static int
putacct(idtype_t idtype, id_t id, void *buf, size_t bufsize, int flags)
{
int error;
taskid_t tkid;
proc_t *p;
task_t *tk;
void *kbuf;
struct exacct_globals *acg;
if (bufsize == 0 || bufsize > EXACCT_MAX_BUFSIZE)
return (set_errno(EINVAL));
kbuf = kmem_alloc(bufsize, KM_SLEEP);
if (copyin(buf, kbuf, bufsize) != 0) {
error = EFAULT;
goto out;
}
acg = zone_getspecific(exacct_zone_key, curproc->p_zone);
switch (idtype) {
case P_PID:
mutex_enter(&pidlock);
if ((p = prfind(id)) == NULL) {
mutex_exit(&pidlock);
error = ESRCH;
} else {
zone_t *zone = p->p_zone;
tkid = p->p_task->tk_tkid;
zone_hold(zone);
mutex_exit(&pidlock);
error = exacct_tag_proc(&acg->ac_proc, id, tkid, kbuf,
bufsize, flags, zone->zone_nodename);
zone_rele(zone);
}
break;
case P_TASKID:
if ((tk = task_hold_by_id(id)) != NULL) {
error = exacct_tag_task(&acg->ac_task, tk, kbuf,
bufsize, flags);
task_rele(tk);
} else {
error = ESRCH;
}
break;
default:
error = EINVAL;
break;
}
out:
kmem_free(kbuf, bufsize);
return (error == 0 ? error : set_errno(error));
}
/*
* getflabel -
*
* Return pointer to the ts_label associated with the specified file,
* or returns NULL if error occurs. Caller is responsible for doing
* a label_rele of the ts_label.
*/
ts_label_t *
getflabel(vnode_t *vp)
{
vfs_t *vfsp, *rvfsp;
vnode_t *rvp, *rvp2;
zone_t *zone;
ts_label_t *zl;
int err;
boolean_t vfs_is_held = B_FALSE;
char vpath[MAXPATHLEN];
ASSERT(vp);
vfsp = vp->v_vfsp;
if (vfsp == NULL)
return (NULL);
rvp = vp;
/*
* Traverse lofs mounts and fattach'es to get the real vnode
*/
if (VOP_REALVP(rvp, &rvp2, NULL) == 0)
rvp = rvp2;
rvfsp = rvp->v_vfsp;
/* rvp/rvfsp now represent the real vnode/vfs we will be using */
/* Go elsewhere to handle all nfs files. */
if (strncmp(vfssw[rvfsp->vfs_fstype].vsw_name, "nfs", 3) == 0)
return (getflabel_nfs(rvfsp));
/*
* Fast path, for objects in a labeled zone: everything except
* for lofs/nfs will be just the label of that zone.
*/
if ((rvfsp->vfs_zone != NULL) && (rvfsp->vfs_zone != global_zone)) {
if ((strcmp(vfssw[rvfsp->vfs_fstype].vsw_name,
"lofs") != 0)) {
zone = rvfsp->vfs_zone;
zone_hold(zone);
goto zone_out; /* return this label */
}
}
/*
* Get the vnode path -- it may be missing or weird for some
* cases, like devices. In those cases use the label of the
* current zone.
*/
err = vnodetopath(rootdir, rvp, vpath, sizeof (vpath), kcred);
if ((err != 0) || (*vpath != '/')) {
zone = curproc->p_zone;
zone_hold(zone);
goto zone_out;
}
/*
* For zfs filesystem, return the explicit label property if a
* meaningful one exists.
*/
if (strncmp(vfssw[rvfsp->vfs_fstype].vsw_name, "zfs", 3) == 0) {
ts_label_t *tsl;
tsl = getflabel_zfs(rvfsp);
/* if label found, return it, otherwise continue... */
if (tsl != NULL)
return (tsl);
}
/*
* If a mountpoint exists, hold the vfs while we reference it.
* Otherwise if mountpoint is NULL it should not be held (e.g.,
* a hold/release on spec_vfs would result in an attempted free
* and panic.)
*/
if (vfsp->vfs_mntpt != NULL) {
VFS_HOLD(vfsp);
vfs_is_held = B_TRUE;
}
zone = zone_find_by_any_path(vpath, B_FALSE);
/*
* If the vnode source zone is properly set to a non-global zone, or
* any zone if the mount is R/W, then use the label of that zone.
*/
if ((zone != global_zone) || ((vfsp->vfs_flag & VFS_RDONLY) != 0))
goto zone_out; /* return this label */
/*
* Otherwise, if we're not in the global zone, use the label of
* our zone.
