/*
* Rename system call.
* rename("foo", "bar");
* is essentially
* unlink("bar");
* link("foo", "bar");
* unlink("foo");
* but ``atomically''. Can't do full commit without saving state in the
* inode on disk which isn't feasible at this time. Best we can do is
* always guarantee the target exists.
*
* Basic algorithm is:
*
* 1) Bump link count on source while we're linking it to the
* target. This also ensure the inode won't be deleted out
* from underneath us while we work (it may be truncated by
* a concurrent `trunc' or `open' for creation).
* 2) Link source to destination. If destination already exists,
* delete it first.
* 3) Unlink source reference to inode if still around. If a
* directory was moved and the parent of the destination
* is different from the source, patch the ".." entry in the
* directory.
*/
int
ext2fs_rename(void *v)
{
struct vop_rename_args *ap = v;
struct vnode *tvp = ap->a_tvp;
struct vnode *tdvp = ap->a_tdvp;
struct vnode *fvp = ap->a_fvp;
struct vnode *fdvp = ap->a_fdvp;
struct componentname *tcnp = ap->a_tcnp;
struct componentname *fcnp = ap->a_fcnp;
struct inode *ip, *xp, *dp;
struct proc *p = fcnp->cn_proc;
struct ext2fs_dirtemplate dirbuf;
/* struct timespec ts; */
int doingdirectory = 0, oldparent = 0, newparent = 0;
int error = 0;
u_char namlen;
#ifdef DIAGNOSTIC
if ((tcnp->cn_flags & HASBUF) == 0 ||
(fcnp->cn_flags & HASBUF) == 0)
panic("ext2fs_rename: no name");
#endif
/*
* Check for cross-device rename.
*/
if ((fvp->v_mount != tdvp->v_mount) ||
(tvp && (fvp->v_mount != tvp->v_mount))) {
error = EXDEV;
abortit:
VOP_ABORTOP(tdvp, tcnp); /* XXX, why not in NFS? */
if (tdvp == tvp)
vrele(tdvp);
else
vput(tdvp);
if (tvp)
vput(tvp);
VOP_ABORTOP(fdvp, fcnp); /* XXX, why not in NFS? */
vrele(fdvp);
vrele(fvp);
return (error);
}
/*
* Check if just deleting a link name.
*/
if (tvp && ((VTOI(tvp)->i_e2fs_flags & (EXT2_IMMUTABLE | EXT2_APPEND)) ||
(VTOI(tdvp)->i_e2fs_flags & EXT2_APPEND))) {
error = EPERM;
goto abortit;
}
if (fvp == tvp) {
if (fvp->v_type == VDIR) {
error = EINVAL;
goto abortit;
}
/* Release destination completely. */
VOP_ABORTOP(tdvp, tcnp);
vput(tdvp);
vput(tvp);
/* Delete source. */
vrele(fdvp);
vrele(fvp);
fcnp->cn_flags &= ~MODMASK;
fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
if ((fcnp->cn_flags & SAVESTART) == 0)
panic("ext2fs_rename: lost from startdir");
fcnp->cn_nameiop = DELETE;
(void) vfs_relookup(fdvp, &fvp, fcnp);
return (VOP_REMOVE(fdvp, fvp, fcnp));
}
if ((error = vn_lock(fvp, LK_EXCLUSIVE, p)) != 0)
goto abortit;
dp = VTOI(fdvp);
ip = VTOI(fvp);
if ((nlink_t)ip->i_e2fs_nlink >= LINK_MAX) {
VOP_UNLOCK(fvp, 0);
error = EMLINK;
goto abortit;
}
if ((ip->i_e2fs_flags & (EXT2_IMMUTABLE | EXT2_APPEND)) ||
(dp->i_e2fs_flags & EXT2_APPEND)) {
VOP_UNLOCK(fvp, 0);
error = EPERM;
goto abortit;
}
if ((ip->i_e2fs_mode & IFMT) == IFDIR) {
error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred);
if (!error && tvp)
error = VOP_ACCESS(tvp, VWRITE, tcnp->cn_cred);
if (error) {
VOP_UNLOCK(fvp, 0);
error = EACCES;
goto abortit;
}
/*
* Avoid ".", "..", and aliases of "." for obvious reasons.
*/
if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
dp == ip ||
(fcnp->cn_flags&ISDOTDOT) ||
(tcnp->cn_flags & ISDOTDOT) ||
(ip->i_flag & IN_RENAME)) {
VOP_UNLOCK(fvp, 0);
error = EINVAL;
goto abortit;
}
ip->i_flag |= IN_RENAME;
oldparent = dp->i_number;
doingdirectory++;
}
vrele(fdvp);
/*
* When the target exists, both the directory
* and target vnodes are returned locked.
