static void
sd_log(vfs_context_t ctx, const char *fmt, ...)
{
int resid, log_error, len;
char logbuf[100];
va_list arglist;
/* If the log isn't open yet, open it */
if (sd_logvp == NULLVP) {
if (sd_openlog(ctx) != 0) {
/* Couldn't open, we fail out */
return;
}
}
va_start(arglist, fmt);
len = vsnprintf(logbuf, sizeof(logbuf), fmt, arglist);
log_error = vn_rdwr(UIO_WRITE, sd_logvp, (caddr_t)logbuf, len, sd_log_offset,
UIO_SYSSPACE, IO_UNIT | IO_NOAUTH, vfs_context_ucred(ctx), &resid, vfs_context_proc(ctx));
if (log_error == EIO || log_error == 0) {
sd_log_offset += (len - resid);
}
va_end(arglist);
}
static int
devfs_symlink(struct vnop_symlink_args *ap)
/*struct vnop_symlink_args {
struct vnode *a_dvp;
struct vnode **a_vpp;
struct componentname *a_cnp;
struct vnode_attr *a_vap;
char *a_target;
vfs_context_t a_context;
} */
{
int error;
devdirent_t *newent;
DEVFS_LOCK();
error = devfs_make_symlink(VTODN(ap->a_dvp), ap->a_cnp->cn_nameptr, ap->a_vap->va_mode, ap->a_target, &newent);
if (error == 0) {
error = devfs_dntovn(newent->de_dnp, ap->a_vpp, vfs_context_proc(ap->a_context));
}
DEVFS_UNLOCK();
return error;
}
/*
* Device ioctl operation.
*/
int
spec_ioctl(struct vnop_ioctl_args *ap)
{
proc_t p = vfs_context_proc(ap->a_context);
dev_t dev = ap->a_vp->v_rdev;
int retval = 0;
KERNEL_DEBUG_CONSTANT(FSDBG_CODE(DBG_IOCTL, 0) | DBG_FUNC_START,
(unsigned int)dev, (unsigned int)ap->a_command, (unsigned int)ap->a_fflag, (unsigned int)ap->a_vp->v_type, 0);
switch (ap->a_vp->v_type) {
case VCHR:
retval = (*cdevsw[major(dev)].d_ioctl)(dev, ap->a_command, ap->a_data,
ap->a_fflag, p);
break;
case VBLK:
retval = (*bdevsw[major(dev)].d_ioctl)(dev, ap->a_command, ap->a_data,
ap->a_fflag, p);
break;
default:
panic("spec_ioctl");
/* NOTREACHED */
}
KERNEL_DEBUG_CONSTANT(FSDBG_CODE(DBG_IOCTL, 0) | DBG_FUNC_END,
(unsigned int)dev, (unsigned int)ap->a_command, (unsigned int)ap->a_fflag, retval, 0);
return (retval);
}
int
kern_write_file(struct kern_direct_file_io_ref_t * ref, off_t offset, caddr_t addr, vm_size_t len)
{
return (vn_rdwr(UIO_WRITE, ref->vp,
addr, len, offset,
UIO_SYSSPACE, IO_SYNC|IO_NODELOCKED|IO_UNIT,
vfs_context_ucred(ref->ctx), (int *) 0,
vfs_context_proc(ref->ctx)));
}
int
kern_read_file(struct kern_direct_file_io_ref_t * ref, off_t offset, void * addr, size_t len, int ioflag)
{
return (vn_rdwr(UIO_READ, ref->vp,
addr, len, offset,
UIO_SYSSPACE, ioflag|IO_SYNC|IO_NODELOCKED|IO_UNIT,
vfs_context_ucred(ref->ctx), (int *) 0,
vfs_context_proc(ref->ctx)));
}
int
soo_select(struct fileproc *fp, int which, void *wql, vfs_context_t ctx)
{
struct socket *so = (struct socket *)fp->f_fglob->fg_data;
int retnum = 0;
proc_t procp;
if (so == NULL || so == (struct socket *)-1)
return (0);
procp = vfs_context_proc(ctx);
#if CONFIG_MACF_SOCKET
if (mac_socket_check_select(vfs_context_ucred(ctx), so, which) != 0)
return (0);
#endif /* CONFIG_MACF_SOCKET */
socket_lock(so, 1);
switch (which) {
case FREAD:
so->so_rcv.sb_flags |= SB_SEL;
if (soreadable(so)) {
retnum = 1;
so->so_rcv.sb_flags &= ~SB_SEL;
goto done;
}
selrecord(procp, &so->so_rcv.sb_sel, wql);
break;
case FWRITE:
so->so_snd.sb_flags |= SB_SEL;
if (sowriteable(so)) {
retnum = 1;
so->so_snd.sb_flags &= ~SB_SEL;
goto done;
}
selrecord(procp, &so->so_snd.sb_sel, wql);
break;
case 0:
so->so_rcv.sb_flags |= SB_SEL;
if (so->so_oobmark || (so->so_state & SS_RCVATMARK)) {
retnum = 1;
so->so_rcv.sb_flags &= ~SB_SEL;
goto done;
}
selrecord(procp, &so->so_rcv.sb_sel, wql);
break;
}
done:
socket_unlock(so, 1);
return (retnum);
}
/*
* Mknod vnode call
*/
static int
devfs_mknod(struct vnop_mknod_args *ap)
/* struct vnop_mknod_args {
struct vnode *a_dvp;
struct vnode **a_vpp;
struct componentname *a_cnp;
struct vnode_attr *a_vap;
vfs_context_t a_context;
} */
{
struct componentname * cnp = ap->a_cnp;
vfs_context_t ctx = cnp->cn_context;
struct proc *p = vfs_context_proc(ctx);
devnode_t * dev_p;
devdirent_t * devent;
devnode_t * dir_p; /* devnode for parent directory */
struct vnode * dvp = ap->a_dvp;
int error = 0;
devnode_type_t typeinfo;
struct vnode_attr * vap = ap->a_vap;
struct vnode ** vpp = ap->a_vpp;
*vpp = NULL;
if (!(vap->va_type == VBLK) && !(vap->va_type == VCHR)) {
return (EINVAL); /* only support mknod of special files */
}
typeinfo.dev = vap->va_rdev;
DEVFS_LOCK();
dir_p = VTODN(dvp);
error = dev_add_entry(cnp->cn_nameptr, dir_p,
(vap->va_type == VBLK) ? DEV_BDEV : DEV_CDEV,
&typeinfo, NULL, NULL, &devent);
if (error) {
goto failure;
}
dev_p = devent->de_dnp;
error = devfs_dntovn(dev_p, vpp, p);
if (error)
goto failure;
dev_p->dn_uid = vap->va_uid;
dev_p->dn_gid = vap->va_gid;
dev_p->dn_mode = vap->va_mode;
VATTR_SET_SUPPORTED(vap, va_uid);
VATTR_SET_SUPPORTED(vap, va_gid);
VATTR_SET_SUPPORTED(vap, va_mode);
failure:
DEVFS_UNLOCK();
return (error);
}
int
soo_ioctl(struct fileproc *fp, u_long cmd, caddr_t data, vfs_context_t ctx)
{
struct socket *so;
proc_t procp = vfs_context_proc(ctx);
if ((so = (struct socket *)fp->f_fglob->fg_data) == NULL) {
/* This is not a valid open file descriptor */
return (EBADF);
}
return (soioctl(so, cmd, data, procp));
}
int
vm_record_file_write(vnode_t vp, uint64_t offset, char *buf, int size)
{
int error = 0;
vfs_context_t ctx;
ctx = vfs_context_kernel();
error = vn_rdwr(UIO_WRITE, vp, (caddr_t)buf, size, offset,
UIO_SYSSPACE, IO_NODELOCKED, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx));
return (error);
}
bool com_VFSFilter0::IsUserClient( __in_opt vfs_context_t context )
{
proc_t proc;
if( context )
proc = vfs_context_proc( context );
else
proc = current_proc();
if( proc )
return proc == getInstance()->getUserClientProc();
return false;
}
int
spec_select(struct vnop_select_args *ap)
{
proc_t p = vfs_context_proc(ap->a_context);
dev_t dev;
switch (ap->a_vp->v_type) {
default:
return (1); /* XXX */
case VCHR:
dev = ap->a_vp->v_rdev;
return (*cdevsw[major(dev)].d_select)(dev, ap->a_which, ap->a_wql, p);
}
}
static int
devfs_symlink(struct vnop_symlink_args *ap)
/*struct vnop_symlink_args {
struct vnode *a_dvp;
struct vnode **a_vpp;
struct componentname *a_cnp;
struct vnode_attr *a_vap;
char *a_target;
vfs_context_t a_context;
} */
{
struct componentname * cnp = ap->a_cnp;
vfs_context_t ctx = cnp->cn_context;
struct proc *p = vfs_context_proc(ctx);
int error = 0;
devnode_t * dir_p;
devnode_type_t typeinfo;
devdirent_t * nm_p;
devnode_t * dev_p;
struct vnode_attr * vap = ap->a_vap;
struct vnode * * vpp = ap->a_vpp;
typeinfo.Slnk.name = ap->a_target;
typeinfo.Slnk.namelen = strlen(ap->a_target);
DEVFS_LOCK();
dir_p = VTODN(ap->a_dvp);
error = dev_add_entry(cnp->cn_nameptr, dir_p, DEV_SLNK,
&typeinfo, NULL, NULL, &nm_p);
if (error) {
goto failure;
}
dev_p = nm_p->de_dnp;
dev_p->dn_uid = dir_p->dn_uid;
dev_p->dn_gid = dir_p->dn_gid;
dev_p->dn_mode = vap->va_mode;
dn_copy_times(dev_p, dir_p);
error = devfs_dntovn(dev_p, vpp, p);
failure:
DEVFS_UNLOCK();
return error;
}
int
soo_ioctl(struct fileproc *fp, u_long cmd, caddr_t data, vfs_context_t ctx)
{
struct socket *so;
int error;
proc_t procp = vfs_context_proc(ctx);
if ((so = (struct socket *)fp->f_fglob->fg_data) == NULL) {
/* This is not a valid open file descriptor */
return (EBADF);
}
error = soioctl(so, cmd, data, procp);
if (error == 0 && cmd == SIOCSETOT)
fp->f_fglob->fg_flag |= FNONBLOCK;
return (error);
}
static int
devfs_mkdir(struct vnop_mkdir_args *ap)
/*struct vnop_mkdir_args {
struct vnode *a_dvp;
struct vnode **a_vpp;
struct componentname *a_cnp;
struct vnode_attr *a_vap;
vfs_context_t a_context;
} */
{
struct componentname * cnp = ap->a_cnp;
vfs_context_t ctx = cnp->cn_context;
struct proc *p = vfs_context_proc(ctx);
int error = 0;
devnode_t * dir_p;
devdirent_t * nm_p;
devnode_t * dev_p;
struct vnode_attr * vap = ap->a_vap;
struct vnode * * vpp = ap->a_vpp;
DEVFS_LOCK();
dir_p = VTODN(ap->a_dvp);
error = dev_add_entry(cnp->cn_nameptr, dir_p, DEV_DIR,
NULL, NULL, NULL, &nm_p);
if (error) {
goto failure;
}
dev_p = nm_p->de_dnp;
dev_p->dn_uid = dir_p->dn_uid;
dev_p->dn_gid = dir_p->dn_gid;
dev_p->dn_mode = vap->va_mode;
dn_copy_times(dev_p, dir_p);
error = devfs_dntovn(dev_p, vpp, p);
failure:
DEVFS_UNLOCK();
return error;
}
/* ARGSUSED */
static int
soo_write(struct fileproc *fp, struct uio *uio, __unused int flags,
