int
mac_vnop_setxattr (struct vnode *vp, const char *name, char *buf, size_t len)
{
vfs_context_t ctx;
int options = XATTR_NOSECURITY;
char uio_buf[ UIO_SIZEOF(1) ];
uio_t auio;
int error;
if (vfs_isrdonly(vp->v_mount))
return (EROFS);
ctx = vfs_context_current();
auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_WRITE,
&uio_buf[0], sizeof(uio_buf));
uio_addiov(auio, CAST_USER_ADDR_T(buf), len);
error = vn_setxattr(vp, name, auio, options, ctx);
#if CONFIG_FSE
if (error == 0) {
add_fsevent(FSE_XATTR_MODIFIED, ctx,
FSE_ARG_VNODE, vp,
FSE_ARG_DONE);
}
#endif
return (error);
}
static errno_t
fuse_vfsop_sync(mount_t mp, int waitfor, vfs_context_t context)
{
uint64_t mntflags;
struct fuse_sync_cargs args;
int allerror = 0;
fuse_trace_printf_vfsop();
mntflags = vfs_flags(mp);
if (fuse_isdeadfs_mp(mp)) {
return 0;
}
if (vfs_isupdate(mp)) {
return 0;
}
if (vfs_isrdonly(mp)) {
return EROFS; // should panic!?
}
/*
* Write back each (modified) fuse node.
*/
args.context = context;
args.waitfor = waitfor;
args.error = 0;
#if M_FUSE4X_ENABLE_BIGLOCK
struct fuse_data *data = fuse_get_mpdata(mp);
fuse_biglock_unlock(data->biglock);
#endif
vnode_iterate(mp, 0, fuse_sync_callback, (void *)&args);
#if M_FUSE4X_ENABLE_BIGLOCK
fuse_biglock_lock(data->biglock);
#endif
if (args.error) {
allerror = args.error;
}
/*
* For other types of stale file system information, such as:
*
* - fs control info
* - quota information
* - modified superblock
*/
return allerror;
}
int
fuse_vnode_savesize(struct vnode *vp, struct ucred *cred)
{
struct fuse_vnode_data *fvdat = VTOFUD(vp);
struct thread *td = curthread;
struct fuse_filehandle *fufh = NULL;
struct fuse_dispatcher fdi;
struct fuse_setattr_in *fsai;
int err = 0;
DEBUG("inode=%jd size=%jd\n", VTOI(vp), fvdat->filesize);
ASSERT_VOP_ELOCKED(vp, "fuse_io_extend");
if (fuse_isdeadfs(vp)) {
return EBADF;
}
if (vnode_vtype(vp) == VDIR) {
return EISDIR;
}
if (vfs_isrdonly(vnode_mount(vp))) {
return EROFS;
}
if (cred == NULL) {
cred = td->td_ucred;
}
fdisp_init(&fdi, sizeof(*fsai));
fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred);
fsai = fdi.indata;
fsai->valid = 0;
// Truncate to a new value.
fsai->size = fvdat->filesize;
fsai->valid |= FATTR_SIZE;
fuse_filehandle_getrw(vp, FUFH_WRONLY, &fufh);
if (fufh) {
fsai->fh = fufh->fh_id;
fsai->valid |= FATTR_FH;
}
err = fdisp_wait_answ(&fdi);
fdisp_destroy(&fdi);
if (err == 0)
fvdat->flag &= ~FN_SIZECHANGE;
fuse_invalidate_attr(vp);
return err;
}
int
mac_vnop_removexattr (struct vnode *vp, const char *name)
{
vfs_context_t ctx = vfs_context_current();
int options = XATTR_NOSECURITY;
int error;
if (vfs_isrdonly(vp->v_mount))
return (EROFS);
error = vn_removexattr(vp, name, options, ctx);
#if CONFIG_FSE
if (error == 0) {
add_fsevent(FSE_XATTR_REMOVED, ctx,
FSE_ARG_VNODE, vp,
FSE_ARG_DONE);
}
#endif
return (error);
}
/*
* Return a znode for the extended attribute directory for zp.
* ** If the directory does not already exist, it is created **
*
* IN: zp - znode to obtain attribute directory from
* cr - credentials of caller
* flags - flags from the VOP_LOOKUP call
*
* OUT: xzpp - pointer to extended attribute znode
*
* RETURN: 0 on success
* error number on failure
*/
int
zfs_get_xattrdir(znode_t *zp, vnode_t **xvpp, cred_t *cr, int flags)
{
zfsvfs_t *zfsvfs = zp->z_zfsvfs;
znode_t *xzp;
zfs_dirlock_t *dl;
vattr_t va;
int error;
top:
error = zfs_dirent_lock(&dl, zp, "", &xzp, ZXATTR, NULL, NULL);
if (error)
return (error);
if (xzp != NULL) {
*xvpp = ZTOV(xzp);
zfs_dirent_unlock(dl);
return (0);
}
if (!(flags & CREATE_XATTR_DIR)) {
zfs_dirent_unlock(dl);
#ifdef __APPLE__
return (SET_ERROR(ENOATTR));
#else
return (SET_ERROR(ENOENT));
#endif
}
if (vfs_isrdonly(zfsvfs->z_vfs)) {
zfs_dirent_unlock(dl);
return (SET_ERROR(EROFS));
}
/*
* The ability to 'create' files in an attribute
* directory comes from the write_xattr permission on the base file.
