genfs_vnops.c revision 1.205
1 /* $NetBSD: genfs_vnops.c,v 1.205 2020/05/18 19:42:16 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * Copyright (c) 1982, 1986, 1989, 1993 31 * The Regents of the University of California. All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. Neither the name of the University nor the names of its contributors 42 * may be used to endorse or promote products derived from this software 43 * without specific prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 * 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.205 2020/05/18 19:42:16 christos Exp $"); 61 62 #include <sys/param.h> 63 #include <sys/systm.h> 64 #include <sys/proc.h> 65 #include <sys/kernel.h> 66 #include <sys/mount.h> 67 #include <sys/fstrans.h> 68 #include <sys/namei.h> 69 #include <sys/vnode_impl.h> 70 #include <sys/fcntl.h> 71 #include <sys/kmem.h> 72 #include <sys/poll.h> 73 #include <sys/mman.h> 74 #include <sys/file.h> 75 #include <sys/kauth.h> 76 #include <sys/stat.h> 77 #include <sys/extattr.h> 78 79 #include <miscfs/genfs/genfs.h> 80 #include <miscfs/genfs/genfs_node.h> 81 #include <miscfs/specfs/specdev.h> 82 83 #include <uvm/uvm.h> 84 #include <uvm/uvm_pager.h> 85 86 static void filt_genfsdetach(struct knote *); 87 static int filt_genfsread(struct knote *, long); 88 static int filt_genfsvnode(struct knote *, long); 89 90 int 91 genfs_poll(void *v) 92 { 93 struct vop_poll_args /* { 94 struct vnode *a_vp; 95 int a_events; 96 struct lwp *a_l; 97 } */ *ap = v; 98 99 return (ap->a_events & (POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM)); 100 } 101 102 int 103 genfs_seek(void *v) 104 { 105 struct vop_seek_args /* { 106 struct vnode *a_vp; 107 off_t a_oldoff; 108 off_t a_newoff; 109 kauth_cred_t cred; 110 } */ *ap = v; 111 112 if (ap->a_newoff < 0) 113 return (EINVAL); 114 115 return (0); 116 } 117 118 int 119 genfs_abortop(void *v) 120 { 121 struct vop_abortop_args /* { 122 struct vnode *a_dvp; 123 struct componentname *a_cnp; 124 } */ *ap = v; 125 126 (void)ap; 127 128 return (0); 129 } 130 131 int 132 genfs_fcntl(void *v) 133 { 134 struct vop_fcntl_args /* { 135 struct vnode *a_vp; 136 u_int a_command; 137 void *a_data; 138 int a_fflag; 139 kauth_cred_t a_cred; 140 struct lwp *a_l; 141 } */ *ap = v; 142 143 if (ap->a_command == F_SETFL) 144 return (0); 145 else 146 return (EOPNOTSUPP); 147 } 148 149 /*ARGSUSED*/ 150 int 151 genfs_badop(void *v) 152 { 153 154 panic("genfs: bad op"); 155 } 156 157 /*ARGSUSED*/ 158 int 159 genfs_nullop(void *v) 160 { 161 162 return (0); 163 } 164 165 /*ARGSUSED*/ 166 int 167 genfs_einval(void *v) 168 { 169 170 return (EINVAL); 171 } 172 173 /* 174 * Called when an fs doesn't support a particular vop. 175 * This takes care to vrele, vput, or vunlock passed in vnodes 176 * and calls VOP_ABORTOP for a componentname (in non-rename VOP). 177 */ 178 int 179 genfs_eopnotsupp(void *v) 180 { 181 struct vop_generic_args /* 182 struct vnodeop_desc *a_desc; 183 / * other random data follows, presumably * / 184 } */ *ap = v; 185 struct vnodeop_desc *desc = ap->a_desc; 186 struct vnode *vp, *vp_last = NULL; 187 int flags, i, j, offset_cnp, offset_vp; 188 189 KASSERT(desc->vdesc_offset != VOP_LOOKUP_DESCOFFSET); 190 KASSERT(desc->vdesc_offset != VOP_ABORTOP_DESCOFFSET); 191 192 /* 193 * Abort any componentname that lookup potentially left state in. 194 * 195 * As is logical, componentnames for VOP_RENAME are handled by 196 * the caller of VOP_RENAME. Yay, rename! 197 */ 198 if (desc->vdesc_offset != VOP_RENAME_DESCOFFSET && 199 (offset_vp = desc->vdesc_vp_offsets[0]) != VDESC_NO_OFFSET && 200 (offset_cnp = desc->vdesc_componentname_offset) != VDESC_NO_OFFSET){ 201 struct componentname *cnp; 202 struct vnode *dvp; 203 204 dvp = *VOPARG_OFFSETTO(struct vnode **, offset_vp, ap); 205 cnp = *VOPARG_OFFSETTO(struct componentname **, offset_cnp, ap); 206 207 VOP_ABORTOP(dvp, cnp); 208 } 209 210 flags = desc->vdesc_flags; 211 for (i = 0; i < VDESC_MAX_VPS; flags >>=1, i++) { 212 if ((offset_vp = desc->vdesc_vp_offsets[i]) == VDESC_NO_OFFSET) 213 break; /* stop at end of list */ 214 if ((j = flags & VDESC_VP0_WILLPUT)) { 215 vp = *VOPARG_OFFSETTO(struct vnode **, offset_vp, ap); 216 217 /* Skip if NULL */ 218 if (!vp) 219 continue; 220 221 switch (j) { 222 case VDESC_VP0_WILLPUT: 223 /* Check for dvp == vp cases */ 224 if (vp == vp_last) 225 vrele(vp); 226 else { 227 vput(vp); 228 vp_last = vp; 229 } 230 break; 231 case VDESC_VP0_WILLRELE: 232 vrele(vp); 233 break; 234 } 235 } 236 } 237 238 return (EOPNOTSUPP); 239 } 240 241 /*ARGSUSED*/ 242 int 243 genfs_ebadf(void *v) 244 { 245 246 return (EBADF); 247 } 248 249 /* ARGSUSED */ 250 int 251 genfs_enoioctl(void *v) 252 { 253 254 return (EPASSTHROUGH); 255 } 256 257 258 /* 259 * Eliminate all activity associated with the requested vnode 260 * and with all vnodes aliased to the requested vnode. 