+ if (!defaulted_group) {
+ if ((error = kauth_cred_ismember_gid(cred, vap->va_gid, &ismember)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d checking for membership in %d", error, vap->va_gid);
+ goto out;
+ }
+ if (!ismember) {
+ KAUTH_DEBUG(" DENIED - cannot create new item with group %d - not a member", vap->va_gid);
+ error = EPERM;
+ goto out;
+ }
+ }
+
+ /* initialising owner/group UUID */
+ if (VATTR_IS_ACTIVE(vap, va_uuuid)) {
+ if ((error = kauth_cred_getguid(cred, &changer)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d trying to get caller UUID", error);
+ /* XXX ENOENT here - no GUID - should perhaps become EPERM */
+ goto out;
+ }
+ if (!kauth_guid_equal(&vap->va_uuuid, &changer)) {
+ KAUTH_DEBUG(" ERROR - cannot create item with supplied owner UUID - not us");
+ error = EPERM;
+ goto out;
+ }
+ }
+ if (VATTR_IS_ACTIVE(vap, va_guuid)) {
+ if ((error = kauth_cred_ismember_guid(cred, &vap->va_guuid, &ismember)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d trying to check group membership", error);
+ goto out;
+ }
+ if (!ismember) {
+ KAUTH_DEBUG(" ERROR - cannot create item with supplied group UUID - not a member");
+ error = EPERM;
+ goto out;
+ }
+ }
+ }
+out:
+ if (defaulted_fieldsp) {
+ if (defaulted_mode) {
+ *defaulted_fieldsp |= VATTR_PREPARE_DEFAULTED_MODE;
+ }
+ if (defaulted_group) {
+ *defaulted_fieldsp |= VATTR_PREPARE_DEFAULTED_GID;
+ }
+ if (defaulted_owner) {
+ *defaulted_fieldsp |= VATTR_PREPARE_DEFAULTED_UID;
+ }
+ }
+ return(error);
+}
+
+/*
+ * Check that the attribute information in vap can be legally written by the
+ * context.
+ *
+ * Call this when you're not sure about the vnode_attr; either its contents
+ * have come from an unknown source, or when they are variable.
+ *
+ * Returns errno, or zero and sets *actionp to the KAUTH_VNODE_* actions that
+ * must be authorized to be permitted to write the vattr.
+ */
+int
+vnode_authattr(vnode_t vp, struct vnode_attr *vap, kauth_action_t *actionp, vfs_context_t ctx)
+{
+ struct vnode_attr ova;
+ kauth_action_t required_action;
+ int error, has_priv_suser, ismember, chowner, chgroup, clear_suid, clear_sgid;
+ guid_t changer;
+ gid_t group;
+ uid_t owner;
+ mode_t newmode;
+ kauth_cred_t cred;
+ uint32_t fdelta;
+
+ VATTR_INIT(&ova);
+ required_action = 0;
+ error = 0;
+
+ /*
+ * Quickly check for enforcement applicability.
+ */
+ if (vfs_authopaque(vp->v_mount))
+ goto out;
+
+ /*
+ * Check for attempts to set nonsensical fields.
+ */
+ if (vap->va_active & VNODE_ATTR_RDONLY) {
+ KAUTH_DEBUG("ATTR - ERROR: attempt to set readonly attribute(s)");
+ error = EINVAL;
+ goto out;
+ }
+
+ /*
+ * We need to know if the caller is the superuser.
+ */
+ cred = vfs_context_ucred(ctx);
+ has_priv_suser = kauth_cred_issuser(cred);
+
+ /*
+ * If any of the following are changing, we need information from the old file:
+ * va_uid
+ * va_gid
+ * va_mode
+ * va_uuuid
+ * va_guuid
+ */
+ if (VATTR_IS_ACTIVE(vap, va_uid) ||
+ VATTR_IS_ACTIVE(vap, va_gid) ||
+ VATTR_IS_ACTIVE(vap, va_mode) ||
+ VATTR_IS_ACTIVE(vap, va_uuuid) ||
+ VATTR_IS_ACTIVE(vap, va_guuid)) {
+ VATTR_WANTED(&ova, va_mode);
+ VATTR_WANTED(&ova, va_uid);
+ VATTR_WANTED(&ova, va_gid);
+ VATTR_WANTED(&ova, va_uuuid);
+ VATTR_WANTED(&ova, va_guuid);
+ KAUTH_DEBUG("ATTR - security information changing, fetching existing attributes");
+ }
+
+ /*
+ * If timestamps are being changed, we need to know who the file is owned
+ * by.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_create_time) ||
+ VATTR_IS_ACTIVE(vap, va_change_time) ||
+ VATTR_IS_ACTIVE(vap, va_modify_time) ||
+ VATTR_IS_ACTIVE(vap, va_access_time) ||
+ VATTR_IS_ACTIVE(vap, va_backup_time)) {
+
+ VATTR_WANTED(&ova, va_uid);
+#if 0 /* enable this when we support UUIDs as official owners */
+ VATTR_WANTED(&ova, va_uuuid);
+#endif
+ KAUTH_DEBUG("ATTR - timestamps changing, fetching uid and GUID");
+ }
+
+ /*
+ * If flags are being changed, we need the old flags.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_flags)) {
+ KAUTH_DEBUG("ATTR - flags changing, fetching old flags");
+ VATTR_WANTED(&ova, va_flags);
+ }
+
+ /*
+ * If ACLs are being changed, we need the old ACLs.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_acl)) {
+ KAUTH_DEBUG("ATTR - acl changing, fetching old flags");
+ VATTR_WANTED(&ova, va_acl);
+ }
+
+ /*
+ * If the size is being set, make sure it's not a directory.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_data_size)) {
+ /* size is meaningless on a directory, don't permit this */
+ if (vnode_isdir(vp)) {
+ KAUTH_DEBUG("ATTR - ERROR: size change requested on a directory");
+ error = EISDIR;
+ goto out;
+ }
+ }
+
+ /*
+ * Get old data.
