+ }
+ }
+ if ((cnp->cn_flags & MAKEENTRY) && (vp->v_flag & VNCACHEABLE) && LIST_FIRST(&vp->v_nclinks) == NULL) {
+ /*
+ * missing from name cache, but should
+ * be in it... this can happen if volfs
+ * causes the vnode to be created or the
+ * name cache entry got recycled but the
+ * vnode didn't...
+ * check to make sure that ni_dvp is valid
+ * cache_lookup_path may return a NULL
+ * do a quick check to see if the generation of the
+ * directory matches our snapshot... this will get
+ * rechecked behind the name cache lock, but if it
+ * already fails to match, no need to go any further
+ */
+ if (dvp != NULLVP && (nc_generation == dvp->v_nc_generation) && (!isdot_or_dotdot)) {
+ cache_enter_with_gen(dvp, vp, cnp, nc_generation);
+ }
+ }
+}
+
+#if NAMEDRSRCFORK
+/*
+ * Can change ni_dvp and ni_vp. On success, returns with iocounts on stream vnode (always) and
+ * data fork if requested. On failure, returns with iocount data fork (always) and its parent directory
+ * (if one was provided).
+ */
+static int
+lookup_handle_rsrc_fork(vnode_t dp, struct nameidata *ndp, struct componentname *cnp, int wantparent, vfs_context_t ctx)
+{
+ vnode_t svp = NULLVP;
+ enum nsoperation nsop;
+ int nsflags;
+ int error;
+
+ if (dp->v_type != VREG) {
+ error = ENOENT;
+ goto out;
+ }
+ switch (cnp->cn_nameiop) {
+ case DELETE:
+ if (cnp->cn_flags & CN_ALLOWRSRCFORK) {
+ nsop = NS_DELETE;
+ } else {
+ error = EPERM;
+ goto out;
+ }
+ break;
+ case CREATE:
+ if (cnp->cn_flags & CN_ALLOWRSRCFORK) {
+ nsop = NS_CREATE;
+ } else {
+ error = EPERM;
+ goto out;
+ }
+ break;
+ case LOOKUP:
+ /* Make sure our lookup of "/..namedfork/rsrc" is allowed. */
+ if (cnp->cn_flags & CN_ALLOWRSRCFORK) {
+ nsop = NS_OPEN;
+ } else {
+ error = EPERM;
+ goto out;
+ }
+ break;
+ default:
+ error = EPERM;
+ goto out;
+ }
+
+ nsflags = 0;
+ if (cnp->cn_flags & CN_RAW_ENCRYPTED) {
+ nsflags |= NS_GETRAWENCRYPTED;
+ }
+
+ /* Ask the file system for the resource fork. */
+ error = vnode_getnamedstream(dp, &svp, XATTR_RESOURCEFORK_NAME, nsop, nsflags, ctx);
+
+ /* During a create, it OK for stream vnode to be missing. */
+ if (error == ENOATTR || error == ENOENT) {
+ error = (nsop == NS_CREATE) ? 0 : ENOENT;
+ }
+ if (error) {
+ goto out;
+ }
+ /* The "parent" of the stream is the file. */
+ if (wantparent) {
+ if (ndp->ni_dvp) {
+ vnode_put(ndp->ni_dvp);
+ }
+ ndp->ni_dvp = dp;
+ } else {
+ vnode_put(dp);
+ }
+ ndp->ni_vp = svp; /* on create this may be null */
+
+ /* Restore the truncated pathname buffer (for audits). */
+ if (ndp->ni_pathlen == 1 && ndp->ni_next[0] == '\0') {
+ /*
+ * While we replaced only '/' with '\0' and would ordinarily
+ * need to just switch that back, the buffer in which we did
+ * this may not be what the pathname buffer is now when symlinks
+ * are involved. If we just restore the "/" we will make the
+ * string not terminated anymore, so be safe and restore the
+ * entire suffix.