261 */ 262 int 263 genfs_revoke(void *v) 264 { 265 struct vop_revoke_args /* { 266 struct vnode *a_vp; 267 int a_flags; 268 } */ *ap = v; 269 270 #ifdef DIAGNOSTIC 271 if ((ap->a_flags & REVOKEALL) == 0) 272 panic("genfs_revoke: not revokeall"); 273 #endif 274 vrevoke(ap->a_vp); 275 return (0); 276 } 277 278 /* 279 * Lock the node (for deadfs). 280 */ 281 int 282 genfs_deadlock(void *v) 283 { 284 struct vop_lock_args /* { 285 struct vnode *a_vp; 286 int a_flags; 287 } */ *ap = v; 288 vnode_t *vp = ap->a_vp; 289 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 290 int flags = ap->a_flags; 291 krw_t op; 292 293 if (! ISSET(flags, LK_RETRY)) 294 return ENOENT; 295 296 if (ISSET(flags, LK_DOWNGRADE)) { 297 rw_downgrade(&vip->vi_lock); 298 } else if (ISSET(flags, LK_UPGRADE)) { 299 KASSERT(ISSET(flags, LK_NOWAIT)); 300 if (!rw_tryupgrade(&vip->vi_lock)) { 301 return EBUSY; 302 } 303 } else if ((flags & (LK_EXCLUSIVE | LK_SHARED)) != 0) { 304 op = (ISSET(flags, LK_EXCLUSIVE) ? RW_WRITER : RW_READER); 305 if (ISSET(flags, LK_NOWAIT)) { 306 if (!rw_tryenter(&vip->vi_lock, op)) 307 return EBUSY; 308 } else { 309 rw_enter(&vip->vi_lock, op); 310 } 311 } 312 VSTATE_ASSERT_UNLOCKED(vp, VS_RECLAIMED); 313 return 0; 314 } 315 316 /* 317 * Unlock the node (for deadfs). 318 */ 319 int 320 genfs_deadunlock(void *v) 321 { 322 struct vop_unlock_args /* { 323 struct vnode *a_vp; 324 } */ *ap = v; 325 vnode_t *vp = ap->a_vp; 326 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 327 328 rw_exit(&vip->vi_lock); 329 330 return 0; 331 } 332 333 /* 334 * Lock the node. 335 */ 336 int 337 genfs_lock(void *v) 338 { 339 struct vop_lock_args /* { 340 struct vnode *a_vp; 341 int a_flags; 342 } */ *ap = v; 343 vnode_t *vp = ap->a_vp; 344 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 345 int flags = ap->a_flags; 346 krw_t op; 347 348 if (ISSET(flags, LK_DOWNGRADE)) { 349 rw_downgrade(&vip->vi_lock); 350 } else if (ISSET(flags, LK_UPGRADE)) { 351 KASSERT(ISSET(flags, LK_NOWAIT)); 352 if (!rw_tryupgrade(&vip->vi_lock)) { 353 return EBUSY; 354 } 355 } else if ((flags & (LK_EXCLUSIVE | LK_SHARED)) != 0) { 356 op = (ISSET(flags, LK_EXCLUSIVE) ? RW_WRITER : RW_READER); 357 if (ISSET(flags, LK_NOWAIT)) { 358 if (!rw_tryenter(&vip->vi_lock, op)) 359 return EBUSY; 360 } else { 361 rw_enter(&vip->vi_lock, op); 362 } 363 } 364 VSTATE_ASSERT_UNLOCKED(vp, VS_ACTIVE); 365 return 0; 366 } 367 368 /* 369 * Unlock the node. 370 */ 371 int 372 genfs_unlock(void *v) 373 { 374 struct vop_unlock_args /* { 375 struct vnode *a_vp; 376 } */ *ap = v; 377 vnode_t *vp = ap->a_vp; 378 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 379 380 rw_exit(&vip->vi_lock); 381 382 return 0; 383 } 384 385 /* 386 * Return whether or not the node is locked. 387 */ 388 int 389 genfs_islocked(void *v) 390 { 391 struct vop_islocked_args /* { 392 struct vnode *a_vp; 393 } */ *ap = v; 394 vnode_t *vp = ap->a_vp; 395 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 396 397 if (rw_write_held(&vip->vi_lock)) 398 return LK_EXCLUSIVE; 399 400 if (rw_read_held(&vip->vi_lock)) 401 return LK_SHARED; 402 403 return 0; 404 } 405 406 /* 407 * Stubs to use when there is no locking to be done on the underlying object. 408 */ 409 int 410 genfs_nolock(void *v) 411 { 412 413 return (0); 414 } 415 416 int 417 genfs_nounlock(void *v) 418 { 419 420 return (0); 421 } 422 423 int 424 genfs_noislocked(void *v) 425 { 426 427 return (0); 428 } 429 430 int 431 genfs_mmap(void *v) 432 { 433 434 return (0); 435 } 436 437 /* 438 * VOP_PUTPAGES() for vnodes which never have pages. 