vfs_context_t ctx)
{
struct socket *so;
int stat;
int (*fsosend)(struct socket *so2, struct sockaddr *addr,
struct uio *uio2, struct mbuf *top, struct mbuf *control,
int flags2);
proc_t procp;
#if CONFIG_MACF_SOCKET
int error;
#endif
if ((so = (struct socket *)fp->f_fglob->fg_data) == NULL) {
/* This is not a valid open file descriptor */
return (EBADF);
}
#if CONFIG_MACF_SOCKET
/* JMM - have to fetch the socket's remote addr */
error = mac_socket_check_send(vfs_context_ucred(ctx), so, NULL);
if (error)
return (error);
#endif /* CONFIG_MACF_SOCKET */
fsosend = so->so_proto->pr_usrreqs->pru_sosend;
stat = (*fsosend)(so, 0, uio, 0, 0, 0);
/* Generation of SIGPIPE can be controlled per socket */
procp = vfs_context_proc(ctx);
if (stat == EPIPE && !(so->so_flags & SOF_NOSIGPIPE))
psignal(procp, SIGPIPE);
return (stat);
}
/*
* Device close routine
*/
int
spec_close(struct vnop_close_args *ap)
{
struct vnode *vp = ap->a_vp;
dev_t dev = vp->v_rdev;
int (*devclose)(dev_t, int, int, struct proc *);
int mode, error;
int flags = ap->a_fflag;
struct proc *p = vfs_context_proc(ap->a_context);
struct session *sessp;
switch (vp->v_type) {
case VCHR:
/*
* Hack: a tty device that is a controlling terminal
* has a reference from the session structure.
* We cannot easily tell that a character device is
* a controlling terminal, unless it is the closing
* process' controlling terminal. In that case,
* if the reference count is 1 (this is the very
* last close)
*/
sessp = proc_session(p);
if (sessp != SESSION_NULL) {
if ((vcount(vp) == 1) &&
(vp == sessp->s_ttyvp)) {
session_lock(sessp);
sessp->s_ttyvp = NULL;
sessp->s_ttyvid = 0;
sessp->s_ttyp = TTY_NULL;
sessp->s_ttypgrpid = NO_PID;
session_unlock(sessp);
vnode_rele(vp);
}
session_rele(sessp);
}
devclose = cdevsw[major(dev)].d_close;
mode = S_IFCHR;
/*
* close on last reference or on vnode revoke call
*/
if ((flags & IO_REVOKE) != 0)
break;
if (vcount(vp) > 0)
return (0);
break;
case VBLK:
/*
* Since every use (buffer, vnode, swap, blockmap)
* holds a reference to the vnode, and because we mark
* any other vnodes that alias this device, when the
* sum of the reference counts on all the aliased
* vnodes descends to zero, we are on last close.
*/
if (vcount(vp) > 0)
return (0);
/*
* On last close of a block device (that isn't mounted)
* we must invalidate any in core blocks, so that
* we can, for instance, change floppy disks.
*/
if ((error = spec_fsync_internal(vp, MNT_WAIT, ap->a_context)))
return (error);
error = buf_invalidateblks(vp, BUF_WRITE_DATA, 0, 0);
if (error)
return (error);
devclose = bdevsw[major(dev)].d_close;
mode = S_IFBLK;
break;
default:
panic("spec_close: not special");
return(EBADF);
}
return ((*devclose)(dev, flags, mode, p));
}
int
hfs_vnop_lookup(struct vnop_lookup_args *ap)
{
struct vnode *dvp = ap->a_dvp;
struct vnode *vp;
struct cnode *cp;
struct cnode *dcp;
struct hfsmount *hfsmp;
int error;
struct vnode **vpp = ap->a_vpp;
struct componentname *cnp = ap->a_cnp;
struct proc *p = vfs_context_proc(ap->a_context);
int flags = cnp->cn_flags;
int force_casesensitive_lookup = proc_is_forcing_hfs_case_sensitivity(p);
int cnode_locked;
*vpp = NULL;
dcp = VTOC(dvp);
hfsmp = VTOHFS(dvp);
/*
* Lookup an entry in the cache
*
* If the lookup succeeds, the vnode is returned in *vpp,
* and a status of -1 is returned.
*
* If the lookup determines that the name does not exist
* (negative cacheing), a status of ENOENT is returned.
*
* If the lookup fails, a status of zero is returned.
*/
error = cache_lookup(dvp, vpp, cnp);
if (error != -1) {
if ((error == ENOENT) && (cnp->cn_nameiop != CREATE))
goto exit; /* found a negative cache entry */
goto lookup; /* did not find it in the cache */
}
/*
* We have a name that matched
* cache_lookup returns the vp with an iocount reference already taken
*/
error = 0;
vp = *vpp;
cp = VTOC(vp);
/* We aren't allowed to vend out vp's via lookup to the hidden directory */
if (cp->c_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid ||
cp->c_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) {
/* Drop the iocount from cache_lookup */
vnode_put (vp);
error = ENOENT;
goto exit;
}
/*
* If this is a hard-link vnode then we need to update
* the name (of the link), the parent ID, the cnid, the
* text encoding and the catalog hint. This enables
* getattrlist calls to return the correct link info.
*/
/*
* Alternatively, if we are forcing a case-sensitive lookup
* on a case-insensitive volume, the namecache entry
* may have been for an incorrect case. Since we cannot
* determine case vs. normalization, redrive the catalog
* lookup based on any byte mismatch.
*/
if (((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK))
|| (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE))) {
int stale_link = 0;
hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
if ((cp->c_parentcnid != dcp->c_cnid) ||
(cnp->cn_namelen != cp->c_desc.cd_namelen) ||
(bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) {
struct cat_desc desc;
struct cat_attr lookup_attr;
int lockflags;
if (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE)) {
/*
* Since the name in the cnode doesn't match our lookup
* string exactly, do a full lookup.
*/
hfs_unlock (cp);
vnode_put(vp);
goto lookup;
}
/*
* Get an updated descriptor
*/
desc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
desc.cd_namelen = cnp->cn_namelen;
desc.cd_parentcnid = dcp->c_fileid;
desc.cd_hint = dcp->c_childhint;
desc.cd_encoding = 0;
desc.cd_cnid = 0;
desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0;
/*
* Because lookups call replace_desc to put a new descriptor in
* the cnode we are modifying it is possible that this cnode's
* descriptor is out of date for the parent ID / name that
* we are trying to look up. (It may point to a different hardlink).
*
* We need to be cautious that when re-supplying the
* descriptor below that the results of the catalog lookup
* still point to the same raw inode for the hardlink. This would
* not be the case if we found something in the cache above but
* the vnode it returned no longer has a valid hardlink for the
* parent ID/filename combo we are requesting. (This is because
* hfs_unlink does not directly trigger namecache removal).
*
* As a result, before vending out the vnode (and replacing
* its descriptor) verify that the fileID is the same by comparing
* the in-cnode attributes vs. the one returned from the lookup call
* below. If they do not match, treat this lookup as if we never hit
* in the cache at all.
*/
lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK);
error = cat_lookup(VTOHFS(vp), &desc, 0, 0, &desc, &lookup_attr, NULL, NULL);
hfs_systemfile_unlock(VTOHFS(dvp), lockflags);
/*
* Note that cat_lookup may fail to find something with the name provided in the
* stack-based descriptor above. In that case, an ENOENT is a legitimate errno
* to be placed in error, which will get returned in the fastpath below.
*/
if (error == 0) {
if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) {
/* It still points to the right raw inode. Replacing the descriptor is fine */
replace_desc (cp, &desc);
/*
* Save the origin info for file and directory hardlinks. Directory hardlinks
* need the origin for '..' lookups, and file hardlinks need it to ensure that
* competing lookups do not cause us to vend different hardlinks than the ones requested.
* We want to restrict saving the cache entries to LOOKUP namei operations, since
* we're really doing this to protect getattr.
*/
if (cnp->cn_nameiop == LOOKUP) {
hfs_savelinkorigin(cp, dcp->c_fileid);
}
}
else {
/* If the fileID does not match then do NOT replace the descriptor! */
stale_link = 1;
}
}
}
hfs_unlock (cp);
if (stale_link) {
/*
* If we had a stale_link, then we need to pretend as though
* we never found this vnode and force a lookup through the
* traditional path. Drop the iocount acquired through
* cache_lookup above and force a cat lookup / getnewvnode
*/
vnode_put(vp);
goto lookup;
}
if (error) {
/*
* If the cat_lookup failed then the caller will not expect
* a vnode with an iocount on it.
*/
vnode_put(vp);
}
}
goto exit;
lookup:
/*
* The vnode was not in the name cache or it was stale.
*
* So we need to do a real lookup.