+ */
+ KAUTH_DEBUG("ATTR - fetching old attributes %016llx", ova.va_active);
+ if ((error = vnode_getattr(vp, &ova, ctx)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d trying to get attributes", error);
+ goto out;
+ }
+
+ /*
+ * Size changes require write access to the file data.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_data_size)) {
+ /* if we can't get the size, or it's different, we need write access */
+ KAUTH_DEBUG("ATTR - size change, requiring WRITE_DATA");
+ required_action |= KAUTH_VNODE_WRITE_DATA;
+ }
+
+ /*
+ * Changing timestamps?
+ *
+ * Note that we are only called to authorize user-requested time changes;
+ * side-effect time changes are not authorized. Authorisation is only
+ * required for existing files.
+ *
+ * Non-owners are not permitted to change the time on an existing
+ * file to anything other than the current time.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_create_time) ||
+ VATTR_IS_ACTIVE(vap, va_change_time) ||
+ VATTR_IS_ACTIVE(vap, va_modify_time) ||
+ VATTR_IS_ACTIVE(vap, va_access_time) ||
+ VATTR_IS_ACTIVE(vap, va_backup_time)) {
+ /*
+ * The owner and root may set any timestamps they like,
+ * provided that the file is not immutable. The owner still needs
+ * WRITE_ATTRIBUTES (implied by ownership but still deniable).
+ */
+ if (has_priv_suser || vauth_node_owner(&ova, cred)) {
+ KAUTH_DEBUG("ATTR - root or owner changing timestamps");
+ required_action |= KAUTH_VNODE_CHECKIMMUTABLE | KAUTH_VNODE_WRITE_ATTRIBUTES;
+ } else {
+ /* just setting the current time? */
+ if (vap->va_vaflags & VA_UTIMES_NULL) {
+ KAUTH_DEBUG("ATTR - non-root/owner changing timestamps, requiring WRITE_ATTRIBUTES");
+ required_action |= KAUTH_VNODE_WRITE_ATTRIBUTES;
+ } else {
+ KAUTH_DEBUG("ATTR - ERROR: illegal timestamp modification attempted");
+ error = EACCES;
+ goto out;
+ }
+ }
+ }
+
+ /*
+ * Changing file mode?
+ */
+ if (VATTR_IS_ACTIVE(vap, va_mode) && VATTR_IS_SUPPORTED(&ova, va_mode) && (ova.va_mode != vap->va_mode)) {
+ KAUTH_DEBUG("ATTR - mode change from %06o to %06o", ova.va_mode, vap->va_mode);
+
+ /*
+ * Mode changes always have the same basic auth requirements.
+ */
+ if (has_priv_suser) {
+ KAUTH_DEBUG("ATTR - superuser mode change, requiring immutability check");
+ required_action |= KAUTH_VNODE_CHECKIMMUTABLE;
+ } else {
+ /* need WRITE_SECURITY */
+ KAUTH_DEBUG("ATTR - non-superuser mode change, requiring WRITE_SECURITY");
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+ }
+
+ /*
+ * Can't set the setgid bit if you're not in the group and not root. Have to have
+ * existing group information in the case we're not setting it right now.
+ */
+ if (vap->va_mode & S_ISGID) {
+ required_action |= KAUTH_VNODE_CHECKIMMUTABLE; /* always required */
+ if (!has_priv_suser) {
+ if (VATTR_IS_ACTIVE(vap, va_gid)) {
+ group = vap->va_gid;
+ } else if (VATTR_IS_SUPPORTED(&ova, va_gid)) {
+ group = ova.va_gid;
+ } else {
+ KAUTH_DEBUG("ATTR - ERROR: setgid but no gid available");
+ error = EINVAL;
+ goto out;
+ }
+ /*
+ * This might be too restrictive; WRITE_SECURITY might be implied by
+ * membership in this case, rather than being an additional requirement.
+ */
+ if ((error = kauth_cred_ismember_gid(cred, group, &ismember)) != 0) {
+ KAUTH_DEBUG("ATTR - ERROR: got %d checking for membership in %d", error, vap->va_gid);
+ goto out;
+ }
+ if (!ismember) {
+ KAUTH_DEBUG(" DENIED - can't set SGID bit, not a member of %d", group);
+ error = EPERM;
+ goto out;
+ }
+ }
+ }
+
+ /*
+ * Can't set the setuid bit unless you're root or the file's owner.