439 */ 440 441 int 442 genfs_null_putpages(void *v) 443 { 444 struct vop_putpages_args /* { 445 struct vnode *a_vp; 446 voff_t a_offlo; 447 voff_t a_offhi; 448 int a_flags; 449 } */ *ap = v; 450 struct vnode *vp = ap->a_vp; 451 452 KASSERT(vp->v_uobj.uo_npages == 0); 453 rw_exit(vp->v_uobj.vmobjlock); 454 return (0); 455 } 456 457 void 458 genfs_node_init(struct vnode *vp, const struct genfs_ops *ops) 459 { 460 struct genfs_node *gp = VTOG(vp); 461 462 rw_init(&gp->g_glock); 463 gp->g_op = ops; 464 } 465 466 void 467 genfs_node_destroy(struct vnode *vp) 468 { 469 struct genfs_node *gp = VTOG(vp); 470 471 rw_destroy(&gp->g_glock); 472 } 473 474 void 475 genfs_size(struct vnode *vp, off_t size, off_t *eobp, int flags) 476 { 477 int bsize; 478 479 bsize = 1 << vp->v_mount->mnt_fs_bshift; 480 *eobp = (size + bsize - 1) & ~(bsize - 1); 481 } 482 483 static void 484 filt_genfsdetach(struct knote *kn) 485 { 486 struct vnode *vp = (struct vnode *)kn->kn_hook; 487 488 mutex_enter(vp->v_interlock); 489 SLIST_REMOVE(&vp->v_klist, kn, knote, kn_selnext); 490 mutex_exit(vp->v_interlock); 491 } 492 493 static int 494 filt_genfsread(struct knote *kn, long hint) 495 { 496 struct vnode *vp = (struct vnode *)kn->kn_hook; 497 int rv; 498 499 /* 500 * filesystem is gone, so set the EOF flag and schedule 501 * the knote for deletion. 502 */ 503 switch (hint) { 504 case NOTE_REVOKE: 505 KASSERT(mutex_owned(vp->v_interlock)); 506 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 507 return (1); 508 case 0: 509 mutex_enter(vp->v_interlock); 510 kn->kn_data = vp->v_size - ((file_t *)kn->kn_obj)->f_offset; 511 rv = (kn->kn_data != 0); 512 mutex_exit(vp->v_interlock); 513 return rv; 514 default: 515 KASSERT(mutex_owned(vp->v_interlock)); 516 kn->kn_data = vp->v_size - ((file_t *)kn->kn_obj)->f_offset; 517 return (kn->kn_data != 0); 518 } 519 } 520 521 static int 522 filt_genfswrite(struct knote *kn, long hint) 523 { 524 struct vnode *vp = (struct vnode *)kn->kn_hook; 525 526 /* 527 * filesystem is gone, so set the EOF flag and schedule 528 * the knote for deletion. 529 */ 530 switch (hint) { 531 case NOTE_REVOKE: 532 KASSERT(mutex_owned(vp->v_interlock)); 533 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 534 return (1); 535 case 0: 536 mutex_enter(vp->v_interlock); 537 kn->kn_data = 0; 538 mutex_exit(vp->v_interlock); 539 return 1; 540 default: 541 KASSERT(mutex_owned(vp->v_interlock)); 542 kn->kn_data = 0; 543 return 1; 544 } 545 } 546 547 static int 548 filt_genfsvnode(struct knote *kn, long hint) 549 { 550 struct vnode *vp = (struct vnode *)kn->kn_hook; 551 int fflags; 552 553 switch (hint) { 554 case NOTE_REVOKE: 555 KASSERT(mutex_owned(vp->v_interlock)); 556 kn->kn_flags |= EV_EOF; 557 if ((kn->kn_sfflags & hint) != 0) 558 kn->kn_fflags |= hint; 559 return (1); 560 case 0: 561 mutex_enter(vp->v_interlock); 562 fflags = kn->kn_fflags; 563 mutex_exit(vp->v_interlock); 564 break; 565 default: 566 KASSERT(mutex_owned(vp->v_interlock)); 567 if ((kn->kn_sfflags & hint) != 0) 568 kn->kn_fflags |= hint; 569 fflags = kn->kn_fflags; 570 break; 571 } 572 573 return (fflags != 0); 574 } 575 576 static const struct filterops genfsread_filtops = { 577 .f_isfd = 1, 578 .f_attach = NULL, 579 .f_detach = filt_genfsdetach, 580 .f_event = filt_genfsread, 581 }; 582 583 static const struct filterops genfswrite_filtops = { 584 .f_isfd = 1, 585 .f_attach = NULL, 586 .f_detach = filt_genfsdetach, 587 .f_event = filt_genfswrite, 588 }; 589 590 static const struct filterops genfsvnode_filtops = { 591 .f_isfd = 1, 592 .f_attach = NULL, 593 .f_detach = filt_genfsdetach, 594 .f_event = filt_genfsvnode, 595 }; 596 597 int 598 genfs_kqfilter(void *v) 599 { 600 struct vop_kqfilter_args /* { 601 struct vnode *a_vp; 602 struct knote *a_kn; 603 } */ *ap = v; 604 struct vnode *vp; 605 struct knote *kn; 606 607 vp = ap->a_vp; 608 kn = ap->a_kn; 609 switch (kn->kn_filter) { 610 case EVFILT_READ: 611 kn->kn_fop = &genfsread_filtops; 612 break; 613 case EVFILT_WRITE: 614 kn->kn_fop = &genfswrite_filtops; 615 break; 616 case EVFILT_VNODE: 617 kn->kn_fop = &genfsvnode_filtops; 618 break; 619 default: 620 return (EINVAL); 621 } 622 623 kn->kn_hook = vp; 624 625 mutex_enter(vp->v_interlock); 626 SLIST_INSERT_HEAD(&vp->v_klist, kn, kn_selnext); 627 mutex_exit(vp->v_interlock); 628 629 return (0); 630 } 631 632 void 633 genfs_node_wrlock(struct vnode *vp) 634 { 635 struct genfs_node *gp = VTOG(vp); 636 637 rw_enter(&gp->g_glock, RW_WRITER); 638 } 639 640 void 641 genfs_node_rdlock(struct vnode *vp) 642 { 643 struct genfs_node *gp = VTOG(vp); 644 645 rw_enter(&gp->g_glock, RW_READER); 646 } 647 648 int 649 genfs_node_rdtrylock(struct vnode *vp) 650 { 651 struct genfs_node *gp = VTOG(vp); 652 653 return rw_tryenter(&gp->g_glock, RW_READER); 654 } 655 656 void 657 genfs_node_unlock(struct vnode *vp) 658 { 659 