlcpy(&sfs.f_mntfromname[0], &sfsp->f_mntfromname[0], MNAMELEN);
error = copyout((caddr_t)&sfs, bufp, copy_size);
}
else {
- struct statfs sfs;
+ struct user32_statfs sfs;
+
my_size = copy_size = sizeof(sfs);
bzero(&sfs, my_size);
* have to fudge the numbers here in that case. We inflate the blocksize in order
* to reflect the filesystem size as best we can.
*/
- if ((sfsp->f_blocks > LONG_MAX)
+ if ((sfsp->f_blocks > INT_MAX)
/* Hack for 4061702 . I think the real fix is for Carbon to
* look for some volume capability and not depend on hidden
* semantics agreed between a FS and carbon.
* being smaller than f_bsize.
*/
for (shift = 0; shift < 32; shift++) {
- if ((sfsp->f_blocks >> shift) <= LONG_MAX)
+ if ((sfsp->f_blocks >> shift) <= INT_MAX)
break;
- if ((sfsp->f_bsize << (shift + 1)) > LONG_MAX)
+ if ((sfsp->f_bsize << (shift + 1)) > INT_MAX)
break;
}
-#define __SHIFT_OR_CLIP(x, s) ((((x) >> (s)) > LONG_MAX) ? LONG_MAX : ((x) >> (s)))
- sfs.f_blocks = (long)__SHIFT_OR_CLIP(sfsp->f_blocks, shift);
- sfs.f_bfree = (long)__SHIFT_OR_CLIP(sfsp->f_bfree, shift);
- sfs.f_bavail = (long)__SHIFT_OR_CLIP(sfsp->f_bavail, shift);
+#define __SHIFT_OR_CLIP(x, s) ((((x) >> (s)) > INT_MAX) ? INT_MAX : ((x) >> (s)))
+ sfs.f_blocks = (user32_long_t)__SHIFT_OR_CLIP(sfsp->f_blocks, shift);
+ sfs.f_bfree = (user32_long_t)__SHIFT_OR_CLIP(sfsp->f_bfree, shift);
+ sfs.f_bavail = (user32_long_t)__SHIFT_OR_CLIP(sfsp->f_bavail, shift);
#undef __SHIFT_OR_CLIP
- sfs.f_bsize = (long)(sfsp->f_bsize << shift);
+ sfs.f_bsize = (user32_long_t)(sfsp->f_bsize << shift);
sfs.f_iosize = lmax(sfsp->f_iosize, sfsp->f_bsize);
} else {
/* filesystem is small enough to be reported honestly */
- sfs.f_bsize = (long)sfsp->f_bsize;
- sfs.f_iosize = (long)sfsp->f_iosize;
- sfs.f_blocks = (long)sfsp->f_blocks;
- sfs.f_bfree = (long)sfsp->f_bfree;
- sfs.f_bavail = (long)sfsp->f_bavail;
- }
- sfs.f_files = (long)sfsp->f_files;
- sfs.f_ffree = (long)sfsp->f_ffree;
+ sfs.f_bsize = (user32_long_t)sfsp->f_bsize;
+ sfs.f_iosize = (user32_long_t)sfsp->f_iosize;
+ sfs.f_blocks = (user32_long_t)sfsp->f_blocks;
+ sfs.f_bfree = (user32_long_t)sfsp->f_bfree;
+ sfs.f_bavail = (user32_long_t)sfsp->f_bavail;
+ }
+ sfs.f_files = (user32_long_t)sfsp->f_files;
+ sfs.f_ffree = (user32_long_t)sfsp->f_ffree;
sfs.f_fsid = sfsp->f_fsid;
sfs.f_owner = sfsp->f_owner;
- strlcpy(&sfs.f_fstypename[0], &sfsp->f_fstypename[0], MFSNAMELEN);
+ if (mp->mnt_kern_flag & MNTK_TYPENAME_OVERRIDE) {
+ strlcpy(&sfs.f_fstypename[0], &mp->fstypename_override[0], MFSTYPENAMELEN);
+ } else {
+ strlcpy(&sfs.f_fstypename[0], &sfsp->f_fstypename[0], MFSNAMELEN);
+ }
strlcpy(&sfs.f_mntonname[0], &sfsp->f_mntonname[0], MNAMELEN);
strlcpy(&sfs.f_mntfromname[0], &sfsp->f_mntfromname[0], MNAMELEN);
/*
* copy stat structure into user_stat structure.
