+ } else {
+ lookup_consider_update_cache(ndp->ni_dvp, dp, cnp, nc_generation);
+ }
+
+ /*
+ * Check to see if the vnode has been mounted on...
+ * if so find the root of the mounted file system.
+ * Updates ndp->ni_vp.
+ */
+ error = lookup_traverse_mountpoints(ndp, cnp, dp, vbusyflags, ctx);
+ dp = ndp->ni_vp;
+ if (error) {
+ goto out;
+ }
+
+#if CONFIG_MACF
+ if (vfs_flags(vnode_mount(dp)) & MNT_MULTILABEL) {
+ error = vnode_label(vnode_mount(dp), NULL, dp, NULL, 0, ctx);
+ if (error) {
+ goto out;
+ }
+ }
+#endif
+
+ /*
+ * Check for symbolic link
+ */
+ if ((dp->v_type == VLNK) &&
+ ((cnp->cn_flags & FOLLOW) || (ndp->ni_flag & NAMEI_TRAILINGSLASH) || *ndp->ni_next == '/')) {
+ cnp->cn_flags |= ISSYMLINK;
+ *keep_going = 1;
+ return 0;
+ }
+
+ /*
+ * Check for bogus trailing slashes.
+ */
+ if ((ndp->ni_flag & NAMEI_TRAILINGSLASH)) {
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
+ ndp->ni_flag &= ~(NAMEI_TRAILINGSLASH);
+ }
+
+#if NAMEDSTREAMS
+ /*
+ * Deny namei/lookup requests to resolve paths that point to shadow files.
+ * Access to shadow files must be conducted by explicit calls to VNOP_LOOKUP
+ * directly, and not use lookup/namei
+ */
+ if (vnode_isshadow(dp)) {
+ error = ENOENT;
+ goto out;
+ }
+#endif
+
+nextname:
+ /*
+ * Not a symbolic link. If more pathname,
+ * continue at next component, else return.
+ *
+ * Definitely have a dvp if there's another slash
+ */
+ if (*ndp->ni_next == '/') {
+ cnp->cn_nameptr = ndp->ni_next + 1;
+ ndp->ni_pathlen--;
+ while (*cnp->cn_nameptr == '/') {
+ cnp->cn_nameptr++;
+ ndp->ni_pathlen--;
+ }
+
+ cp = cnp->cn_nameptr;
+ vnode_put(ndp->ni_dvp);
+ ndp->ni_dvp = NULLVP;
+
+ if (*cp == '\0') {
+ goto emptyname;
+ }
+
+ *keep_going = 1;
+ return 0;
+ }
+
+ /*
+ * Disallow directory write attempts on read-only file systems.
+ */
+ if (rdonly &&
+ (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
+ error = EROFS;
+ goto out;
+ }
+
+ /* If SAVESTART is set, we should have a dvp */
+ if (cnp->cn_flags & SAVESTART) {
+ /*
+ * note that we already hold a reference
+ * on both dp and ni_dvp, but for some reason
+ * can't get another one... in this case we
+ * need to do vnode_put on dp in 'bad2'
+ */
+ if ((vnode_get(ndp->ni_dvp))) {
+ error = ENOENT;
+ goto out;
+ }
+ ndp->ni_startdir = ndp->ni_dvp;
+ }
+ if (!wantparent && ndp->ni_dvp) {
+ vnode_put(ndp->ni_dvp);
+ ndp->ni_dvp = NULLVP;
+ }
+
+ if (cnp->cn_flags & AUDITVNPATH1) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE1);
+ } else if (cnp->cn_flags & AUDITVNPATH2) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE2);
+ }
+
+#if NAMEDRSRCFORK
+ /*
+ * Caller wants the resource fork.
+ */
+ if ((cnp->cn_flags & CN_WANTSRSRCFORK) && (dp != NULLVP)) {
+ error = lookup_handle_rsrc_fork(dp, ndp, cnp, wantparent, ctx);
+ if (error != 0) {
+ goto out;
+ }
+
+ dp = ndp->ni_vp;
+ }
+#endif
+ if (kdebug_enable) {
+ kdebug_lookup(ndp->ni_vp, cnp);
+ }
+
+ return 0;
+
+emptyname:
+ error = lookup_handle_emptyname(ndp, cnp, wantparent);
+ if (error != 0) {
+ goto out;
+ }
+
+ return 0;
+out:
+ return error;
+}
+
+/*
+ * Comes in iocount on ni_vp. May overwrite ni_dvp, but doesn't interpret incoming value.