struct genfs_node *gp = VTOG(vp); 660 661 rw_exit(&gp->g_glock); 662 } 663 664 int 665 genfs_node_wrlocked(struct vnode *vp) 666 { 667 struct genfs_node *gp = VTOG(vp); 668 669 return rw_write_held(&gp->g_glock); 670 } 671 672 static int 673 groupmember(gid_t gid, kauth_cred_t cred) 674 { 675 int ismember; 676 int error = kauth_cred_ismember_gid(cred, gid, &ismember); 677 if (error) 678 return error; 679 if (kauth_cred_getegid(cred) == gid || ismember) 680 return 0; 681 return -1; 682 } 683 684 /* 685 * Common filesystem object access control check routine. Accepts a 686 * vnode, cred, uid, gid, mode, acl, requested access mode. 687 * Returns 0 on success, or an errno on failure. 688 */ 689 int 690 genfs_can_access(vnode_t *vp, kauth_cred_t cred, uid_t file_uid, gid_t file_gid, 691 mode_t file_mode, struct acl *acl, accmode_t accmode) 692 { 693 accmode_t dac_granted; 694 int error; 695 696 KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND)) == 0); 697 KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE)); 698 #ifdef ACL_DEBUG 699 char buf[128]; 700 snprintb(buf, sizeof(buf), __VNODE_PERM_BITS, accmode); 701 printf("%s: %s cred_uid=%d cred_gid=%d file_uid=%d file_gid=%d\n", 702 __func__, buf, kauth_cred_geteuid(cred), kauth_cred_getegid(cred), 703 file_uid, file_gid); 704 #endif 705 /* 706 * Look for a normal, non-privileged way to access the file/directory 707 * as requested. If it exists, go with that. 708 */ 709 710 dac_granted = 0; 711 712 /* Check the owner. */ 713 if (kauth_cred_geteuid(cred) == file_uid) { 714 dac_granted |= VADMIN; 715 if (file_mode & S_IXUSR) 716 dac_granted |= VEXEC; 717 if (file_mode & S_IRUSR) 718 dac_granted |= VREAD; 719 if (file_mode & S_IWUSR) 720 dac_granted |= (VWRITE | VAPPEND); 721 722 #ifdef ACL_DEBUG 723 printf("%s: owner %o %o\n", __func__, 724 accmode & dac_granted, accmode); 725 #endif 726 goto privchk; 727 } 728 729 /* Otherwise, check the groups (first match) */ 730 /* Otherwise, check the groups. */ 731 error = groupmember(file_gid, cred); 732 if (error > 0) 733 return error; 734 if (error == 0) { 735 if (file_mode & S_IXGRP) 736 dac_granted |= VEXEC; 737 if (file_mode & S_IRGRP) 738 dac_granted |= VREAD; 739 if (file_mode & S_IWGRP) 740 dac_granted |= (VWRITE | VAPPEND); 741 742 #ifdef ACL_DEBUG 743 printf("%s: group %o %o\n", __func__, 744 accmode & dac_granted, accmode); 745 #endif 746 goto privchk; 747 } 748 749 /* Otherwise, check everyone else. */ 750 if (file_mode & S_IXOTH) 751 dac_granted |= VEXEC; 752 if (file_mode & S_IROTH) 753 dac_granted |= VREAD; 754 if (file_mode & S_IWOTH) 755 dac_granted |= (VWRITE | VAPPEND); 756 757 #ifdef ACL_DEBUG 758 printf("%s: others %o %o\n", __func__, 759 accmode & dac_granted, accmode); 760 #endif 761 privchk: 762 if ((accmode & dac_granted) == accmode) 763 return 0; 764 765 return (accmode & VADMIN) ? EPERM : EACCES; 766 } 767 768 /* 769 * Implement a version of genfs_can_access() that understands POSIX.1e ACL 770 * semantics; 771 * the access ACL has already been prepared for evaluation by the file system 772 * and is passed via 'uid', 'gid', and 'acl'. Return 0 on success, else an 773 * errno value. 774 */ 775 int 776 genfs_can_access_acl_posix1e(vnode_t *vp, kauth_cred_t cred, uid_t file_uid, 777 gid_t file_gid, mode_t file_mode, struct acl *acl, accmode_t accmode) 778 { 779 struct acl_entry *acl_other, *acl_mask; 780 accmode_t dac_granted; 781 accmode_t acl_mask_granted; 782 int group_matched, i; 783 int error; 784 785 KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND)) == 0); 786 KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE)); 787 788 /* 789 * The owner matches if the effective uid associated with the 790 * credential matches that of the ACL_USER_OBJ entry. While we're 791 * doing the first scan, also cache the location of the ACL_MASK and 792 * ACL_OTHER entries, preventing some future iterations. 793 */ 794 acl_mask = acl_other = NULL; 795 for (i = 0; i < acl->acl_cnt; i++) { 796 struct acl_entry *ae = &acl->acl_entry[i]; 797 switch (ae->ae_tag) { 798 case ACL_USER_OBJ: 799 if (kauth_cred_geteuid(cred) != file_uid) 800 break; 801 dac_granted = 0; 802 dac_granted |= VADMIN; 803 if (ae->ae_perm & ACL_EXECUTE) 804 dac_granted |= VEXEC; 805 if (ae->ae_perm & ACL_READ) 806 dac_granted |= VREAD; 807 if (ae->ae_perm & ACL_WRITE) 808 dac_granted |= (VWRITE | VAPPEND); 809 goto out; 810 811 case ACL_MASK: 812 acl_mask = ae; 813 break; 814 815 case ACL_OTHER: 816 acl_other = ae; 817 break; 818 819 default: 820 break; 821 } 822 } 823 824 /* 825 * An ACL_OTHER entry should always exist in a valid access ACL. If 826 * it doesn't, then generate a serious failure. For now, this means 827 * a debugging message and EPERM, but in the future should probably 828 * be a panic. 