*
* The ability to 'search' an attribute directory requires
* read_xattr permission on the base file.
*
* Once in a directory the ability to read/write attributes
* is controlled by the permissions on the attribute file.
*/
va.va_mask = AT_TYPE | AT_MODE | AT_UID | AT_GID;
va.va_type = VDIR;
va.va_mode = S_IFDIR | S_ISVTX | 0777;
zfs_fuid_map_ids(zp, cr, &va.va_uid, &va.va_gid);
error = zfs_make_xattrdir(zp, &va, xvpp, cr);
zfs_dirent_unlock(dl);
if (error == ERESTART) {
/* NB: we already did dmu_tx_wait() if necessary */
goto top;
}
if (error == 0)
VOP_UNLOCK(*xvpp, 0);
return (error);
}
static int
zfs_vfs_mount(struct mount *mp, vnode_t devvp, user_addr_t data, vfs_context_t context)
{
char *osname = NULL;
size_t osnamelen = 0;
int error = 0;
int canwrite;
/*
* Get the objset name (the "special" mount argument).
* The filesystem that we mount as root is defined in the
* "zfs-bootfs" property.
*/
if (data) {
user_addr_t fspec = USER_ADDR_NULL;
#ifndef __APPLE__
if (ddi_prop_lookup_string(DDI_DEV_T_ANY, ddi_root_node(),
DDI_PROP_DONTPASS, "zfs-bootfs", &zfs_bootpath) !=
DDI_SUCCESS)
return (EIO);
error = parse_bootpath(zfs_bootpath, rootfs.bo_name);
ddi_prop_free(zfs_bootpath);
#endif
osname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
if (vfs_context_is64bit(context)) {
if ( (error = copyin(data, (caddr_t)&fspec, sizeof(fspec))) )
goto out;
} else {
#ifdef ZFS_LEOPARD_ONLY
char *tmp;
#else
user32_addr_t tmp;
#endif
if ( (error = copyin(data, (caddr_t)&tmp, sizeof(tmp))) )
goto out;
/* munge into LP64 addr */
fspec = CAST_USER_ADDR_T(tmp);
}
if ( (error = copyinstr(fspec, osname, MAXPATHLEN, &osnamelen)) )
goto out;
}
#if 0
if (mvp->v_type != VDIR)
return (ENOTDIR);
mutex_enter(&mvp->v_lock);
if ((uap->flags & MS_REMOUNT) == 0 &&
(uap->flags & MS_OVERLAY) == 0 &&
(mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
mutex_exit(&mvp->v_lock);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* ZFS does not support passing unparsed data in via MS_DATA.
* Users should use the MS_OPTIONSTR interface; this means
* that all option parsing is already done and the options struct
* can be interrogated.
*/
if ((uap->flags & MS_DATA) && uap->datalen > 0)
return (EINVAL);
/*
* Get the objset name (the "special" mount argument).
*/
if (error = pn_get(uap->spec, fromspace, &spn))
return (error);
osname = spn.pn_path;
#endif
/*
* Check for mount privilege?
*
* If we don't have privilege then see if
* we have local permission to allow it
*/
#ifndef __APPLE__
error = secpolicy_fs_mount(cr, mvp, vfsp);
if (error) {
error = dsl_deleg_access(osname, ZFS_DELEG_PERM_MOUNT, cr);
if (error == 0) {
vattr_t vattr;
/*
* Make sure user is the owner of the mount point
* or has sufficient privileges.
*/
vattr.va_mask = AT_UID;
if (error = VOP_GETATTR(mvp, &vattr, 0, cr)) {
goto out;
}
if (error = secpolicy_vnode_owner(cr, vattr.va_uid)) {
goto out;
}
if (error = VOP_ACCESS(mvp, VWRITE, 0, cr)) {
goto out;
}
secpolicy_fs_mount_clearopts(cr, vfsp);
} else {
goto out;
}
}
#endif
error = zfs_domount(mp, 0, osname, context);
if (error)
printf("zfs_vfs_mount: error %d\n", error);
if (error == 0) {
zfsvfs_t *zfsvfs = NULL;
/* Make the Finder treat sub file systems just like a folder */
if (strpbrk(osname, "/"))
vfs_setflags(mp, (u_int64_t)((unsigned int)MNT_DONTBROWSE));
/* Indicate to VFS that we support ACLs. */
vfs_setextendedsecurity(mp);
/* Advisory locking should be handled at the VFS layer */
vfs_setlocklocal(mp);
/*
* Mac OS X needs a file system modify time
*
* We use the mtime of the "com.apple.system.mtime"
* extended attribute, which is associated with the
* file system root directory.