+ */
+ strncpy(ndp->ni_next, _PATH_RSRCFORKSPEC, sizeof(_PATH_RSRCFORKSPEC));
+ cnp->cn_nameptr = ndp->ni_next + 1;
+ cnp->cn_namelen = sizeof(_PATH_RSRCFORKSPEC) - 1;
+ ndp->ni_next += cnp->cn_namelen;
+ if (ndp->ni_next[0] != '\0') {
+ panic("Incorrect termination of path in %s", __FUNCTION__);
+ }
+ }
+ cnp->cn_flags &= ~MAKEENTRY;
+
+ return 0;
+out:
+ return error;
+}
+#endif /* NAMEDRSRCFORK */
+
+/*
+ * iocounts in:
+ * --One on ni_vp. One on ni_dvp if there is more path, or we didn't come through the
+ * cache, or we came through the cache and the caller doesn't want the parent.
+ *
+ * iocounts out:
+ * --Leaves us in the correct state for the next step, whatever that might be.
+ * --If we find a symlink, returns with iocounts on both ni_vp and ni_dvp.
+ * --If we are to look up another component, then we have an iocount on ni_vp and
+ * nothing else.
+ * --If we are done, returns an iocount on ni_vp, and possibly on ni_dvp depending on nameidata flags.
+ * --In the event of an error, may return with ni_dvp NULL'ed out (in which case, iocount
+ * was dropped).
+ */
+static int
+lookup_handle_found_vnode(struct nameidata *ndp, struct componentname *cnp, int rdonly,
+ int vbusyflags, int *keep_going, int nc_generation,
+ int wantparent, int atroot, vfs_context_t ctx)
+{
+ vnode_t dp;
+ int error;
+ char *cp;
+
+ dp = ndp->ni_vp;
+ *keep_going = 0;
+
+ if (ndp->ni_vp == NULLVP) {
+ panic("NULL ni_vp in %s\n", __FUNCTION__);
+ }
+
+ if (atroot) {
+ goto nextname;
+ }
+
+ /*
+ * Take into account any additional components consumed by
+ * the underlying filesystem.
+ */
+ if (cnp->cn_consume > 0) {
+ cnp->cn_nameptr += cnp->cn_consume;
+ ndp->ni_next += cnp->cn_consume;
+ ndp->ni_pathlen -= cnp->cn_consume;
+ cnp->cn_consume = 0;
+ } else {
+ lookup_consider_update_cache(ndp->ni_dvp, dp, cnp, nc_generation);
+ }
+
+ /*
+ * Check to see if the vnode has been mounted on...
+ * if so find the root of the mounted file system.
+ * Updates ndp->ni_vp.
+ */
+ error = lookup_traverse_mountpoints(ndp, cnp, dp, vbusyflags, ctx);
+ dp = ndp->ni_vp;
+ if (error) {
+ goto out;
+ }
+
+#if CONFIG_MACF
+ if (vfs_flags(vnode_mount(dp)) & MNT_MULTILABEL) {
+ error = vnode_label(vnode_mount(dp), NULL, dp, NULL, 0, ctx);
+ if (error) {
+ goto out;
+ }
+ }
+#endif
+
+ /*
+ * Check for symbolic link
+ */
+ if ((dp->v_type == VLNK) &&
+ ((cnp->cn_flags & FOLLOW) || (ndp->ni_flag & NAMEI_TRAILINGSLASH) || *ndp->ni_next == '/')) {
+ cnp->cn_flags |= ISSYMLINK;
+ *keep_going = 1;
+ return 0;
+ }
+
+ /*
+ * Check for bogus trailing slashes.
+ */
+ if ((ndp->ni_flag & NAMEI_TRAILINGSLASH)) {
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
+ ndp->ni_flag &= ~(NAMEI_TRAILINGSLASH);
+ }
+
+#if NAMEDSTREAMS
+ /*
+ * Deny namei/lookup requests to resolve paths that point to shadow files.
+ * Access to shadow files must be conducted by explicit calls to VNOP_LOOKUP
+ * directly, and not use lookup/namei
+ */
+ if (vnode_isshadow(dp)) {
+ error = ENOENT;
+ goto out;
+ }
+#endif
+
+nextname:
+ /*
+ * Not a symbolic link. If more pathname,
+ * continue at next component, else return.