*/
cnode_locked = 0;
error = hfs_lookup(dvp, vpp, cnp, &cnode_locked, force_casesensitive_lookup);
if (cnode_locked)
hfs_unlock(VTOC(*vpp));
exit:
{
uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
/*
* check to see if we issued any I/O while completing this lookup and
* this thread/task is throttleable... if so, throttle now
*
* this allows us to throttle in between multiple meta data reads that
* might result due to looking up a long pathname (since we'll have to
* re-enter hfs_vnop_lookup for each component of the pathnam not in
* the VFS cache), instead of waiting until the entire path lookup has
* completed and throttling at the systemcall return
*/
if (__improbable(ut->uu_lowpri_window)) {
throttle_lowpri_io(1);
}
}
return (error);
}
int
vm_swapfile_io(vnode_t vp, uint64_t offset, uint64_t start, int npages, int flags)
{
int error = 0;
uint64_t io_size = npages * PAGE_SIZE_64;
#if 1
kern_return_t kr = KERN_SUCCESS;
upl_t upl = NULL;
unsigned int count = 0;
upl_control_flags_t upl_create_flags = 0;
int upl_control_flags = 0;
upl_size_t upl_size = 0;
upl_create_flags = UPL_SET_INTERNAL | UPL_SET_LITE
| UPL_MEMORY_TAG_MAKE(VM_KERN_MEMORY_OSFMK);
#if ENCRYPTED_SWAP
upl_control_flags = UPL_IOSYNC | UPL_PAGING_ENCRYPTED;
#else
upl_control_flags = UPL_IOSYNC;
#endif
if ((flags & SWAP_READ) == FALSE) {
upl_create_flags |= UPL_COPYOUT_FROM;
}
upl_size = io_size;
kr = vm_map_create_upl( kernel_map,
start,
&upl_size,
&upl,
NULL,
&count,
&upl_create_flags);
if (kr != KERN_SUCCESS || (upl_size != io_size)) {
panic("vm_map_create_upl failed with %d\n", kr);
}
if (flags & SWAP_READ) {
vnode_pagein(vp,
upl,
0,
offset,
io_size,
upl_control_flags | UPL_IGNORE_VALID_PAGE_CHECK,
&error);
if (error) {
#if DEBUG
printf("vm_swapfile_io: vnode_pagein failed with %d (vp: %p, offset: 0x%llx, size:%llu)\n", error, vp, offset, io_size);
#else /* DEBUG */
printf("vm_swapfile_io: vnode_pagein failed with %d.\n", error);
#endif /* DEBUG */
}
} else {
vnode_pageout(vp,
upl,
0,
offset,
io_size,
upl_control_flags,
&error);
if (error) {
#if DEBUG
printf("vm_swapfile_io: vnode_pageout failed with %d (vp: %p, offset: 0x%llx, size:%llu)\n", error, vp, offset, io_size);
#else /* DEBUG */
printf("vm_swapfile_io: vnode_pageout failed with %d.\n", error);
#endif /* DEBUG */
}
}
return error;
#else /* 1 */
vfs_context_t ctx;
ctx = vfs_context_kernel();
error = vn_rdwr((flags & SWAP_READ) ? UIO_READ : UIO_WRITE, vp, (caddr_t)start, io_size, offset,
UIO_SYSSPACE, IO_SYNC | IO_NODELOCKED | IO_UNIT | IO_NOCACHE | IO_SWAP_DISPATCH, vfs_context_ucred(ctx), (int *) 0, vfs_context_proc(ctx));
if (error) {
printf("vn_rdwr: Swap I/O failed with %d\n", error);
}
return error;
#endif /* 1 */
}
/*
* Convert a pathname into a pointer to a locked inode.
*
* The FOLLOW flag is set when symbolic links are to be followed
* when they occur at the end of the name translation process.
* Symbolic links are always followed for all other pathname
* components other than the last.
*
* The segflg defines whether the name is to be copied from user
* space or kernel space.
*
* Overall outline of namei:
*
* copy in name
* get starting directory
* while (!done && !error) {
* call lookup to search path.
* if symbolic link, massage name in buffer and continue
* }
*
* Returns: 0 Success
* ENOENT No such file or directory
* ELOOP Too many levels of symbolic links
* ENAMETOOLONG Filename too long
* copyinstr:EFAULT Bad address
* copyinstr:ENAMETOOLONG Filename too long
* lookup:EBADF Bad file descriptor
* lookup:EROFS
* lookup:EACCES
* lookup:EPERM
* lookup:ERECYCLE vnode was recycled from underneath us in lookup.
* This means we should re-drive lookup from this point.
* lookup: ???
* VNOP_READLINK:???
*/
int
namei(struct nameidata *ndp)
{
struct filedesc *fdp; /* pointer to file descriptor state */
struct vnode *dp; /* the directory we are searching */
struct vnode *usedvp = ndp->ni_dvp; /* store pointer to vp in case we must loop due to
heavy vnode pressure */
u_long cnpflags = ndp->ni_cnd.cn_flags; /* store in case we have to restore after loop */
int error;
struct componentname *cnp = &ndp->ni_cnd;
vfs_context_t ctx = cnp->cn_context;
proc_t p = vfs_context_proc(ctx);
#if CONFIG_AUDIT
/* XXX ut should be from context */
uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
#endif
fdp = p->p_fd;
#if DIAGNOSTIC
if (!vfs_context_ucred(ctx) || !p)
panic ("namei: bad cred/proc");
if (cnp->cn_nameiop & (~OPMASK))
panic ("namei: nameiop contaminated with flags");
if (cnp->cn_flags & OPMASK)
panic ("namei: flags contaminated with nameiops");
#endif
/*
* A compound VNOP found something that needs further processing:
* either a trigger vnode, a covered directory, or a symlink.
*/
if (ndp->ni_flag & NAMEI_CONTLOOKUP) {
int rdonly, vbusyflags, keep_going, wantparent;
rdonly = cnp->cn_flags & RDONLY;
vbusyflags = ((cnp->cn_flags & CN_NBMOUNTLOOK) != 0) ? LK_NOWAIT : 0;
keep_going = 0;
wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
ndp->ni_flag &= ~(NAMEI_CONTLOOKUP);
error = lookup_handle_found_vnode(ndp, &ndp->ni_cnd, rdonly, vbusyflags,
&keep_going, ndp->ni_ncgeneration, wantparent, 0, ctx);
if (error)
goto out_drop;
if (keep_going) {
if ((cnp->cn_flags & ISSYMLINK) == 0) {
panic("We need to keep going on a continued lookup, but for vp type %d (tag %d)\n", ndp->ni_vp->v_type, ndp->ni_vp->v_tag);
}
goto continue_symlink;
}
return 0;
}
vnode_recycled:
/*
* Get a buffer for the name to be translated, and copy the
* name into the buffer.
*/
if ((cnp->cn_flags & HASBUF) == 0) {
cnp->cn_pnbuf = ndp->ni_pathbuf;
cnp->cn_pnlen = PATHBUFLEN;
}
#if LP64_DEBUG
if ((UIO_SEG_IS_USER_SPACE(ndp->ni_segflg) == 0)
&& (ndp->ni_segflg != UIO_SYSSPACE)
&& (ndp->ni_segflg != UIO_SYSSPACE32)) {
panic("%s :%d - invalid ni_segflg\n", __FILE__, __LINE__);
}
#endif /* LP64_DEBUG */
retry_copy:
if (UIO_SEG_IS_USER_SPACE(ndp->ni_segflg)) {
error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
cnp->cn_pnlen, (size_t *)&ndp->ni_pathlen);
} else {
error = copystr(CAST_DOWN(void *, ndp->ni_dirp), cnp->cn_pnbuf,
cnp->cn_pnlen, (size_t *)&ndp->ni_pathlen);
}
if (error == ENAMETOOLONG && !(cnp->cn_flags & HASBUF)) {
MALLOC_ZONE(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
if (cnp->cn_pnbuf == NULL) {
error = ENOMEM;
goto error_out;
}
cnp->cn_flags |= HASBUF;
cnp->cn_pnlen = MAXPATHLEN;
goto retry_copy;
}
if (error)
goto error_out;
#if CONFIG_VOLFS
/*
* Check for legacy volfs style pathnames.
*
* For compatibility reasons we currently allow these paths,
* but future versions of the OS may not support them.
*/
if (ndp->ni_pathlen >= VOLFS_MIN_PATH_LEN &&
cnp->cn_pnbuf[0] == '/' &&
cnp->cn_pnbuf[1] == '.' &&
cnp->cn_pnbuf[2] == 'v' &&
cnp->cn_pnbuf[3] == 'o' &&
cnp->cn_pnbuf[4] == 'l' &&
cnp->cn_pnbuf[5] == '/' ) {
char * realpath;
int realpath_err;
/* Attempt to resolve a legacy volfs style pathname. */
MALLOC_ZONE(realpath, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
if (realpath) {
/*
* We only error out on the ENAMETOOLONG cases where we know that
* vfs_getrealpath translation succeeded but the path could not fit into
* MAXPATHLEN characters. In other failure cases, we may be dealing with a path
* that legitimately looks like /.vol/1234/567 and is not meant to be translated
*/
if ((realpath_err= vfs_getrealpath(&cnp->cn_pnbuf[6], realpath, MAXPATHLEN, ctx))) {
FREE_ZONE(realpath, MAXPATHLEN, M_NAMEI);
if (realpath_err == ENOSPC || realpath_err == ENAMETOOLONG){
error = ENAMETOOLONG;
goto error_out;
}
} else {
if (cnp->cn_flags & HASBUF) {
FREE_ZONE(cnp->cn_pnbuf, cnp->cn_pnlen, M_NAMEI);
}
cnp->cn_pnbuf = realpath;
cnp->cn_pnlen = MAXPATHLEN;
ndp->ni_pathlen = strlen(realpath) + 1;
cnp->cn_flags |= HASBUF | CN_VOLFSPATH;
}
}
}
#endif /* CONFIG_VOLFS */
#if CONFIG_AUDIT
/* If we are auditing the kernel pathname, save the user pathname */
if (cnp->cn_flags & AUDITVNPATH1)
AUDIT_ARG(upath, ut->uu_cdir, cnp->cn_pnbuf, ARG_UPATH1);
if (cnp->cn_flags & AUDITVNPATH2)
AUDIT_ARG(upath, ut->uu_cdir, cnp->cn_pnbuf, ARG_UPATH2);
#endif /* CONFIG_AUDIT */
/*
* Do not allow empty pathnames
*/
if (*cnp->cn_pnbuf == '\0') {
error = ENOENT;
goto error_out;
}
ndp->ni_loopcnt = 0;
/*
* determine the starting point for the translation.
