/* * XXX: can't use callremove now because can't catch setbacks with * it due to lack of a pnode argument. */ static int puffs_vnop_remove(struct vop_nremove_args *ap) { PUFFS_MSG_VARS(vn, remove); struct vnode *dvp = ap->a_dvp; struct vnode *vp; struct puffs_node *dpn = VPTOPP(dvp); struct puffs_node *pn; struct nchandle *nch = ap->a_nch; struct namecache *ncp = nch->ncp; struct ucred *cred = ap->a_cred; struct mount *mp = dvp->v_mount; struct puffs_mount *pmp = MPTOPUFFSMP(mp); int error; if (!EXISTSOP(pmp, REMOVE)) return EOPNOTSUPP; error = vget(dvp, LK_EXCLUSIVE); if (error != 0) { DPRINTF(("puffs_vnop_remove: EAGAIN on parent vnode %p %s\n", dvp, ncp->nc_name)); return EAGAIN; } error = cache_vget(nch, cred, LK_EXCLUSIVE, &vp); if (error != 0) { DPRINTF(("puffs_vnop_remove: cache_vget error: %p %s\n", dvp, ncp->nc_name)); return EAGAIN; } if (vp->v_type == VDIR) { error = EISDIR; goto out; } pn = VPTOPP(vp); PUFFS_MSG_ALLOC(vn, remove); remove_msg->pvnr_cookie_targ = VPTOPNC(vp); puffs_makecn(&remove_msg->pvnr_cn, &remove_msg->pvnr_cn_cred, ncp, cred); puffs_msg_setinfo(park_remove, PUFFSOP_VN, PUFFS_VN_REMOVE, VPTOPNC(dvp)); puffs_msg_enqueue(pmp, park_remove); error = puffs_msg_wait2(pmp, park_remove, dpn, pn); PUFFS_MSG_RELEASE(remove); error = checkerr(pmp, error, __func__); out: vput(dvp); vn_unlock(vp); if (error == 0) cache_unlink(nch); vrele(vp); return error; }
/* * Read the contents of a symlink, allocate a path buffer out of the * namei_oc and initialize the supplied nlcomponent with the result. * * If an error occurs no buffer will be allocated or returned in the nlc. */ int nreadsymlink(struct nlookupdata *nd, struct nchandle *nch, struct nlcomponent *nlc) { struct vnode *vp; struct iovec aiov; struct uio auio; int linklen; int error; char *cp; nlc->nlc_nameptr = NULL; nlc->nlc_namelen = 0; if (nch->ncp->nc_vp == NULL) return(ENOENT); if ((error = cache_vget(nch, nd->nl_cred, LK_SHARED, &vp)) != 0) return(error); cp = objcache_get(namei_oc, M_WAITOK); aiov.iov_base = cp; aiov.iov_len = MAXPATHLEN; auio.uio_iov = &aiov; auio.uio_iovcnt = 1; auio.uio_offset = 0; auio.uio_rw = UIO_READ; auio.uio_segflg = UIO_SYSSPACE; auio.uio_td = nd->nl_td; auio.uio_resid = MAXPATHLEN - 1; error = VOP_READLINK(vp, &auio, nd->nl_cred); if (error) goto fail; linklen = MAXPATHLEN - 1 - auio.uio_resid; if (varsym_enable) { linklen = varsymreplace(cp, linklen, MAXPATHLEN - 1); if (linklen < 0) { error = ENAMETOOLONG; goto fail; } } cp[linklen] = 0; nlc->nlc_nameptr = cp; nlc->nlc_namelen = linklen; vput(vp); return(0); fail: objcache_put(namei_oc, cp); vput(vp); return(error); }
static int tmpfs_nremove(struct vop_nremove_args *v) { struct vnode *dvp = v->a_dvp; struct namecache *ncp = v->a_nch->ncp; struct vnode *vp; int error; struct tmpfs_dirent *de; struct tmpfs_mount *tmp; struct tmpfs_node *dnode; struct tmpfs_node *node; struct mount *mp; mp = dvp->v_mount; /* * We have to acquire the vp from v->a_nch because we will likely * unresolve the namecache entry, and a vrele/vput is needed to * trigger the tmpfs_inactive/tmpfs_reclaim sequence. * * We have to use vget to clear any inactive state on the vnode, * otherwise the vnode may remain inactive and thus tmpfs_inactive * will not get called when we release