*/
dp = VTOI(tdvp);
xp = NULL;
if (tvp)
xp = VTOI(tvp);
/*
* 1) Bump link count while we're moving stuff
* around. If we crash somewhere before
* completing our work, the link count
* may be wrong, but correctable.
*/
ip->i_e2fs_nlink++;
ip->i_flag |= IN_CHANGE;
if ((error = ext2fs_update(ip, NULL, NULL, 1)) != 0) {
VOP_UNLOCK(fvp, 0);
goto bad;
}
/*
* If ".." must be changed (ie the directory gets a new
* parent) then the source directory must not be in the
* directory hierarchy above the target, as this would
* orphan everything below the source directory. Also
* the user must have write permission in the source so
* as to be able to change "..". We must repeat the call
* to namei, as the parent directory is unlocked by the
* call to checkpath().
*/
error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred);
VOP_UNLOCK(fvp, 0);
if (oldparent != dp->i_number)
newparent = dp->i_number;
if (doingdirectory && newparent) {
if (error) /* write access check above */
goto bad;
if (xp != NULL)
vput(tvp);
error = ext2fs_checkpath(ip, dp, tcnp->cn_cred);
if (error != 0)
goto out;
if ((tcnp->cn_flags & SAVESTART) == 0)
panic("ext2fs_rename: lost to startdir");
if ((error = vfs_relookup(tdvp, &tvp, tcnp)) != 0)
goto out;
dp = VTOI(tdvp);
xp = NULL;
if (tvp)
xp = VTOI(tvp);
}
/*
* 2) If target doesn't exist, link the target
* to the source and unlink the source.
* Otherwise, rewrite the target directory
* entry to reference the source inode and
* expunge the original entry's existence.
*/
if (xp == NULL) {
if (dp->i_dev != ip->i_dev)
panic("rename: EXDEV");
/*
* Account for ".." in new directory.
* When source and destination have the same
* parent we don't fool with the link count.
*/
if (doingdirectory && newparent) {
if ((nlink_t)dp->i_e2fs_nlink >= LINK_MAX) {
error = EMLINK;
goto bad;
}
dp->i_e2fs_nlink++;
dp->i_flag |= IN_CHANGE;
if ((error = ext2fs_update(dp, NULL, NULL, 1)) != 0)
goto bad;
}
error = ext2fs_direnter(ip, tdvp, tcnp);
if (error != 0) {
if (doingdirectory && newparent) {
dp->i_e2fs_nlink--;
dp->i_flag |= IN_CHANGE;
(void)ext2fs_update(dp, NULL, NULL, 1);
}
goto bad;
}
vput(tdvp);
} else {
if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev)
panic("rename: EXDEV");
/*
* Short circuit rename(foo, foo).
*/
if (xp->i_number == ip->i_number)
panic("rename: same file");
/*
* If the parent directory is "sticky", then the user must
* own the parent directory, or the destination of the rename,
* otherwise the destination may not be changed (except by
* root). This implements append-only directories.
*/
if ((dp->i_e2fs_mode & S_ISTXT) && tcnp->cn_cred->cr_uid != 0 &&
tcnp->cn_cred->cr_uid != dp->i_e2fs_uid &&
xp->i_e2fs_uid != tcnp->cn_cred->cr_uid) {
error = EPERM;
goto bad;
}
/*
* Target must be empty if a directory and have no links
* to it. Also, ensure source and target are compatible
* (both directories, or both not directories).
*/
if ((xp->i_e2fs_mode & IFMT) == IFDIR) {
if (!ext2fs_dirempty(xp, dp->i_number, tcnp->cn_cred) ||
xp->i_e2fs_nlink > 2) {
error = ENOTEMPTY;
goto bad;
}
if (!doingdirectory) {
error = ENOTDIR;
goto bad;
}
cache_purge(tdvp);
} else if (doingdirectory) {
error = EISDIR;
goto bad;
}
error = ext2fs_dirrewrite(dp, ip, tcnp);
if (error != 0)
goto bad;
/*
* If the target directory is in the same
* directory as the source directory,
* decrement the link count on the parent
* of the target directory.
*/
if (doingdirectory && !newparent) {
dp->i_e2fs_nlink--;
dp->i_flag |= IN_CHANGE;
}
vput(tdvp);
/*
* Adjust the link count of the target to
* reflect the dirrewrite above. If this is
* a directory it is empty and there are
* no links to it, so we can squash the inode and
* any space associated with it. We disallowed
* renaming over top of a directory with links to
* it above, as the remaining link would point to
* a directory without "." or ".." entries.