*/
if ((ndp->ni_rootdir = fdp->fd_rdir) == NULLVP) {
if ( !(fdp->fd_flags & FD_CHROOT))
ndp->ni_rootdir = rootvnode;
}
cnp->cn_nameptr = cnp->cn_pnbuf;
ndp->ni_usedvp = NULLVP;
if (*(cnp->cn_nameptr) == '/') {
while (*(cnp->cn_nameptr) == '/') {
cnp->cn_nameptr++;
ndp->ni_pathlen--;
}
dp = ndp->ni_rootdir;
} else if (cnp->cn_flags & USEDVP) {
dp = ndp->ni_dvp;
ndp->ni_usedvp = dp;
} else
dp = vfs_context_cwd(ctx);
if (dp == NULLVP || (dp->v_lflag & VL_DEAD)) {
error = ENOENT;
goto error_out;
}
ndp->ni_dvp = NULLVP;
ndp->ni_vp = NULLVP;
for (;;) {
ndp->ni_startdir = dp;
if ( (error = lookup(ndp)) ) {
goto error_out;
}
/*
* Check for symbolic link
*/
if ((cnp->cn_flags & ISSYMLINK) == 0) {
return (0);
}
continue_symlink:
/* Gives us a new path to process, and a starting dir */
error = lookup_handle_symlink(ndp, &dp, ctx);
if (error != 0) {
break;
}
}
/*
* only come here if we fail to handle a SYMLINK...
* if either ni_dvp or ni_vp is non-NULL, then
* we need to drop the iocount that was picked
* up in the lookup routine
*/
out_drop:
if (ndp->ni_dvp)
vnode_put(ndp->ni_dvp);
if (ndp->ni_vp)
vnode_put(ndp->ni_vp);
error_out:
if ( (cnp->cn_flags & HASBUF) ) {
cnp->cn_flags &= ~HASBUF;
FREE_ZONE(cnp->cn_pnbuf, cnp->cn_pnlen, M_NAMEI);
}
cnp->cn_pnbuf = NULL;
ndp->ni_vp = NULLVP;
ndp->ni_dvp = NULLVP;
if (error == ERECYCLE){
/* vnode was recycled underneath us. re-drive lookup to start at
the beginning again, since recycling invalidated last lookup*/
ndp->ni_cnd.cn_flags = cnpflags;
ndp->ni_dvp = usedvp;
goto vnode_recycled;
}
return (error);
}
/*
* Convert a component of a pathname into a pointer to a locked inode.
* This is a very central and rather complicated routine.
* If the file system is not maintained in a strict tree hierarchy,
* this can result in a deadlock situation (see comments in code below).
*
* The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
* whether the name is to be looked up, created, renamed, or deleted.
* When CREATE, RENAME, or DELETE is specified, information usable in
* creating, renaming, or deleting a directory entry may be calculated.
* If flag has LOCKPARENT or'ed into it and the target of the pathname
* exists, lookup returns both the target and its parent directory locked.
* When creating or renaming and LOCKPARENT is specified, the target may
* not be ".". When deleting and LOCKPARENT is specified, the target may
* be "."., but the caller must check to ensure it does an vrele and iput
* instead of two iputs.
*
* Overall outline of ufs_lookup:
*
* check accessibility of directory
* look for name in cache, if found, then if at end of path
* and deleting or creating, drop it, else return name
* search for name in directory, to found or notfound
* notfound:
* if creating, return locked directory, leaving info on available slots
* else return error
* found:
* if at end of path and deleting, return information to allow delete
* if at end of path and rewriting (RENAME and LOCKPARENT), lock target
* inode and return info to allow rewrite
* if not at end, add name to cache; if at end and neither creating
* nor deleting, add name to cache
*
* NOTE: (LOOKUP | LOCKPARENT) currently returns the parent inode unlocked.
*/
int
cd9660_lookup(struct vnop_lookup_args *ap)
{
register struct vnode *vdp; /* vnode for directory being searched */
register struct iso_node *dp; /* inode for directory being searched */
register struct iso_mnt *imp; /* file system that directory is in */
struct buf *bp; /* a buffer of directory entries */
struct iso_directory_record *ep = NULL;/* the current directory entry */
int entryoffsetinblock; /* offset of ep in bp's buffer */
int saveoffset = 0; /* offset of last directory entry in dir */
int numdirpasses; /* strategy for directory search */
doff_t endsearch; /* offset to end directory search */
struct vnode *pdp; /* saved dp during symlink work */
struct vnode *tdp; /* returned by cd9660_vget_internal */
u_long bmask; /* block offset mask */
int lockparent; /* 1 => lockparent flag is set */
int wantparent; /* 1 => wantparent or lockparent flag */
int wantassoc;
int error;
ino_t ino = 0;
int reclen;
u_short namelen;
int isoflags;
char altname[ISO_RRIP_NAMEMAX];
int res;
int len;
char *name;
struct vnode **vpp = ap->a_vpp;
struct componentname *cnp = ap->a_cnp;
int flags = cnp->cn_flags;
int nameiop = cnp->cn_nameiop;
vfs_context_t ctx = cnp->cn_context;
size_t altlen;
bp = NULL;
*vpp = NULL;
vdp = ap->a_dvp;
dp = VTOI(vdp);
imp = dp->i_mnt;
lockparent = flags & LOCKPARENT;
wantparent = flags & (LOCKPARENT|WANTPARENT);
wantassoc = 0;
/*
* We now have a segment name to search for, and a directory to search.
*
* Before tediously performing a linear scan of the directory,
* check the name cache to see if the directory/name pair
* we are looking for is known already.
*/
if ((error = cache_lookup(vdp, vpp, cnp))) {
if (error == ENOENT)
return (error);
return (0);
}
len = cnp->cn_namelen;
name = cnp->cn_nameptr;
altname[0] = '\0';
/*
* A "._" prefix means, we are looking for an associated file
*/
if (imp->iso_ftype != ISO_FTYPE_RRIP &&
*name == ASSOCCHAR1 && *(name+1) == ASSOCCHAR2) {
wantassoc = 1;
len -= 2;
name += 2;
}
/*
* Decode search name into UCS-2 (Unicode)
*/
if ((imp->iso_ftype == ISO_FTYPE_JOLIET) &&
!((len == 1 && *name == '.') || (flags & ISDOTDOT))) {
int flags1 = UTF_PRECOMPOSED;
(void) utf8_decodestr(name, len, (u_int16_t*) altname, &altlen,
sizeof(altname), 0, flags1);
name = altname;
len = altlen;
}
/*
* If there is cached information on a previous search of
* this directory, pick up where we last left off.
* We cache only lookups as these are the most common
* and have the greatest payoff. Caching CREATE has little
* benefit as it usually must search the entire directory
* to determine that the entry does not exist. Caching the
* location of the last DELETE or RENAME has not reduced
* profiling time and hence has been removed in the interest
* of simplicity.
*/
bmask = imp->im_sector_size - 1;
if (nameiop != LOOKUP || dp->i_diroff == 0 ||
dp->i_diroff > dp->i_size) {
entryoffsetinblock = 0;
dp->i_offset = 0;
numdirpasses = 1;
} else {
dp->i_offset = dp->i_diroff;
if ((entryoffsetinblock = dp->i_offset & bmask) &&
(error = cd9660_blkatoff(vdp, SECTOFF(imp, dp->i_offset), NULL, &bp)))
return (error);
numdirpasses = 2;
iso_nchstats.ncs_2passes++;
}
endsearch = dp->i_size;
searchloop:
while (dp->i_offset < endsearch) {
/*
* If offset is on a block boundary,
* read the next directory block.
* Release previous if it exists.
*/
if ((dp->i_offset & bmask) == 0) {
if (bp != NULL)
buf_brelse(bp);
if ( (error = cd9660_blkatoff(vdp, SECTOFF(imp,dp->i_offset), NULL, &bp)) )
return (error);
entryoffsetinblock = 0;
}
/*
* Get pointer to next entry.
*/
ep = (struct iso_directory_record *)
((char *)0 + buf_dataptr(bp) + entryoffsetinblock);
reclen = isonum_711(ep->length);
if (reclen == 0) {
/* skip to next block, if any */
dp->i_offset =
(dp->i_offset & ~bmask) + imp->im_sector_size;
continue;
}
if (reclen < ISO_DIRECTORY_RECORD_SIZE) {
/* illegal entry, stop */
break;
}
if (entryoffsetinblock + reclen > imp->im_sector_size) {
/* entries are not allowed to cross sector boundaries */
break;
}
namelen = isonum_711(ep->name_len);
isoflags = isonum_711(ep->flags);
if (reclen < ISO_DIRECTORY_RECORD_SIZE + namelen)
/* illegal entry, stop */
break;
/*
* Check for a name match.
*/
if (imp->iso_ftype == ISO_FTYPE_RRIP) {
if (isoflags & directoryBit)
ino = isodirino(ep, imp);
else
ino = ((daddr_t)buf_blkno(bp) << imp->im_bshift) + entryoffsetinblock;
dp->i_ino = ino;
cd9660_rrip_getname(ep,altname,&namelen,&dp->i_ino,imp);
if (namelen == cnp->cn_namelen
&& !bcmp(name,altname,namelen))
goto found;
ino = 0;
} else {
if ((!(isoflags & associatedBit)) == !wantassoc) {
if ((len == 1
&& *name == '.')
|| (flags & ISDOTDOT)) {
if (namelen == 1
&& ep->name[0] == ((flags & ISDOTDOT) ? 1 : 0)) {
/*
* Save directory entry's inode number and
* release directory buffer.