+ */
+ if (vap->va_mode & S_ISUID) {
+ required_action |= KAUTH_VNODE_CHECKIMMUTABLE; /* always required */
+ if (!has_priv_suser) {
+ if (VATTR_IS_ACTIVE(vap, va_uid)) {
+ owner = vap->va_uid;
+ } else if (VATTR_IS_SUPPORTED(&ova, va_uid)) {
+ owner = ova.va_uid;
+ } else {
+ KAUTH_DEBUG("ATTR - ERROR: setuid but no uid available");
+ error = EINVAL;
+ goto out;
+ }
+ if (owner != kauth_cred_getuid(cred)) {
+ /*
+ * We could allow this if WRITE_SECURITY is permitted, perhaps.
+ */
+ KAUTH_DEBUG("ATTR - ERROR: illegal attempt to set the setuid bit");
+ error = EPERM;
+ goto out;
+ }
+ }
+ }
+ }
+
+ /*
+ * Validate/mask flags changes. This checks that only the flags in
+ * the UF_SETTABLE mask are being set, and preserves the flags in
+ * the SF_SETTABLE case.
+ *
+ * Since flags changes may be made in conjunction with other changes,
+ * we will ask the auth code to ignore immutability in the case that
+ * the SF_* flags are not set and we are only manipulating the file flags.
+ *
+ */
+ if (VATTR_IS_ACTIVE(vap, va_flags)) {
+ /* compute changing flags bits */
+ if (VATTR_IS_SUPPORTED(&ova, va_flags)) {
+ fdelta = vap->va_flags ^ ova.va_flags;
+ } else {
+ fdelta = vap->va_flags;
+ }
+
+ if (fdelta != 0) {
+ KAUTH_DEBUG("ATTR - flags changing, requiring WRITE_SECURITY");
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+
+ /* check that changing bits are legal */
+ if (has_priv_suser) {
+ /*
+ * The immutability check will prevent us from clearing the SF_*
+ * flags unless the system securelevel permits it, so just check
+ * for legal flags here.
+ */
+ if (fdelta & ~(UF_SETTABLE | SF_SETTABLE)) {
+ error = EPERM;
+ KAUTH_DEBUG(" DENIED - superuser attempt to set illegal flag(s)");
+ goto out;
+ }
+ } else {
+ if (fdelta & ~UF_SETTABLE) {
+ error = EPERM;
+ KAUTH_DEBUG(" DENIED - user attempt to set illegal flag(s)");
+ goto out;
+ }
+ }
+ /*
+ * If the caller has the ability to manipulate file flags,
+ * security is not reduced by ignoring them for this operation.
+ *
+ * A more complete test here would consider the 'after' states of the flags
+ * to determine whether it would permit the operation, but this becomes
+ * very complex.
+ *
+ * Ignoring immutability is conditional on securelevel; this does not bypass
+ * the SF_* flags if securelevel > 0.
+ */
+ required_action |= KAUTH_VNODE_NOIMMUTABLE;
+ }
+ }
+
+ /*
+ * Validate ownership information.
+ */
+ chowner = 0;
+ chgroup = 0;
+ clear_suid = 0;
+ clear_sgid = 0;
+
+ /*
+ * uid changing
+ * Note that if the filesystem didn't give us a UID, we expect that it doesn't
+ * support them in general, and will ignore it if/when we try to set it.
+ * We might want to clear the uid out of vap completely here.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_uid)) {
+ if (VATTR_IS_SUPPORTED(&ova, va_uid) && (vap->va_uid != ova.va_uid)) {
+ if (!has_priv_suser && (kauth_cred_getuid(cred) != vap->va_uid)) {
+ KAUTH_DEBUG(" DENIED - non-superuser cannot change ownershipt to a third party");
+ error = EPERM;
+ goto out;
+ }
+ chowner = 1;
+ }
+ clear_suid = 1;
+ }
+
+ /*
+ * gid changing
+ * Note that if the filesystem didn't give us a GID, we expect that it doesn't
+ * support them in general, and will ignore it if/when we try to set it.
+ * We might want to clear the gid out of vap completely here.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_gid)) {
+ if (VATTR_IS_SUPPORTED(&ova, va_gid) && (vap->va_gid != ova.va_gid)) {
+ if (!has_priv_suser) {
+ if ((error = kauth_cred_ismember_gid(cred, vap->va_gid, &ismember)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d checking for membership in %d", error, vap->va_gid);
+ goto out;
+ }
+ if (!ismember) {
+ KAUTH_DEBUG(" DENIED - group change from %d to %d but not a member of target group",
+ ova.va_gid, vap->va_gid);
+ error = EPERM;
+ goto out;
+ }
+ }
+ chgroup = 1;
+ }
+ clear_sgid = 1;
+ }
+
+ /*
+ * Owner UUID being set or changed.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_uuuid)) {
+ /* if the owner UUID is not actually changing ... */
+ if (VATTR_IS_SUPPORTED(&ova, va_uuuid)) {
+ if (kauth_guid_equal(&vap->va_uuuid, &ova.va_uuuid))
+ goto no_uuuid_change;
+
+ /*
+ * If the current owner UUID is a null GUID, check
+ * it against the UUID corresponding to the owner UID.