*/
xp->i_e2fs_nlink--;
if (doingdirectory) {
if (--xp->i_e2fs_nlink != 0)
panic("rename: linked directory");
error = ext2fs_truncate(xp, (off_t)0, IO_SYNC,
tcnp->cn_cred);
}
xp->i_flag |= IN_CHANGE;
vput(tvp);
xp = NULL;
}
/*
* 3) Unlink the source.
*/
fcnp->cn_flags &= ~MODMASK;
fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
if ((fcnp->cn_flags & SAVESTART) == 0)
panic("ext2fs_rename: lost from startdir");
(void) vfs_relookup(fdvp, &fvp, fcnp);
if (fvp != NULL) {
xp = VTOI(fvp);
dp = VTOI(fdvp);
} else {
/*
* From name has disappeared.
*/
if (doingdirectory)
panic("ext2fs_rename: lost dir entry");
vrele(ap->a_fvp);
return (0);
}
/*
* Ensure that the directory entry still exists and has not
* changed while the new name has been entered. If the source is
* a file then the entry may have been unlinked or renamed. In
* either case there is no further work to be done. If the source
* is a directory then it cannot have been rmdir'ed; its link
* count of three would cause a rmdir to fail with ENOTEMPTY.
* The IRENAME flag ensures that it cannot be moved by another
* rename.
*/
if (xp != ip) {
if (doingdirectory)
panic("ext2fs_rename: lost dir entry");
} else {
/*
* If the source is a directory with a
* new parent, the link count of the old
* parent directory must be decremented
* and ".." set to point to the new parent.
*/
if (doingdirectory && newparent) {
dp->i_e2fs_nlink--;
dp->i_flag |= IN_CHANGE;
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
sizeof (struct ext2fs_dirtemplate), (off_t)0,
UIO_SYSSPACE, IO_NODELOCKED,
tcnp->cn_cred, NULL, curproc);
if (error == 0) {
namlen = dirbuf.dotdot_namlen;
if (namlen != 2 ||
dirbuf.dotdot_name[0] != '.' ||
dirbuf.dotdot_name[1] != '.') {
ufs_dirbad(xp, (doff_t)12,
"ext2fs_rename: mangled dir");
} else {
dirbuf.dotdot_ino = h2fs32(newparent);
(void) vn_rdwr(UIO_WRITE, fvp,
(caddr_t)&dirbuf,
sizeof (struct dirtemplate),
(off_t)0, UIO_SYSSPACE,
IO_NODELOCKED|IO_SYNC,
tcnp->cn_cred, NULL, curproc);
cache_purge(fdvp);
}
}
}
error = ext2fs_dirremove(fdvp, fcnp);
if (!error) {
xp->i_e2fs_nlink--;
xp->i_flag |= IN_CHANGE;
}
xp->i_flag &= ~IN_RENAME;
}
if (dp)
vput(fdvp);
if (xp)
vput(fvp);
vrele(ap->a_fvp);
return (error);
bad:
if (xp)
vput(ITOV(xp));
vput(ITOV(dp));
out:
if (doingdirectory)
ip->i_flag &= ~IN_RENAME;
if (vn_lock(fvp, LK_EXCLUSIVE, p) == 0) {
ip->i_e2fs_nlink--;
ip->i_flag |= IN_CHANGE;
vput(fvp);
} else
vrele(fvp);
return (error);
}
/*
* Rename system call.
* rename("foo", "bar");
* is essentially
* unlink("bar");
* link("foo", "bar");
* unlink("foo");
* but ``atomically''. Can't do full commit without saving state in the
* inode on disk which isn't feasible at this time. Best we can do is
* always guarantee the target exists.
*
* Basic algorithm is:
*
* 1) Bump link count on source while we're linking it to the
* target. This also ensure the inode won't be deleted out
* from underneath us while we work (it may be truncated by
* a concurrent `trunc' or `open' for creation).
* 2) Link source to destination. If destination already exists,
* delete it first.
* 3) Unlink source reference to inode if still around. If a
* directory was moved and the parent of the destination
* is different from the source, patch the ".." entry in the
* directory.
*/
int
ufs_rename(void *v)
{
struct vop_rename_args *ap = v;
struct vnode *tvp = ap->a_tvp;
struct vnode *tdvp = ap->a_tdvp;
struct vnode *fvp = ap->a_fvp;
struct vnode *fdvp = ap->a_fdvp;
struct componentname *tcnp = ap->a_tcnp;
struct componentname *fcnp = ap->a_fcnp;
struct proc *p = fcnp->cn_proc;
struct inode *ip, *xp, *dp;
struct direct newdir;
int doingdirectory = 0, oldparent = 0, newparent = 0;
int error = 0;
#ifdef DIAGNOSTIC
if ((tcnp->cn_flags & HASBUF) == 0 ||
(fcnp->cn_flags & HASBUF) == 0)
panic("ufs_rename: no name");
#endif
/*
* Check for cross-device rename.