*/
if ((zone = curproc->p_zone) != global_zone) {
zone_hold(zone);
goto zone_out; /* return this label */
}
/*
* We're in the global zone and the mount is R/W ... so the file
* may actually be in the global zone -- or in the root of any zone.
* Always build our own path for the file, to be sure it's simplified
* (i.e., no ".", "..", "//", and so on).
*/
zone_rele(zone);
zone = zone_find_by_any_path(vpath, B_FALSE);
zone_out:
if ((curproc->p_zone == global_zone) && (zone == global_zone)) {
vfs_t *nvfs;
boolean_t exported = B_FALSE;
refstr_t *mntpt_ref;
char *mntpt;
/*
* File is in the global zone - check whether it's admin_high.
* If it's in a filesys that was exported from the global zone,
* it's admin_low by definition. Otherwise, if it's in a
* filesys that's NOT exported to any zone, it's admin_high.
*
* And for these files if there wasn't a valid mount resource,
* the file must be admin_high (not exported, probably a global
* zone device).
*/
if (!vfs_is_held)
goto out_high;
mntpt_ref = vfs_getmntpoint(vfsp);
mntpt = (char *)refstr_value(mntpt_ref);
if ((mntpt != NULL) && (*mntpt == '/')) {
zone_t *to_zone;
to_zone = zone_find_by_any_path(mntpt, B_FALSE);
zone_rele(to_zone);
if (to_zone != global_zone) {
/* force admin_low */
exported = B_TRUE;
}
}
if (mntpt_ref)
refstr_rele(mntpt_ref);
if (!exported) {
size_t plen = strlen(vpath);
vfs_list_read_lock();
nvfs = vfsp->vfs_next;
while (nvfs != vfsp) {
const char *rstr;
size_t rlen = 0;
/*
* Skip checking this vfs if it's not lofs
* (the only way to export from the global
* zone to a zone).
*/
if (strncmp(vfssw[nvfs->vfs_fstype].vsw_name,
"lofs", 4) != 0) {
nvfs = nvfs->vfs_next;
continue;
}
rstr = refstr_value(nvfs->vfs_resource);
if (rstr != NULL)
rlen = strlen(rstr);
/*
* Check for a match: does this vfs correspond
* to our global zone file path? I.e., check
* if the resource string of this vfs is a
* prefix of our path.
*/
if ((rlen > 0) && (rlen <= plen) &&
(strncmp(rstr, vpath, rlen) == 0) &&
(vpath[rlen] == '/' ||
vpath[rlen] == '\0')) {
/* force admin_low */
exported = B_TRUE;
break;
}
nvfs = nvfs->vfs_next;
}
vfs_list_unlock();
}
if (!exported)
goto out_high;
}
if (vfs_is_held)
VFS_RELE(vfsp);
/*
* Now that we have the "home" zone for the file, return the slabel
* of that zone.
*/
zl = zone->zone_slabel;
label_hold(zl);
zone_rele(zone);
return (zl);
out_high:
if (vfs_is_held)
VFS_RELE(vfsp);
label_hold(l_admin_high);
zone_rele(zone);
return (l_admin_high);
}
/*
* smbfs mount vfsop
* Set up mount info record and attach it to vfs struct.
*/
static int
smbfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
{
char *data = uap->dataptr;
int error;
smbnode_t *rtnp = NULL; /* root of this fs */
smbmntinfo_t *smi = NULL;
dev_t smbfs_dev;
int version;
int devfd;
zone_t *zone = curproc->p_zone;
zone_t *mntzone = NULL;
smb_share_t *ssp = NULL;
smb_cred_t scred;
int flags, sec;
STRUCT_DECL(smbfs_args, args); /* smbfs mount arguments */
if ((error = secpolicy_fs_mount(cr, mvp, vfsp)) != 0)
return (error);
if (mvp->v_type != VDIR)
return (ENOTDIR);
/*
* get arguments
*
* uap->datalen might be different from sizeof (args)
* in a compatible situation.
*/
STRUCT_INIT(args, get_udatamodel());
bzero(STRUCT_BUF(args), SIZEOF_STRUCT(smbfs_args, DATAMODEL_NATIVE));
if (copyin(data, STRUCT_BUF(args), MIN(uap->datalen,
SIZEOF_STRUCT(smbfs_args, DATAMODEL_NATIVE))))
return (EFAULT);
/*
* Check mount program version
*/
version = STRUCT_FGET(args, version);
if (version != SMBFS_VERSION) {
cmn_err(CE_WARN, "mount version mismatch:"
" kernel=%d, mount=%d\n",
SMBFS_VERSION, version);
return (EINVAL);
}
/*
* Deal with re-mount requests.