+ */
+ if (kauth_guid_equal(&ova.va_uuuid, &kauth_null_guid) &&
+ VATTR_IS_SUPPORTED(&ova, va_uid)) {
+ guid_t uid_guid;
+
+ if (kauth_cred_uid2guid(ova.va_uid, &uid_guid) == 0 &&
+ kauth_guid_equal(&vap->va_uuuid, &uid_guid))
+ goto no_uuuid_change;
+ }
+ }
+
+ /*
+ * The owner UUID cannot be set by a non-superuser to anything other than
+ * their own or a null GUID (to "unset" the owner UUID).
+ * Note that file systems must be prepared to handle the
+ * null UUID case in a manner appropriate for that file
+ * system.
+ */
+ if (!has_priv_suser) {
+ if ((error = kauth_cred_getguid(cred, &changer)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d trying to get caller UUID", error);
+ /* XXX ENOENT here - no UUID - should perhaps become EPERM */
+ goto out;
+ }
+ if (!kauth_guid_equal(&vap->va_uuuid, &changer) &&
+ !kauth_guid_equal(&vap->va_uuuid, &kauth_null_guid)) {
+ KAUTH_DEBUG(" ERROR - cannot set supplied owner UUID - not us / null");
+ error = EPERM;
+ goto out;
+ }
+ }
+ chowner = 1;
+ clear_suid = 1;
+ }
+no_uuuid_change:
+ /*
+ * Group UUID being set or changed.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_guuid)) {
+ /* if the group UUID is not actually changing ... */
+ if (VATTR_IS_SUPPORTED(&ova, va_guuid)) {
+ if (kauth_guid_equal(&vap->va_guuid, &ova.va_guuid))
+ goto no_guuid_change;
+
+ /*
+ * If the current group UUID is a null UUID, check
+ * it against the UUID corresponding to the group GID.
+ */
+ if (kauth_guid_equal(&ova.va_guuid, &kauth_null_guid) &&
+ VATTR_IS_SUPPORTED(&ova, va_gid)) {
+ guid_t gid_guid;
+
+ if (kauth_cred_gid2guid(ova.va_gid, &gid_guid) == 0 &&
+ kauth_guid_equal(&vap->va_guuid, &gid_guid))
+ goto no_guuid_change;
+ }
+ }
+
+ /*
+ * The group UUID cannot be set by a non-superuser to anything other than
+ * one of which they are a member or a null GUID (to "unset"
+ * the group UUID).
+ * Note that file systems must be prepared to handle the
+ * null UUID case in a manner appropriate for that file
+ * system.
+ */
+ if (!has_priv_suser) {
+ if (kauth_guid_equal(&vap->va_guuid, &kauth_null_guid))
+ ismember = 1;
+ else if ((error = kauth_cred_ismember_guid(cred, &vap->va_guuid, &ismember)) != 0) {
+ KAUTH_DEBUG(" ERROR - got %d trying to check group membership", error);
+ goto out;
+ }
+ if (!ismember) {
+ KAUTH_DEBUG(" ERROR - cannot set supplied group UUID - not a member / null");
+ error = EPERM;
+ goto out;
+ }
+ }
+ chgroup = 1;
+ }
+no_guuid_change:
+
+ /*
+ * Compute authorisation for group/ownership changes.
+ */
+ if (chowner || chgroup || clear_suid || clear_sgid) {
+ if (has_priv_suser) {
+ KAUTH_DEBUG("ATTR - superuser changing file owner/group, requiring immutability check");
+ required_action |= KAUTH_VNODE_CHECKIMMUTABLE;
+ } else {
+ if (chowner) {
+ KAUTH_DEBUG("ATTR - ownership change, requiring TAKE_OWNERSHIP");
+ required_action |= KAUTH_VNODE_TAKE_OWNERSHIP;
+ }
+ if (chgroup && !chowner) {
+ KAUTH_DEBUG("ATTR - group change, requiring WRITE_SECURITY");
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+ }
+
+ /* clear set-uid and set-gid bits as required by Posix */
+ if (VATTR_IS_ACTIVE(vap, va_mode)) {
+ newmode = vap->va_mode;
+ } else if (VATTR_IS_SUPPORTED(&ova, va_mode)) {
+ newmode = ova.va_mode;
+ } else {
+ KAUTH_DEBUG("CHOWN - trying to change owner but cannot get mode from filesystem to mask setugid bits");
+ newmode = 0;
+ }
+ if (newmode & (S_ISUID | S_ISGID)) {
+ VATTR_SET(vap, va_mode, newmode & ~(S_ISUID | S_ISGID));
+ KAUTH_DEBUG("CHOWN - masking setugid bits from mode %o to %o", newmode, vap->va_mode);
+ }
+ }
+ }
+
+ /*
+ * Authorise changes in the ACL.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_acl)) {
+
+ /* no existing ACL */
+ if (!VATTR_IS_ACTIVE(&ova, va_acl) || (ova.va_acl == NULL)) {
+
+ /* adding an ACL */
+ if (vap->va_acl != NULL) {
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+ KAUTH_DEBUG("CHMOD - adding ACL");
+ }
+
+ /* removing an existing ACL */
+ } else if (vap->va_acl == NULL) {
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+ KAUTH_DEBUG("CHMOD - removing ACL");
+
+ /* updating an existing ACL */
+ } else {
+ if (vap->va_acl->acl_entrycount != ova.va_acl->acl_entrycount) {
+ /* entry count changed, must be different */
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+ KAUTH_DEBUG("CHMOD - adding/removing ACL entries");
+ } else if (vap->va_acl->acl_entrycount > 0) {
+ /* both ACLs have the same ACE count, said count is 1 or more, bitwise compare ACLs */
+ if (memcmp(&vap->va_acl->acl_ace[0], &ova.va_acl->acl_ace[0],
+ sizeof(struct kauth_ace) * vap->va_acl->acl_entrycount)) {
+ required_action |= KAUTH_VNODE_WRITE_SECURITY;
+ KAUTH_DEBUG("CHMOD - changing ACL entries");
+ }
+ }
+ }
+ }
+
+ /*
+ * Other attributes that require authorisation.