*/
dp->i_ino = isodirino(ep, imp);
goto found;
}
if (namelen != 1
|| ep->name[0] != 0)
goto notfound;
} else if (imp->iso_ftype != ISO_FTYPE_JOLIET && !(res = isofncmp(name, len, ep->name, namelen))) {
if ( isoflags & directoryBit )
ino = isodirino(ep, imp);
else
ino = ((daddr_t)buf_blkno(bp) << imp->im_bshift) + entryoffsetinblock;
saveoffset = dp->i_offset;
} else if (imp->iso_ftype == ISO_FTYPE_JOLIET && !(res = ucsfncmp((u_int16_t*)name, len,
(u_int16_t*) ep->name, namelen))) {
if ( isoflags & directoryBit )
ino = isodirino(ep, imp);
else
ino = ((daddr_t)buf_blkno(bp) << imp->im_bshift) + entryoffsetinblock;
saveoffset = dp->i_offset;
} else if (ino)
goto foundino;
#ifdef NOSORTBUG /* On some CDs directory entries are not sorted correctly */
else if (res < 0)
goto notfound;
else if (res > 0 && numdirpasses == 2)
numdirpasses++;
#endif
}
}
dp->i_offset += reclen;
entryoffsetinblock += reclen;
} /* endwhile */
if (ino) {
foundino:
dp->i_ino = ino;
if (saveoffset != dp->i_offset) {
if (lblkno(imp, dp->i_offset) !=
lblkno(imp, saveoffset)) {
if (bp != NULL)
buf_brelse(bp);
if ( (error = cd9660_blkatoff(vdp, SECTOFF(imp, saveoffset), NULL, &bp)) )
return (error);
}
entryoffsetinblock = saveoffset & bmask;
ep = (struct iso_directory_record *)
((char *)0 + buf_dataptr(bp) + entryoffsetinblock);
dp->i_offset = saveoffset;
}
goto found;
}
notfound:
/*
* If we started in the middle of the directory and failed
* to find our target, we must check the beginning as well.
*/
if (numdirpasses == 2) {
numdirpasses--;
dp->i_offset = 0;
endsearch = dp->i_diroff;
goto searchloop;
}
if (bp != NULL)
buf_brelse(bp);
/*
* Insert name into cache (as non-existent) if appropriate.
*/
if (cnp->cn_flags & MAKEENTRY)
cache_enter(vdp, *vpp, cnp);
return (ENOENT);
found:
if (numdirpasses == 2)
iso_nchstats.ncs_pass2++;
/*
* Found component in pathname.
* If the final component of path name, save information
* in the cache as to where the entry was found.
*/
if ((flags & ISLASTCN) && nameiop == LOOKUP)
dp->i_diroff = dp->i_offset;
/*
* Step through the translation in the name. We do not `iput' the
* directory because we may need it again if a symbolic link
* is relative to the current directory. Instead we save it
* unlocked as "pdp". We must get the target inode before unlocking
* the directory to insure that the inode will not be removed
* before we get it. We prevent deadlock by always fetching
* inodes from the root, moving down the directory tree. Thus
* when following backward pointers ".." we must unlock the
* parent directory before getting the requested directory.
* There is a potential race condition here if both the current
* and parent directories are removed before the `iget' for the
* inode associated with ".." returns. We hope that this occurs
* infrequently since we cannot avoid this race condition without
* implementing a sophisticated deadlock detection algorithm.
* Note also that this simple deadlock detection scheme will not
* work if the file system has any hard links other than ".."
* that point backwards in the directory structure.
*/
pdp = vdp;
/*
* If ino is different from dp->i_ino,
* it's a relocated directory.
*/
if (flags & ISDOTDOT) {
error = cd9660_vget_internal(vnode_mount(vdp), dp->i_ino, &tdp, NULL, NULL,
dp->i_ino != ino, ep,
vfs_context_proc(ctx));
VTOI(tdp)->i_parent = VTOI(pdp)->i_number;
buf_brelse(bp);
*vpp = tdp;
} else if (dp->i_number == dp->i_ino) {
buf_brelse(bp);
vnode_get(vdp); /* we want ourself, ie "." */
*vpp = vdp;
} else {
error = cd9660_vget_internal(vnode_mount(vdp), dp->i_ino, &tdp, vdp, cnp,
dp->i_ino != ino, ep, vfs_context_proc(ctx));
/* save parent inode number */
VTOI(tdp)->i_parent = VTOI(pdp)->i_number;
buf_brelse(bp);
if (error)
return (error);
*vpp = tdp;
}
return (0);
}
IOReturn VNodeDiskDeviceClass::doAsyncReadWrite(
IOMemoryDescriptor *buffer, UInt64 block, UInt64 nblks,
IOStorageAttributes *attributes, IOStorageCompletion *completion)
{
IOLog("doAsyncReadWrite with parameters %llu block num, %llu num of blocks\n", block, nblks);
if (m_vnode == NULL)
return kIOReturnIOError;
IOReturn returnMessage = kIOReturnSuccess;
if ((block + nblks - 1) >= m_blockNum || nblks == 0) {
IOLog("Attempting to write outside vnode disk\n");
return kIOReturnIOError;
}
IODirection direction = buffer->getDirection();
if ((direction != kIODirectionIn) && (direction != kIODirectionOut)) {
IOLog("No valid direction of transfer: required either in or out\n");
return kIOReturnIOError;
}
IOByteCount actualByteCount = nblks * m_blockSize;
off_t byteOffset = block * m_blockSize;
int aresid = -1;
char * rawBuffer = (char *) buffer;
rawBuffer = (char *) IOMalloc(sizeof(char) * actualByteCount);
if (rawBuffer == NULL) {
IOLog("Unable to allocate buffer\n");
return kIOReturnIOError;
}
vfs_context_t vfsContext = vfs_context_create((vfs_context_t) 0);
proc_t proc = vfs_context_proc(vfsContext);
kauth_cred_t cr = vfs_context_ucred(vfsContext);
if (direction == kIODirectionIn) {
IOLog("Reading from disk\n");
// TODO: Remove warning (unsigned long long) -> int
int readError = vn_rdwr(UIO_READ, m_vnode, (caddr_t) rawBuffer,
(int) actualByteCount, byteOffset, UIO_SYSSPACE, 0, cr, &aresid, proc);
if (readError || aresid > 0) {
returnMessage = kIOReturnIOError;
goto cleanup;
}
buffer->writeBytes(0, rawBuffer, actualByteCount); // Why the offset?
} else { // (direction == kIODirectionOut)
IOLog("Writing to disk\n");
buffer->readBytes(0, rawBuffer, actualByteCount); // first arg is offset
// TODO: Remove warning (unsigned long long) -> int
int writeError = vn_rdwr(UIO_WRITE, m_vnode, (caddr_t) rawBuffer,
(int) actualByteCount, byteOffset, UIO_SYSSPACE, 0, cr, &aresid, proc);
if (writeError || aresid > 0) {
returnMessage = kIOReturnIOError;
goto cleanup;
}
}
cleanup:
vfs_context_rele(vfsContext);
if (rawBuffer)
IOFree(rawBuffer, sizeof(char) * actualByteCount);
actualByteCount = actualByteCount > aresid ? actualByteCount - aresid : 0;
completion->action(completion->target, completion->parameter, kIOReturnSuccess,
actualByteCount);
return returnMessage;
}
IOReturn FileNVRAM::read_buffer(char** aBuffer, uint64_t* aLength, vfs_context_t aCtx)
{
IOReturn error = 0;
struct vnode * vp;
struct vnode_attr va;
if (aCtx)
{
if ((error = vnode_open(FILE_NVRAM_PATH, (O_RDONLY | FREAD | O_NOFOLLOW), S_IRUSR, VNODE_LOOKUP_NOFOLLOW, &vp, aCtx)))
{
printf("failed opening vnode at path %s, errno %d\n", FILE_NVRAM_PATH, error);
return error;
}
else
{
if ((error = vnode_isreg(vp)) == VREG)
{
VATTR_INIT(&va);
VATTR_WANTED(&va, va_data_size); /* size in bytes of the fork managed by current vnode */
// Determine size of vnode
if ((error = vnode_getattr(vp, &va, aCtx)))
{
printf("FileNVRAM.kext: Error, failed to determine file size of %s, errno %d.\n", FILE_NVRAM_PATH, error);
}
else
{
if (aLength)
{
*aLength = va.va_data_size;
}
*aBuffer = (char *)IOMalloc((size_t)va.va_data_size);
int len = (int)va.va_data_size;
if ((error = vn_rdwr(UIO_READ, vp, *aBuffer, len, 0, UIO_SYSSPACE, IO_NOCACHE|IO_NODELOCKED|IO_UNIT, vfs_context_ucred(aCtx), (int *) 0, vfs_context_proc(aCtx))))
{
printf("FileNVRAM.kext: Error, writing to vnode(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
}
}
if ((error = vnode_close(vp, 0, aCtx)))
{
printf("FileNVRAM.kext: Error, vnode_close(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
}
}
else
{
printf("FileNVRAM.kext: Error, vnode_isreg(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
}
}
}
else
{
printf("FileNVRAM.kext: aCtx == NULL!\n");
error = 0xFFFF; // EINVAL;
}
return error;
}
IOReturn FileNVRAM::write_buffer(char* aBuffer, vfs_context_t aCtx)
{
IOReturn error = 0;
int length = (int)strlen(aBuffer);
struct vnode * vp;
if (aCtx)
{
if ((error = vnode_open(FILE_NVRAM_PATH, (O_TRUNC | O_CREAT | FWRITE | O_NOFOLLOW), S_IRUSR | S_IWUSR, VNODE_LOOKUP_NOFOLLOW, &vp, aCtx)))
{
printf("FileNVRAM.kext: Error, vnode_open(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
return error;
}
else
{
if ((error = vnode_isreg(vp)) == VREG)
{
if ((error = vn_rdwr(UIO_WRITE, vp, aBuffer, length, 0, UIO_SYSSPACE, IO_NOCACHE|IO_NODELOCKED|IO_UNIT, vfs_context_ucred(aCtx), (int *) 0, vfs_context_proc(aCtx))))
{
printf("FileNVRAM.kext: Error, vn_rdwr(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
}
if ((error = vnode_close(vp, FWASWRITTEN, aCtx)))
{
printf("FileNVRAM.kext: Error, vnode_close(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
}
}
else
{
printf("FileNVRAM.kext: Error, vnode_isreg(%s) failed with error %d!\n", FILE_NVRAM_PATH, error);
}
}
}
else
{
printf("FileNVRAM.kext: aCtx == NULL!\n");
error = 0xFFFF; // EINVAL;
}
return error;
}
load_return_t
load_machfile(
struct image_params *imgp,
struct mach_header *header,
thread_t thread,
vm_map_t new_map,
load_result_t *result
)
{
struct vnode *vp = imgp->ip_vp;
off_t file_offset = imgp->ip_arch_offset;
off_t macho_size = imgp->ip_arch_size;
off_t file_size = imgp->ip_vattr->va_data_size;
pmap_t pmap = 0; /* protected by create_map */
vm_map_t map;
vm_map_t old_map;
task_t old_task = TASK_NULL; /* protected by create_map */
load_result_t myresult;
load_return_t lret;
boolean_t create_map = FALSE;
int spawn = (imgp->ip_flags & IMGPF_SPAWN);
task_t task = current_task();
proc_t p = current_proc();
mach_vm_offset_t aslr_offset = 0;
kern_return_t kret;
if (macho_size > file_size) {
return(LOAD_BADMACHO);
}
if (new_map == VM_MAP_NULL) {
create_map = TRUE;
old_task = current_task();
}
/*
* If we are spawning, we have created backing objects for the process
* already, which include non-lazily creating the task map. So we
* are going to switch out the task map with one appropriate for the
* bitness of the image being loaded.