*/
if ((fvp->v_mount != tdvp->v_mount) ||
(tvp && (fvp->v_mount != tvp->v_mount))) {
error = EXDEV;
abortit:
VOP_ABORTOP(tdvp, tcnp);
if (tdvp == tvp)
vrele(tdvp);
else
vput(tdvp);
if (tvp)
vput(tvp);
VOP_ABORTOP(fdvp, fcnp);
vrele(fdvp);
vrele(fvp);
return (error);
}
if (tvp && ((DIP(VTOI(tvp), flags) & (IMMUTABLE | APPEND)) ||
(DIP(VTOI(tdvp), flags) & APPEND))) {
error = EPERM;
goto abortit;
}
/*
* Check if just deleting a link name or if we've lost a race.
* If another process completes the same rename after we've looked
* up the source and have blocked looking up the target, then the
* source and target inodes may be identical now although the
* names were never linked.
*/
if (fvp == tvp) {
if (fvp->v_type == VDIR) {
/*
* Linked directories are impossible, so we must
* have lost the race. Pretend that the rename
* completed before the lookup.
*/
error = ENOENT;
goto abortit;
}
/* Release destination completely. */
VOP_ABORTOP(tdvp, tcnp);
vput(tdvp);
vput(tvp);
/*
* Delete source. There is another race now that everything
* is unlocked, but this doesn't cause any new complications.
* relookup() may find a file that is unrelated to the
* original one, or it may fail. Too bad.
*/
vrele(fvp);
fcnp->cn_flags &= ~MODMASK;
fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
if ((fcnp->cn_flags & SAVESTART) == 0)
panic("ufs_rename: lost from startdir");
fcnp->cn_nameiop = DELETE;
if ((error = vfs_relookup(fdvp, &fvp, fcnp)) != 0)
return (error); /* relookup did vrele() */
vrele(fdvp);
return (VOP_REMOVE(fdvp, fvp, fcnp));
}
if ((error = vn_lock(fvp, LK_EXCLUSIVE, p)) != 0)
goto abortit;
/* fvp, tdvp, tvp now locked */
dp = VTOI(fdvp);
ip = VTOI(fvp);
if ((nlink_t) DIP(ip, nlink) >= LINK_MAX) {
VOP_UNLOCK(fvp, 0);
error = EMLINK;
goto abortit;
}
if ((DIP(ip, flags) & (IMMUTABLE | APPEND)) ||
(DIP(dp, flags) & APPEND)) {
VOP_UNLOCK(fvp, 0);
error = EPERM;
goto abortit;
}
if ((DIP(ip, mode) & IFMT) == IFDIR) {
error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred);
if (!error && tvp)
error = VOP_ACCESS(tvp, VWRITE, tcnp->cn_cred);
if (error) {
VOP_UNLOCK(fvp, 0);
error = EACCES;
goto abortit;
}
/*
* Avoid ".", "..", and aliases of "." for obvious reasons.
*/
if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
dp == ip ||
(fcnp->cn_flags & ISDOTDOT) ||
(tcnp->cn_flags & ISDOTDOT) ||
(ip->i_flag & IN_RENAME)) {
VOP_UNLOCK(fvp, 0);
error = EINVAL;
goto abortit;
}
ip->i_flag |= IN_RENAME;
oldparent = dp->i_number;
doingdirectory = 1;
}
VN_KNOTE(fdvp, NOTE_WRITE); /* XXX right place? */
/*
* When the target exists, both the directory
* and target vnodes are returned locked.
*/
dp = VTOI(tdvp);
xp = NULL;
if (tvp)
xp = VTOI(tvp);
/*
* 1) Bump link count while we're moving stuff
* around. If we crash somewhere before
* completing our work, the link count
* may be wrong, but correctable.
*/
ip->i_effnlink++;
DIP_ADD(ip, nlink, 1);
ip->i_flag |= IN_CHANGE;
if (DOINGSOFTDEP(fvp))
softdep_change_linkcnt(ip, 0);
if ((error = UFS_UPDATE(ip, !DOINGSOFTDEP(fvp))) != 0) {
VOP_UNLOCK(fvp, 0);
goto bad;
}
/*
* If ".." must be changed (ie the directory gets a new
* parent) then the source directory must not be in the
* directory hierarchy above the target, as this would
* orphan everything below the source directory. Also
* the user must have write permission in the source so
* as to be able to change "..". We must repeat the call
* to namei, as the parent directory is unlocked by the
* call to checkpath().