+ */
+ if (VATTR_IS_ACTIVE(vap, va_encoding))
+ required_action |= KAUTH_VNODE_WRITE_ATTRIBUTES;
+
+out:
+ if (VATTR_IS_SUPPORTED(&ova, va_acl) && (ova.va_acl != NULL))
+ kauth_acl_free(ova.va_acl);
+ if (error == 0)
+ *actionp = required_action;
+ return(error);
+}
+
+static int
+setlocklocal_callback(struct vnode *vp, __unused void *cargs)
+{
+ vnode_lock_spin(vp);
+ vp->v_flag |= VLOCKLOCAL;
+ vnode_unlock(vp);
+
+ return (VNODE_RETURNED);
+}
+
+void
+vfs_setlocklocal(mount_t mp)
+{
+ mount_lock_spin(mp);
+ mp->mnt_kern_flag |= MNTK_LOCK_LOCAL;
+ mount_unlock(mp);
+
+ /*
+ * The number of active vnodes is expected to be
+ * very small when vfs_setlocklocal is invoked.
+ */
+ vnode_iterate(mp, 0, setlocklocal_callback, NULL);
+}
+
+void
+vfs_setunmountpreflight(mount_t mp)
+{
+ mount_lock_spin(mp);
+ mp->mnt_kern_flag |= MNTK_UNMOUNT_PREFLIGHT;
+ mount_unlock(mp);
+}
+
+void
+vfs_setcompoundopen(mount_t mp)
+{
+ mount_lock_spin(mp);
+ mp->mnt_compound_ops |= COMPOUND_VNOP_OPEN;
+ mount_unlock(mp);
+}
+
+void
+vn_setunionwait(vnode_t vp)
+{
+ vnode_lock_spin(vp);
+ vp->v_flag |= VISUNION;
+ vnode_unlock(vp);
+}
+
+
+void
+vn_checkunionwait(vnode_t vp)
+{
+ vnode_lock_spin(vp);
+ while ((vp->v_flag & VISUNION) == VISUNION)
+ msleep((caddr_t)&vp->v_flag, &vp->v_lock, 0, 0, 0);
+ vnode_unlock(vp);
+}
+
+void
+vn_clearunionwait(vnode_t vp, int locked)
+{
+ if (!locked)
+ vnode_lock_spin(vp);
+ if((vp->v_flag & VISUNION) == VISUNION) {
+ vp->v_flag &= ~VISUNION;
+ wakeup((caddr_t)&vp->v_flag);
+ }
+ if (!locked)
+ vnode_unlock(vp);
+}
+
+/*
+ * XXX - get "don't trigger mounts" flag for thread; used by autofs.
+ */
+extern int thread_notrigger(void);
+
+int
+thread_notrigger(void)
+{
+ struct uthread *uth = (struct uthread *)get_bsdthread_info(current_thread());
+ return (uth->uu_notrigger);
+}
+
+/*
+ * Removes orphaned apple double files during a rmdir
+ * Works by:
+ * 1. vnode_suspend().
+ * 2. Call VNOP_READDIR() till the end of directory is reached.
+ * 3. Check if the directory entries returned are regular files with name starting with "._". If not, return ENOTEMPTY.
+ * 4. Continue (2) and (3) till end of directory is reached.
+ * 5. If all the entries in the directory were files with "._" name, delete all the files.
+ * 6. vnode_resume()
+ * 7. If deletion of all files succeeded, call VNOP_RMDIR() again.