*
* Here we need to take a ref on z_mtime_vp to keep it around.
* If the attribute isn't there, attempt to create it.
*/
zfsvfs = vfs_fsprivate(mp);
if (zfsvfs->z_mtime_vp == NULL) {
struct vnode * rvp;
struct vnode *xdvp = NULLVP;
struct vnode *xvp = NULLVP;
znode_t *rootzp;
timestruc_t modify_time;
cred_t *cr;
timestruc_t now;
int flag;
int result;
if (zfs_zget(zfsvfs, zfsvfs->z_root, &rootzp) != 0) {
goto out;
}
rvp = ZTOV(rootzp);
cr = (cred_t *)vfs_context_ucred(context);
/* Grab the hidden attribute directory vnode. */
result = zfs_get_xattrdir(rootzp, &xdvp, cr, CREATE_XATTR_DIR);
vnode_put(rvp); /* all done with root vnode */
rvp = NULL;
if (result) {
goto out;
}
/*
* HACK - workaround missing vnode_setnoflush() KPI...
*
* We tag zfsvfs so that zfs_attach_vnode() can then set
* vnfs_marksystem when the vnode gets created.
*/
zfsvfs->z_last_unmount_time = 0xBADC0DE;
zfsvfs->z_last_mtime_synced = VTOZ(xdvp)->z_id;
flag = vfs_isrdonly(mp) ? 0 : ZEXISTS;
/* Lookup or create the named attribute. */
if ( zfs_obtain_xattr(VTOZ(xdvp), ZFS_MTIME_XATTR,
S_IRUSR | S_IWUSR, cr, &xvp,
flag) ) {
zfsvfs->z_last_unmount_time = 0;
zfsvfs->z_last_mtime_synced = 0;
vnode_put(xdvp);
goto out;
}
gethrestime(&now);
ZFS_TIME_ENCODE(&now, VTOZ(xvp)->z_phys->zp_mtime);
vnode_put(xdvp);
vnode_ref(xvp);
zfsvfs->z_mtime_vp = xvp;
ZFS_TIME_DECODE(&modify_time, VTOZ(xvp)->z_phys->zp_mtime);
zfsvfs->z_last_unmount_time = modify_time.tv_sec;
zfsvfs->z_last_mtime_synced = modify_time.tv_sec;
/*
* Keep this referenced vnode from impeding an unmount.
*
* XXX vnode_setnoflush() is MIA from KPI (see workaround above).
*/
#if 0
vnode_setnoflush(xvp);
#endif
vnode_put(xvp);
}
}
out:
if (osname) {
kmem_free(osname, MAXPATHLEN);
}
return (error);
}
static int
zfs_domount(struct mount *mp, dev_t mount_dev, char *osname, vfs_context_t ctx)
{
uint64_t readonly;
int error = 0;
int mode;
zfsvfs_t *zfsvfs;
znode_t *zp = NULL;
struct timeval tv;
ASSERT(mp);
ASSERT(osname);
/*
* Initialize the zfs-specific filesystem structure.
* Should probably make this a kmem cache, shuffle fields,
* and just bzero up to z_hold_mtx[].
*/
zfsvfs = kmem_zalloc(sizeof (zfsvfs_t), KM_SLEEP);
zfsvfs->z_vfs = mp;
zfsvfs->z_parent = zfsvfs;
zfsvfs->z_assign = TXG_NOWAIT;
zfsvfs->z_max_blksz = SPA_MAXBLOCKSIZE;
zfsvfs->z_show_ctldir = ZFS_SNAPDIR_VISIBLE;
mutex_init(&zfsvfs->z_znodes_lock, NULL, MUTEX_DEFAULT, NULL);
list_create(&zfsvfs->z_all_znodes, sizeof (znode_t),
offsetof(znode_t, z_link_node));
rw_init(&zfsvfs->z_unmount_lock, NULL, RW_DEFAULT, NULL);
rw_init(&zfsvfs->z_unmount_inactive_lock, NULL, RW_DEFAULT, NULL);
#ifndef __APPLE__
/* Initialize the generic filesystem structure. */
vfsp->vfs_bcount = 0;
vfsp->vfs_data = NULL;
if (zfs_create_unique_device(&mount_dev) == -1) {
error = ENODEV;
goto out;
}
ASSERT(vfs_devismounted(mount_dev) == 0);
#endif
vfs_setfsprivate(mp, zfsvfs);
if (error = dsl_prop_get_integer(osname, "readonly", &readonly, NULL))
goto out;
if (readonly) {
mode = DS_MODE_PRIMARY | DS_MODE_READONLY;
vfs_setflags(mp, (u_int64_t)((unsigned int)MNT_RDONLY));
} else {
mode = DS_MODE_PRIMARY;
}
error = dmu_objset_open(osname, DMU_OST_ZFS, mode, &zfsvfs->z_os);
if (error == EROFS) {
mode = DS_MODE_PRIMARY | DS_MODE_READONLY;
error = dmu_objset_open(osname, DMU_OST_ZFS, mode,
&zfsvfs->z_os);
}
if (error)
goto out;
if (error = zfs_init_fs(zfsvfs, &zp, (cred_t *) vfs_context_ucred(ctx)))
goto out;
/* The call to zfs_init_fs leaves the vnode held, release it here. */
vnode_put(ZTOV(zp));
if (dmu_objset_is_snapshot(zfsvfs->z_os)) {
uint64_t xattr;
ASSERT(mode & DS_MODE_READONLY);
#if 0
atime_changed_cb(zfsvfs, B_FALSE);
readonly_changed_cb(zfsvfs, B_TRUE);
if (error = dsl_prop_get_integer(osname, "xattr", &xattr, NULL))
goto out;
xattr_changed_cb(zfsvfs, xattr);
#endif
zfsvfs->z_issnap = B_TRUE;
} else {
if (!vfs_isrdonly(mp))
zfs_unlinked_drain(zfsvfs);
#ifndef __APPLE__
/*
* Parse and replay the intent log.
