+ error = lookup_traverse_mountpoints(ndp, cnp, dp, vbusyflags, ctx);
+ dp = ndp->ni_vp;
+ if (error) {
+ goto out;
+ }
+
+#if CONFIG_MACF
+ if (vfs_flags(vnode_mount(dp)) & MNT_MULTILABEL) {
+ error = vnode_label(vnode_mount(dp), NULL, dp, NULL, 0, ctx);
+ if (error)
+ goto out;
+ }
+#endif
+
+ /*
+ * Check for symbolic link
+ */
+ if ((dp->v_type == VLNK) &&
+ ((cnp->cn_flags & FOLLOW) || (ndp->ni_flag & NAMEI_TRAILINGSLASH) || *ndp->ni_next == '/')) {
+ cnp->cn_flags |= ISSYMLINK;
+ *keep_going = 1;
+ return (0);
+ }
+
+ /*
+ * Check for bogus trailing slashes.
+ */
+ if ((ndp->ni_flag & NAMEI_TRAILINGSLASH)) {
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
+ ndp->ni_flag &= ~(NAMEI_TRAILINGSLASH);
+ }
+
+#if NAMEDSTREAMS
+ /*
+ * Deny namei/lookup requests to resolve paths that point to shadow files.
+ * Access to shadow files must be conducted by explicit calls to VNOP_LOOKUP
+ * directly, and not use lookup/namei
+ */
+ if (vnode_isshadow (dp)) {
+ error = ENOENT;
+ goto out;
+ }
+#endif
+
+nextname:
+ /*
+ * Not a symbolic link. If more pathname,
+ * continue at next component, else return.
+ *
+ * Definitely have a dvp if there's another slash
+ */
+ if (*ndp->ni_next == '/') {
+ cnp->cn_nameptr = ndp->ni_next + 1;
+ ndp->ni_pathlen--;
+ while (*cnp->cn_nameptr == '/') {
+ cnp->cn_nameptr++;
+ ndp->ni_pathlen--;
+ }
+
+ cp = cnp->cn_nameptr;
+ vnode_put(ndp->ni_dvp);
+ ndp->ni_dvp = NULLVP;
+
+ if (*cp == '\0') {
+ goto emptyname;
+ }
+
+ *keep_going = 1;
+ return 0;
+ }
+
+ /*
+ * Disallow directory write attempts on read-only file systems.
+ */
+ if (rdonly &&
+ (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
+ error = EROFS;
+ goto out;
+ }
+
+ /* If SAVESTART is set, we should have a dvp */
+ if (cnp->cn_flags & SAVESTART) {
+ /*
+ * note that we already hold a reference
+ * on both dp and ni_dvp, but for some reason
+ * can't get another one... in this case we
+ * need to do vnode_put on dp in 'bad2'
+ */
+ if ( (vnode_get(ndp->ni_dvp)) ) {
+ error = ENOENT;
+ goto out;
+ }
+ ndp->ni_startdir = ndp->ni_dvp;
+ }
+ if (!wantparent && ndp->ni_dvp) {
+ vnode_put(ndp->ni_dvp);
+ ndp->ni_dvp = NULLVP;
+ }
+
+ if (cnp->cn_flags & AUDITVNPATH1)
+ AUDIT_ARG(vnpath, dp, ARG_VNODE1);
+ else if (cnp->cn_flags & AUDITVNPATH2)
+ AUDIT_ARG(vnpath, dp, ARG_VNODE2);
+
+#if NAMEDRSRCFORK
+ /*
+ * Caller wants the resource fork.
+ */
+ if ((cnp->cn_flags & CN_WANTSRSRCFORK) && (dp != NULLVP)) {
+ error = lookup_handle_rsrc_fork(dp, ndp, cnp, wantparent, ctx);
+ if (error != 0)
+ goto out;
+
+ dp = ndp->ni_vp;
+ }
+#endif
+ if (kdebug_enable)
+ kdebug_lookup(ndp->ni_vp, cnp);
+
+ return 0;
+
+emptyname:
+ error = lookup_handle_emptyname(ndp, cnp, wantparent);
+ if (error != 0)
+ goto out;
+
+ return 0;
+out:
+ return error;
+
+}
+
+/*
+ * Comes in iocount on ni_vp. May overwrite ni_dvp, but doesn't interpret incoming value.