+ *
+ * Definitely have a dvp if there's another slash
+ */
+ if (*ndp->ni_next == '/') {
+ cnp->cn_nameptr = ndp->ni_next + 1;
+ ndp->ni_pathlen--;
+ while (*cnp->cn_nameptr == '/') {
+ cnp->cn_nameptr++;
+ ndp->ni_pathlen--;
+ }
+
+ cp = cnp->cn_nameptr;
+ vnode_put(ndp->ni_dvp);
+ ndp->ni_dvp = NULLVP;
+
+ if (*cp == '\0') {
+ goto emptyname;
+ }
+
+ *keep_going = 1;
+ return 0;
+ }
+
+ /*
+ * Disallow directory write attempts on read-only file systems.
+ */
+ if (rdonly &&
+ (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
+ error = EROFS;
+ goto out;
+ }
+
+ /* If SAVESTART is set, we should have a dvp */
+ if (cnp->cn_flags & SAVESTART) {
+ /*
+ * note that we already hold a reference
+ * on both dp and ni_dvp, but for some reason
+ * can't get another one... in this case we
+ * need to do vnode_put on dp in 'bad2'
+ */
+ if ((vnode_get(ndp->ni_dvp))) {
+ error = ENOENT;
+ goto out;
+ }
+ ndp->ni_startdir = ndp->ni_dvp;
+ }
+ if (!wantparent && ndp->ni_dvp) {
+ vnode_put(ndp->ni_dvp);
+ ndp->ni_dvp = NULLVP;
+ }
+
+ if (cnp->cn_flags & AUDITVNPATH1) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE1);
+ } else if (cnp->cn_flags & AUDITVNPATH2) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE2);
+ }
+
+#if NAMEDRSRCFORK
+ /*
+ * Caller wants the resource fork.
+ */
+ if ((cnp->cn_flags & CN_WANTSRSRCFORK) && (dp != NULLVP)) {
+ error = lookup_handle_rsrc_fork(dp, ndp, cnp, wantparent, ctx);
+ if (error != 0) {
+ goto out;
+ }
+
+ dp = ndp->ni_vp;
+ }
+#endif
+ if (kdebug_enable) {
+ kdebug_lookup(ndp->ni_vp, cnp);
+ }
+
+ return 0;
+
+emptyname:
+ error = lookup_handle_emptyname(ndp, cnp, wantparent);
+ if (error != 0) {
+ goto out;
+ }
+
+ return 0;
+out:
+ return error;
+}
+
+/*
+ * Comes in iocount on ni_vp. May overwrite ni_dvp, but doesn't interpret incoming value.
+ */
+static int
+lookup_handle_emptyname(struct nameidata *ndp, struct componentname *cnp, int wantparent)
+{
+ vnode_t dp;
+ int error = 0;
+
+ dp = ndp->ni_vp;
+ cnp->cn_namelen = 0;
+ /*
+ * A degenerate name (e.g. / or "") which is a way of
+ * talking about a directory, e.g. like "/." or ".".
+ */
+ if (dp->v_type != VDIR) {
+ error = ENOTDIR;
+ goto out;
+ }
+ if (cnp->cn_nameiop != LOOKUP) {
+ error = EISDIR;
+ goto out;
+ }
+ if (wantparent) {
+ /*
+ * note that we already hold a reference
+ * on dp, but for some reason can't
+ * get another one... in this case we
+ * need to do vnode_put on dp in 'bad'
+ */
+ if ((vnode_get(dp))) {
+ error = ENOENT;
+ goto out;
+ }
+ ndp->ni_dvp = dp;
+ }
+ cnp->cn_flags &= ~ISDOTDOT;
+ cnp->cn_flags |= ISLASTCN;
+ ndp->ni_next = cnp->cn_nameptr;
+ ndp->ni_vp = dp;
+
+ if (cnp->cn_flags & AUDITVNPATH1) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE1);
+ } else if (cnp->cn_flags & AUDITVNPATH2) {
+ AUDIT_ARG(vnpath, dp, ARG_VNODE2);
+ }
+ if (cnp->cn_flags & SAVESTART) {
+ panic("lookup: SAVESTART");
+ }
+
+ return 0;
+out:
+ return error;
+}
+/*
+ * Search a pathname.