*
* Because of ziltest, this must be done after
* zfs_unlinked_drain(). (Further note: ziltest doesn't
* use readonly mounts, where zfs_unlinked_drain() isn't
* called.) This is because ziltest causes spa_sync()
* to think it's committed, but actually it is not, so
* the intent log contains many txg's worth of changes.
*
* In particular, if object N is in the unlinked set in
* the last txg to actually sync, then it could be
* actually freed in a later txg and then reallocated in
* a yet later txg. This would write a "create object
* N" record to the intent log. Normally, this would be
* fine because the spa_sync() would have written out
* the fact that object N is free, before we could write
* the "create object N" intent log record.
*
* But when we are in ziltest mode, we advance the "open
* txg" without actually spa_sync()-ing the changes to
* disk. So we would see that object N is still
* allocated and in the unlinked set, and there is an
* intent log record saying to allocate it.
*/
zil_replay(zfsvfs->z_os, zfsvfs, &zfsvfs->z_assign,
zfs_replay_vector);
if (!zil_disable)
zfsvfs->z_log = zil_open(zfsvfs->z_os, zfs_get_data);
#endif
}
#if 0
if (!zfsvfs->z_issnap)
zfsctl_create(zfsvfs);
#endif
/*
* Record the mount time (for Spotlight)
*/
microtime(&tv);
zfsvfs->z_mount_time = tv.tv_sec;
out:
if (error) {
if (zfsvfs->z_os)
dmu_objset_close(zfsvfs->z_os);
mutex_destroy(&zfsvfs->z_znodes_lock);
list_destroy(&zfsvfs->z_all_znodes);
rw_destroy(&zfsvfs->z_unmount_lock);
rw_destroy(&zfsvfs->z_unmount_inactive_lock);
kmem_free(zfsvfs, sizeof (zfsvfs_t));
} else {
OSIncrementAtomic(&zfs_active_fs_count);
(void) copystr(osname, vfs_statfs(mp)->f_mntfromname, MNAMELEN - 1, 0);
vfs_getnewfsid(mp);
}
return (error);
}
/*
* Return a znode for the extended attribute directory for zp.
* ** If the directory does not already exist, it is created **
*
* IN: zp - znode to obtain attribute directory from
* cr - credentials of caller
* flags - flags from the VOP_LOOKUP call
*
* OUT: xzpp - pointer to extended attribute znode
*
* RETURN: 0 on success
* error number on failure
*/
int
zfs_get_xattrdir(znode_t *zp, vnode_t **xvpp, cred_t *cr, int flags)
{
zfsvfs_t *zfsvfs = zp->z_zfsvfs;
znode_t *xzp;
zfs_dirlock_t *dl;
vattr_t va;
int error;
//printf("zfs_get_xattrdir\n");
top:
#ifdef __APPLE__
error = zfs_dirent_lock(&dl, zp, NULL, &xzp, ZXATTR);
#else
error = zfs_dirent_lock(&dl, zp, "", &xzp, ZXATTR);
#endif
if (error)
return (error);
if (xzp != NULL) {
*xvpp = ZTOV(xzp);
zfs_dirent_unlock(dl);
return (0);
}
//ASSERT(zp->z_phys->zp_xattr == 0);
if (!(flags & CREATE_XATTR_DIR)) {
zfs_dirent_unlock(dl);
return (ENOENT);
}
#ifdef __APPLE__
if (vfs_isrdonly(zfsvfs->z_vfs))
#else
if (zfsvfs->z_vfs->vfs_flag & VFS_RDONLY)
#endif
{
zfs_dirent_unlock(dl);
return (EROFS);
}
/*
* The ability to 'create' files in an attribute
* directory comes from the write_xattr permission on the base file.
*
* The ability to 'search' an attribute directory requires
* read_xattr permission on the base file.
*
* Once in a directory the ability to read/write attributes
* is controlled by the permissions on the attribute file.