*/
error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred);
VOP_UNLOCK(fvp, 0);
/* tdvp and tvp locked */
if (oldparent != dp->i_number)
newparent = dp->i_number;
if (doingdirectory && newparent) {
if (error) /* write access check above */
goto bad;
if (xp != NULL)
vput(tvp);
/*
* Compensate for the reference ufs_checkpath() loses.
*/
vref(tdvp);
/* Only tdvp is locked */
if ((error = ufs_checkpath(ip, dp, tcnp->cn_cred)) != 0) {
vrele(tdvp);
goto out;
}
if ((tcnp->cn_flags & SAVESTART) == 0)
panic("ufs_rename: lost to startdir");
if ((error = vfs_relookup(tdvp, &tvp, tcnp)) != 0)
goto out;
vrele(tdvp); /* relookup() acquired a reference */
dp = VTOI(tdvp);
xp = NULL;
if (tvp)
xp = VTOI(tvp);
}
/*
* 2) If target doesn't exist, link the target
* to the source and unlink the source.
* Otherwise, rewrite the target directory
* entry to reference the source inode and
* expunge the original entry's existence.
*/
if (xp == NULL) {
if (dp->i_dev != ip->i_dev)
panic("rename: EXDEV");
/*
* Account for ".." in new directory.
* When source and destination have the same
* parent we don't fool with the link count.
*/
if (doingdirectory && newparent) {
if ((nlink_t) DIP(dp, nlink) >= LINK_MAX) {
error = EMLINK;
goto bad;
}
dp->i_effnlink++;
DIP_ADD(dp, nlink, 1);
dp->i_flag |= IN_CHANGE;
if (DOINGSOFTDEP(tdvp))
softdep_change_linkcnt(dp, 0);
if ((error = UFS_UPDATE(dp, !DOINGSOFTDEP(tdvp)))
!= 0) {
dp->i_effnlink--;
DIP_ADD(dp, nlink, -1);
dp->i_flag |= IN_CHANGE;
if (DOINGSOFTDEP(tdvp))
softdep_change_linkcnt(dp, 0);
goto bad;
}
}
ufs_makedirentry(ip, tcnp, &newdir);
if ((error = ufs_direnter(tdvp, NULL, &newdir, tcnp, NULL)) != 0) {
if (doingdirectory && newparent) {
dp->i_effnlink--;
DIP_ADD(dp, nlink, -1);
dp->i_flag |= IN_CHANGE;
if (DOINGSOFTDEP(tdvp))
softdep_change_linkcnt(dp, 0);
(void)UFS_UPDATE(dp, 1);
}
goto bad;
}
VN_KNOTE(tdvp, NOTE_WRITE);
vput(tdvp);
} else {
if (xp->i_dev != dp->i_dev || xp->i_dev != ip->i_dev)
panic("rename: EXDEV");
/*
* Short circuit rename(foo, foo).
*/
if (xp->i_number == ip->i_number)
panic("ufs_rename: same file");
/*
* If the parent directory is "sticky", then the user must
* own the parent directory, or the destination of the rename,
* otherwise the destination may not be changed (except by
* root). This implements append-only directories.
*/
if ((DIP(dp, mode) & S_ISTXT) && tcnp->cn_cred->cr_uid != 0 &&
tcnp->cn_cred->cr_uid != DIP(dp, uid) &&
DIP(xp, uid )!= tcnp->cn_cred->cr_uid) {
error = EPERM;
goto bad;
}
/*
* Target must be empty if a directory and have no links
* to it. Also, ensure source and target are compatible
* (both directories, or both not directories).
*/
if ((DIP(xp, mode) & IFMT) == IFDIR) {
if (xp->i_effnlink > 2 ||
!ufs_dirempty(xp, dp->i_number, tcnp->cn_cred)) {
error = ENOTEMPTY;
goto bad;
}
if (!doingdirectory) {
error = ENOTDIR;
goto bad;
}
cache_purge(tdvp);
} else if (doingdirectory) {
error = EISDIR;
goto bad;
}
if ((error = ufs_dirrewrite(dp, xp, ip->i_number,
IFTODT(DIP(ip, mode)), (doingdirectory && newparent) ?
newparent : doingdirectory)) != 0)
goto bad;
if (doingdirectory) {
if (!newparent) {
dp->i_effnlink--;
if (DOINGSOFTDEP(tdvp))
softdep_change_linkcnt(dp, 0);
}
xp->i_effnlink--;
if (DOINGSOFTDEP(tvp))
softdep_change_linkcnt(xp, 0);
}
if (doingdirectory && !DOINGSOFTDEP(tvp)) {
/*
* Truncate inode. The only stuff left in the directory
* is "." and "..". The "." reference is inconsequential
* since we are quashing it. We have removed the "."