it. */ error = cache_vget(v->a_nch, v->a_cred, LK_SHARED, &vp); KKASSERT(vp->v_mount == dvp->v_mount); KKASSERT(error == 0); vn_unlock(vp); if (vp->v_type == VDIR) { error = EISDIR; goto out2; } dnode = VP_TO_TMPFS_DIR(dvp); node = VP_TO_TMPFS_NODE(vp); tmp = VFS_TO_TMPFS(vp->v_mount); TMPFS_NODE_LOCK(dnode); de = tmpfs_dir_lookup(dnode, node, ncp); if (de == NULL) { error = ENOENT; goto out; } /* Files marked as immutable or append-only cannot be deleted. */ if ((node->tn_flags & (IMMUTABLE | APPEND | NOUNLINK)) || (dnode->tn_flags & APPEND)) { error = EPERM; goto out; } /* Remove the entry from the directory; as it is a file, we do not * have to change the number of hard links of the directory. */ tmpfs_dir_detach(dnode, de); /* Free the directory entry we just deleted. Note that the node * referred by it will not be removed until the vnode is really * reclaimed. */ tmpfs_free_dirent(tmp, de); if (node->tn_links > 0) { TMPFS_NODE_LOCK(node); node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_CHANGED | \ TMPFS_NODE_MODIFIED; TMPFS_NODE_UNLOCK(node); } cache_unlink(v->a_nch); tmpfs_knote(vp, NOTE_DELETE); error = 0; out: TMPFS_NODE_UNLOCK(dnode); if (error == 0) tmpfs_knote(dvp, NOTE_WRITE); out2: vrele(vp); return error; }
static int tmpfs_nrmdir(struct vop_nrmdir_args *v) { struct vnode *dvp = v->a_dvp; struct namecache *ncp = v->a_nch->ncp; struct vnode *vp; struct tmpfs_dirent *de; struct tmpfs_mount *tmp; struct tmpfs_node *dnode; struct tmpfs_node *node; struct mount *mp; int error; mp = dvp->v_mount; /* * We have to acquire the vp from v->a_nch because we will likely * unresolve the namecache entry, and a vrele/vput is needed to * trigger the tmpfs_inactive/tmpfs_reclaim sequence. * * We have to use vget to clear any inactive state on the vnode, * otherwise the vnode may remain inactive and thus tmpfs_inactive * will not get called when we release it. */ error = cache_vget(v->a_nch, v->a_cred, LK_SHARED, &vp); KKASSERT(error == 0); vn_unlock(vp); /* * Prevalidate so we don't hit an assertion later */ if (vp->v_type != VDIR) { error = ENOTDIR; goto out; } tmp = VFS_TO_TMPFS(dvp->v_mount); dnode = VP_TO_TMPFS_DIR(dvp); node = VP_TO_TMPFS_DIR(vp); /* * Directories with more than two entries ('.' and '..') cannot * be removed. */ if (node->tn_size > 0) { error = ENOTEMPTY; goto out; } if ((dnode->tn_flags & APPEND) || (node->tn_flags & (NOUNLINK | IMMUTABLE | APPEND))) { error = EPERM; goto out; } /* * This invariant holds only if we are not trying to * remove "..". We checked for that above so this is safe now. */ KKASSERT(node->tn_dir.tn_parent == dnode); /* * Get the directory entry associated with node (vp). This * was filled by tmpfs_lookup while looking up the entry. */ TMPFS_NODE_LOCK(dnode); de = tmpfs_dir_lookup(dnode, node, ncp); KKASSERT(TMPFS_DIRENT_MATCHES(de, ncp->nc_name, ncp->nc_nlen)); /* Check flags to see if we are allowed to remove the directory. */ if ((dnode->tn_flags & APPEND) || node->tn_flags & (NOUNLINK | IMMUTABLE | APPEND)) { error = EPERM; TMPFS_NODE_UNLOCK(dnode); goto out; } /* Detach the directory entry from the directory (dnode). */ tmpfs_dir_detach(dnode, de); TMPFS_NODE_UNLOCK(dnode); /* No vnode should be allocated for this entry from this point */ TMPFS_NODE_LOCK(dnode); TMPFS_ASSERT_ELOCKED(dnode); TMPFS_NODE_LOCK(node); TMPFS_ASSERT_ELOCKED(node); /* * Must set parent linkage to NULL (tested by ncreate to disallow * the creation of new files/dirs in a deleted directory) */ node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED; dnode->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_CHANGED | TMPFS_NODE_MODIFIED; TMPFS_NODE_UNLOCK(node); TMPFS_NODE_UNLOCK(dnode); /* Free the directory entry we just deleted. Note that the node * referred by it will not be removed until the vnode is really * reclaimed. */ tmpfs_free_dirent(tmp, de); /* Release the deleted vnode (will destroy the node, notify * interested parties and clean it from the cache). */ TMPFS_NODE_LOCK(dnode); dnode->tn_status |= TMPFS_NODE_CHANGED; TMPFS_NODE_UNLOCK(dnode); tmpfs_update(dvp); cache_unlink(v->a_nch); tmpfs_knote(dvp, NOTE_WRITE | NOTE_LINK); error = 0; out: vrele(vp); return error; }
static int tmpfs_nrename(struct vop_nrename_args *v) { struct vnode *fdvp = v->a_fdvp; struct namecache *fncp = v->a_fnch->ncp; struct vnode *fvp = fncp->nc_vp; struct vnode *tdvp = v->a_tdvp; struct namecache *tncp = v->a_tnch->ncp; struct vnode *tvp; struct tmpfs_dirent *de, *tde; struct tmpfs_mount *tmp; struct tmpfs_node *fdnode; struct tmpfs_node *fnode; struct tmpfs_node *tnode; struct tmpfs_node *tdnode; struct mount *mp; char *newname; char *oldname; int error; mp = fdvp->v_mount; KKASSERT(fdvp->v_mount == fvp->v_mount); /* * Because tvp can get overwritten we have to vget it instead of * just vref or use it, otherwise it's VINACTIVE flag may not get * cleared and the node won't get destroyed. */ error = cache_vget(v->a_tnch, v->a_cred, LK_SHARED, &tvp); if (error == 0) { tnode = VP_TO_TMPFS_NODE(tvp); vn_unlock(tvp); } else { tnode = NULL; } /* Disallow cross-device renames. * XXX Why isn't this done by the caller? */ if (fvp->v_mount != tdvp->v_mount || (tvp != NULL && fvp->v_mount != tvp->v_mount)) { error = EXDEV; goto out; } tmp = VFS_TO_TMPFS(tdvp->v_mount); tdnode = VP_TO_TMPFS_DIR(tdvp); /* If source and target are the same file, there is nothing to do. */ if (fvp == tvp) { error = 0; goto out; } fdnode = VP_TO_TMPFS_DIR(fdvp); fnode = VP_TO_TMPFS_NODE(fvp); TMPFS_NODE_LOCK(fdnode); de = tmpfs_dir_lookup(fdnode, fnode, fncp); TMPFS_NODE_UNLOCK(fdnode); /* XXX depend on namecache lock */ /* Avoid manipulating '.' and '..' entries. */ if (de == NULL) { error = ENOENT; goto out_locked; } KKASSERT(de->td_node == fnode); /* * If replacing an entry in the target directory and that entry * is a directory, it must be empty. * * Kern_rename gurantees the destination to be a directory * if the source is one (it does?). */ if (tvp != NULL) { KKASSERT(tnode != NULL); if ((tnode->tn_flags & (NOUNLINK | IMMUTABLE | APPEND)) || (tdnode->tn_flags & (APPEND | IMMUTABLE))) { error = EPERM; goto out_locked; } if (fnode->tn_type == VDIR && tnode->tn_type == VDIR) { if (tnode->tn_size > 0) { error = ENOTEMPTY; goto out_locked; } } else if (fnode->tn_type == VDIR && tnode->tn_type != VDIR) { error = ENOTDIR; goto out_locked; } else if (fnode->tn_type != VDIR && tnode->tn_type == VDIR) { error = EISDIR; goto out_locked; } else { KKASSERT(fnode->tn_type != VDIR && tnode->tn_type != VDIR); } } if ((fnode->tn_flags & (NOUNLINK | IMMUTABLE | APPEND)) || (fdnode->tn_flags & (APPEND | IMMUTABLE))) { error = EPERM; goto out_locked; } /* * Ensure that we have enough memory to hold the new name, if it * has to be changed. */ if (fncp->nc_nlen != tncp->nc_nlen || bcmp(fncp->nc_name, tncp->nc_name, fncp->nc_nlen) != 0) { newname = kmalloc(tncp->nc_nlen + 1, tmp->tm_name_zone, M_WAITOK | M_NULLOK); if (newname == NULL) { error = ENOSPC; goto out_locked; } bcopy(tncp->nc_name, newname, tncp->nc_nlen); newname[tncp->nc_nlen] = '\0'; } else { newname = NULL; } /* * Unlink entry from source directory. Note that the kernel has * already checked for illegal recursion cases (renaming a directory * into a subdirectory of itself). */ if (fdnode != tdnode) { tmpfs_dir_detach(fdnode, de); } else { /* XXX depend on namecache lock */ TMPFS_NODE_LOCK(fdnode); KKASSERT(de == tmpfs_dir_lookup(fdnode, fnode, fncp)); RB_REMOVE(tmpfs_dirtree, &fdnode->tn_dir.tn_dirtree, de); RB_REMOVE(tmpfs_dirtree_cookie, &fdnode->tn_dir.tn_cookietree, de); TMPFS_NODE_UNLOCK(fdnode); } /* * Handle any name change. Swap with newname, we will * deallocate it at the end. */ if (newname != NULL) { #if 0 TMPFS_NODE_LOCK(fnode); fnode->tn_status |= TMPFS_NODE_CHANGED; TMPFS_NODE_UNLOCK(fnode); #endif oldname = de->td_name; de->td_name = newname; de->td_namelen = (uint16_t)tncp->nc_nlen; newname = oldname; } /* * If we are overwriting an entry, we have to remove the old one * from the target directory. */ if (tvp != NULL) { /* Remove the old entry from the target directory. */ TMPFS_NODE_LOCK(tdnode); tde = tmpfs_dir_lookup(tdnode, tnode, tncp); tmpfs_dir_detach(tdnode, tde); TMPFS_NODE_UNLOCK(tdnode); tmpfs_knote(tdnode->tn_vnode, NOTE_DELETE); /* * Free the directory entry we just deleted. Note that the * node referred by it will not be removed until the vnode is * really reclaimed. */ tmpfs_free_dirent(VFS_TO_TMPFS(tvp->v_mount), tde); /*cache_inval_vp(tvp, CINV_DESTROY);*/ } /* * Link entry to target directory. If the entry * represents a directory move the parent linkage * as well. */ if (fdnode != tdnode) { if (de->td_node->tn_type == VDIR) { TMPFS_VALIDATE_DIR(fnode); } tmpfs_dir_attach(tdnode, de); } else { TMPFS_NODE_LOCK(tdnode); tdnode->tn_status |= TMPFS_NODE_MODIFIED; RB_INSERT(tmpfs_dirtree, &tdnode->tn_dir.tn_dirtree, de); RB_INSERT(tmpfs_dirtree_cookie, &tdnode->tn_dir.tn_cookietree, de); TMPFS_NODE_UNLOCK(tdnode); } /* * Finish up */ if (newname) { kfree(newname, tmp->tm_name_zone); newname = NULL; } cache_rename(v->a_fnch, v->a_tnch); tmpfs_knote(v->a_fdvp, NOTE_WRITE); tmpfs_knote(v->a_tdvp, NOTE_WRITE); if (fnode->tn_vnode) tmpfs_knote(fnode->tn_vnode, NOTE_RENAME); error = 0; out_locked: ; out: if (tvp) vrele(tvp); return error; }
/* * Common code for vnode open operations. Check permissions, and call * the VOP_NOPEN or VOP_NCREATE routine. * * The caller is responsible for setting up nd with nlookup_init() and * for cleaning it up with nlookup_done(), whether we return an error * or not. * * On success nd->nl_open_vp will hold a referenced and, if requested, * locked vnode. A locked vnode is requested via NLC_LOCKVP. If fp * is non-NULL the vnode will be installed in the file pointer. * * NOTE: The vnode is referenced just once on return whether