*/
va.va_mask = AT_TYPE | AT_MODE | AT_UID | AT_GID;
va.va_type = VDIR;
va.va_mode = S_IFDIR | S_ISVTX | 0777;
zfs_fuid_map_ids(zp, cr, &va.va_uid, &va.va_gid);
error = zfs_make_xattrdir(zp, &va, xvpp, cr);
zfs_dirent_unlock(dl);
if (error == ERESTART && zfsvfs->z_assign == TXG_NOWAIT) {
/* NB: we already did dmu_tx_wait() if necessary */
goto top;
}
return (error);
}
/*
struct vnop_lookup_args {
struct vnodeop_desc *a_desc;
struct vnode *a_dvp;
struct vnode **a_vpp;
struct componentname *a_cnp;
};
*/
int
fuse_vnop_lookup(struct vop_lookup_args *ap)
{
struct vnode *dvp = ap->a_dvp;
struct vnode **vpp = ap->a_vpp;
struct componentname *cnp = ap->a_cnp;
struct thread *td = cnp->cn_thread;
struct ucred *cred = cnp->cn_cred;
int nameiop = cnp->cn_nameiop;
int flags = cnp->cn_flags;
int wantparent = flags & (LOCKPARENT | WANTPARENT);
int islastcn = flags & ISLASTCN;
struct mount *mp = vnode_mount(dvp);
int err = 0;
int lookup_err = 0;
struct vnode *vp = NULL;
struct fuse_dispatcher fdi;
enum fuse_opcode op;
uint64_t nid;
struct fuse_access_param facp;
FS_DEBUG2G("parent_inode=%ju - %*s\n",
(uintmax_t)VTOI(dvp), (int)cnp->cn_namelen, cnp->cn_nameptr);
if (fuse_isdeadfs(dvp)) {
*vpp = NULL;
return ENXIO;
}
if (!vnode_isdir(dvp)) {
return ENOTDIR;
}
if (islastcn && vfs_isrdonly(mp) && (nameiop != LOOKUP)) {
return EROFS;
}
/*
* We do access check prior to doing anything else only in the case
* when we are at fs root (we'd like to say, "we are at the first
* component", but that's not exactly the same... nevermind).
* See further comments at further access checks.
*/
bzero(&facp, sizeof(facp));
if (vnode_isvroot(dvp)) { /* early permission check hack */
if ((err = fuse_internal_access(dvp, VEXEC, &facp, td, cred))) {
return err;
}
}
if (flags & ISDOTDOT) {
nid = VTOFUD(dvp)->parent_nid;
if (nid == 0) {
return ENOENT;
}
fdisp_init(&fdi, 0);
op = FUSE_GETATTR;
goto calldaemon;
} else if (cnp->cn_namelen == 1 && *(cnp->cn_nameptr) == '.') {
nid = VTOI(dvp);
fdisp_init(&fdi, 0);
op = FUSE_GETATTR;
goto calldaemon;
} else if (fuse_lookup_cache_enable) {
err = cache_lookup(dvp, vpp, cnp, NULL, NULL);
switch (err) {
case -1: /* positive match */
atomic_add_acq_long(&fuse_lookup_cache_hits, 1);
return 0;
case 0: /* no match in cache */
atomic_add_acq_long(&fuse_lookup_cache_misses, 1);
break;
case ENOENT: /* negative match */
/* fall through */
default:
return err;
}
}
nid = VTOI(dvp);
fdisp_init(&fdi, cnp->cn_namelen + 1);
op = FUSE_LOOKUP;
calldaemon:
fdisp_make(&fdi, op, mp, nid, td, cred);
if (op == FUSE_LOOKUP) {
memcpy(fdi.indata, cnp->cn_nameptr, cnp->cn_namelen);
((char *)fdi.indata)[cnp->cn_namelen] = '\0';
}
lookup_err = fdisp_wait_answ(&fdi);
if ((op == FUSE_LOOKUP) && !lookup_err) { /* lookup call succeeded */
nid = ((struct fuse_entry_out *)fdi.answ)->nodeid;
if (!nid) {
/*
* zero nodeid is the same as "not found",
* but it's also cacheable (which we keep
* keep on doing not as of writing this)
*/
lookup_err = ENOENT;
} else if (nid == FUSE_ROOT_ID) {
lookup_err = EINVAL;
}
}
if (lookup_err &&
(!fdi.answ_stat || lookup_err != ENOENT || op != FUSE_LOOKUP)) {
fdisp_destroy(&fdi);
return lookup_err;
}
/* lookup_err, if non-zero, must be ENOENT at this point */
if (lookup_err) {
if ((nameiop == CREATE || nameiop == RENAME) && islastcn
/* && directory dvp has not been removed */ ) {
if (vfs_isrdonly(mp)) {
err = EROFS;
goto out;
}
#if 0 /* THINK_ABOUT_THIS */
if ((err = fuse_internal_access(dvp, VWRITE, cred, td, &facp))) {
goto out;
}
#endif
/*
* Possibly record the position of a slot in the
* directory large enough for the new component name.
