ext2fs_rename.c revision 1.2.2.2
1 /* $NetBSD: ext2fs_rename.c,v 1.2.2.2 2012/05/23 10:08:18 yamt Exp $ */ 2 3 /*- 4 * Copyright (c) 2012 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Taylor R Campbell. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * Ext2fs Rename 34 */ 35 36 #include <sys/cdefs.h> 37 __KERNEL_RCSID(0, "$NetBSD: ext2fs_rename.c,v 1.2.2.2 2012/05/23 10:08:18 yamt Exp $"); 38 39 #include <sys/param.h> 40 #include <sys/buf.h> 41 #include <sys/errno.h> 42 #include <sys/kauth.h> 43 #include <sys/mount.h> 44 #include <sys/namei.h> 45 #include <sys/vnode.h> 46 #include <sys/vnode_if.h> 47 48 #include <miscfs/genfs/genfs.h> 49 50 #include <ufs/ext2fs/ext2fs.h> 51 #include <ufs/ext2fs/ext2fs_dir.h> 52 #include <ufs/ext2fs/ext2fs_extern.h> 53 #include <ufs/ufs/inode.h> 54 #include <ufs/ufs/ufs_extern.h> 55 #include <ufs/ufs/ufsmount.h> 56 57 /* 58 * Forward declarations 59 */ 60 static int ext2fs_sane_rename(struct vnode *, struct componentname *, 61 struct vnode *, struct componentname *, 62 kauth_cred_t, bool); 63 static bool ext2fs_rename_ulr_overlap_p(const struct ufs_lookup_results *, 64 const struct ufs_lookup_results *); 65 static int ext2fs_rename_recalculate_fulr(struct vnode *, 66 struct ufs_lookup_results *, const struct ufs_lookup_results *, 67 const struct componentname *); 68 static bool ext2fs_rmdired_p(struct vnode *); 69 static int ext2fs_read_dotdot(struct vnode *, kauth_cred_t, ino_t *); 70 static int ext2fs_rename_replace_dotdot(struct vnode *, 71 struct vnode *, struct vnode *, kauth_cred_t); 72 static int ext2fs_gro_lock_directory(struct mount *, struct vnode *); 73 74 static const struct genfs_rename_ops ext2fs_genfs_rename_ops; 75 76 /* 77 * ext2fs_sane_rename: The hairiest vop, with the saner API. 78 * 79 * Arguments: 80 * 81 * . fdvp (from directory vnode), 82 * . fcnp (from component name), 83 * . tdvp (to directory vnode), 84 * . tcnp (to component name), 85 * . cred (credentials structure), and 86 * . posixly_correct (flag for behaviour if target & source link same file). 87 * 88 * fdvp and tdvp may be the same, and must be referenced and unlocked. 89 */ 90 static int 91 ext2fs_sane_rename( 92 struct vnode *fdvp, struct componentname *fcnp, 93 struct vnode *tdvp, struct componentname *tcnp, 94 kauth_cred_t cred, bool posixly_correct) 95 { 96 struct ufs_lookup_results fulr, tulr; 97 98 return genfs_sane_rename(&ext2fs_genfs_rename_ops, 99 fdvp, fcnp, &fulr, tdvp, tcnp, &tulr, 100 cred, posixly_correct); 101 } 102 103 /* 104 * ext2fs_rename: The hairiest vop, with the insanest API. Defer to 105 * genfs_insane_rename immediately. 106 */ 107 int 108 ext2fs_rename(void *v) 109 { 110 111 return genfs_insane_rename(v, &ext2fs_sane_rename); 112 } 113 114 /* 115 * ext2fs_gro_directory_empty_p: Return true if the directory vp is 116 * empty. dvp is its parent. 117 * 118 * vp and dvp must be locked and referenced. 119 */ 120 static bool 121 ext2fs_gro_directory_empty_p(struct mount *mp, kauth_cred_t cred, 122 struct vnode *vp, struct vnode *dvp) 123 { 124 125 (void)mp; 126 KASSERT(mp != NULL); 127 KASSERT(vp != NULL); 128 KASSERT(dvp != NULL); 129 KASSERT(vp != dvp); 130 KASSERT(vp->v_mount == mp); 131 KASSERT(dvp->v_mount == mp); 132 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 133 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 134 135 return ext2fs_dirempty(VTOI(vp), VTOI(dvp)->i_number, cred); 136 } 137 138 /* 139 * ext2fs_gro_rename_check_possible: Check whether a rename is possible 140 * independent of credentials. 