or not it * is also installed in the file pointer. */ int vn_open(struct nlookupdata *nd, struct file *fp, int fmode, int cmode) { struct vnode *vp; struct ucred *cred = nd->nl_cred; struct vattr vat; struct vattr *vap = &vat; int error; u_int flags; uint64_t osize; struct mount *mp; /* * Certain combinations are illegal */ if ((fmode & (FWRITE | O_TRUNC)) == O_TRUNC) return(EACCES); /* * Lookup the path and create or obtain the vnode. After a * successful lookup a locked nd->nl_nch will be returned. * * The result of this section should be a locked vnode. * * XXX with only a little work we should be able to avoid locking * the vnode if FWRITE, O_CREAT, and O_TRUNC are *not* set. */ nd->nl_flags |= NLC_OPEN; if (fmode & O_APPEND) nd->nl_flags |= NLC_APPEND; if (fmode & O_TRUNC) nd->nl_flags |= NLC_TRUNCATE; if (fmode & FREAD) nd->nl_flags |= NLC_READ; if (fmode & FWRITE) nd->nl_flags |= NLC_WRITE; if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0) nd->nl_flags |= NLC_FOLLOW; if (fmode & O_CREAT) { /* * CONDITIONAL CREATE FILE CASE * * Setting NLC_CREATE causes a negative hit to store * the negative hit ncp and not return an error. Then * nc_error or nc_vp may be checked to see if the ncp * represents a negative hit. NLC_CREATE also requires * write permission on the governing directory or EPERM * is returned. */ nd->nl_flags |= NLC_CREATE; nd->nl_flags |= NLC_REFDVP; bwillinode(1); error = nlookup(nd); } else { /* * NORMAL OPEN FILE CASE */ error = nlookup(nd); } if (error) return (error); /* * split case to allow us to re-resolve and retry the ncp in case * we get ESTALE. */ again: if (fmode & O_CREAT) { if (nd->nl_nch.ncp->nc_vp == NULL) { if ((error = ncp_writechk(&nd->nl_nch)) != 0) return (error); VATTR_NULL(vap); vap->va_type = VREG; vap->va_mode = cmode; if (fmode & O_EXCL) vap->va_vaflags |= VA_EXCLUSIVE; error = VOP_NCREATE(&nd->nl_nch, nd->nl_dvp, &vp, nd->nl_cred, vap); if (error) return (error); fmode &= ~O_TRUNC; /* locked vnode is returned */ } else { if (fmode & O_EXCL) { error = EEXIST; } else { error = cache_vget(&nd->nl_nch, cred, LK_EXCLUSIVE, &vp); } if (error) return (error); fmode &= ~O_CREAT; } } else { error = cache_vget(&nd->nl_nch, cred, LK_EXCLUSIVE, &vp); if (error) return (error); } /* * We have a locked vnode and ncp now. Note that the ncp will * be cleaned up by the caller if nd->nl_nch is left intact. */ if (vp->v_type == VLNK) { error = EMLINK; goto bad; } if (vp->v_type == VSOCK) { error = EOPNOTSUPP; goto bad; } if ((fmode & O_CREAT) == 0) { if (fmode & (FWRITE | O_TRUNC)) { if (vp->v_type == VDIR) { error = EISDIR; goto bad; } error = vn_writechk(vp, &nd->nl_nch); if (error) { /* * Special stale handling, re-resolve the * vnode. */ if (error == ESTALE) { vput(vp); vp = NULL; cache_setunresolved(&nd->nl_nch); error = cache_resolve(&nd->nl_nch, cred); if (error == 0) goto again; } goto bad; } } } if (fmode & O_TRUNC) { vn_unlock(vp); /* XXX */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */ osize = vp->v_filesize; VATTR_NULL(vap); vap->va_size = 0; error = VOP_SETATTR(vp, vap, cred); if (error) goto bad; error = VOP_GETATTR(vp, vap); if (error) goto bad; mp = vq_vptomp(vp); VFS_ACCOUNT(mp, vap->va_uid, vap->va_gid, -osize); } /* * Set or clear VNSWAPCACHE on the