* This can be recorded in the vnode private data for
* dvp. Set the SAVENAME flag to hold onto the
* pathname for use later in VOP_CREATE or VOP_RENAME.
*/
cnp->cn_flags |= SAVENAME;
err = EJUSTRETURN;
goto out;
}
/* Consider inserting name into cache. */
/*
* No we can't use negative caching, as the fs
* changes are out of our control.
* False positives' falseness turns out just as things
* go by, but false negatives' falseness doesn't.
* (and aiding the caching mechanism with extra control
* mechanisms comes quite close to beating the whole purpose
* caching...)
*/
#if 0
if ((cnp->cn_flags & MAKEENTRY) && nameiop != CREATE) {
FS_DEBUG("inserting NULL into cache\n");
cache_enter(dvp, NULL, cnp);
}
#endif
err = ENOENT;
goto out;
} else {
/* !lookup_err */
struct fuse_entry_out *feo = NULL;
struct fuse_attr *fattr = NULL;
if (op == FUSE_GETATTR) {
fattr = &((struct fuse_attr_out *)fdi.answ)->attr;
} else {
feo = (struct fuse_entry_out *)fdi.answ;
fattr = &(feo->attr);
}
/*
* If deleting, and at end of pathname, return parameters
* which can be used to remove file. If the wantparent flag
* isn't set, we return only the directory, otherwise we go on
* and lock the inode, being careful with ".".
*/
if (nameiop == DELETE && islastcn) {
/*
* Check for write access on directory.
*/
facp.xuid = fattr->uid;
facp.facc_flags |= FACCESS_STICKY;
err = fuse_internal_access(dvp, VWRITE, &facp, td, cred);
facp.facc_flags &= ~FACCESS_XQUERIES;
if (err) {
goto out;
}
if (nid == VTOI(dvp)) {
vref(dvp);
*vpp = dvp;
} else {
err = fuse_vnode_get(dvp->v_mount, nid, dvp,
&vp, cnp, IFTOVT(fattr->mode));
if (err)
goto out;
*vpp = vp;
}
/*
* Save the name for use in VOP_RMDIR and VOP_REMOVE
* later.
*/
cnp->cn_flags |= SAVENAME;
goto out;
}
/*
* If rewriting (RENAME), return the inode and the
* information required to rewrite the present directory
* Must get inode of directory entry to verify it's a
* regular file, or empty directory.
*/
if (nameiop == RENAME && wantparent && islastcn) {
#if 0 /* THINK_ABOUT_THIS */
if ((err = fuse_internal_access(dvp, VWRITE, cred, td, &facp))) {
goto out;
}
#endif
/*
* Check for "."
*/
if (nid == VTOI(dvp)) {
err = EISDIR;
goto out;
}
err = fuse_vnode_get(vnode_mount(dvp),
nid,
dvp,
&vp,
cnp,
IFTOVT(fattr->mode));
if (err) {
goto out;
}
*vpp = vp;
/*
* Save the name for use in VOP_RENAME later.
*/
cnp->cn_flags |= SAVENAME;
goto out;
}
if (flags & ISDOTDOT) {
struct mount *mp;
int ltype;
/*
* Expanded copy of vn_vget_ino() so that
* fuse_vnode_get() can be used.
*/
mp = dvp->v_mount;
ltype = VOP_ISLOCKED(dvp);
err = vfs_busy(mp, MBF_NOWAIT);
if (err != 0) {
vfs_ref(mp);
VOP_UNLOCK(dvp, 0);
err = vfs_busy(mp, 0);
vn_lock(dvp, ltype | LK_RETRY);
vfs_rel(mp);
if (err)
goto out;
if ((dvp->v_iflag & VI_DOOMED) != 0) {
err = ENOENT;
vfs_unbusy(mp);
goto out;
}
}
VOP_UNLOCK(dvp, 0);
err = fuse_vnode_get(vnode_mount(dvp),
nid,
NULL,
&vp,
cnp,
IFTOVT(fattr->mode));
vfs_unbusy(mp);
vn_lock(dvp, ltype | LK_RETRY);
if ((dvp->v_iflag & VI_DOOMED) != 0) {
if (err == 0)
vput(vp);
err = ENOENT;
}
if (err)
goto out;
*vpp = vp;
} else if (nid == VTOI(dvp)) {
vref(dvp);
*vpp = dvp;
} else {
err = fuse_vnode_get(vnode_mount(dvp),
nid,
dvp,
&vp,
cnp,
IFTOVT(fattr->mode));
if (err) {
goto out;
}
fuse_vnode_setparent(vp, dvp);
*vpp = vp;
}
if (op == FUSE_GETATTR) {
cache_attrs(*vpp, (struct fuse_attr_out *)fdi.answ);
} else {
cache_attrs(*vpp, (struct fuse_entry_out *)fdi.answ);
}
/* Insert name into cache if appropriate. */
/*
* Nooo, caching is evil. With caching, we can't avoid stale
* information taking over the playground (cached info is not
* just positive/negative, it does have qualitative aspects,
* too). And a (VOP/FUSE)_GETATTR is always thrown anyway, when
* walking down along cached path components, and that's not
* any cheaper than FUSE_LOOKUP. This might change with
* implementing kernel side attr caching, but... In Linux,
* lookup results are not cached, and the daemon is bombarded
* with FUSE_LOOKUPS on and on. This shows that by design, the
* daemon is expected to handle frequent lookup queries
* efficiently, do its caching in userspace, and so on.