141 */ 142 static int 143 ext2fs_gro_rename_check_possible(struct mount *mp, 144 struct vnode *fdvp, struct vnode *fvp, 145 struct vnode *tdvp, struct vnode *tvp) 146 { 147 148 (void)mp; 149 KASSERT(mp != NULL); 150 KASSERT(fdvp != NULL); 151 KASSERT(fvp != NULL); 152 KASSERT(tdvp != NULL); 153 KASSERT(fdvp != fvp); 154 KASSERT(fdvp != tvp); 155 KASSERT(tdvp != fvp); 156 KASSERT(tdvp != tvp); 157 KASSERT(fvp != tvp); 158 KASSERT(fdvp->v_type == VDIR); 159 KASSERT(tdvp->v_type == VDIR); 160 KASSERT(fdvp->v_mount == mp); 161 KASSERT(fvp->v_mount == mp); 162 KASSERT(tdvp->v_mount == mp); 163 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 164 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 165 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 166 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 167 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 168 169 return genfs_ufslike_rename_check_possible( 170 VTOI(fdvp)->i_e2fs_flags, VTOI(fvp)->i_e2fs_flags, 171 VTOI(tdvp)->i_e2fs_flags, (tvp? VTOI(tvp)->i_e2fs_flags : 0), 172 (tvp != NULL), 173 EXT2_IMMUTABLE, EXT2_APPEND); 174 } 175 176 /* 177 * ext2fs_gro_rename_check_permitted: Check whether a rename is 178 * permitted given our credentials. 179 */ 180 static int 181 ext2fs_gro_rename_check_permitted(struct mount *mp, kauth_cred_t cred, 182 struct vnode *fdvp, struct vnode *fvp, 183 struct vnode *tdvp, struct vnode *tvp) 184 { 185 186 (void)mp; 187 KASSERT(mp != NULL); 188 KASSERT(fdvp != NULL); 189 KASSERT(fvp != NULL); 190 KASSERT(tdvp != NULL); 191 KASSERT(fdvp != fvp); 192 KASSERT(fdvp != tvp); 193 KASSERT(tdvp != fvp); 194 KASSERT(tdvp != tvp); 195 KASSERT(fvp != tvp); 196 KASSERT(fdvp->v_type == VDIR); 197 KASSERT(tdvp->v_type == VDIR); 198 KASSERT(fdvp->v_mount == mp); 199 KASSERT(fvp->v_mount == mp); 200 KASSERT(tdvp->v_mount == mp); 201 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 202 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 203 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 204 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 205 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 206 207 return genfs_ufslike_rename_check_permitted(cred, 208 fdvp, VTOI(fdvp)->i_e2fs_mode, VTOI(fdvp)->i_uid, 209 fvp, VTOI(fvp)->i_uid, 210 tdvp, VTOI(tdvp)->i_e2fs_mode, VTOI(tdvp)->i_uid, 211 tvp, (tvp? VTOI(tvp)->i_uid : 0)); 212 } 213 214 /* 215 * ext2fs_gro_remove_check_possible: Check whether a remove is possible 216 * independent of credentials. 217 */ 218 static int 219 ext2fs_gro_remove_check_possible(struct mount *mp, 220 struct vnode *dvp, struct vnode *vp) 221 { 222 223 (void)mp; 224 KASSERT(mp != NULL); 225 KASSERT(dvp != NULL); 226 KASSERT(vp != NULL); 227 KASSERT(dvp != vp); 228 KASSERT(dvp->v_type == VDIR); 229 KASSERT(vp->v_type != VDIR); 230 KASSERT(dvp->v_mount == mp); 231 KASSERT(vp->v_mount == mp); 232 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 233 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 234 235 return genfs_ufslike_remove_check_possible( 236 VTOI(dvp)->i_e2fs_flags, VTOI(vp)->i_e2fs_flags, 237 EXT2_IMMUTABLE, EXT2_APPEND); 238 } 239 240 /* 241 * ext2fs_gro_remove_check_permitted: Check whether a remove is 242 * permitted given our credentials. 243 */ 244 static int 245 ext2fs_gro_remove_check_permitted(struct mount *mp, kauth_cred_t cred, 246 struct vnode *dvp, struct vnode *vp) 247 { 248 249 (void)mp; 250 KASSERT(mp != NULL); 251 KASSERT(dvp != NULL); 252 KASSERT(vp != NULL); 253 KASSERT(dvp != vp); 254 KASSERT(dvp->v_type == VDIR); 255 KASSERT(vp->v_type != VDIR); 256 KASSERT(dvp->v_mount == mp); 257 KASSERT(vp->v_mount == mp); 258 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 259 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 260 261 return genfs_ufslike_remove_check_permitted(cred, 262 dvp, VTOI(dvp)->i_e2fs_mode, VTOI(dvp)->i_uid, 263 vp, VTOI(vp)->i_uid); 264 } 265 266 /* 267 * ext2fs_gro_rename: Actually perform the rename operation. 