* reference and the reference in the parent directory,
* but there may be other hard links. The soft
* dependency code will arrange to do these operations
* after the parent directory entry has been deleted on
* disk, so when running with that code we avoid doing
* them now.
*/
if (!newparent) {
DIP_ADD(dp, nlink, -1);
dp->i_flag |= IN_CHANGE;
}
DIP_ADD(xp, nlink, -1);
xp->i_flag |= IN_CHANGE;
if ((error = UFS_TRUNCATE(VTOI(tvp), (off_t)0, IO_SYNC,
tcnp->cn_cred)) != 0)
goto bad;
}
VN_KNOTE(tdvp, NOTE_WRITE);
vput(tdvp);
VN_KNOTE(tvp, NOTE_DELETE);
vput(tvp);
xp = NULL;
}
/*
* 3) Unlink the source.
*/
fcnp->cn_flags &= ~MODMASK;
fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
if ((fcnp->cn_flags & SAVESTART) == 0)
panic("ufs_rename: lost from startdir");
if ((error = vfs_relookup(fdvp, &fvp, fcnp)) != 0) {
vrele(ap->a_fvp);
return (error);
}
vrele(fdvp);
if (fvp == NULL) {
/*
* From name has disappeared.
*/
if (doingdirectory)
panic("ufs_rename: lost dir entry");
vrele(ap->a_fvp);
return (0);
}
xp = VTOI(fvp);
dp = VTOI(fdvp);
/*
* Ensure that the directory entry still exists and has not
* changed while the new name has been entered. If the source is
* a file then the entry may have been unlinked or renamed. In
* either case there is no further work to be done. If the source
* is a directory then it cannot have been rmdir'ed; the IN_RENAME
* flag ensures that it cannot be moved by another rename or removed
* by a rmdir.
*/
if (xp != ip) {
if (doingdirectory)
panic("ufs_rename: lost dir entry");
} else {
/*
* If the source is a directory with a
* new parent, the link count of the old
* parent directory must be decremented
* and ".." set to point to the new parent.
*/
if (doingdirectory && newparent) {
xp->i_offset = mastertemplate.dot_reclen;
ufs_dirrewrite(xp, dp, newparent, DT_DIR, 0);
cache_purge(fdvp);
}
error = ufs_dirremove(fdvp, xp, fcnp->cn_flags, 0);
xp->i_flag &= ~IN_RENAME;
}
VN_KNOTE(fvp, NOTE_RENAME);
if (dp)
vput(fdvp);
if (xp)
vput(fvp);
vrele(ap->a_fvp);
return (error);
bad:
if (xp)
vput(ITOV(xp));
vput(ITOV(dp));
out:
vrele(fdvp);
if (doingdirectory)
ip->i_flag &= ~IN_RENAME;
if (vn_lock(fvp, LK_EXCLUSIVE, p) == 0) {
ip->i_effnlink--;
DIP_ADD(ip, nlink, -1);
ip->i_flag |= IN_CHANGE;
ip->i_flag &= ~IN_RENAME;
if (DOINGSOFTDEP(fvp))
softdep_change_linkcnt(ip, 0);
vput(fvp);
} else
vrele(fvp);
return (error);
}
/*
* Renames on files require moving the denode to a new hash queue since the
* denode's location is used to compute which hash queue to put the file
* in. Unless it is a rename in place. For example "mv a b".
*
* What follows is the basic algorithm:
*
* if (file move) {
* if (dest file exists) {
* remove dest file
* }
* if (dest and src in same directory) {
* rewrite name in existing directory slot
* } else {
* write new entry in dest directory
* update offset and dirclust in denode
* move denode to new hash chain
* clear old directory entry
* }
* } else {
* directory move
* if (dest directory exists) {
* if (dest is not empty) {
* return ENOTEMPTY
* }
* remove dest directory
* }
* if (dest and src in same directory) {
* rewrite name in existing entry
* } else {
* be sure dest is not a child of src directory
* write entry in dest directory
* update "." and ".." in moved directory
* update offset and dirclust in denode
* move denode to new hash chain
* clear old directory entry for moved directory
* }
* }
*
* On entry:
* source's parent directory is unlocked
* source file or directory is unlocked
* destination's parent directory is locked
* destination file or directory is locked if it exists
*
* On exit:
* all denodes should be released
*
* Notes:
* I'm not sure how the memory containing the pathnames pointed at by the
* componentname structures is freed, there may be some memory bleeding
* for each rename done.