+ */
+
+errno_t rmdir_remove_orphaned_appleDouble(vnode_t vp , vfs_context_t ctx, int * restart_flag)
+{
+
+#define UIO_BUFF_SIZE 2048
+ uio_t auio = NULL;
+ int eofflag, siz = UIO_BUFF_SIZE, nentries = 0;
+ int open_flag = 0, full_erase_flag = 0;
+ char uio_buf[ UIO_SIZEOF(1) ];
+ char *rbuf = NULL, *cpos, *cend;
+ struct nameidata nd_temp;
+ struct dirent *dp;
+ errno_t error;
+
+ error = vnode_suspend(vp);
+
+ /*
+ * restart_flag is set so that the calling rmdir sleeps and resets
+ */
+ if (error == EBUSY)
+ *restart_flag = 1;
+ if (error != 0)
+ goto outsc;
+
+ /*
+ * set up UIO
+ */
+ MALLOC(rbuf, caddr_t, siz, M_TEMP, M_WAITOK);
+ if (rbuf)
+ auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_READ,
+ &uio_buf[0], sizeof(uio_buf));
+ if (!rbuf || !auio) {
+ error = ENOMEM;
+ goto outsc;
+ }
+
+ uio_setoffset(auio,0);
+
+ eofflag = 0;
+
+ if ((error = VNOP_OPEN(vp, FREAD, ctx)))
+ goto outsc;
+ else
+ open_flag = 1;
+
+ /*
+ * First pass checks if all files are appleDouble files.
+ */
+
+ do {
+ siz = UIO_BUFF_SIZE;
+ uio_reset(auio, uio_offset(auio), UIO_SYSSPACE, UIO_READ);
+ uio_addiov(auio, CAST_USER_ADDR_T(rbuf), UIO_BUFF_SIZE);
+
+ if((error = VNOP_READDIR(vp, auio, 0, &eofflag, &nentries, ctx)))
+ goto outsc;
+
+ if (uio_resid(auio) != 0)
+ siz -= uio_resid(auio);
+
+ /*
+ * Iterate through directory
+ */
+ cpos = rbuf;
+ cend = rbuf + siz;
+ dp = (struct dirent*) cpos;
+
+ if (cpos == cend)
+ eofflag = 1;
+
+ while ((cpos < cend)) {
+ /*
+ * Check for . and .. as well as directories
+ */
+ if (dp->d_ino != 0 &&
+ !((dp->d_namlen == 1 && dp->d_name[0] == '.') ||
+ (dp->d_namlen == 2 && dp->d_name[0] == '.' && dp->d_name[1] == '.'))) {
+ /*
+ * Check for irregular files and ._ files
+ * If there is a ._._ file abort the op
+ */
+ if ( dp->d_namlen < 2 ||
+ strncmp(dp->d_name,"._",2) ||
+ (dp->d_namlen >= 4 && !strncmp(&(dp->d_name[2]), "._",2))) {
+ error = ENOTEMPTY;
+ goto outsc;
+ }
+ }
+ cpos += dp->d_reclen;
+ dp = (struct dirent*)cpos;
+ }
+
+ /*
+ * workaround for HFS/NFS setting eofflag before end of file
+ */
+ if (vp->v_tag == VT_HFS && nentries > 2)
+ eofflag=0;
+
+ if (vp->v_tag == VT_NFS) {
+ if (eofflag && !full_erase_flag) {
+ full_erase_flag = 1;
+ eofflag = 0;
+ uio_reset(auio, 0, UIO_SYSSPACE, UIO_READ);
+ }
+ else if (!eofflag && full_erase_flag)
+ full_erase_flag = 0;
+ }
+
+ } while (!eofflag);
+ /*
+ * If we've made it here all the files in the dir are ._ files.
+ * We can delete the files even though the node is suspended
+ * because we are the owner of the file.
+ */
+
+ uio_reset(auio, 0, UIO_SYSSPACE, UIO_READ);
+ eofflag = 0;
+ full_erase_flag = 0;
+
+ do {
+ siz = UIO_BUFF_SIZE;
+ uio_reset(auio, uio_offset(auio), UIO_SYSSPACE, UIO_READ);
+ uio_addiov(auio, CAST_USER_ADDR_T(rbuf), UIO_BUFF_SIZE);
+
+ error = VNOP_READDIR(vp, auio, 0, &eofflag, &nentries, ctx);
+
+ if (error != 0)
+ goto outsc;
+
+ if (uio_resid(auio) != 0)
+ siz -= uio_resid(auio);
+
+ /*
+ * Iterate through directory
+ */
+ cpos = rbuf;
+ cend = rbuf + siz;
+ dp = (struct dirent*) cpos;
+
+ if (cpos == cend)
+ eofflag = 1;
+
+ while ((cpos < cend)) {
+ /*
+ * Check for . and .. as well as directories
+ */
+ if (dp->d_ino != 0 &&
+ !((dp->d_namlen == 1 && dp->d_name[0] == '.') ||
+ (dp->d_namlen == 2 && dp->d_name[0] == '.' && dp->d_name[1] == '.'))