829 */ 830 if (acl_other == NULL) { 831 /* 832 * XXX This should never happen 833 */ 834 printf("%s: ACL_OTHER missing\n", __func__); 835 return EPERM; 836 } 837 838 /* 839 * Checks against ACL_USER, ACL_GROUP_OBJ, and ACL_GROUP fields are 840 * masked by an ACL_MASK entry, if any. As such, first identify the 841 * ACL_MASK field, then iterate through identifying potential user 842 * matches, then group matches. If there is no ACL_MASK, assume that 843 * the mask allows all requests to succeed. 844 */ 845 if (acl_mask != NULL) { 846 acl_mask_granted = 0; 847 if (acl_mask->ae_perm & ACL_EXECUTE) 848 acl_mask_granted |= VEXEC; 849 if (acl_mask->ae_perm & ACL_READ) 850 acl_mask_granted |= VREAD; 851 if (acl_mask->ae_perm & ACL_WRITE) 852 acl_mask_granted |= (VWRITE | VAPPEND); 853 } else 854 acl_mask_granted = VEXEC | VREAD | VWRITE | VAPPEND; 855 856 /* 857 * Check ACL_USER ACL entries. There will either be one or no 858 * matches; if there is one, we accept or rejected based on the 859 * match; otherwise, we continue on to groups. 860 */ 861 for (i = 0; i < acl->acl_cnt; i++) { 862 struct acl_entry *ae = &acl->acl_entry[i]; 863 switch (ae->ae_tag) { 864 case ACL_USER: 865 if (kauth_cred_geteuid(cred) != ae->ae_id) 866 break; 867 dac_granted = 0; 868 if (ae->ae_perm & ACL_EXECUTE) 869 dac_granted |= VEXEC; 870 if (ae->ae_perm & ACL_READ) 871 dac_granted |= VREAD; 872 if (ae->ae_perm & ACL_WRITE) 873 dac_granted |= (VWRITE | VAPPEND); 874 dac_granted &= acl_mask_granted; 875 goto out; 876 } 877 } 878 879 /* 880 * Group match is best-match, not first-match, so find a "best" 881 * match. Iterate across, testing each potential group match. Make 882 * sure we keep track of whether we found a match or not, so that we 883 * know if we should try again with any available privilege, or if we 884 * should move on to ACL_OTHER. 885 */ 886 group_matched = 0; 887 for (i = 0; i < acl->acl_cnt; i++) { 888 struct acl_entry *ae = &acl->acl_entry[i]; 889 switch (ae->ae_tag) { 890 case ACL_GROUP_OBJ: 891 error = groupmember(file_gid, cred); 892 if (error > 0) 893 return error; 894 if (error) 895 break; 896 dac_granted = 0; 897 if (ae->ae_perm & ACL_EXECUTE) 898 dac_granted |= VEXEC; 899 if (ae->ae_perm & ACL_READ) 900 dac_granted |= VREAD; 901 if (ae->ae_perm & ACL_WRITE) 902 dac_granted |= (VWRITE | VAPPEND); 903 dac_granted &= acl_mask_granted; 904 905 if ((accmode & dac_granted) == accmode) 906 return 0; 907 908 group_matched = 1; 909 break; 910 911 case ACL_GROUP: 912 error = groupmember(ae->ae_id, cred); 913 if (error > 0) 914 return error; 915 if (error) 916 break; 917 dac_granted = 0; 918 if (ae->ae_perm & ACL_EXECUTE) 919 dac_granted |= VEXEC; 920 if (ae->ae_perm & ACL_READ) 921 dac_granted |= VREAD; 922 if (ae->ae_perm & ACL_WRITE) 923 dac_granted |= (VWRITE | VAPPEND); 924 dac_granted &= acl_mask_granted; 925 926 if ((accmode & dac_granted) == accmode) 927 return 0; 928 929 group_matched = 1; 930 break; 931 932 default: 933 break; 934 } 935 } 936 937 if (group_matched == 1) { 938 /* 939 * There was a match, but it did not grant rights via pure 940 * DAC. Try again, this time with privilege. 941 */ 942 for (i = 0; i < acl->acl_cnt; i++) { 943 struct acl_entry *ae = &acl->acl_entry[i]; 944 switch (ae->ae_tag) { 945 case ACL_GROUP_OBJ: 946 error = groupmember(file_gid, cred); 947 if (error > 0) 948 return error; 949 if (error) 950 break; 951 dac_granted = 0; 952 if (ae->ae_perm & ACL_EXECUTE) 953 dac_granted |= VEXEC; 954 if (ae->ae_perm & ACL_READ) 955 dac_granted |= VREAD; 956 if (ae->ae_perm & ACL_WRITE) 957 dac_granted |= (VWRITE | VAPPEND); 958 dac_granted &= acl_mask_granted; 959 goto out; 960 961 case ACL_GROUP: 962 error = groupmember(ae->ae_id, cred); 963 if (error > 0) 964 return error; 965 if (error) 966 break; 967 dac_granted = 0; 968 if (ae->ae_perm & ACL_EXECUTE) 969 dac_granted |= VEXEC; 970 if (ae->ae_perm & ACL_READ) 971 dac_granted |= VREAD; 972 if (ae->ae_perm & ACL_WRITE) 973 dac_granted |= (VWRITE | VAPPEND); 974 dac_granted &= acl_mask_granted; 975 976 goto out; 977 default: 978 break; 979 } 980 } 981 /* 982 * Even with privilege, group membership was not sufficient. 