+ */
+static int
+lookup_handle_emptyname(struct nameidata *ndp, struct componentname *cnp, int wantparent)
+{
+ vnode_t dp;
+ int error = 0;
+
+ dp = ndp->ni_vp;
+ cnp->cn_namelen = 0;
+ /*
+ * A degenerate name (e.g. / or "") which is a way of
+ * talking about a directory, e.g. like "/." or ".".
+ */
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
+ if (cnp->cn_nameiop != LOOKUP) {
+ error = EISDIR;
+ goto out;
+ }
+ if (wantparent) {
+ /*
+ * note that we already hold a reference
+ * on dp, but for some reason can't
+ * get another one... in this case we
+ * need to do vnode_put on dp in 'bad'
+ */
+ if ((vnode_get(dp))) {
+ error = ENOENT;
+ goto out;
+ }
+ ndp->ni_dvp = dp;
+ }
+ cnp->cn_flags &= ~ISDOTDOT;
+ cnp->cn_flags |= ISLASTCN;
+ ndp->ni_next = cnp->cn_nameptr;
+ ndp->ni_vp = dp;
+
+ if (cnp->cn_flags & AUDITVNPATH1) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE1);
+ } else if (cnp->cn_flags & AUDITVNPATH2) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE2);
+ }
+ if (cnp->cn_flags & SAVESTART) {
+ panic("lookup: SAVESTART");
+ }
+
+ return 0;
+out:
+ return error;
+}
+/*
+ * Search a pathname.
+ * This is a very central and rather complicated routine.
+ *
+ * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
+ * The starting directory is taken from ni_startdir. The pathname is
+ * descended until done, or a symbolic link is encountered. The variable
+ * ni_more is clear if the path is completed; it is set to one if a
+ * symbolic link needing interpretation is encountered.
+ *
+ * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
+ * whether the name is to be looked up, created, renamed, or deleted.
+ * When CREATE, RENAME, or DELETE is specified, information usable in
+ * creating, renaming, or deleting a directory entry may be calculated.
+ * If flag has LOCKPARENT or'ed into it, the parent directory is returned
+ * locked. If flag has WANTPARENT or'ed into it, the parent directory is
+ * returned unlocked. Otherwise the parent directory is not returned. If
+ * the target of the pathname exists and LOCKLEAF is or'ed into the flag
+ * the target is returned locked, otherwise it is returned unlocked.
+ * When creating or renaming and LOCKPARENT is specified, the target may not
+ * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
+ *
+ * Overall outline of lookup:
+ *
+ * dirloop:
+ * identify next component of name at ndp->ni_ptr
+ * handle degenerate case where name is null string
+ * if .. and crossing mount points and on mounted filesys, find parent
+ * call VNOP_LOOKUP routine for next component name
+ * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
+ * component vnode returned in ni_vp (if it exists), locked.
+ * if result vnode is mounted on and crossing mount points,
+ * find mounted on vnode
+ * if more components of name, do next level at dirloop
+ * return the answer in ni_vp, locked if LOCKLEAF set
+ * if LOCKPARENT set, return locked parent in ni_dvp
+ * if WANTPARENT set, return unlocked parent in ni_dvp
+ *
+ * Returns: 0 Success
+ * ENOENT No such file or directory
+ * EBADF Bad file descriptor
+ * ENOTDIR Not a directory
+ * EROFS Read-only file system [CREATE]
+ * EISDIR Is a directory [CREATE]
+ * cache_lookup_path:ERECYCLE (vnode was recycled from underneath us, redrive lookup again)
+ * vnode_authorize:EROFS
+ * vnode_authorize:EACCES
+ * vnode_authorize:EPERM
+ * vnode_authorize:???
+ * VNOP_LOOKUP:ENOENT No such file or directory
+ * VNOP_LOOKUP:EJUSTRETURN Restart system call (INTERNAL)
+ * VNOP_LOOKUP:???
+ * VFS_ROOT:ENOTSUP
+ * VFS_ROOT:ENOENT
+ * VFS_ROOT:???
+ */
+int
+lookup(struct nameidata *ndp)
+{
+ char *cp; /* pointer into pathname argument */
+ vnode_t tdp; /* saved dp */
+ vnode_t dp; /* the directory we are searching */
+ int docache = 1; /* == 0 do not cache last component */
+ int wantparent; /* 1 => wantparent or lockparent flag */
+ int rdonly; /* lookup read-only flag bit */
+ int dp_authorized = 0;
+ int error = 0;
+ struct componentname *cnp = &ndp->ni_cnd;
+ vfs_context_t ctx = cnp->cn_context;
+ int vbusyflags = 0;
+ int nc_generation = 0;
+ vnode_t last_dp = NULLVP;
+ int keep_going;
+ int atroot;
+
+ /*
+ * Setup: break out flag bits into variables.