*/
int
msdosfs_rename(void *v)
{
struct vop_rename_args *ap = v;
struct vnode *tvp = ap->a_tvp;
struct vnode *tdvp = ap->a_tdvp;
struct vnode *fvp = ap->a_fvp;
struct vnode *fdvp = ap->a_fdvp;
struct componentname *tcnp = ap->a_tcnp;
struct componentname *fcnp = ap->a_fcnp;
struct proc *p = curproc; /* XXX */
struct denode *ip, *xp, *dp, *zp;
u_char toname[11], oldname[11];
uint32_t from_diroffset, to_diroffset;
u_char to_count;
int doingdirectory = 0, newparent = 0;
int error;
uint32_t cn, pcl;
daddr64_t bn;
struct msdosfsmount *pmp;
struct direntry *dotdotp;
struct buf *bp;
pmp = VFSTOMSDOSFS(fdvp->v_mount);
#ifdef DIAGNOSTIC
if ((tcnp->cn_flags & HASBUF) == 0 ||
(fcnp->cn_flags & HASBUF) == 0)
panic("msdosfs_rename: no name");
#endif
/*
* Check for cross-device rename.
*/
if ((fvp->v_mount != tdvp->v_mount) ||
(tvp && (fvp->v_mount != tvp->v_mount))) {
error = EXDEV;
abortit:
VOP_ABORTOP(tdvp, tcnp);
if (tdvp == tvp)
vrele(tdvp);
else
vput(tdvp);
if (tvp)
vput(tvp);
VOP_ABORTOP(fdvp, fcnp);
vrele(fdvp);
vrele(fvp);
return (error);
}
/*
* If source and dest are the same, do nothing.
*/
if (tvp == fvp) {
error = 0;
goto abortit;
}
/* */
if ((error = vn_lock(fvp, LK_EXCLUSIVE | LK_RETRY, p)) != 0)
goto abortit;
dp = VTODE(fdvp);
ip = VTODE(fvp);
/*
* Be sure we are not renaming ".", "..", or an alias of ".". This
* leads to a crippled directory tree. It's pretty tough to do a
* "ls" or "pwd" with the "." directory entry missing, and "cd .."
* doesn't work if the ".." entry is missing.
*/
if (ip->de_Attributes & ATTR_DIRECTORY) {
/*
* Avoid ".", "..", and aliases of "." for obvious reasons.
*/
if ((fcnp->cn_namelen == 1 && fcnp->cn_nameptr[0] == '.') ||
dp == ip ||
(fcnp->cn_flags & ISDOTDOT) ||
(tcnp->cn_flags & ISDOTDOT) ||
(ip->de_flag & DE_RENAME)) {
VOP_UNLOCK(fvp, 0, p);
error = EINVAL;
goto abortit;
}
ip->de_flag |= DE_RENAME;
doingdirectory++;
}
/*
* When the target exists, both the directory
* and target vnodes are returned locked.
*/
dp = VTODE(tdvp);
xp = tvp ? VTODE(tvp) : NULL;
/*
* Remember direntry place to use for destination
*/
to_diroffset = dp->de_fndoffset;
to_count = dp->de_fndcnt;
/*
* If ".." must be changed (ie the directory gets a new
* parent) then the source directory must not be in the
* directory hierarchy above the target, as this would
* orphan everything below the source directory. Also
* the user must have write permission in the source so
* as to be able to change "..". We must repeat the call
* to namei, as the parent directory is unlocked by the
* call to doscheckpath().
*/
error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, tcnp->cn_proc);
VOP_UNLOCK(fvp, 0, p);
if (VTODE(fdvp)->de_StartCluster != VTODE(tdvp)->de_StartCluster)
newparent = 1;
vrele(fdvp);
if (doingdirectory && newparent) {
if (error) /* write access check above */
goto bad1;
if (xp != NULL)
vput(tvp);
/*
* doscheckpath() vput()'s dp,
* so we have to do a relookup afterwards
*/
if ((error = doscheckpath(ip, dp)) != 0)
goto out;
if ((tcnp->cn_flags & SAVESTART) == 0)
panic("msdosfs_rename: lost to startdir");
if ((error = vfs_relookup(tdvp, &tvp, tcnp)) != 0)
goto out;
dp = VTODE(tdvp);
xp = tvp ? VTODE(tvp) : NULL;
}
if (xp != NULL) {
/*
* Target must be empty if a directory and have no links
* to it. Also, ensure source and target are compatible
* (both directories, or both not directories).