+ ) {
+
+ NDINIT(&nd_temp, DELETE, OP_UNLINK, USEDVP,
+ UIO_SYSSPACE, CAST_USER_ADDR_T(dp->d_name),
+ ctx);
+ nd_temp.ni_dvp = vp;
+ error = unlink1(ctx, &nd_temp, 0);
+
+ if (error && error != ENOENT) {
+ goto outsc;
+ }
+
+ }
+ cpos += dp->d_reclen;
+ dp = (struct dirent*)cpos;
+ }
+
+ /*
+ * workaround for HFS/NFS setting eofflag before end of file
+ */
+ if (vp->v_tag == VT_HFS && nentries > 2)
+ eofflag=0;
+
+ if (vp->v_tag == VT_NFS) {
+ if (eofflag && !full_erase_flag) {
+ full_erase_flag = 1;
+ eofflag = 0;
+ uio_reset(auio, 0, UIO_SYSSPACE, UIO_READ);
+ }
+ else if (!eofflag && full_erase_flag)
+ full_erase_flag = 0;
+ }
+
+ } while (!eofflag);
+
+
+ error = 0;
+
+outsc:
+ if (open_flag)
+ VNOP_CLOSE(vp, FREAD, ctx);
+
+ uio_free(auio);
+ FREE(rbuf, M_TEMP);
+
+ vnode_resume(vp);
+
+
+ return(error);
+
+}
+
+
+void
+lock_vnode_and_post(vnode_t vp, int kevent_num)
+{
+ /* Only take the lock if there's something there! */
+ if (vp->v_knotes.slh_first != NULL) {
+ vnode_lock(vp);
+ KNOTE(&vp->v_knotes, kevent_num);
+ vnode_unlock(vp);
+ }
+}
+
+#ifdef JOE_DEBUG
+static void record_vp(vnode_t vp, int count) {
+ struct uthread *ut;
+
+#if CONFIG_TRIGGERS
+ if (vp->v_resolve)
+ return;
+#endif
+ if ((vp->v_flag & VSYSTEM))
+ return;
+
+ ut = get_bsdthread_info(current_thread());
+ ut->uu_iocount += count;
+
+ if (count == 1) {
+ if (ut->uu_vpindex < 32) {
+ OSBacktrace((void **)&ut->uu_pcs[ut->uu_vpindex][0], 10);
+
+ ut->uu_vps[ut->uu_vpindex] = vp;
+ ut->uu_vpindex++;
+ }
+ }
+}
+#endif
+
+
+#if CONFIG_TRIGGERS
+
+#define TRIG_DEBUG 0
+
+#if TRIG_DEBUG
+#define TRIG_LOG(...) do { printf("%s: ", __FUNCTION__); printf(__VA_ARGS__); } while (0)
+#else
+#define TRIG_LOG(...)
+#endif
+
+/*
+ * Resolver result functions
+ */
+
+resolver_result_t
+vfs_resolver_result(uint32_t seq, enum resolver_status stat, int aux)
+{
+ /*
+ * |<--- 32 --->|<--- 28 --->|<- 4 ->|
+ * sequence auxiliary status
+ */
+ return (((uint64_t)seq) << 32) |
+ (((uint64_t)(aux & 0x0fffffff)) << 4) |
+ (uint64_t)(stat & 0x0000000F);
+}
+
+enum resolver_status
+vfs_resolver_status(resolver_result_t result)
+{
+ /* lower 4 bits is status */
+ return (result & 0x0000000F);
+}
+
+uint32_t
+vfs_resolver_sequence(resolver_result_t result)
+{
+ /* upper 32 bits is sequence */
+ return (uint32_t)(result >> 32);
+}
+
+int
+vfs_resolver_auxiliary(resolver_result_t result)
+{
+ /* 28 bits of auxiliary */
+ return (int)(((uint32_t)(result & 0xFFFFFFF0)) >> 4);
+}
+
+/*
+ * SPI
+ * Call in for resolvers to update vnode trigger state
+ */
+int
+vnode_trigger_update(vnode_t vp, resolver_result_t result)
+{
+ vnode_resolve_t rp;
+ uint32_t seq;
+ enum resolver_status stat;
+
+ if (vp->v_resolve == NULL) {
+ return (EINVAL);
+ }
+
+ stat = vfs_resolver_status(result);
+ seq = vfs_resolver_sequence(result);
+
+ if ((stat != RESOLVER_RESOLVED) && (stat != RESOLVER_UNRESOLVED)) {
+ return (EINVAL);
+ }
+
+ rp = vp->v_resolve;
+ lck_mtx_lock(&rp->vr_lock);
+
+ if (seq > rp->vr_lastseq) {
+ if (stat == RESOLVER_RESOLVED)
+ rp->vr_flags |= VNT_RESOLVED;
+ else
+ rp->vr_flags &= ~VNT_RESOLVED;
+
+ rp->vr_lastseq = seq;
+ }
+
+ lck_mtx_unlock(&rp->vr_lock);
+
+ return (0);
+}
+
+static int
+vnode_resolver_attach(vnode_t vp, vnode_resolve_t rp, boolean_t ref)
+{
+ int error;
+
+ vnode_lock_spin(vp);
+ if (vp->v_resolve != NULL) {
+ vnode_unlock(vp);
+ return EINVAL;
+ } else {
+ vp->v_resolve = rp;
+ }
+ vnode_unlock(vp);
+
+ if (ref) {
+ error = vnode_ref_ext(vp, O_EVTONLY, VNODE_REF_FORCE);
+ if (error != 0) {
+ panic("VNODE_REF_FORCE didn't help...");