+ * This is a very central and rather complicated routine.
+ *
+ * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
+ * The starting directory is taken from ni_startdir. The pathname is
+ * descended until done, or a symbolic link is encountered. The variable
+ * ni_more is clear if the path is completed; it is set to one if a
+ * symbolic link needing interpretation is encountered.
+ *
+ * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
+ * whether the name is to be looked up, created, renamed, or deleted.
+ * When CREATE, RENAME, or DELETE is specified, information usable in
+ * creating, renaming, or deleting a directory entry may be calculated.
+ * If flag has LOCKPARENT or'ed into it, the parent directory is returned
+ * locked. If flag has WANTPARENT or'ed into it, the parent directory is
+ * returned unlocked. Otherwise the parent directory is not returned. If
+ * the target of the pathname exists and LOCKLEAF is or'ed into the flag
+ * the target is returned locked, otherwise it is returned unlocked.
+ * When creating or renaming and LOCKPARENT is specified, the target may not
+ * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
+ *
+ * Overall outline of lookup:
+ *
+ * dirloop:
+ * identify next component of name at ndp->ni_ptr
+ * handle degenerate case where name is null string
+ * if .. and crossing mount points and on mounted filesys, find parent
+ * call VNOP_LOOKUP routine for next component name
+ * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
+ * component vnode returned in ni_vp (if it exists), locked.
+ * if result vnode is mounted on and crossing mount points,
+ * find mounted on vnode
+ * if more components of name, do next level at dirloop
+ * return the answer in ni_vp, locked if LOCKLEAF set
+ * if LOCKPARENT set, return locked parent in ni_dvp
+ * if WANTPARENT set, return unlocked parent in ni_dvp
+ *
+ * Returns: 0 Success
+ * ENOENT No such file or directory
+ * EBADF Bad file descriptor
+ * ENOTDIR Not a directory
+ * EROFS Read-only file system [CREATE]
+ * EISDIR Is a directory [CREATE]
+ * cache_lookup_path:ERECYCLE (vnode was recycled from underneath us, redrive lookup again)
+ * vnode_authorize:EROFS
+ * vnode_authorize:EACCES
+ * vnode_authorize:EPERM
+ * vnode_authorize:???
+ * VNOP_LOOKUP:ENOENT No such file or directory
+ * VNOP_LOOKUP:EJUSTRETURN Restart system call (INTERNAL)
+ * VNOP_LOOKUP:???
+ * VFS_ROOT:ENOTSUP
+ * VFS_ROOT:ENOENT
+ * VFS_ROOT:???
+ */
+int
+lookup(struct nameidata *ndp)
+{
+ char *cp; /* pointer into pathname argument */
+ vnode_t tdp; /* saved dp */
+ vnode_t dp; /* the directory we are searching */
+ int docache = 1; /* == 0 do not cache last component */
+ int wantparent; /* 1 => wantparent or lockparent flag */
+ int rdonly; /* lookup read-only flag bit */
+ int dp_authorized = 0;
+ int error = 0;
+ struct componentname *cnp = &ndp->ni_cnd;
+ vfs_context_t ctx = cnp->cn_context;
+ int vbusyflags = 0;
+ int nc_generation = 0;
+ vnode_t last_dp = NULLVP;
+ int keep_going;
+ int atroot;
+
+ /*
+ * Setup: break out flag bits into variables.