+ */
+ if (cnp->cn_flags & NOCACHE) {
+ docache = 0;
+ }
+ wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
+ rdonly = cnp->cn_flags & RDONLY;
+ cnp->cn_flags &= ~ISSYMLINK;
+ cnp->cn_consume = 0;
+
+ dp = ndp->ni_startdir;
+ ndp->ni_startdir = NULLVP;
+
+ if ((cnp->cn_flags & CN_NBMOUNTLOOK) != 0) {
+ vbusyflags = LK_NOWAIT;
+ }
+ cp = cnp->cn_nameptr;
+
+ if (*cp == '\0') {
+ if ((vnode_getwithref(dp))) {
+ dp = NULLVP;
+ error = ENOENT;
+ goto bad;
+ }
+ ndp->ni_vp = dp;
+ error = lookup_handle_emptyname(ndp, cnp, wantparent);
+ if (error) {
+ goto bad;
+ }
+
+ return 0;
+ }
+dirloop:
+ atroot = 0;
+ ndp->ni_vp = NULLVP;
+
+ if ((error = cache_lookup_path(ndp, cnp, dp, ctx, &dp_authorized, last_dp))) {
+ dp = NULLVP;
+ goto bad;
+ }
+ if ((cnp->cn_flags & ISLASTCN)) {
+ if (docache) {
+ cnp->cn_flags |= MAKEENTRY;
+ }
+ } else {
+ cnp->cn_flags |= MAKEENTRY;
+ }
+
+ dp = ndp->ni_dvp;
+
+ if (ndp->ni_vp != NULLVP) {
+ /*
+ * cache_lookup_path returned a non-NULL ni_vp then,
+ * we're guaranteed that the dp is a VDIR, it's
+ * been authorized, and vp is not ".."
+ *
+ * make sure we don't try to enter the name back into
+ * the cache if this vp is purged before we get to that
+ * check since we won't have serialized behind whatever
+ * activity is occurring in the FS that caused the purge
+ */
+ if (dp != NULLVP) {
+ nc_generation = dp->v_nc_generation - 1;
+ }
+
+ goto returned_from_lookup_path;
+ }
+
+ /*
+ * Handle "..": two special cases.
+ * 1. If at root directory (e.g. after chroot)
+ * or at absolute root directory
+ * then ignore it so can't get out.
+ * 2. If this vnode is the root of a mounted
+ * filesystem, then replace it with the
+ * vnode which was mounted on so we take the
+ * .. in the other file system.
+ */
+ if ((cnp->cn_flags & ISDOTDOT)) {
+ /*
+ * if this is a chroot'ed process, check if the current
+ * directory is still a subdirectory of the process's
+ * root directory.
+ */
+ if (ndp->ni_rootdir && (ndp->ni_rootdir != rootvnode) &&
+ dp != ndp->ni_rootdir) {
+ int sdir_error;
+ int is_subdir = FALSE;
+
+ sdir_error = vnode_issubdir(dp, ndp->ni_rootdir,
+ &is_subdir, vfs_context_kernel());
+
+ /*
+ * If we couldn't determine if dp is a subdirectory of
+ * ndp->ni_rootdir (sdir_error != 0), we let the request
+ * proceed.
+ */
+ if (!sdir_error && !is_subdir) {
+ vnode_put(dp);
+ dp = ndp->ni_rootdir;
+ /*
+ * There's a ref on the process's root directory
+ * but we can't use vnode_getwithref here as
+ * there is nothing preventing that ref being
+ * released by another thread.
+ */
+ if (vnode_get(dp)) {
+ error = ENOENT;
+ goto bad;
+ }
+ }
+ }
+
+ for (;;) {
+ if (dp == ndp->ni_rootdir || dp == rootvnode) {
+ ndp->ni_dvp = dp;
+ ndp->ni_vp = dp;
+ /*
+ * we're pinned at the root
+ * we've already got one reference on 'dp'
+ * courtesy of cache_lookup_path... take
+ * another one for the ".."