*/
if (spawn) {
create_map = TRUE;
old_task = get_threadtask(thread);
}
if (create_map) {
pmap = pmap_create(get_task_ledger(task), (vm_map_size_t) 0,
(imgp->ip_flags & IMGPF_IS_64BIT));
map = vm_map_create(pmap,
0,
vm_compute_max_offset((imgp->ip_flags & IMGPF_IS_64BIT)),
TRUE);
} else
map = new_map;
#ifndef CONFIG_ENFORCE_SIGNED_CODE
/* This turns off faulting for executable pages, which allows to
* circumvent Code Signing Enforcement */
if ( (header->flags & MH_ALLOW_STACK_EXECUTION) )
vm_map_disable_NX(map);
#endif
/* Forcibly disallow execution from data pages on even if the arch
* normally permits it. */
if ((header->flags & MH_NO_HEAP_EXECUTION) && !(imgp->ip_flags & IMGPF_ALLOW_DATA_EXEC))
vm_map_disallow_data_exec(map);
/*
* Compute a random offset for ASLR.
*/
if (!(imgp->ip_flags & IMGPF_DISABLE_ASLR)) {
aslr_offset = random();
aslr_offset %= 1 << ((imgp->ip_flags & IMGPF_IS_64BIT) ? 16 : 8);
aslr_offset <<= PAGE_SHIFT;
}
if (!result)
result = &myresult;
*result = load_result_null;
lret = parse_machfile(vp, map, thread, header, file_offset, macho_size,
0, (int64_t)aslr_offset, result);
if (lret != LOAD_SUCCESS) {
if (create_map) {
vm_map_deallocate(map); /* will lose pmap reference too */
}
return(lret);
}
#if CONFIG_EMBEDDED
/*
* Check to see if the page zero is enforced by the map->min_offset.
*/
if (vm_map_has_hard_pagezero(map, 0x1000) == FALSE) {
if (create_map) {
vm_map_deallocate(map); /* will lose pmap reference too */
}
printf("Cannot enforce a hard page-zero for %s\n", imgp->ip_strings);
psignal(vfs_context_proc(imgp->ip_vfs_context), SIGKILL);
return (LOAD_BADMACHO);
}
#else
/*
* For 64-bit users, check for presence of a 4GB page zero
* which will enable the kernel to share the user's address space
* and hence avoid TLB flushes on kernel entry/exit
*/
if ((imgp->ip_flags & IMGPF_IS_64BIT) &&
vm_map_has_4GB_pagezero(map)) {
vm_map_set_4GB_pagezero(map);
}
#endif
/*
* Commit to new map.
*
* Swap the new map for the old, which consumes our new map
* reference but each leaves us responsible for the old_map reference.
* That lets us get off the pmap associated with it, and
* then we can release it.
*/
if (create_map) {
/*
* If this is an exec, then we are going to destroy the old
* task, and it's correct to halt it; if it's spawn, the
* task is not yet running, and it makes no sense.
*/
if (!spawn) {
/*
* Mark the task as halting and start the other
* threads towards terminating themselves. Then
* make sure any threads waiting for a process
* transition get informed that we are committed to
* this transition, and then finally complete the
* task halting (wait for threads and then cleanup
* task resources).
*
* NOTE: task_start_halt() makes sure that no new
* threads are created in the task during the transition.
* We need to mark the workqueue as exiting before we
* wait for threads to terminate (at the end of which
* we no longer have a prohibition on thread creation).
*
* Finally, clean up any lingering workqueue data structures
* that may have been left behind by the workqueue threads
* as they exited (and then clean up the work queue itself).
*/
kret = task_start_halt(task);
if (kret != KERN_SUCCESS) {
return(kret);
}
proc_transcommit(p, 0);
workqueue_mark_exiting(p);
task_complete_halt(task);
workqueue_exit(p);
}
old_map = swap_task_map(old_task, thread, map, !spawn);
vm_map_clear_4GB_pagezero(old_map);
vm_map_deallocate(old_map);
}
return(LOAD_SUCCESS);
}
/*
* Convert a component of a pathname into a pointer to a locked node.
* This is a very central and rather complicated routine.
* If the file system is not maintained in a strict tree hierarchy,
* this can result in a deadlock situation (see comments in code below).
*
* The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
* whether the name is to be looked up, created, renamed, or deleted.
* When CREATE, RENAME, or DELETE is specified, information usable in
* creating, renaming, or deleting a directory entry may be calculated.
* If flag has LOCKPARENT or'ed into it and the target of the pathname
* exists, lookup returns both the target and its parent directory locked.
* When creating or renaming and LOCKPARENT is specified, the target may
* not be ".". When deleting and LOCKPARENT is specified, the target may
* be "."., but the caller must check to ensure it does an vrele and DNUNLOCK
* instead of two DNUNLOCKs.
*
* Overall outline of devfs_lookup:
*
* check accessibility of directory
* null terminate the component (lookup leaves the whole string alone)
* look for name in cache, if found, then if at end of path
* and deleting or creating, drop it, else return name
* search for name in directory, to found or notfound
* notfound:
* if creating, return locked directory,
* else return error
* found:
* if at end of path and deleting, return information to allow delete
* if at end of path and rewriting (RENAME and LOCKPARENT), lock target
* node and return info to allow rewrite
* if not at end, add name to cache; if at end and neither creating
* nor deleting, add name to cache
* On return to lookup, remove the null termination we put in at the start.
*
* NOTE: (LOOKUP | LOCKPARENT) currently returns the parent node unlocked.
*/
static int
devfs_lookup(struct vnop_lookup_args *ap)
/*struct vnop_lookup_args {
struct vnode * a_dvp; directory vnode ptr
struct vnode ** a_vpp; where to put the result
struct componentname * a_cnp; the name we want
vfs_context_t a_context;
};*/
{
struct componentname *cnp = ap->a_cnp;
vfs_context_t ctx = cnp->cn_context;
struct proc *p = vfs_context_proc(ctx);
struct vnode *dir_vnode = ap->a_dvp;
struct vnode **result_vnode = ap->a_vpp;
devnode_t * dir_node; /* the directory we are searching */
devnode_t * node = NULL; /* the node we are searching for */
devdirent_t * nodename;
int flags = cnp->cn_flags;
int op = cnp->cn_nameiop; /* LOOKUP, CREATE, RENAME, or DELETE */
int wantparent = flags & (LOCKPARENT|WANTPARENT);
int error = 0;
char heldchar; /* the char at the end of the name componet */
retry:
*result_vnode = NULL; /* safe not sorry */ /*XXX*/
/* okay to look at directory vnodes ourside devfs lock as they are not aliased */
dir_node = VTODN(dir_vnode);
/*
* Make sure that our node is a directory as well.
*/
if (dir_node->dn_type != DEV_DIR) {
return (ENOTDIR);
}
DEVFS_LOCK();
/*
* temporarily terminate string component
*/
heldchar = cnp->cn_nameptr[cnp->cn_namelen];
cnp->cn_nameptr[cnp->cn_namelen] = '\0';
nodename = dev_findname(dir_node, cnp->cn_nameptr);
/*
* restore saved character
*/
cnp->cn_nameptr[cnp->cn_namelen] = heldchar;
if (nodename) {
/* entry exists */
node = nodename->de_dnp;
/* Do potential vnode allocation here inside the lock
* to make sure that our device node has a non-NULL dn_vn
* associated with it. The device node might otherwise
* get deleted out from under us (see devfs_dn_free()).
*/
error = devfs_dntovn(node, result_vnode, p);
}
DEVFS_UNLOCK();
if (error) {
if (error == EAGAIN)
goto retry;
return error;
}
if (!nodename) {
/*
* we haven't called devfs_dntovn if we get here
* we have not taken a reference on the node.. no
* vnode_put is necessary on these error returns
*
* If it doesn't exist and we're not the last component,
* or we're at the last component, but we're not creating
* or renaming, return ENOENT.
*/
if (!(flags & ISLASTCN) || !(op == CREATE || op == RENAME)) {
return ENOENT;
}
/*
* We return with the directory locked, so that
* the parameters we set up above will still be
* valid if we actually decide to add a new entry.
* We return ni_vp == NULL to indicate that the entry
* does not currently exist; we leave a pointer to
* the (locked) directory vnode in namei_data->ni_dvp.
*
* NB - if the directory is unlocked, then this
* information cannot be used.
*/
return (EJUSTRETURN);
}
/*
* from this point forward, we need to vnode_put the reference
* picked up in devfs_dntovn if we decide to return an error
*/
/*
* If deleting, and at end of pathname, return
* parameters which can be used to remove file.
* If the wantparent flag isn't set, we return only
* the directory (in namei_data->ni_dvp), otherwise we go
* on and lock the node, being careful with ".".