+ */
+static int
+lookup_handle_emptyname(struct nameidata *ndp, struct componentname *cnp, int wantparent)
+{
+ vnode_t dp;
+ int error = 0;
+
+ dp = ndp->ni_vp;
+ cnp->cn_namelen = 0;
+ /*
+ * A degenerate name (e.g. / or "") which is a way of
+ * talking about a directory, e.g. like "/." or ".".
+ */
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
+ if (cnp->cn_nameiop != LOOKUP) {
+ error = EISDIR;
+ goto out;
+ }
+ if (wantparent) {
+ /*
+ * note that we already hold a reference
+ * on dp, but for some reason can't
+ * get another one... in this case we
+ * need to do vnode_put on dp in 'bad'
+ */
+ if ( (vnode_get(dp)) ) {
+ error = ENOENT;
+ goto out;
+ }
+ ndp->ni_dvp = dp;
+ }
+ cnp->cn_flags &= ~ISDOTDOT;
+ cnp->cn_flags |= ISLASTCN;
+ ndp->ni_next = cnp->cn_nameptr;
+ ndp->ni_vp = dp;
+
+ if (cnp->cn_flags & AUDITVNPATH1)
+ AUDIT_ARG(vnpath, dp, ARG_VNODE1);
+ else if (cnp->cn_flags & AUDITVNPATH2)
+ AUDIT_ARG(vnpath, dp, ARG_VNODE2);
+ if (cnp->cn_flags & SAVESTART)
+ panic("lookup: SAVESTART");
+
+ return 0;
+out:
+ return error;
+}
+/*
+ * Search a pathname.
+ * This is a very central and rather complicated routine.
+ *
+ * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
+ * The starting directory is taken from ni_startdir. The pathname is
+ * descended until done, or a symbolic link is encountered. The variable
+ * ni_more is clear if the path is completed; it is set to one if a
+ * symbolic link needing interpretation is encountered.
+ *
+ * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
+ * whether the name is to be looked up, created, renamed, or deleted.
+ * When CREATE, RENAME, or DELETE is specified, information usable in
+ * creating, renaming, or deleting a directory entry may be calculated.
+ * If flag has LOCKPARENT or'ed into it, the parent directory is returned
+ * locked. If flag has WANTPARENT or'ed into it, the parent directory is
+ * returned unlocked. Otherwise the parent directory is not returned. If
+ * the target of the pathname exists and LOCKLEAF is or'ed into the flag
+ * the target is returned locked, otherwise it is returned unlocked.
+ * When creating or renaming and LOCKPARENT is specified, the target may not
+ * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
+ *
+ * Overall outline of lookup:
+ *
+ * dirloop:
+ * identify next component of name at ndp->ni_ptr
+ * handle degenerate case where name is null string
+ * if .. and crossing mount points and on mounted filesys, find parent
+ * call VNOP_LOOKUP routine for next component name
+ * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
+ * component vnode returned in ni_vp (if it exists), locked.
+ * if result vnode is mounted on and crossing mount points,
+ * find mounted on vnode
+ * if more components of name, do next level at dirloop
+ * return the answer in ni_vp, locked if LOCKLEAF set
+ * if LOCKPARENT set, return locked parent in ni_dvp
+ * if WANTPARENT set, return unlocked parent in ni_dvp
+ *
+ * Returns: 0 Success
+ * ENOENT No such file or directory
+ * EBADF Bad file descriptor
+ * ENOTDIR Not a directory
+ * EROFS Read-only file system [CREATE]
+ * EISDIR Is a directory [CREATE]
+ * cache_lookup_path:ERECYCLE (vnode was recycled from underneath us, redrive lookup again)
+ * vnode_authorize:EROFS
+ * vnode_authorize:EACCES
+ * vnode_authorize:EPERM
+ * vnode_authorize:???
+ * VNOP_LOOKUP:ENOENT No such file or directory
+ * VNOP_LOOKUP:EJUSTRETURN Restart system call (INTERNAL)
+ * VNOP_LOOKUP:???