vp based on nd->nl_nch.ncp->nc_flag. * These particular bits a tracked all the way from the root. * * NOTE: Might not work properly on NFS servers due to the * disconnected namecache. */ flags = nd->nl_nch.ncp->nc_flag; if ((flags & (NCF_UF_CACHE | NCF_UF_PCACHE)) && (flags & (NCF_SF_NOCACHE | NCF_SF_PNOCACHE)) == 0) { vsetflags(vp, VSWAPCACHE); } else { vclrflags(vp, VSWAPCACHE); } /* * Setup the fp so VOP_OPEN can override it. No descriptor has been * associated with the fp yet so we own it clean. * * f_nchandle inherits nl_nch. This used to be necessary only for * directories but now we do it unconditionally so f*() ops * such as fchmod() can access the actual namespace that was * used to open the file. */ if (fp) { if (nd->nl_flags & NLC_APPENDONLY) fmode |= FAPPENDONLY; fp->f_nchandle = nd->nl_nch; cache_zero(&nd->nl_nch); cache_unlock(&fp->f_nchandle); } /* * Get rid of nl_nch. vn_open does not return it (it returns the * vnode or the file pointer). Note: we can't leave nl_nch locked * through the VOP_OPEN anyway since the VOP_OPEN may block, e.g. * on /dev/ttyd0 */ if (nd->nl_nch.ncp) cache_put(&nd->nl_nch); error = VOP_OPEN(vp, fmode, cred, fp); if (error) { /* * setting f_ops to &badfileops will prevent the descriptor * code from trying to close and release the vnode, since * the open failed we do not want to call close. */ if (fp) { fp->f_data = NULL; fp->f_ops = &badfileops; } goto bad; } #if 0 /* * Assert that VREG files have been setup for vmio. */ KASSERT(vp->v_type != VREG || vp->v_object != NULL, ("vn_open: regular file was not VMIO enabled!")); #endif /* * Return the vnode. XXX needs some cleaning up. The vnode is * only returned in the fp == NULL case. */ if (fp == NULL) { nd->nl_open_vp = vp; nd->nl_vp_fmode = fmode; if ((nd->nl_flags & NLC_LOCKVP) == 0) vn_unlock(vp); } else { vput(vp); } return (0); bad: if (vp) vput(vp); return (error); }
static int naccess(struct nchandle *nch, int nflags, struct ucred *cred, int *nflagsp) { struct vnode *vp; struct vattr va; struct namecache *ncp; int error; int cflags; KKASSERT(cache_lockstatus(nch) > 0); ncp = nch->ncp; if (ncp->nc_flag & NCF_UNRESOLVED) { cache_resolve(nch, cred); ncp = nch->ncp; } error = ncp->nc_error; /* * Directory permissions checks. Silently ignore ENOENT if these * tests pass. It isn't an error. * * We can safely resolve ncp->nc_parent because ncp is currently * locked. */ if (nflags & (NLC_CREATE | NLC_DELETE | NLC_RENAME_SRC | NLC_RENAME_DST)) { if (((nflags & NLC_CREATE) && ncp->nc_vp == NULL) || ((nflags & NLC_DELETE) && ncp->nc_vp != NULL) || ((nflags & NLC_RENAME_SRC) && ncp->nc_vp != NULL) || (nflags & NLC_RENAME_DST) ) { struct nchandle par; if ((par.ncp = ncp->nc_parent) == NULL) { if (error != EAGAIN) error = EINVAL; } else if (error == 0 || error == ENOENT) { par.mount = nch->mount; cache_hold(&par); cache_lock_maybe_shared(&par, 0); error = naccess(&par, NLC_WRITE, cred, NULL); cache_put(&par); } } } /* * NLC_EXCL check. Target file must not exist. */ if (error == 0 && (nflags & NLC_EXCL) && ncp->nc_vp != NULL) error = EEXIST; /* * Try to short-cut the vnode operation for intermediate directory * components. This is a major SMP win because it avoids having * to execute a lot of code for intermediate directory