*/
if (uap->flags & MS_REMOUNT) {
cmn_err(CE_WARN, "MS_REMOUNT not implemented");
return (ENOTSUP);
}
/*
* Check for busy
*/
mutex_enter(&mvp->v_lock);
if (!(uap->flags & MS_OVERLAY) &&
(mvp->v_count != 1 || (mvp->v_flag & VROOT))) {
mutex_exit(&mvp->v_lock);
return (EBUSY);
}
mutex_exit(&mvp->v_lock);
/*
* Get the "share" from the netsmb driver (ssp).
* It is returned with a "ref" (hold) for us.
* Release this hold: at errout below, or in
* smbfs_freevfs().
*/
devfd = STRUCT_FGET(args, devfd);
error = smb_dev2share(devfd, &ssp);
if (error) {
cmn_err(CE_WARN, "invalid device handle %d (%d)\n",
devfd, error);
return (error);
}
/*
* Use "goto errout" from here on.
* See: ssp, smi, rtnp, mntzone
*/
/*
* Determine the zone we're being mounted into.
*/
zone_hold(mntzone = zone); /* start with this assumption */
if (getzoneid() == GLOBAL_ZONEID) {
zone_rele(mntzone);
mntzone = zone_find_by_path(refstr_value(vfsp->vfs_mntpt));
ASSERT(mntzone != NULL);
if (mntzone != zone) {
error = EBUSY;
goto errout;
}
}
/*
* Stop the mount from going any further if the zone is going away.
*/
if (zone_status_get(mntzone) >= ZONE_IS_SHUTTING_DOWN) {
error = EBUSY;
goto errout;
}
/*
* On a Trusted Extensions client, we may have to force read-only
* for read-down mounts.
*/
if (is_system_labeled()) {
void *addr;
int ipvers = 0;
struct smb_vc *vcp;
vcp = SSTOVC(ssp);
addr = smb_vc_getipaddr(vcp, &ipvers);
error = smbfs_mount_label_policy(vfsp, addr, ipvers, cr);
if (error > 0)
goto errout;
if (error == -1) {
/* change mount to read-only to prevent write-down */
vfs_setmntopt(vfsp, MNTOPT_RO, NULL, 0);
}
}
/* Prevent unload. */
atomic_inc_32(&smbfs_mountcount);
/*
* Create a mount record and link it to the vfs struct.
* No more possiblities for errors from here on.
* Tear-down of this stuff is in smbfs_free_smi()
*
* Compare with NFS: nfsrootvp()
*/
smi = kmem_zalloc(sizeof (*smi), KM_SLEEP);
mutex_init(&smi->smi_lock, NULL, MUTEX_DEFAULT, NULL);
cv_init(&smi->smi_statvfs_cv, NULL, CV_DEFAULT, NULL);
rw_init(&smi->smi_hash_lk, NULL, RW_DEFAULT, NULL);
smbfs_init_hash_avl(&smi->smi_hash_avl);
smi->smi_share = ssp;
ssp = NULL;
/*
* Convert the anonymous zone hold acquired via zone_hold() above
* into a zone reference.
*/
zone_init_ref(&smi->smi_zone_ref);
zone_hold_ref(mntzone, &smi->smi_zone_ref, ZONE_REF_SMBFS);
zone_rele(mntzone);
mntzone = NULL;
/*
* Initialize option defaults
*/
smi->smi_flags = SMI_LLOCK;
smi->smi_acregmin = SEC2HR(SMBFS_ACREGMIN);
smi->smi_acregmax = SEC2HR(SMBFS_ACREGMAX);
smi->smi_acdirmin = SEC2HR(SMBFS_ACDIRMIN);
smi->smi_acdirmax = SEC2HR(SMBFS_ACDIRMAX);
/*
* All "generic" mount options have already been
* handled in vfs.c:domount() - see mntopts stuff.
* Query generic options using vfs_optionisset().