*
* So just leave the name cache alone.
*/
/*
* Well, now I know, Linux caches lookups, but with a
* timeout... So it's the same thing as attribute caching:
* we can deal with it when implement timeouts.
*/
#if 0
if (cnp->cn_flags & MAKEENTRY) {
cache_enter(dvp, *vpp, cnp);
}
#endif
}
out:
if (!lookup_err) {
/* No lookup error; need to clean up. */
if (err) { /* Found inode; exit with no vnode. */
if (op == FUSE_LOOKUP) {
fuse_internal_forget_send(vnode_mount(dvp), td, cred,
nid, 1);
}
fdisp_destroy(&fdi);
return err;
} else {
#ifndef NO_EARLY_PERM_CHECK_HACK
if (!islastcn) {
/*
* We have the attributes of the next item
* *now*, and it's a fact, and we do not
* have to do extra work for it (ie, beg the
* daemon), and it neither depends on such
* accidental things like attr caching. So
* the big idea: check credentials *now*,
* not at the beginning of the next call to
* lookup.
*
* The first item of the lookup chain (fs root)
* won't be checked then here, of course, as
* its never "the next". But go and see that
* the root is taken care about at the very
* beginning of this function.
*
* Now, given we want to do the access check
* this way, one might ask: so then why not
* do the access check just after fetching
* the inode and its attributes from the
* daemon? Why bother with producing the
* corresponding vnode at all if something
* is not OK? We know what's the deal as
* soon as we get those attrs... There is
* one bit of info though not given us by
* the daemon: whether his response is
* authorative or not... His response should
* be ignored if something is mounted over
* the dir in question. But that can be
* known only by having the vnode...
*/
int tmpvtype = vnode_vtype(*vpp);
bzero(&facp, sizeof(facp));
/*the early perm check hack */
facp.facc_flags |= FACCESS_VA_VALID;
if ((tmpvtype != VDIR) && (tmpvtype != VLNK)) {
err = ENOTDIR;
}
if (!err && !vnode_mountedhere(*vpp)) {
err = fuse_internal_access(*vpp, VEXEC, &facp, td, cred);
}
if (err) {
if (tmpvtype == VLNK)
FS_DEBUG("weird, permission error with a symlink?\n");
vput(*vpp);
*vpp = NULL;
}
}
#endif
}
}
fdisp_destroy(&fdi);
return err;
}
/*
struct vnop_setattr_args {
struct vnode *a_vp;
struct vattr *a_vap;
struct ucred *a_cred;
struct thread *a_td;
};
*/
static int
fuse_vnop_setattr(struct vop_setattr_args *ap)
{
struct vnode *vp = ap->a_vp;
struct vattr *vap = ap->a_vap;
struct ucred *cred = ap->a_cred;
struct thread *td = curthread;
struct fuse_dispatcher fdi;
struct fuse_setattr_in *fsai;
struct fuse_access_param facp;
int err = 0;
enum vtype vtyp;
int sizechanged = 0;
uint64_t newsize = 0;
FS_DEBUG2G("inode=%ju\n", (uintmax_t)VTOI(vp));
if (fuse_isdeadfs(vp)) {
return ENXIO;
}
fdisp_init(&fdi, sizeof(*fsai));
fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred);
fsai = fdi.indata;
fsai->valid = 0;
bzero(&facp, sizeof(facp));
facp.xuid = vap->va_uid;
facp.xgid = vap->va_gid;
if (vap->va_uid != (uid_t)VNOVAL) {
facp.facc_flags |= FACCESS_CHOWN;
fsai->uid = vap->va_uid;
fsai->valid |= FATTR_UID;
}
if (vap->va_gid != (gid_t)VNOVAL) {
facp.facc_flags |= FACCESS_CHOWN;
fsai->gid = vap->va_gid;
fsai->valid |= FATTR_GID;
}
if (vap->va_size != VNOVAL) {
struct fuse_filehandle *fufh = NULL;
/*Truncate to a new value. */
fsai->size = vap->va_size;
sizechanged = 1;
newsize = vap->va_size;
fsai->valid |= FATTR_SIZE;
fuse_filehandle_getrw(vp, FUFH_WRONLY, &fufh);
if (fufh) {
fsai->fh = fufh->fh_id;
fsai->valid |= FATTR_FH;
}
}
if (vap->va_atime.tv_sec != VNOVAL) {
fsai->atime = vap->va_atime.tv_sec;