+ * VFS_ROOT:ENOTSUP
+ * VFS_ROOT:ENOENT
+ * VFS_ROOT:???
+ */
+int
+lookup(struct nameidata *ndp)
+{
+ char *cp; /* pointer into pathname argument */
+ vnode_t tdp; /* saved dp */
+ vnode_t dp; /* the directory we are searching */
+ int docache = 1; /* == 0 do not cache last component */
+ int wantparent; /* 1 => wantparent or lockparent flag */
+ int rdonly; /* lookup read-only flag bit */
+ int dp_authorized = 0;
+ int error = 0;
+ struct componentname *cnp = &ndp->ni_cnd;
+ vfs_context_t ctx = cnp->cn_context;
+ int vbusyflags = 0;
+ int nc_generation = 0;
+ vnode_t last_dp = NULLVP;
+ int keep_going;
+ int atroot;
+
+ /*
+ * Setup: break out flag bits into variables.
+ */
+ if (cnp->cn_flags & NOCACHE) {
+ docache = 0;
+ }
+ wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
+ rdonly = cnp->cn_flags & RDONLY;
+ cnp->cn_flags &= ~ISSYMLINK;
+ cnp->cn_consume = 0;
+
+ dp = ndp->ni_startdir;
+ ndp->ni_startdir = NULLVP;
+
+ if ((cnp->cn_flags & CN_NBMOUNTLOOK) != 0)
+ vbusyflags = LK_NOWAIT;
+ cp = cnp->cn_nameptr;
+
+ if (*cp == '\0') {
+ if ( (vnode_getwithref(dp)) ) {
+ dp = NULLVP;
+ error = ENOENT;
+ goto bad;
+ }
+ ndp->ni_vp = dp;
+ error = lookup_handle_emptyname(ndp, cnp, wantparent);
+ if (error) {
+ goto bad;
+ }
+
+ return 0;
+ }
+dirloop:
+ atroot = 0;
+ ndp->ni_vp = NULLVP;
+
+ if ( (error = cache_lookup_path(ndp, cnp, dp, ctx, &dp_authorized, last_dp)) ) {
+ dp = NULLVP;
+ goto bad;
+ }
+ if ((cnp->cn_flags & ISLASTCN)) {
+ if (docache)
+ cnp->cn_flags |= MAKEENTRY;
+ } else
+ cnp->cn_flags |= MAKEENTRY;
+
+ dp = ndp->ni_dvp;
+
+ if (ndp->ni_vp != NULLVP) {
+ /*
+ * cache_lookup_path returned a non-NULL ni_vp then,
+ * we're guaranteed that the dp is a VDIR, it's
+ * been authorized, and vp is not ".."
+ *
+ * make sure we don't try to enter the name back into
+ * the cache if this vp is purged before we get to that
+ * check since we won't have serialized behind whatever
+ * activity is occurring in the FS that caused the purge
+ */
+ if (dp != NULLVP)
+ nc_generation = dp->v_nc_generation - 1;
+
+ goto returned_from_lookup_path;
+ }
+
+ /*
+ * Handle "..": two special cases.
+ * 1. If at root directory (e.g. after chroot)
+ * or at absolute root directory
+ * then ignore it so can't get out.
+ * 2. If this vnode is the root of a mounted
+ * filesystem, then replace it with the
+ * vnode which was mounted on so we take the
+ * .. in the other file system.
+ */
+ if ( (cnp->cn_flags & ISDOTDOT) ) {
+ /*
+ * if this is a chroot'ed process, check if the current
+ * directory is still a subdirectory of the process's
+ * root directory.
+ */
+ if (ndp->ni_rootdir && (ndp->ni_rootdir != rootvnode) &&
+ dp != ndp->ni_rootdir) {
+ int sdir_error;
+ int is_subdir = FALSE;
+
+ sdir_error = vnode_issubdir(dp, ndp->ni_rootdir,
+ &is_subdir, vfs_context_kernel());
+
+ /*
+ * If we couldn't determine if dp is a subdirectory of
+ * ndp->ni_rootdir (sdir_error != 0), we let the request
+ * proceed.