*/
if (vfs_optionisset(vfsp, MNTOPT_INTR, NULL))
smi->smi_flags |= SMI_INT;
if (vfs_optionisset(vfsp, MNTOPT_ACL, NULL))
smi->smi_flags |= SMI_ACL;
/*
* Get the mount options that come in as smbfs_args,
* starting with args.flags (SMBFS_MF_xxx)
*/
flags = STRUCT_FGET(args, flags);
smi->smi_uid = STRUCT_FGET(args, uid);
smi->smi_gid = STRUCT_FGET(args, gid);
smi->smi_fmode = STRUCT_FGET(args, file_mode) & 0777;
smi->smi_dmode = STRUCT_FGET(args, dir_mode) & 0777;
/*
* Hande the SMBFS_MF_xxx flags.
*/
if (flags & SMBFS_MF_NOAC)
smi->smi_flags |= SMI_NOAC;
if (flags & SMBFS_MF_ACREGMIN) {
sec = STRUCT_FGET(args, acregmin);
if (sec < 0 || sec > SMBFS_ACMINMAX)
sec = SMBFS_ACMINMAX;
smi->smi_acregmin = SEC2HR(sec);
}
if (flags & SMBFS_MF_ACREGMAX) {
sec = STRUCT_FGET(args, acregmax);
if (sec < 0 || sec > SMBFS_ACMAXMAX)
sec = SMBFS_ACMAXMAX;
smi->smi_acregmax = SEC2HR(sec);
}
if (flags & SMBFS_MF_ACDIRMIN) {
sec = STRUCT_FGET(args, acdirmin);
if (sec < 0 || sec > SMBFS_ACMINMAX)
sec = SMBFS_ACMINMAX;
smi->smi_acdirmin = SEC2HR(sec);
}
if (flags & SMBFS_MF_ACDIRMAX) {
sec = STRUCT_FGET(args, acdirmax);
if (sec < 0 || sec > SMBFS_ACMAXMAX)
sec = SMBFS_ACMAXMAX;
smi->smi_acdirmax = SEC2HR(sec);
}
/*
* Get attributes of the remote file system,
* i.e. ACL support, named streams, etc.
*/
smb_credinit(&scred, cr);
error = smbfs_smb_qfsattr(smi->smi_share, &smi->smi_fsa, &scred);
smb_credrele(&scred);
if (error) {
SMBVDEBUG("smbfs_smb_qfsattr error %d\n", error);
}
/*
* We enable XATTR by default (via smbfs_mntopts)
* but if the share does not support named streams,
* force the NOXATTR option (also clears XATTR).
* Caller will set or clear VFS_XATTR after this.
*/
if ((smi->smi_fsattr & FILE_NAMED_STREAMS) == 0)
vfs_setmntopt(vfsp, MNTOPT_NOXATTR, NULL, 0);
/*
* Ditto ACLs (disable if not supported on this share)
*/
if ((smi->smi_fsattr & FILE_PERSISTENT_ACLS) == 0) {
vfs_setmntopt(vfsp, MNTOPT_NOACL, NULL, 0);
smi->smi_flags &= ~SMI_ACL;
}
/*
* Assign a unique device id to the mount
*/
mutex_enter(&smbfs_minor_lock);
do {
smbfs_minor = (smbfs_minor + 1) & MAXMIN32;
smbfs_dev = makedevice(smbfs_major, smbfs_minor);
} while (vfs_devismounted(smbfs_dev));
mutex_exit(&smbfs_minor_lock);
vfsp->vfs_dev = smbfs_dev;
vfs_make_fsid(&vfsp->vfs_fsid, smbfs_dev, smbfsfstyp);
vfsp->vfs_data = (caddr_t)smi;
vfsp->vfs_fstype = smbfsfstyp;
vfsp->vfs_bsize = MAXBSIZE;
vfsp->vfs_bcount = 0;
smi->smi_vfsp = vfsp;
smbfs_zonelist_add(smi); /* undo in smbfs_freevfs */
/*
* Create the root vnode, which we need in unmount
* for the call to smbfs_check_table(), etc.
* Release this hold in smbfs_unmount.
*/
rtnp = smbfs_node_findcreate(smi, "\\", 1, NULL, 0, 0,
&smbfs_fattr0);
ASSERT(rtnp != NULL);
rtnp->r_vnode->v_type = VDIR;
rtnp->r_vnode->v_flag |= VROOT;
smi->smi_root = rtnp;
/*
* NFS does other stuff here too:
* async worker threads
* init kstats
*
* End of code from NFS nfsrootvp()
*/
return (0);
errout:
vfsp->vfs_data = NULL;
if (smi != NULL)
smbfs_free_smi(smi);
if (mntzone != NULL)
zone_rele(mntzone);
if (ssp != NULL)
smb_share_rele(ssp);
return (error);
}