983 * Return failure. 984 */ 985 dac_granted = 0; 986 goto out; 987 } 988 989 /* 990 * Fall back on ACL_OTHER. ACL_MASK is not applied to ACL_OTHER. 991 */ 992 dac_granted = 0; 993 if (acl_other->ae_perm & ACL_EXECUTE) 994 dac_granted |= VEXEC; 995 if (acl_other->ae_perm & ACL_READ) 996 dac_granted |= VREAD; 997 if (acl_other->ae_perm & ACL_WRITE) 998 dac_granted |= (VWRITE | VAPPEND); 999 1000 out: 1001 if ((accmode & dac_granted) == accmode) 1002 return 0; 1003 return (accmode & VADMIN) ? EPERM : EACCES; 1004 } 1005 1006 static struct { 1007 accmode_t accmode; 1008 int mask; 1009 } accmode2mask[] = { 1010 { VREAD, ACL_READ_DATA }, 1011 { VWRITE, ACL_WRITE_DATA }, 1012 { VAPPEND, ACL_APPEND_DATA }, 1013 { VEXEC, ACL_EXECUTE }, 1014 { VREAD_NAMED_ATTRS, ACL_READ_NAMED_ATTRS }, 1015 { VWRITE_NAMED_ATTRS, ACL_WRITE_NAMED_ATTRS }, 1016 { VDELETE_CHILD, ACL_DELETE_CHILD }, 1017 { VREAD_ATTRIBUTES, ACL_READ_ATTRIBUTES }, 1018 { VWRITE_ATTRIBUTES, ACL_WRITE_ATTRIBUTES }, 1019 { VDELETE, ACL_DELETE }, 1020 { VREAD_ACL, ACL_READ_ACL }, 1021 { VWRITE_ACL, ACL_WRITE_ACL }, 1022 { VWRITE_OWNER, ACL_WRITE_OWNER }, 1023 { VSYNCHRONIZE, ACL_SYNCHRONIZE }, 1024 { 0, 0 }, 1025 }; 1026 1027 static int 1028 _access_mask_from_accmode(accmode_t accmode) 1029 { 1030 int access_mask = 0, i; 1031 1032 for (i = 0; accmode2mask[i].accmode != 0; i++) { 1033 if (accmode & accmode2mask[i].accmode) 1034 access_mask |= accmode2mask[i].mask; 1035 } 1036 1037 /* 1038 * VAPPEND is just a modifier for VWRITE; if the caller asked 1039 * for 'VAPPEND | VWRITE', we want to check for ACL_APPEND_DATA only. 1040 */ 1041 if (access_mask & ACL_APPEND_DATA) 1042 access_mask &= ~ACL_WRITE_DATA; 1043 1044 return (access_mask); 1045 } 1046 1047 /* 1048 * Return 0, iff access is allowed, 1 otherwise. 1049 */ 1050 static int 1051 _acl_denies(const struct acl *aclp, int access_mask, kauth_cred_t cred, 1052 int file_uid, int file_gid, int *denied_explicitly) 1053 { 1054 int i, error; 1055 const struct acl_entry *ae; 1056 1057 if (denied_explicitly != NULL) 1058 *denied_explicitly = 0; 1059 1060 KASSERT(aclp->acl_cnt <= ACL_MAX_ENTRIES); 1061 1062 for (i = 0; i < aclp->acl_cnt; i++) { 1063 ae = &(aclp->acl_entry[i]); 1064 1065 if (ae->ae_entry_type != ACL_ENTRY_TYPE_ALLOW && 1066 ae->ae_entry_type != ACL_ENTRY_TYPE_DENY) 1067 continue; 1068 if (ae->ae_flags & ACL_ENTRY_INHERIT_ONLY) 1069 continue; 1070 switch (ae->ae_tag) { 1071 case ACL_USER_OBJ: 1072 if (kauth_cred_geteuid(cred) != file_uid) 1073 continue; 1074 break; 1075 case ACL_USER: 1076 if (kauth_cred_geteuid(cred) != ae->ae_id) 1077 continue; 1078 break; 1079 case ACL_GROUP_OBJ: 1080 error = groupmember(file_gid, cred); 1081 if (error > 0) 1082 return error; 1083 if (error != 0) 1084 continue; 1085 break; 1086 case ACL_GROUP: 1087 error = groupmember(ae->ae_id, cred); 1088 if (error > 0) 1089 return error; 1090 if (error != 0) 1091 continue; 1092 break; 1093 default: 1094 KASSERT(ae->ae_tag == ACL_EVERYONE); 1095 } 1096 1097 if (ae->ae_entry_type == ACL_ENTRY_TYPE_DENY) { 1098 if (ae->ae_perm & access_mask) { 1099 if (denied_explicitly != NULL) 1100 *denied_explicitly = 1; 1101 return (1); 1102 } 1103 } 1104 1105 access_mask &= ~(ae->ae_perm); 1106 if (access_mask == 0) 1107 return (0); 1108 } 1109 1110 if (access_mask == 0) 1111 return (0); 1112 1113 return (1); 1114 } 1115 1116 int 1117 genfs_can_access_acl_nfs4(vnode_t *vp, kauth_cred_t cred, uid_t file_uid, 1118 gid_t file_gid, mode_t file_mode, struct acl *aclp, accmode_t accmode) 1119 { 1120 int denied, explicitly_denied, access_mask, is_directory, 1121 must_be_owner = 0; 1122 file_mode = 0; 1123 1124 KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND | 1125 VEXPLICIT_DENY | VREAD_NAMED_ATTRS | VWRITE_NAMED_ATTRS | 1126 VDELETE_CHILD | VREAD_ATTRIBUTES | VWRITE_ATTRIBUTES | VDELETE | 1127 VREAD_ACL | VWRITE_ACL | VWRITE_OWNER | VSYNCHRONIZE)) == 0); 1128 KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE)); 1129 1130 #ifdef ACL_DEBUG 1131 char buf[128]; 1132 snprintb(buf, sizeof(buf), __VNODE_PERM_BITS, accmode); 1133 printf("%s: %s file_uid=%d file_gid=%d\n", __func__, buf, file_uid, file_gid); 1134 #endif 1135 1136 if (accmode & VADMIN) 1137 must_be_owner = 1; 1138 1139 /* 1140 * Ignore VSYNCHRONIZE permission. 