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * VFS internal interfaces for vnode triggers
+ *
+ * vnode must already have an io count on entry
+ * v_resolve is stable when io count is non-zero
+ */
+static int
+vnode_resolver_create(mount_t mp, vnode_t vp, struct vnode_trigger_param *tinfo, boolean_t external)
+{
+ vnode_resolve_t rp;
+ int result;
+ char byte;
+
+#if 1
+ /* minimum pointer test (debugging) */
+ if (tinfo->vnt_data)
+ byte = *((char *)tinfo->vnt_data);
+#endif
+ MALLOC(rp, vnode_resolve_t, sizeof(*rp), M_TEMP, M_WAITOK);
+ if (rp == NULL)
+ return (ENOMEM);
+
+ lck_mtx_init(&rp->vr_lock, trigger_vnode_lck_grp, trigger_vnode_lck_attr);
+
+ rp->vr_resolve_func = tinfo->vnt_resolve_func;
+ rp->vr_unresolve_func = tinfo->vnt_unresolve_func;
+ rp->vr_rearm_func = tinfo->vnt_rearm_func;
+ rp->vr_reclaim_func = tinfo->vnt_reclaim_func;
+ rp->vr_data = tinfo->vnt_data;
+ rp->vr_lastseq = 0;
+ rp->vr_flags = tinfo->vnt_flags & VNT_VALID_MASK;
+ if (external) {
+ rp->vr_flags |= VNT_EXTERNAL;
+ }
+
+ result = vnode_resolver_attach(vp, rp, external);
+ if (result != 0) {
+ goto out;
+ }
+
+ if (mp) {
+ OSAddAtomic(1, &mp->mnt_numtriggers);
+ }
+
+ return (result);
+
+out:
+ FREE(rp, M_TEMP);
+ return result;
+}
+
+static void
+vnode_resolver_release(vnode_resolve_t rp)
+{
+ /*
+ * Give them a chance to free any private data
+ */
+ if (rp->vr_data && rp->vr_reclaim_func) {
+ rp->vr_reclaim_func(NULLVP, rp->vr_data);
+ }
+
+ lck_mtx_destroy(&rp->vr_lock, trigger_vnode_lck_grp);
+ FREE(rp, M_TEMP);
+
+}
+
+/* Called after the vnode has been drained */
+static void
+vnode_resolver_detach(vnode_t vp)
+{
+ vnode_resolve_t rp;
+ mount_t mp;
+
+ mp = vnode_mount(vp);
+
+ vnode_lock(vp);
+ rp = vp->v_resolve;
+ vp->v_resolve = NULL;
+ vnode_unlock(vp);
+
+ if ((rp->vr_flags & VNT_EXTERNAL) != 0) {
+ vnode_rele_ext(vp, O_EVTONLY, 1);
+ }
+
+ vnode_resolver_release(rp);
+
+ /* Keep count of active trigger vnodes per mount */
+ OSAddAtomic(-1, &mp->mnt_numtriggers);
+}
+
+/*
+ * Pathname operations that don't trigger a mount for trigger vnodes
+ */
+static const u_int64_t ignorable_pathops_mask =
+ 1LL << OP_MOUNT |
+ 1LL << OP_UNMOUNT |
+ 1LL << OP_STATFS |
+ 1LL << OP_ACCESS |
+ 1LL << OP_GETATTR |
+ 1LL << OP_LISTXATTR;
+
+int
+vfs_istraditionaltrigger(enum path_operation op, const struct componentname *cnp)
+{
+ if (cnp->cn_flags & ISLASTCN)
+ return ((1LL << op) & ignorable_pathops_mask) == 0;
+ else
+ return (1);
+}
+
+__private_extern__
+void
+vnode_trigger_rearm(vnode_t vp, vfs_context_t ctx)
+{
+ vnode_resolve_t rp;
+ resolver_result_t result;
+ enum resolver_status status;
+ uint32_t seq;
+
+ if ((vp->v_resolve == NULL) ||
+ (vp->v_resolve->vr_rearm_func == NULL) ||
+ (vp->v_resolve->vr_flags & VNT_AUTO_REARM) == 0) {
+ return;
+ }
+
+ rp = vp->v_resolve;
+ lck_mtx_lock(&rp->vr_lock);
+
+ /*
+ * Check if VFS initiated this unmount. If so, we'll catch it after the unresolve completes.
+ */
+ if (rp->vr_flags & VNT_VFS_UNMOUNTED) {
+ lck_mtx_unlock(&rp->vr_lock);
+ return;
+ }
+
+ /* Check if this vnode is already armed */
+ if ((rp->vr_flags & VNT_RESOLVED) == 0) {
+ lck_mtx_unlock(&rp->vr_lock);
+ return;
+ }
+
+ lck_mtx_unlock(&rp->vr_lock);
+
+ result = rp->vr_rearm_func(vp, 0, rp->vr_data, ctx);
+ status = vfs_resolver_status(result);
+ seq = vfs_resolver_sequence(result);
+
+ lck_mtx_lock(&rp->vr_lock);
+ if (seq > rp->vr_lastseq) {
+ if (status == RESOLVER_UNRESOLVED)
+ rp->vr_flags &= ~VNT_RESOLVED;
+ rp->vr_lastseq = seq;
projects / apple / xnu.git / blobdiff