*/
if (op == DELETE && (flags & ISLASTCN)) {
/*
* we are trying to delete '.'. What does this mean? XXX
*/
if (dir_node == node) {
if (*result_vnode) {
vnode_put(*result_vnode);
*result_vnode = NULL;
}
if ( ((error = vnode_get(dir_vnode)) == 0) ) {
*result_vnode = dir_vnode;
}
return (error);
}
return (0);
}
/*
* If rewriting (RENAME), return the vnode and the
* information required to rewrite the present directory
* Must get node of directory entry to verify it's a
* regular file, or empty directory.
*/
if (op == RENAME && wantparent && (flags & ISLASTCN)) {
/*
* Careful about locking second node.
* This can only occur if the target is ".".
*/
if (dir_node == node) {
error = EISDIR;
goto drop_ref;
}
return (0);
}
/*
* Step through the translation in the name. We do not unlock the
* directory because we may need it again if a symbolic link
* is relative to the current directory. Instead we save it
* unlocked as "saved_dir_node" XXX. We must get the target
* node before unlocking
* the directory to insure that the node will not be removed
* before we get it. We prevent deadlock by always fetching
* nodes from the root, moving down the directory tree. Thus
* when following backward pointers ".." we must unlock the
* parent directory before getting the requested directory.
* There is a potential race condition here if both the current
* and parent directories are removed before the lock for the
* node associated with ".." returns. We hope that this occurs
* infrequently since we cannot avoid this race condition without
* implementing a sophisticated deadlock detection algorithm.
* Note also that this simple deadlock detection scheme will not
* work if the file system has any hard links other than ".."
* that point backwards in the directory structure.
*/
if ((flags & ISDOTDOT) == 0 && dir_node == node) {
if (*result_vnode) {
vnode_put(*result_vnode);
*result_vnode = NULL;
}
if ( (error = vnode_get(dir_vnode)) ) {
return (error);
}
*result_vnode = dir_vnode;
}
return (0);
drop_ref:
if (*result_vnode) {
vnode_put(*result_vnode);
*result_vnode = NULL;
}
return (error);
}
/*
* This routine exists to support the load_dylinker().
*
* This routine has its own, separate, understanding of the FAT file format,
* which is terrifically unfortunate.
*/
static
load_return_t
get_macho_vnode(
char *path,
integer_t archbits,
struct mach_header *mach_header,
off_t *file_offset,
off_t *macho_size,
struct vnode **vpp
)
{
struct vnode *vp;
vfs_context_t ctx = vfs_context_current();
proc_t p = vfs_context_proc(ctx);
kauth_cred_t kerncred;
struct nameidata nid, *ndp;
boolean_t is_fat;
struct fat_arch fat_arch;
int error = LOAD_SUCCESS;
int resid;
union {
struct mach_header mach_header;
struct fat_header fat_header;
char pad[512];
} header;
off_t fsize = (off_t)0;
int err2;
/*
* Capture the kernel credential for use in the actual read of the
* file, since the user doing the execution may have execute rights
* but not read rights, but to exec something, we have to either map
* or read it into the new process address space, which requires
* read rights. This is to deal with lack of common credential
* serialization code which would treat NOCRED as "serialize 'root'".
*/
kerncred = vfs_context_ucred(vfs_context_kernel());
ndp = &nid;
/* init the namei data to point the file user's program name */
NDINIT(ndp, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE32, CAST_USER_ADDR_T(path), ctx);
if ((error = namei(ndp)) != 0) {
if (error == ENOENT) {
error = LOAD_ENOENT;
} else {
error = LOAD_FAILURE;
}
return(error);
}
nameidone(ndp);
vp = ndp->ni_vp;
/* check for regular file */
if (vp->v_type != VREG) {
error = LOAD_PROTECT;
goto bad1;
}
/* get size */
if ((error = vnode_size(vp, &fsize, ctx)) != 0) {
error = LOAD_FAILURE;
goto bad1;
}
/* Check mount point */
if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
error = LOAD_PROTECT;
goto bad1;
}
/* check access */
if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_EXECUTE, ctx)) != 0) {
error = LOAD_PROTECT;
goto bad1;
}
/* try to open it */
if ((error = VNOP_OPEN(vp, FREAD, ctx)) != 0) {
error = LOAD_PROTECT;
goto bad1;
}
if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)&header, sizeof(header), 0,
UIO_SYSSPACE32, IO_NODELOCKED, kerncred, &resid, p)) != 0) {
error = LOAD_IOERROR;
goto bad2;
}
if (header.mach_header.magic == MH_MAGIC ||
header.mach_header.magic == MH_MAGIC_64)
is_fat = FALSE;
else if (header.fat_header.magic == FAT_MAGIC ||
header.fat_header.magic == FAT_CIGAM)
is_fat = TRUE;
else {
error = LOAD_BADMACHO;
goto bad2;
}
if (is_fat) {
/* Look up our architecture in the fat file. */
error = fatfile_getarch_with_bits(vp, archbits, (vm_offset_t)(&header.fat_header), &fat_arch);
if (error != LOAD_SUCCESS)
goto bad2;
/* Read the Mach-O header out of it */
error = vn_rdwr(UIO_READ, vp, (caddr_t)&header.mach_header,
sizeof(header.mach_header), fat_arch.offset,
UIO_SYSSPACE32, IO_NODELOCKED, kerncred, &resid, p);
if (error) {
error = LOAD_IOERROR;
goto bad2;
}
/* Is this really a Mach-O? */
if (header.mach_header.magic != MH_MAGIC &&
header.mach_header.magic != MH_MAGIC_64) {
error = LOAD_BADMACHO;
goto bad2;
}
*file_offset = fat_arch.offset;
*macho_size = fat_arch.size;
} else {
/*
* Force get_macho_vnode() to fail if the architecture bits
* do not match the expected architecture bits. This in
* turn causes load_dylinker() to fail for the same reason,
* so it ensures the dynamic linker and the binary are in
* lock-step. This is potentially bad, if we ever add to
* the CPU_ARCH_* bits any bits that are desirable but not
* required, since the dynamic linker might work, but we will
* refuse to load it because of this check.
*/
if ((cpu_type_t)(header.mach_header.cputype & CPU_ARCH_MASK) != archbits)
return(LOAD_BADARCH);
*file_offset = 0;
*macho_size = fsize;
}
*mach_header = header.mach_header;
*vpp = vp;
ubc_setsize(vp, fsize);
return (error);
bad2:
err2 = VNOP_CLOSE(vp, FREAD, ctx);
vnode_put(vp);
return (error);
bad1:
vnode_put(vp);
return(error);
}
/*
* Open a special file.
*/
int
spec_open(struct vnop_open_args *ap)
{
struct proc *p = vfs_context_proc(ap->a_context);
kauth_cred_t cred = vfs_context_ucred(ap->a_context);
struct vnode *vp = ap->a_vp;
dev_t bdev, dev = (dev_t)vp->v_rdev;
int maj = major(dev);
int error;
/*
* Don't allow open if fs is mounted -nodev.
*/
if (vp->v_mount && (vp->v_mount->mnt_flag & MNT_NODEV))
return (ENXIO);
switch (vp->v_type) {
case VCHR:
if ((u_int)maj >= (u_int)nchrdev)
return (ENXIO);
if (cred != FSCRED && (ap->a_mode & FWRITE)) {
/*
* When running in very secure mode, do not allow
* opens for writing of any disk character devices.
*/
if (securelevel >= 2 && isdisk(dev, VCHR))
return (EPERM);
/*
* When running in secure mode, do not allow opens
* for writing of /dev/mem, /dev/kmem, or character
* devices whose corresponding block devices are
* currently mounted.
*/
if (securelevel >= 1) {
if ((bdev = chrtoblk(dev)) != NODEV && check_mountedon(bdev, VBLK, &error))
return (error);
if (iskmemdev(dev))
return (EPERM);
}
}
if (cdevsw[maj].d_type == D_TTY) {
vnode_lock(vp);
vp->v_flag |= VISTTY;
vnode_unlock(vp);
}
error = (*cdevsw[maj].d_open)(dev, ap->a_mode, S_IFCHR, p);
return (error);
case VBLK:
if ((u_int)maj >= (u_int)nblkdev)
return (ENXIO);
/*
* When running in very secure mode, do not allow
* opens for writing of any disk block devices.
*/
if (securelevel >= 2 && cred != FSCRED &&
(ap->a_mode & FWRITE) && bdevsw[maj].d_type == D_DISK)
return (EPERM);
/*
* Do not allow opens of block devices that are
* currently mounted.
*/
if ( (error = vfs_mountedon(vp)) )
return (error);
error = (*bdevsw[maj].d_open)(dev, ap->a_mode, S_IFBLK, p);
if (!error) {
u_int64_t blkcnt;
u_int32_t blksize;
int setsize = 0;
u_int32_t size512 = 512;
if (!VNOP_IOCTL(vp, DKIOCGETBLOCKSIZE, (caddr_t)&blksize, 0, ap->a_context)) {
/* Switch to 512 byte sectors (temporarily) */
if (!VNOP_IOCTL(vp, DKIOCSETBLOCKSIZE, (caddr_t)&size512, FWRITE, ap->a_context)) {
/* Get the number of 512 byte physical blocks. */
if (!VNOP_IOCTL(vp, DKIOCGETBLOCKCOUNT, (caddr_t)&blkcnt, 0, ap->a_context)) {
setsize = 1;
}
}
/* If it doesn't set back, we can't recover */
if (VNOP_IOCTL(vp, DKIOCSETBLOCKSIZE, (caddr_t)&blksize, FWRITE, ap->a_context))
error = ENXIO;
}
vnode_lock(vp);
set_blocksize(vp, dev);
/*
* Cache the size in bytes of the block device for later
* use by spec_write().
*/
if (setsize)
vp->v_specdevsize = blkcnt * (u_int64_t)size512;
else
vp->v_specdevsize = (u_int64_t)0; /* Default: Can't get */
vnode_unlock(vp);
}
return(error);
default:
panic("spec_open type");
}
return (0);
}
/*
* Convert a pathname into a pointer to a locked inode.
*
* The FOLLOW flag is set when symbolic links are to be followed
* when they occur at the end of the name translation process.
* Symbolic links are always followed for all other pathname
* components other than the last.
*
* The segflg defines whether the name is to be copied from user
* space or kernel space.