1141 */ 1142 accmode &= ~VSYNCHRONIZE; 1143 1144 access_mask = _access_mask_from_accmode(accmode); 1145 1146 if (vp && vp->v_type == VDIR) 1147 is_directory = 1; 1148 else 1149 is_directory = 0; 1150 1151 /* 1152 * File owner is always allowed to read and write the ACL 1153 * and basic attributes. This is to prevent a situation 1154 * where user would change ACL in a way that prevents him 1155 * from undoing the change. 1156 */ 1157 if (kauth_cred_geteuid(cred) == file_uid) 1158 access_mask &= ~(ACL_READ_ACL | ACL_WRITE_ACL | 1159 ACL_READ_ATTRIBUTES | ACL_WRITE_ATTRIBUTES); 1160 1161 /* 1162 * Ignore append permission for regular files; use write 1163 * permission instead. 1164 */ 1165 if (!is_directory && (access_mask & ACL_APPEND_DATA)) { 1166 access_mask &= ~ACL_APPEND_DATA; 1167 access_mask |= ACL_WRITE_DATA; 1168 } 1169 1170 denied = _acl_denies(aclp, access_mask, cred, file_uid, file_gid, 1171 &explicitly_denied); 1172 1173 if (must_be_owner) { 1174 if (kauth_cred_geteuid(cred) != file_uid) 1175 denied = EPERM; 1176 } 1177 1178 /* 1179 * For VEXEC, ensure that at least one execute bit is set for 1180 * non-directories. We have to check the mode here to stay 1181 * consistent with execve(2). See the test in 1182 * exec_check_permissions(). 1183 */ 1184 __acl_nfs4_sync_mode_from_acl(&file_mode, aclp); 1185 if (!denied && !is_directory && (accmode & VEXEC) && 1186 (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) 1187 denied = EACCES; 1188 1189 if (!denied) 1190 return (0); 1191 1192 /* 1193 * Access failed. Iff it was not denied explicitly and 1194 * VEXPLICIT_DENY flag was specified, allow access. 1195 */ 1196 if ((accmode & VEXPLICIT_DENY) && explicitly_denied == 0) 1197 return (0); 1198 1199 accmode &= ~VEXPLICIT_DENY; 1200 1201 if (accmode & (VADMIN_PERMS | VDELETE_CHILD | VDELETE)) 1202 denied = EPERM; 1203 else 1204 denied = EACCES; 1205 1206 return (denied); 1207 } 1208 1209 /* 1210 * Common routine to check if chmod() is allowed. 1211 * 1212 * Policy: 1213 * - You must own the file, and 1214 * - You must not set the "sticky" bit (meaningless, see chmod(2)) 1215 * - You must be a member of the group if you're trying to set the 1216 * SGIDf bit 1217 * 1218 * vp - vnode of the file-system object 1219 * cred - credentials of the invoker 1220 * cur_uid, cur_gid - current uid/gid of the file-system object 1221 * new_mode - new mode for the file-system object 1222 * 1223 * Returns 0 if the change is allowed, or an error value otherwise. 1224 */ 1225 int 1226 genfs_can_chmod(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid, 1227 gid_t cur_gid, mode_t new_mode) 1228 { 1229 int error; 1230 1231 /* 1232 * To modify the permissions on a file, must possess VADMIN 1233 * for that file. 1234 */ 1235 if ((error = VOP_ACCESSX(vp, VWRITE_ACL, cred)) != 0) 1236 return (error); 1237 1238 /* 1239 * Unprivileged users can't set the sticky bit on files. 1240 */ 1241 if ((vp->v_type != VDIR) && (new_mode & S_ISTXT)) 1242 return (EFTYPE); 1243 1244 /* 1245 * If the invoker is trying to set the SGID bit on the file, 1246 * check group membership. 1247 */ 1248 if (new_mode & S_ISGID) { 1249 int ismember; 1250 1251 error = kauth_cred_ismember_gid(cred, cur_gid, 1252 &ismember); 1253 if (error || !ismember) 1254 return (EPERM); 1255 } 1256 1257 /* 1258 * Deny setting setuid if we are not the file owner. 1259 */ 1260 if ((new_mode & S_ISUID) && cur_uid != kauth_cred_geteuid(cred)) 1261 return (EPERM); 1262 1263 return (0); 1264 } 1265 1266 /* 1267 * Common routine to check if chown() is allowed. 1268 * 1269 * Policy: 1270 * - You must own the file, and 1271 * - You must not try to change ownership, and 1272 * - You must be member of the new group 1273 * 1274 * vp - vnode 1275 * cred - credentials of the invoker 1276 * cur_uid, cur_gid - current uid/gid of the file-system object 1277 * new_uid, new_gid - target uid/gid of the file-system object 1278 * 1279 * Returns 0 if the change is allowed, or an error value otherwise. 