components, * including shared refs and locks on intermediate directory vnodes. * * We can only do this if the caller does not need nflagsp. */ if (error == 0 && nflagsp == NULL && nflags == NLC_EXEC && (ncp->nc_flag & NCF_WXOK)) { return 0; } /* * Get the vnode attributes so we can do the rest of our checks. * * NOTE: We only call naccess_va() if the target exists. */ if (error == 0) { error = cache_vget(nch, cred, LK_SHARED, &vp); if (error == ENOENT) { /* * Silently zero-out ENOENT if creating or renaming * (rename target). It isn't an error. */ if (nflags & (NLC_CREATE | NLC_RENAME_DST)) error = 0; } else if (error == 0) { /* * Get the vnode attributes and check for illegal O_TRUNC * requests and read-only mounts. * * NOTE: You can still open devices on read-only mounts for * writing. * * NOTE: creates/deletes/renames are handled by the NLC_WRITE * check on the parent directory above. * * XXX cache the va in the namecache or in the vnode */ error = VOP_GETATTR(vp, &va); if (error == 0 && (nflags & NLC_TRUNCATE)) { switch(va.va_type) { case VREG: case VDATABASE: case VCHR: case VBLK: case VFIFO: break; case VDIR: error = EISDIR; break; default: error = EINVAL; break; } } if (error == 0 && (nflags & NLC_WRITE) && vp->v_mount && (vp->v_mount->mnt_flag & MNT_RDONLY) ) { switch(va.va_type) { case VDIR: case VLNK: case VREG: case VDATABASE: error = EROFS; break; default: break; } } vput(vp); /* * Check permissions based on file attributes. The passed * flags (*nflagsp) are modified with feedback based on * special attributes and requirements. */ if (error == 0) { /* * Adjust the returned (*nflagsp) if non-NULL. */ if (nflagsp) { if ((va.va_mode & VSVTX) && va.va_uid != cred->cr_uid) *nflagsp |= NLC_STICKY; if (va.va_flags & APPEND) *nflagsp |= NLC_APPENDONLY; if (va.va_flags & IMMUTABLE) *nflagsp |= NLC_IMMUTABLE; } /* * NCF_WXOK can be set for world-searchable directories. * * XXX When we implement capabilities this code would also * need a cap check, or only set the flag if there are no * capabilities. */ cflags = 0; if (va.va_type == VDIR && (va.va_mode & S_WXOK_MASK) == S_WXOK_MASK) { cflags |= NCF_WXOK; } /* * Track swapcache management flags in the namecache. * * Calculate the flags based on the current vattr info * and recalculate the inherited flags from the parent * (the original cache linkage may have occurred without * getattrs and thus have stale flags). */ if (va.va_flags & SF_NOCACHE) cflags |= NCF_SF_NOCACHE; if (va.va_flags & UF_CACHE) cflags |= NCF_UF_CACHE; if (ncp->nc_parent) { if (ncp->nc_parent->nc_flag & (NCF_SF_NOCACHE | NCF_SF_PNOCACHE)) { cflags |= NCF_SF_PNOCACHE; } if (ncp->nc_parent->nc_flag & (NCF_UF_CACHE | NCF_UF_PCACHE)) { cflags |= NCF_UF_PCACHE; } } /* * We're not supposed to update nc_flag when holding a shared * lock, but we allow the case for certain flags. Note that * holding an exclusive lock allows updating nc_flag without * atomics. nc_flag is not allowe to be updated at all unless * a shared or exclusive lock is held. */ atomic_clear_short(&ncp->nc_flag, (NCF_SF_NOCACHE | NCF_UF_CACHE | NCF_SF_PNOCACHE | NCF_UF_PCACHE | NCF_WXOK) & ~cflags); atomic_set_short(&ncp->nc_flag, cflags); /* * Process general access. */ error = naccess_va(&va, nflags, cred); } } } return(error); }