+ */
+ if (!sdir_error && !is_subdir) {
+ vnode_put(dp);
+ dp = ndp->ni_rootdir;
+ /*
+ * There's a ref on the process's root directory
+ * but we can't use vnode_getwithref here as
+ * there is nothing preventing that ref being
+ * released by another thread.
+ */
+ if (vnode_get(dp)) {
+ error = ENOENT;
+ goto bad;
+ }
+ }
+ }
+
+ for (;;) {
+ if (dp == ndp->ni_rootdir || dp == rootvnode) {
+ ndp->ni_dvp = dp;
+ ndp->ni_vp = dp;
+ /*
+ * we're pinned at the root
+ * we've already got one reference on 'dp'
+ * courtesy of cache_lookup_path... take
+ * another one for the ".."
+ * if we fail to get the new reference, we'll
+ * drop our original down in 'bad'
+ */
+ if ( (vnode_get(dp)) ) {
+ error = ENOENT;
+ goto bad;
+ }
+ atroot = 1;
+ goto returned_from_lookup_path;
+ }
+ if ((dp->v_flag & VROOT) == 0 ||
+ (cnp->cn_flags & NOCROSSMOUNT))
+ break;
+ if (dp->v_mount == NULL) { /* forced umount */
+ error = EBADF;
+ goto bad;
+ }
+ tdp = dp;
+ dp = tdp->v_mount->mnt_vnodecovered;
+
+ vnode_put(tdp);
+
+ if ( (vnode_getwithref(dp)) ) {
+ dp = NULLVP;
+ error = ENOENT;
+ goto bad;
+ }
+ ndp->ni_dvp = dp;
+ dp_authorized = 0;
+ }
+ }
+
+ /*
+ * We now have a segment name to search for, and a directory to search.
+ */
+unionlookup:
+ ndp->ni_vp = NULLVP;
+
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto lookup_error;
+ }
+ if ( (cnp->cn_flags & DONOTAUTH) != DONOTAUTH ) {
+ error = lookup_authorize_search(dp, cnp, dp_authorized, ctx);
+ if (error) {
+ goto lookup_error;
+ }
+ }
+
+ /*
+ * Now that we've authorized a lookup, can bail out if the filesystem
+ * will be doing a batched operation. Return an iocount on dvp.
+ */
+#if NAMEDRSRCFORK
+ if ((cnp->cn_flags & ISLASTCN) && namei_compound_available(dp, ndp) && !(cnp->cn_flags & CN_WANTSRSRCFORK)) {
+#else
+ if ((cnp->cn_flags & ISLASTCN) && namei_compound_available(dp, ndp)) {
+#endif /* NAMEDRSRCFORK */
+ ndp->ni_flag |= NAMEI_UNFINISHED;
+ ndp->ni_ncgeneration = dp->v_nc_generation;
+ return 0;
+ }
+
+ nc_generation = dp->v_nc_generation;
+
+ /*
+ * Note:
+ * Filesystems that support hardlinks may want to call vnode_update_identity
+ * if the lookup operation below will modify the in-core vnode to belong to a new point
+ * in the namespace. VFS cannot infer whether or not the look up operation makes the vnode
+ * name change or change parents. Without this, the lookup may make update
+ * filesystem-specific in-core metadata but fail to update the v_parent or v_name
+ * fields in the vnode. If VFS were to do this, it would be necessary to call
+ * vnode_update_identity on every lookup operation -- expensive!
+ *
+ * However, even with this in place, multiple lookups may occur in between this lookup
+ * and the subsequent vnop, so, at best, we could only guarantee that you would get a
+ * valid path back, and not necessarily the one that you wanted.
+ *
+ * Example:
+ * /tmp/a == /foo/b
+ *
+ * If you are now looking up /foo/b and the vnode for this link represents /tmp/a,
+ * vnode_update_identity will fix the parentage so that you can get /foo/b back
+ * through the v_parent chain (preventing you from getting /tmp/b back). It would
+ * not fix whether or not you should or should not get /tmp/a vs. /foo/b.
+ */
+
+ error = VNOP_LOOKUP(dp, &ndp->ni_vp, cnp, ctx);
+
+ if ( error ) {
+lookup_error:
projects / apple / xnu.git / blobdiff