1280 */ 1281 int 1282 genfs_can_chown(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid, 1283 gid_t cur_gid, uid_t new_uid, gid_t new_gid) 1284 { 1285 int error, ismember; 1286 1287 /* 1288 * To modify the ownership of a file, must possess VADMIN for that 1289 * file. 1290 */ 1291 if ((error = VOP_ACCESSX(vp, VWRITE_OWNER, cred)) != 0) 1292 return (error); 1293 1294 /* 1295 * You can only change ownership of a file if: 1296 * You own the file and... 1297 */ 1298 if (kauth_cred_geteuid(cred) == cur_uid) { 1299 /* 1300 * You don't try to change ownership, and... 1301 */ 1302 if (new_uid != cur_uid) 1303 return (EPERM); 1304 1305 /* 1306 * You don't try to change group (no-op), or... 1307 */ 1308 if (new_gid == cur_gid) 1309 return (0); 1310 1311 /* 1312 * Your effective gid is the new gid, or... 1313 */ 1314 if (kauth_cred_getegid(cred) == new_gid) 1315 return (0); 1316 1317 /* 1318 * The new gid is one you're a member of. 1319 */ 1320 ismember = 0; 1321 error = kauth_cred_ismember_gid(cred, new_gid, 1322 &ismember); 1323 if (!error && ismember) 1324 return (0); 1325 } 1326 1327 return (EPERM); 1328 } 1329 1330 int 1331 genfs_can_chtimes(vnode_t *vp, kauth_cred_t cred, uid_t owner_uid, 1332 u_int vaflags) 1333 { 1334 int error; 1335 /* 1336 * Grant permission if the caller is the owner of the file, or 1337 * the super-user, or has ACL_WRITE_ATTRIBUTES permission on 1338 * on the file. If the time pointer is null, then write 1339 * permission on the file is also sufficient. 1340 * 1341 * From NFSv4.1, draft 21, 6.2.1.3.1, Discussion of Mask Attributes: 1342 * A user having ACL_WRITE_DATA or ACL_WRITE_ATTRIBUTES 1343 * will be allowed to set the times [..] to the current 1344 * server time. 1345 */ 1346 if ((error = VOP_ACCESSX(vp, VWRITE_ATTRIBUTES, cred)) != 0) 1347 return (error); 1348 1349 /* Must be owner, or... */ 1350 if (kauth_cred_geteuid(cred) == owner_uid) 1351 return (0); 1352 1353 /* set the times to the current time, and... */ 1354 if ((vaflags & VA_UTIMES_NULL) == 0) 1355 return (EPERM); 1356 1357 /* have write access. */ 1358 error = VOP_ACCESS(vp, VWRITE, cred); 1359 if (error) 1360 return (error); 1361 1362 return (0); 1363 } 1364 1365 /* 1366 * Common routine to check if chflags() is allowed. 1367 * 1368 * Policy: 1369 * - You must own the file, and 1370 * - You must not change system flags, and 1371 * - You must not change flags on character/block devices. 1372 * 1373 * vp - vnode 1374 * cred - credentials of the invoker 1375 * owner_uid - uid of the file-system object 1376 * changing_sysflags - true if the invoker wants to change system flags 1377 */ 1378 int 1379 genfs_can_chflags(vnode_t *vp, kauth_cred_t cred, 1380 uid_t owner_uid, bool changing_sysflags) 1381 { 1382 1383 /* The user must own the file. */ 1384 if (kauth_cred_geteuid(cred) != owner_uid) { 1385 return EPERM; 1386 } 1387 1388 if (changing_sysflags) { 1389 return EPERM; 1390 } 1391 1392 /* 1393 * Unprivileged users cannot change the flags on devices, even if they 1394 * own them. 1395 */ 1396 if (vp->v_type == VCHR || vp->v_type == VBLK) { 1397 return EPERM; 1398 } 1399 1400 return 0; 1401 } 1402 1403 /* 1404 * Common "sticky" policy. 1405 * 1406 * When a directory is "sticky" (as determined by the caller), this 1407 * function may help implementing the following policy: 1408 * - Renaming a file in it is only possible if the user owns the directory 1409 * or the file being renamed. 1410 * - Deleting a file from it is only possible if the user owns the 1411 * directory or the file being deleted. 1412 */ 1413 int 1414 genfs_can_sticky(vnode_t *vp, kauth_cred_t cred, uid_t dir_uid, uid_t file_uid) 1415 { 1416 if (kauth_cred_geteuid(cred) != dir_uid && 1417 kauth_cred_geteuid(cred) != file_uid) 1418 return EPERM; 1419 1420 return 0; 1421 } 1422 1423 int 1424 genfs_can_extattr(vnode_t *vp, kauth_cred_t cred, int accmode, 1425 int attrnamespace) 1426 { 1427 /* 1428 * Kernel-invoked always succeeds. 1429 */ 1430 if (cred == NOCRED) 1431 return 0; 1432 1433 switch (attrnamespace) { 1434 case EXTATTR_NAMESPACE_SYSTEM: 1435 return kauth_authorize_system(cred, KAUTH_SYSTEM_FS_EXTATTR, 1436 0, vp->v_mount, NULL, NULL); 1437 case EXTATTR_NAMESPACE_USER: 1438 return VOP_ACCESS(vp, accmode, cred); 1439 default: 1440 return EPERM; 1441 } 1442 } 1443 1444 int 1445 genfs_access(void *v) 1446 { 1447 struct vop_access_args *ap = v; 1448 1449 KASSERT((ap->a_accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | 1450 VAPPEND)) == 0); 1451 1452 return VOP_ACCESSX(ap->a_vp, ap->a_accmode, ap->a_cred); 1453 } 1454 1455 int 1456 genfs_accessx(void *v) 1457 { 1458 struct vop_accessx_args *ap = v; 1459 int error; 1460 accmode_t accmode = ap->a_accmode; 1461 error = vfs_unixify_accmode(&accmode); 1462 if (error != 0) 1463 return error; 1464 1465 if (accmode == 0) 1466 return 0; 1467 1468 return VOP_ACCESS(ap->a_vp, accmode, ap->a_cred); 1469 } 1470
Indexes created Thu Sep 25 16:09:42 GMT 2025