+ * if we fail to get the new reference, we'll
+ * drop our original down in 'bad'
+ */
+ if ((vnode_get(dp))) {
+ error = ENOENT;
+ goto bad;
+ }
+ atroot = 1;
+ goto returned_from_lookup_path;
+ }
+ if ((dp->v_flag & VROOT) == 0 ||
+ (cnp->cn_flags & NOCROSSMOUNT)) {
+ break;
+ }
+ if (dp->v_mount == NULL) { /* forced umount */
+ error = EBADF;
+ goto bad;
+ }
+ tdp = dp;
+ dp = tdp->v_mount->mnt_vnodecovered;
+
+ vnode_put(tdp);
+
+ if ((vnode_getwithref(dp))) {
+ dp = NULLVP;
+ error = ENOENT;
+ goto bad;
+ }
+ ndp->ni_dvp = dp;
+ dp_authorized = 0;
+ }
+ }
+
+ /*
+ * We now have a segment name to search for, and a directory to search.
+ */
+unionlookup:
+ ndp->ni_vp = NULLVP;
+
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto lookup_error;
+ }
+ if ((cnp->cn_flags & DONOTAUTH) != DONOTAUTH) {
+ error = lookup_authorize_search(dp, cnp, dp_authorized, ctx);
+ if (error) {
+ goto lookup_error;
+ }
+ }
+
+ /*
+ * Now that we've authorized a lookup, can bail out if the filesystem
+ * will be doing a batched operation. Return an iocount on dvp.
+ */
+#if NAMEDRSRCFORK
+ if ((cnp->cn_flags & ISLASTCN) && namei_compound_available(dp, ndp) && !(cnp->cn_flags & CN_WANTSRSRCFORK)) {
+#else
+ if ((cnp->cn_flags & ISLASTCN) && namei_compound_available(dp, ndp)) {
+#endif /* NAMEDRSRCFORK */
+ ndp->ni_flag |= NAMEI_UNFINISHED;
+ ndp->ni_ncgeneration = dp->v_nc_generation;
+ return 0;
+ }
+
+ nc_generation = dp->v_nc_generation;
+
+ /*
+ * Note:
+ * Filesystems that support hardlinks may want to call vnode_update_identity
+ * if the lookup operation below will modify the in-core vnode to belong to a new point
+ * in the namespace. VFS cannot infer whether or not the look up operation makes the vnode
+ * name change or change parents. Without this, the lookup may make update
+ * filesystem-specific in-core metadata but fail to update the v_parent or v_name
+ * fields in the vnode. If VFS were to do this, it would be necessary to call
+ * vnode_update_identity on every lookup operation -- expensive!
+ *
+ * However, even with this in place, multiple lookups may occur in between this lookup
+ * and the subsequent vnop, so, at best, we could only guarantee that you would get a
+ * valid path back, and not necessarily the one that you wanted.
+ *
+ * Example:
+ * /tmp/a == /foo/b
+ *
+ * If you are now looking up /foo/b and the vnode for this link represents /tmp/a,
+ * vnode_update_identity will fix the parentage so that you can get /foo/b back
+ * through the v_parent chain (preventing you from getting /tmp/b back). It would
+ * not fix whether or not you should or should not get /tmp/a vs. /foo/b.
+ */
+
+ error = VNOP_LOOKUP(dp, &ndp->ni_vp, cnp, ctx);
+
+ if (error) {
+lookup_error:
+ if ((error == ENOENT) &&
+ (dp->v_mount != NULL) &&
+ (dp->v_mount->mnt_flag & MNT_UNION)) {
+ tdp = dp;
+ error = lookup_traverse_union(tdp, &dp, ctx);
+ vnode_put(tdp);
+ if (error) {
+ dp = NULLVP;
+ goto bad;
+ }
+
+ ndp->ni_dvp = dp;
+ dp_authorized = 0;
+ goto unionlookup;
+ }
+
+ if (error != EJUSTRETURN) {
+ goto bad;
+ }
+
+ if (ndp->ni_vp != NULLVP) {
+ panic("leaf should be empty");
+ }
+
+#if NAMEDRSRCFORK
+ /*
+ * At this point, error should be EJUSTRETURN.
+ *
+ * If CN_WANTSRSRCFORK is set, that implies that the
+ * underlying filesystem could not find the "parent" of the
+ * resource fork (the data fork), and we are doing a lookup
+ * for a CREATE event.
+ *
+ * However, this should be converted to an error, as the
+ * failure to find this parent should disallow further
+ * progress to try and acquire a resource fork vnode.
+ */
+ if (cnp->cn_flags & CN_WANTSRSRCFORK) {
+ error = ENOENT;
+ goto bad;
+ }
+#endif
+
+ error = lookup_validate_creation_path(ndp);
+ if (error) {
+ goto bad;
+ }
+ /*
+ * We return with ni_vp NULL to indicate that the entry
+ * doesn't currently exist, leaving a pointer to the
+ * referenced directory vnode in ndp->ni_dvp.