+ */
+ if (cnp->cn_flags & NOCACHE) {
+ docache = 0;
+ }
+ wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
+ rdonly = cnp->cn_flags & RDONLY;
+ cnp->cn_flags &= ~ISSYMLINK;
+ cnp->cn_consume = 0;
+
+ dp = ndp->ni_startdir;
+ ndp->ni_startdir = NULLVP;
+
+ if ((cnp->cn_flags & CN_NBMOUNTLOOK) != 0) {
+ vbusyflags = LK_NOWAIT;
+ }
+ cp = cnp->cn_nameptr;
+
+ if (*cp == '\0') {
+ if ((vnode_getwithref(dp))) {
+ dp = NULLVP;
+ error = ENOENT;
+ goto bad;
+ }
+ ndp->ni_vp = dp;
+ error = lookup_handle_emptyname(ndp, cnp, wantparent);
+ if (error) {
+ goto bad;
+ }
+
+ return 0;
+ }
+dirloop:
+ atroot = 0;
+ ndp->ni_vp = NULLVP;
+
+ if ((error = cache_lookup_path(ndp, cnp, dp, ctx, &dp_authorized, last_dp))) {
+ dp = NULLVP;
+ goto bad;
+ }
+ if ((cnp->cn_flags & ISLASTCN)) {
+ if (docache) {
+ cnp->cn_flags |= MAKEENTRY;
+ }
+ } else {
+ cnp->cn_flags |= MAKEENTRY;
+ }
+
+ dp = ndp->ni_dvp;
+
+ if (ndp->ni_vp != NULLVP) {
+ /*
+ * cache_lookup_path returned a non-NULL ni_vp then,
+ * we're guaranteed that the dp is a VDIR, it's
+ * been authorized, and vp is not ".."
+ *
+ * make sure we don't try to enter the name back into
+ * the cache if this vp is purged before we get to that
+ * check since we won't have serialized behind whatever
+ * activity is occurring in the FS that caused the purge
+ */
+ if (dp != NULLVP) {
+ nc_generation = dp->v_nc_generation - 1;
+ }
+
+ goto returned_from_lookup_path;
+ }
+
+ /*
+ * Handle "..": two special cases.
+ * 1. If at root directory (e.g. after chroot)
+ * or at absolute root directory
+ * then ignore it so can't get out.
+ * 2. If this vnode is the root of a mounted
+ * filesystem, then replace it with the
+ * vnode which was mounted on so we take the
+ * .. in the other file system.
+ */
+ if ((cnp->cn_flags & ISDOTDOT)) {
+ /*
+ * if this is a chroot'ed process, check if the current
+ * directory is still a subdirectory of the process's
+ * root directory.
+ */
+ if (ndp->ni_rootdir && (ndp->ni_rootdir != rootvnode) &&
+ dp != ndp->ni_rootdir) {
+ int sdir_error;
+ int is_subdir = FALSE;
+
+ sdir_error = vnode_issubdir(dp, ndp->ni_rootdir,
+ &is_subdir, vfs_context_kernel());
+
+ /*
+ * If we couldn't determine if dp is a subdirectory of
+ * ndp->ni_rootdir (sdir_error != 0), we let the request
+ * proceed.
+ */
+ if (!sdir_error && !is_subdir) {
+ vnode_put(dp);
+ dp = ndp->ni_rootdir;
+ /*
+ * There's a ref on the process's root directory
+ * but we can't use vnode_getwithref here as
+ * there is nothing preventing that ref being
+ * released by another thread.
+ */
+ if (vnode_get(dp)) {
+ error = ENOENT;
+ goto bad;
+ }
+ }
+ }
+
+ for (;;) {
+ if (dp == ndp->ni_rootdir || dp == rootvnode) {
+ ndp->ni_dvp = dp;
+ ndp->ni_vp = dp;
+ /*
+ * we're pinned at the root
+ * we've already got one reference on 'dp'
+ * courtesy of cache_lookup_path... take
+ * another one for the ".."
+ * if we fail to get the new reference, we'll
+ * drop our original down in 'bad'
+ */
+ if ((vnode_get(dp))) {
+ error = ENOENT;
+ goto bad;
+ }
+ atroot = 1;
+ goto returned_from_lookup_path;
+ }
+ if ((dp->v_flag & VROOT) == 0 ||
+ (cnp->cn_flags & NOCROSSMOUNT)) {