*
* Overall outline of namei:
*
* copy in name
* get starting directory
* while (!done && !error) {
* call lookup to search path.
* if symbolic link, massage name in buffer and continue
* }
*
* Returns: 0 Success
* ENOENT No such file or directory
* ELOOP Too many levels of symbolic links
* ENAMETOOLONG Filename too long
* copyinstr:EFAULT Bad address
* copyinstr:ENAMETOOLONG Filename too long
* lookup:EBADF Bad file descriptor
* lookup:EROFS
* lookup:EACCES
* lookup:EPERM
* lookup:ERECYCLE vnode was recycled from underneath us in lookup.
* This means we should re-drive lookup from this point.
* lookup: ???
* VNOP_READLINK:???
*/
int
namei(struct nameidata *ndp)
{
struct filedesc *fdp; /* pointer to file descriptor state */
char *cp; /* pointer into pathname argument */
struct vnode *dp; /* the directory we are searching */
struct vnode *usedvp = ndp->ni_dvp; /* store pointer to vp in case we must loop due to
heavy vnode pressure */
u_long cnpflags = ndp->ni_cnd.cn_flags; /* store in case we have to restore after loop */
uio_t auio;
int error;
struct componentname *cnp = &ndp->ni_cnd;
vfs_context_t ctx = cnp->cn_context;
proc_t p = vfs_context_proc(ctx);
/* XXX ut should be from context */
uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
char *tmppn;
char uio_buf[ UIO_SIZEOF(1) ];
#if DIAGNOSTIC
if (!vfs_context_ucred(ctx) || !p)
panic ("namei: bad cred/proc");
if (cnp->cn_nameiop & (~OPMASK))
panic ("namei: nameiop contaminated with flags");
if (cnp->cn_flags & OPMASK)
panic ("namei: flags contaminated with nameiops");
#endif
fdp = p->p_fd;
vnode_recycled:
/*
* Get a buffer for the name to be translated, and copy the
* name into the buffer.
*/
if ((cnp->cn_flags & HASBUF) == 0) {
cnp->cn_pnbuf = ndp->ni_pathbuf;
cnp->cn_pnlen = PATHBUFLEN;
}
#if LP64_DEBUG
if (IS_VALID_UIO_SEGFLG(ndp->ni_segflg) == 0) {
panic("%s :%d - invalid ni_segflg\n", __FILE__, __LINE__);
}
#endif /* LP64_DEBUG */
retry_copy:
if (UIO_SEG_IS_USER_SPACE(ndp->ni_segflg)) {
error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf,
cnp->cn_pnlen, (size_t *)&ndp->ni_pathlen);
} else {
error = copystr(CAST_DOWN(void *, ndp->ni_dirp), cnp->cn_pnbuf,
cnp->cn_pnlen, (size_t *)&ndp->ni_pathlen);
}
if (error == ENAMETOOLONG && !(cnp->cn_flags & HASBUF)) {
MALLOC_ZONE(cnp->cn_pnbuf, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
if (cnp->cn_pnbuf == NULL) {
error = ENOMEM;
goto error_out;
}
cnp->cn_flags |= HASBUF;
cnp->cn_pnlen = MAXPATHLEN;
goto retry_copy;
}
if (error)
goto error_out;
#if CONFIG_VOLFS
/*
* Check for legacy volfs style pathnames.
*
* For compatibility reasons we currently allow these paths,
* but future versions of the OS may not support them.
*/
if (ndp->ni_pathlen >= VOLFS_MIN_PATH_LEN &&
cnp->cn_pnbuf[0] == '/' &&
cnp->cn_pnbuf[1] == '.' &&
cnp->cn_pnbuf[2] == 'v' &&
cnp->cn_pnbuf[3] == 'o' &&
cnp->cn_pnbuf[4] == 'l' &&
cnp->cn_pnbuf[5] == '/' ) {
char * realpath;
int realpath_err;
/* Attempt to resolve a legacy volfs style pathname. */
MALLOC_ZONE(realpath, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK);
if (realpath) {
if ((realpath_err= vfs_getrealpath(&cnp->cn_pnbuf[6], realpath, MAXPATHLEN, ctx))) {
FREE_ZONE(realpath, MAXPATHLEN, M_NAMEI);
if (realpath_err == ENOSPC){
error = ENAMETOOLONG;
goto error_out;
}
} else {
if (cnp->cn_flags & HASBUF) {
FREE_ZONE(cnp->cn_pnbuf, cnp->cn_pnlen, M_NAMEI);
}
cnp->cn_pnbuf = realpath;
cnp->cn_pnlen = MAXPATHLEN;
ndp->ni_pathlen = strlen(realpath) + 1;
cnp->cn_flags |= HASBUF | CN_VOLFSPATH;
}
}
}
#endif /* CONFIG_VOLFS */
/* If we are auditing the kernel pathname, save the user pathname */
if (cnp->cn_flags & AUDITVNPATH1)
AUDIT_ARG(upath, ut->uu_cdir, cnp->cn_pnbuf, ARG_UPATH1);
if (cnp->cn_flags & AUDITVNPATH2)
AUDIT_ARG(upath, ut->uu_cdir, cnp->cn_pnbuf, ARG_UPATH2);
/*
* Do not allow empty pathnames
*/
if (*cnp->cn_pnbuf == '\0') {
error = ENOENT;
goto error_out;
}
ndp->ni_loopcnt = 0;
/*
* determine the starting point for the translation.
*/
if ((ndp->ni_rootdir = fdp->fd_rdir) == NULLVP) {
if ( !(fdp->fd_flags & FD_CHROOT))
ndp->ni_rootdir = rootvnode;
}
cnp->cn_nameptr = cnp->cn_pnbuf;
ndp->ni_usedvp = NULLVP;
if (*(cnp->cn_nameptr) == '/') {
while (*(cnp->cn_nameptr) == '/') {
cnp->cn_nameptr++;
ndp->ni_pathlen--;
}
dp = ndp->ni_rootdir;
} else if (cnp->cn_flags & USEDVP) {
dp = ndp->ni_dvp;
ndp->ni_usedvp = dp;
} else
dp = vfs_context_cwd(ctx);
if (dp == NULLVP || (dp->v_lflag & VL_DEAD)) {
error = ENOENT;
goto error_out;
}
ndp->ni_dvp = NULLVP;
ndp->ni_vp = NULLVP;
for (;;) {
int need_newpathbuf;
int linklen;
ndp->ni_startdir = dp;
if ( (error = lookup(ndp)) ) {
goto error_out;
}
/*
* Check for symbolic link
*/
if ((cnp->cn_flags & ISSYMLINK) == 0) {
return (0);
}
if ((cnp->cn_flags & FSNODELOCKHELD)) {
cnp->cn_flags &= ~FSNODELOCKHELD;
unlock_fsnode(ndp->ni_dvp, NULL);
}
if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
error = ELOOP;
break;
}
#if CONFIG_MACF
if ((error = mac_vnode_check_readlink(ctx, ndp->ni_vp)) != 0)
break;
#endif /* MAC */
if (ndp->ni_pathlen > 1 || !(cnp->cn_flags & HASBUF))
need_newpathbuf = 1;
else
need_newpathbuf = 0;
if (need_newpathbuf) {
MALLOC_ZONE(cp, char *, MAXPATHLEN, M_NAMEI, M_WAITOK);
if (cp == NULL) {
error = ENOMEM;
break;
}
} else {
cp = cnp->cn_pnbuf;
}
auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_READ, &uio_buf[0], sizeof(uio_buf));
uio_addiov(auio, CAST_USER_ADDR_T(cp), MAXPATHLEN);
error = VNOP_READLINK(ndp->ni_vp, auio, ctx);
if (error) {
if (need_newpathbuf)
FREE_ZONE(cp, MAXPATHLEN, M_NAMEI);
break;
}
// LP64todo - fix this
linklen = MAXPATHLEN - uio_resid(auio);
if (linklen + ndp->ni_pathlen > MAXPATHLEN) {
if (need_newpathbuf)
FREE_ZONE(cp, MAXPATHLEN, M_NAMEI);
error = ENAMETOOLONG;
break;
}
if (need_newpathbuf) {
long len = cnp->cn_pnlen;
tmppn = cnp->cn_pnbuf;
bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen);
cnp->cn_pnbuf = cp;
cnp->cn_pnlen = MAXPATHLEN;
if ( (cnp->cn_flags & HASBUF) )
FREE_ZONE(tmppn, len, M_NAMEI);
else
cnp->cn_flags |= HASBUF;
} else
cnp->cn_pnbuf[linklen] = '\0';
ndp->ni_pathlen += linklen;
cnp->cn_nameptr = cnp->cn_pnbuf;
/*
* starting point for 'relative'
* symbolic link path
*/
dp = ndp->ni_dvp;
/*
* get rid of references returned via 'lookup'
*/
vnode_put(ndp->ni_vp);
vnode_put(ndp->ni_dvp);
ndp->ni_vp = NULLVP;
ndp->ni_dvp = NULLVP;
/*
* Check if symbolic link restarts us at the root
*/
if (*(cnp->cn_nameptr) == '/') {
while (*(cnp->cn_nameptr) == '/') {
cnp->cn_nameptr++;
ndp->ni_pathlen--;
}
if ((dp = ndp->ni_rootdir) == NULLVP) {
error = ENOENT;
goto error_out;
}
}
}
/*
* only come here if we fail to handle a SYMLINK...
* if either ni_dvp or ni_vp is non-NULL, then
* we need to drop the iocount that was picked
* up in the lookup routine
*/
if (ndp->ni_dvp)
vnode_put(ndp->ni_dvp);
if (ndp->ni_vp)
vnode_put(ndp->ni_vp);
error_out:
if ( (cnp->cn_flags & HASBUF) ) {
cnp->cn_flags &= ~HASBUF;
FREE_ZONE(cnp->cn_pnbuf, cnp->cn_pnlen, M_NAMEI);
}
cnp->cn_pnbuf = NULL;
ndp->ni_vp = NULLVP;
if (error == ERECYCLE){
/* vnode was recycled underneath us. re-drive lookup to start at
the beginning again, since recycling invalidated last lookup*/
ndp->ni_cnd.cn_flags = cnpflags;
ndp->ni_dvp = usedvp;
goto vnode_recycled;
}
return (error);
}