+ */
+ if (cnp->cn_flags & SAVESTART) {
+ if ((vnode_get(ndp->ni_dvp))) {
+ error = ENOENT;
+ goto bad;
+ }
+ ndp->ni_startdir = ndp->ni_dvp;
+ }
+ if (!wantparent) {
+ vnode_put(ndp->ni_dvp);
+ }
+
+ if (kdebug_enable) {
+ kdebug_lookup(ndp->ni_dvp, cnp);
+ }
+ return 0;
+ }
+returned_from_lookup_path:
+ /* We'll always have an iocount on ni_vp when this finishes. */
+ error = lookup_handle_found_vnode(ndp, cnp, rdonly, vbusyflags, &keep_going, nc_generation, wantparent, atroot, ctx);
+ if (error != 0) {
+ goto bad2;
+ }
+
+ if (keep_going) {
+ dp = ndp->ni_vp;
+
+ /* namei() will handle symlinks */
+ if ((dp->v_type == VLNK) &&
+ ((cnp->cn_flags & FOLLOW) || (ndp->ni_flag & NAMEI_TRAILINGSLASH) || *ndp->ni_next == '/')) {
+ return 0;
+ }
+
+ /*
+ * Otherwise, there's more path to process.
+ * cache_lookup_path is now responsible for dropping io ref on dp
+ * when it is called again in the dirloop. This ensures we hold
+ * a ref on dp until we complete the next round of lookup.
+ */
+ last_dp = dp;
+
+ goto dirloop;
+ }
+
+ return 0;
+bad2:
+ if (ndp->ni_dvp) {
+ vnode_put(ndp->ni_dvp);
+ }
+
+ vnode_put(ndp->ni_vp);
+ ndp->ni_vp = NULLVP;
+
+ if (kdebug_enable) {
+ kdebug_lookup(dp, cnp);
+ }
+ return error;
+
+bad:
+ if (dp) {
+ vnode_put(dp);
+ }
+ ndp->ni_vp = NULLVP;
+
+ if (kdebug_enable) {
+ kdebug_lookup(dp, cnp);
+ }
+ return error;
+}
+
+/*
+ * Given a vnode in a union mount, traverse to the equivalent
+ * vnode in the underlying mount.
+ */
+int
+lookup_traverse_union(vnode_t dvp, vnode_t *new_dvp, vfs_context_t ctx)
+{
+ char *path = NULL, *pp;
+ const char *name, *np;
+ int len;
+ int error = 0;
+ struct nameidata nd;
+ vnode_t vp = dvp;
+
+ *new_dvp = NULL;
+
+ if (vp && vp->v_flag & VROOT) {
+ *new_dvp = vp->v_mount->mnt_vnodecovered;
+ if (vnode_getwithref(*new_dvp)) {
+ return ENOENT;
+ }
+ return 0;
+ }
+
+ path = (char *) kalloc(MAXPATHLEN);
+ if (path == NULL) {
+ error = ENOMEM;
+ goto done;
+ }
+
+ /*
+ * Walk back up to the mountpoint following the
+ * v_parent chain and build a slash-separated path.
+ * Then lookup that path starting with the covered vnode.
+ */
+ pp = path + (MAXPATHLEN - 1);
+ *pp = '\0';
+
+ while (1) {
+ name = vnode_getname(vp);
+ if (name == NULL) {
+ printf("lookup_traverse_union: null parent name: .%s\n", pp);
+ error = ENOENT;
+ goto done;
+ }
+ len = strlen(name);
+ if ((len + 1) > (pp - path)) { // Enough space for this name ?
+ error = ENAMETOOLONG;
+ vnode_putname(name);
+ goto done;
+ }
+ for (np = name + len; len > 0; len--) { // Copy name backwards
+ *--pp = *--np;
+ }
+ vnode_putname(name);
+ vp = vp->v_parent;
+ if (vp == NULLVP || vp->v_flag & VROOT) {
+ break;
+ }
+ *--pp = '/';
+ }
+
+ /* Evaluate the path in the underlying mount */
+ NDINIT(&nd, LOOKUP, OP_LOOKUP, USEDVP, UIO_SYSSPACE, CAST_USER_ADDR_T(pp), ctx);
+ nd.ni_dvp = dvp->v_mount->mnt_vnodecovered;
+ error = namei(&nd);
+ if (error == 0) {
+ *new_dvp = nd.ni_vp;