*/
-void munge_stat(struct stat *sbp, struct user_stat *usbp)
+void munge_user64_stat(struct stat *sbp, struct user64_stat *usbp)
+{
+ bzero(usbp, sizeof(*usbp));
+
+ usbp->st_dev = sbp->st_dev;
+ usbp->st_ino = sbp->st_ino;
+ usbp->st_mode = sbp->st_mode;
+ usbp->st_nlink = sbp->st_nlink;
+ usbp->st_uid = sbp->st_uid;
+ usbp->st_gid = sbp->st_gid;
+ usbp->st_rdev = sbp->st_rdev;
+#ifndef _POSIX_C_SOURCE
+ usbp->st_atimespec.tv_sec = sbp->st_atimespec.tv_sec;
+ usbp->st_atimespec.tv_nsec = sbp->st_atimespec.tv_nsec;
+ usbp->st_mtimespec.tv_sec = sbp->st_mtimespec.tv_sec;
+ usbp->st_mtimespec.tv_nsec = sbp->st_mtimespec.tv_nsec;
+ usbp->st_ctimespec.tv_sec = sbp->st_ctimespec.tv_sec;
+ usbp->st_ctimespec.tv_nsec = sbp->st_ctimespec.tv_nsec;
+#else
+ usbp->st_atime = sbp->st_atime;
+ usbp->st_atimensec = sbp->st_atimensec;
+ usbp->st_mtime = sbp->st_mtime;
+ usbp->st_mtimensec = sbp->st_mtimensec;
+ usbp->st_ctime = sbp->st_ctime;
+ usbp->st_ctimensec = sbp->st_ctimensec;
+#endif
+ usbp->st_size = sbp->st_size;
+ usbp->st_blocks = sbp->st_blocks;
+ usbp->st_blksize = sbp->st_blksize;
+ usbp->st_flags = sbp->st_flags;
+ usbp->st_gen = sbp->st_gen;
+ usbp->st_lspare = sbp->st_lspare;
+ usbp->st_qspare[0] = sbp->st_qspare[0];
+ usbp->st_qspare[1] = sbp->st_qspare[1];
+}
+
+void munge_user32_stat(struct stat *sbp, struct user32_stat *usbp)
{
- bzero(usbp, sizeof(struct user_stat));
+ bzero(usbp, sizeof(*usbp));
usbp->st_dev = sbp->st_dev;
usbp->st_ino = sbp->st_ino;
/*
* copy stat64 structure into user_stat64 structure.
*/
-void munge_stat64(struct stat64 *sbp, struct user_stat64 *usbp)
+void munge_user64_stat64(struct stat64 *sbp, struct user64_stat64 *usbp)
+{
+ bzero(usbp, sizeof(*usbp));
+
+ usbp->st_dev = sbp->st_dev;
+ usbp->st_ino = sbp->st_ino;
+ usbp->st_mode = sbp->st_mode;
+ usbp->st_nlink = sbp->st_nlink;
+ usbp->st_uid = sbp->st_uid;
+ usbp->st_gid = sbp->st_gid;
+ usbp->st_rdev = sbp->st_rdev;
+#ifndef _POSIX_C_SOURCE
+ usbp->st_atimespec.tv_sec = sbp->st_atimespec.tv_sec;
+ usbp->st_atimespec.tv_nsec = sbp->st_atimespec.tv_nsec;
+ usbp->st_mtimespec.tv_sec = sbp->st_mtimespec.tv_sec;
+ usbp->st_mtimespec.tv_nsec = sbp->st_mtimespec.tv_nsec;
+ usbp->st_ctimespec.tv_sec = sbp->st_ctimespec.tv_sec;
+ usbp->st_ctimespec.tv_nsec = sbp->st_ctimespec.tv_nsec;
+ usbp->st_birthtimespec.tv_sec = sbp->st_birthtimespec.tv_sec;
+ usbp->st_birthtimespec.tv_nsec = sbp->st_birthtimespec.tv_nsec;
+#else
+ usbp->st_atime = sbp->st_atime;
+ usbp->st_atimensec = sbp->st_atimensec;
+ usbp->st_mtime = sbp->st_mtime;
+ usbp->st_mtimensec = sbp->st_mtimensec;
+ usbp->st_ctime = sbp->st_ctime;
+ usbp->st_ctimensec = sbp->st_ctimensec;
+ usbp->st_birthtime = sbp->st_birthtime;
+ usbp->st_birthtimensec = sbp->st_birthtimensec;
+#endif
+ usbp->st_size = sbp->st_size;
+ usbp->st_blocks = sbp->st_blocks;
+ usbp->st_blksize = sbp->st_blksize;
+ usbp->st_flags = sbp->st_flags;
+ usbp->st_gen = sbp->st_gen;
+ usbp->st_lspare = sbp->st_lspare;
+ usbp->st_qspare[0] = sbp->st_qspare[0];
+ usbp->st_qspare[1] = sbp->st_qspare[1];
+}
+
+void munge_user32_stat64(struct stat64 *sbp, struct user32_stat64 *usbp)
{
- bzero(usbp, sizeof(struct user_stat));
+ bzero(usbp, sizeof(*usbp));
usbp->st_dev = sbp->st_dev;
usbp->st_ino = sbp->st_ino;
projects / apple / xnu.git / blobdiff