*/
if (xp->de_Attributes & ATTR_DIRECTORY) {
if (!dosdirempty(xp)) {
error = ENOTEMPTY;
goto bad1;
}
if (!doingdirectory) {
error = ENOTDIR;
goto bad1;
}
cache_purge(tdvp);
} else if (doingdirectory) {
error = EISDIR;
goto bad1;
}
if ((error = removede(dp, xp)) != 0)
goto bad1;
vput(tvp);
xp = NULL;
}
/*
* Convert the filename in tcnp into a dos filename. We copy this
* into the denode and directory entry for the destination
* file/directory.
*/
if ((error = uniqdosname(VTODE(tdvp), tcnp, toname)) != 0)
goto bad1;
/*
* Since from wasn't locked at various places above,
* have to do a relookup here.
*/
fcnp->cn_flags &= ~MODMASK;
fcnp->cn_flags |= LOCKPARENT | LOCKLEAF;
if ((fcnp->cn_flags & SAVESTART) == 0)
panic("msdosfs_rename: lost from startdir");
if (!newparent)
VOP_UNLOCK(tdvp, 0, p);
(void) vfs_relookup(fdvp, &fvp, fcnp);
if (fvp == NULL) {
/*
* From name has disappeared.
*/
if (doingdirectory)
panic("rename: lost dir entry");
vrele(ap->a_fvp);
if (newparent)
VOP_UNLOCK(tdvp, 0, p);
vrele(tdvp);
return 0;
}
xp = VTODE(fvp);
zp = VTODE(fdvp);
from_diroffset = zp->de_fndoffset;
/*
* Ensure that the directory entry still exists and has not
* changed till now. If the source is a file the entry may
* have been unlinked or renamed. In either case there is
* no further work to be done. If the source is a directory
* then it cannot have been rmdir'ed or renamed; this is
* prohibited by the DE_RENAME flag.
*/
if (xp != ip) {
if (doingdirectory)
panic("rename: lost dir entry");
vrele(ap->a_fvp);
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
xp = NULL;
} else {
vrele(fvp);
xp = NULL;
/*
* First write a new entry in the destination
* directory and mark the entry in the source directory
* as deleted. Then move the denode to the correct hash
* chain for its new location in the filesystem. And, if
* we moved a directory, then update its .. entry to point
* to the new parent directory.
*/
bcopy(ip->de_Name, oldname, 11);
bcopy(toname, ip->de_Name, 11); /* update denode */
dp->de_fndoffset = to_diroffset;
dp->de_fndcnt = to_count;
error = createde(ip, dp, (struct denode **)0, tcnp);
if (error) {
bcopy(oldname, ip->de_Name, 11);
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
goto bad;
}
ip->de_refcnt++;
zp->de_fndoffset = from_diroffset;
if ((error = removede(zp, ip)) != 0) {
/* XXX should really panic here, fs is corrupt */
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
goto bad;
}
cache_purge(fvp);
if (!doingdirectory) {
error = pcbmap(dp, de_cluster(pmp, to_diroffset), 0,
&ip->de_dirclust, 0);
if (error) {
/* XXX should really panic here, fs is corrupt */
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
goto bad;
}
if (ip->de_dirclust != MSDOSFSROOT)
ip->de_diroffset = to_diroffset & pmp->pm_crbomask;
}
reinsert(ip);
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
}
/*
* If we moved a directory to a new parent directory, then we must
* fixup the ".." entry in the moved directory.
*/
if (doingdirectory && newparent) {
cn = ip->de_StartCluster;
if (cn == MSDOSFSROOT) {
/* this should never happen */
panic("msdosfs_rename: updating .. in root directory?");
} else
bn = cntobn(pmp, cn);
error = bread(pmp->pm_devvp, bn, pmp->pm_bpcluster,
NOCRED, &bp);
if (error) {
/* XXX should really panic here, fs is corrupt */
brelse(bp);
goto bad;
}
dotdotp = (struct direntry *)bp->b_data;
putushort(dotdotp[0].deStartCluster, cn);
pcl = dp->de_StartCluster;
if (FAT32(pmp) && pcl == pmp->pm_rootdirblk)
pcl = 0;
putushort(dotdotp[1].deStartCluster, pcl);
if (FAT32(pmp)) {
putushort(dotdotp[0].deHighClust, cn >> 16);
putushort(dotdotp[1].deHighClust, pcl >> 16);
}
if ((error = bwrite(bp)) != 0) {
/* XXX should really panic here, fs is corrupt */
goto bad;
}
}