fsai->atimensec = vap->va_atime.tv_nsec;
fsai->valid |= FATTR_ATIME;
}
if (vap->va_mtime.tv_sec != VNOVAL) {
fsai->mtime = vap->va_mtime.tv_sec;
fsai->mtimensec = vap->va_mtime.tv_nsec;
fsai->valid |= FATTR_MTIME;
}
if (vap->va_mode != (mode_t)VNOVAL) {
fsai->mode = vap->va_mode & ALLPERMS;
fsai->valid |= FATTR_MODE;
}
if (!fsai->valid) {
goto out;
}
vtyp = vnode_vtype(vp);
if (fsai->valid & FATTR_SIZE && vtyp == VDIR) {
err = EISDIR;
goto out;
}
if (vfs_isrdonly(vnode_mount(vp)) && (fsai->valid & ~FATTR_SIZE || vtyp == VREG)) {
err = EROFS;
goto out;
}
if (fsai->valid & ~FATTR_SIZE) {
/*err = fuse_internal_access(vp, VADMIN, context, &facp); */
/*XXX */
err = 0;
}
facp.facc_flags &= ~FACCESS_XQUERIES;
if (err && !(fsai->valid & ~(FATTR_ATIME | FATTR_MTIME)) &&
vap->va_vaflags & VA_UTIMES_NULL) {
err = fuse_internal_access(vp, VWRITE, &facp, td, cred);
}
if (err)
goto out;
if ((err = fdisp_wait_answ(&fdi)))
goto out;
vtyp = IFTOVT(((struct fuse_attr_out *)fdi.answ)->attr.mode);
if (vnode_vtype(vp) != vtyp) {
if (vnode_vtype(vp) == VNON && vtyp != VNON) {
debug_printf("FUSE: Dang! vnode_vtype is VNON and vtype isn't.\n");
} else {
/*
* STALE vnode, ditch
*
* The vnode has changed its type "behind our back". There's
* nothing really we can do, so let us just force an internal
* revocation and tell the caller to try again, if interested.
*/
fuse_internal_vnode_disappear(vp);
err = EAGAIN;
}
}
if (!err && !sizechanged) {
cache_attrs(vp, (struct fuse_attr_out *)fdi.answ);
}
out:
fdisp_destroy(&fdi);
if (!err && sizechanged) {
fuse_vnode_setsize(vp, cred, newsize);
VTOFUD(vp)->flag &= ~FN_SIZECHANGE;
}
return err;
}
int
fuse_internal_access(struct vnode *vp,
mode_t mode,
struct fuse_access_param *facp,
struct thread *td,
struct ucred *cred)
{
int err = 0;
uint32_t mask = 0;
int dataflags;
int vtype;
struct mount *mp;
struct fuse_dispatcher fdi;
struct fuse_access_in *fai;
struct fuse_data *data;
/* NOT YET DONE */
/*
* If this vnop gives you trouble, just return 0 here for a lazy
* kludge.
*/
/* return 0;*/
fuse_trace_printf_func();
mp = vnode_mount(vp);
vtype = vnode_vtype(vp);
data = fuse_get_mpdata(mp);
dataflags = data->dataflags;
if ((mode & VWRITE) && vfs_isrdonly(mp)) {
return EACCES;
}
/* Unless explicitly permitted, deny everyone except the fs owner. */
if (vnode_isvroot(vp) && !(facp->facc_flags & FACCESS_NOCHECKSPY)) {
if (!(dataflags & FSESS_DAEMON_CAN_SPY)) {
int denied = fuse_match_cred(data->daemoncred,
cred);
if (denied) {
return EPERM;
}
}
facp->facc_flags |= FACCESS_NOCHECKSPY;
}
if (!(facp->facc_flags & FACCESS_DO_ACCESS)) {
return 0;
}
if (((vtype == VREG) && (mode & VEXEC))) {
#ifdef NEED_MOUNT_ARGUMENT_FOR_THIS
/* Let the kernel handle this through open / close heuristics.*/
return ENOTSUP;
#else
/* Let the kernel handle this. */
return 0;
#endif
}
if (!fsess_isimpl(mp, FUSE_ACCESS)) {
/* Let the kernel handle this. */
return 0;
}
if (dataflags & FSESS_DEFAULT_PERMISSIONS) {
/* Let the kernel handle this. */
return 0;
}
if ((mode & VADMIN) != 0) {
err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
if (err) {
return err;
}
}
if ((mode & (VWRITE | VAPPEND | VADMIN)) != 0) {
mask |= W_OK;
}
if ((mode & VREAD) != 0) {
mask |= R_OK;
}
if ((mode & VEXEC) != 0) {
mask |= X_OK;
}
bzero(&fdi, sizeof(fdi));
fdisp_init(&fdi, sizeof(*fai));
fdisp_make_vp(&fdi, FUSE_ACCESS, vp, td, cred);
fai = fdi.indata;
fai->mask = F_OK;
fai->mask |= mask;
err = fdisp_wait_answ(&fdi);
fdisp_destroy(&fdi);
if (err == ENOSYS) {
fsess_set_notimpl(mp, FUSE_ACCESS);
err = 0;
}
return err;
}