268 */ 269 static int 270 ext2fs_gro_rename(struct mount *mp, kauth_cred_t cred, 271 struct vnode *fdvp, struct componentname *fcnp, 272 void *fde, struct vnode *fvp, 273 struct vnode *tdvp, struct componentname *tcnp, 274 void *tde, struct vnode *tvp) 275 { 276 struct ufs_lookup_results *fulr = fde; 277 struct ufs_lookup_results *tulr = tde; 278 bool directory_p, reparent_p; 279 int error; 280 281 (void)mp; 282 KASSERT(mp != NULL); 283 KASSERT(fdvp != NULL); 284 KASSERT(fcnp != NULL); 285 KASSERT(fulr != NULL); 286 KASSERT(fvp != NULL); 287 KASSERT(tdvp != NULL); 288 KASSERT(tcnp != NULL); 289 KASSERT(tulr != NULL); 290 KASSERT(fulr != tulr); 291 KASSERT(fdvp != fvp); 292 KASSERT(fdvp != tvp); 293 KASSERT(tdvp != fvp); 294 KASSERT(tdvp != tvp); 295 KASSERT(fvp != tvp); 296 KASSERT(fdvp->v_mount == mp); 297 KASSERT(fvp->v_mount == mp); 298 KASSERT(tdvp->v_mount == mp); 299 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 300 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 301 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 302 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 303 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 304 305 /* 306 * We shall need to temporarily bump the link count, so make 307 * sure there is room to do so. 308 */ 309 if ((nlink_t)VTOI(fvp)->i_e2fs_nlink >= LINK_MAX) 310 return EMLINK; 311 312 /* 313 * XXX There is a pile of logic here to handle a voodoo flag 314 * IN_RENAME. I think this is a vestige of days when the file 315 * system hackers didn't understand concurrency or race 316 * conditions; I believe it serves no useful function 317 * whatsoever. 318 */ 319 320 directory_p = (fvp->v_type == VDIR); 321 KASSERT(directory_p == ((VTOI(fvp)->i_e2fs_mode & IFMT) == IFDIR)); 322 KASSERT((tvp == NULL) || (directory_p == (tvp->v_type == VDIR))); 323 KASSERT((tvp == NULL) || (directory_p == 324 ((VTOI(tvp)->i_e2fs_mode & IFMT) == IFDIR))); 325 if (directory_p) { 326 if (VTOI(fvp)->i_flag & IN_RENAME) 327 return EINVAL; 328 VTOI(fvp)->i_flag |= IN_RENAME; 329 } 330 331 reparent_p = (fdvp != tdvp); 332 KASSERT(reparent_p == (VTOI(fdvp)->i_number != VTOI(tdvp)->i_number)); 333 334 /* 335 * Commence hacking of the data on disk. 336 */ 337 338 /* 339 * 1) Bump link count while we're moving stuff 340 * around. If we crash somewhere before 341 * completing our work, the link count 342 * may be wrong, but correctable. 343 */ 344 345 KASSERT((nlink_t)VTOI(fvp)->i_e2fs_nlink < LINK_MAX); 346 VTOI(fvp)->i_e2fs_nlink++; 347 VTOI(fvp)->i_flag |= IN_CHANGE; 348 error = ext2fs_update(fvp, NULL, NULL, UPDATE_WAIT); 349 if (error) 350 goto whymustithurtsomuch; 351 352 /* 353 * 2) If target doesn't exist, link the target 354 * to the source and unlink the source. 355 * Otherwise, rewrite the target directory 356 * entry to reference the source inode and 357 * expunge the original entry's existence. 358 */ 359 360 if (tvp == NULL) { 361 /* 362 * Account for ".." in new directory. 363 * When source and destination have the same 364 * parent we don't fool with the link count. 365 */ 366 if (directory_p && reparent_p) { 367 if ((nlink_t)VTOI(tdvp)->i_e2fs_nlink >= LINK_MAX) { 368 error = EMLINK; 369 goto whymustithurtsomuch; 370 } 371 KASSERT((nlink_t)VTOI(tdvp)->i_e2fs_nlink < LINK_MAX); 372 VTOI(tdvp)->i_e2fs_nlink++; 373 VTOI(tdvp)->i_flag |= IN_CHANGE; 374 error = ext2fs_update(tdvp, NULL, NULL, UPDATE_WAIT); 375 if (error) { 376 /* 377 * Link count update didn't take -- 378 * back out the in-memory link count. 379 */ 380 KASSERT(0 < VTOI(tdvp)->i_e2fs_nlink); 381 VTOI(tdvp)->i_e2fs_nlink--; 382 VTOI(tdvp)->i_flag |= IN_CHANGE; 383 goto whymustithurtsomuch; 384 } 385 } 386 387 error = ext2fs_direnter(VTOI(fvp), tdvp, tulr, tcnp); 388 if (error) { 389 if (directory_p && reparent_p) { 390 /* 391 * Directory update didn't take, but 392 * the link count update did -- back 393 * out the in-memory link count and the 394 * on-disk link count. 395 */ 396 KASSERT(0 < VTOI(tdvp)->i_e2fs_nlink); 397 VTOI(tdvp)->i_e2fs_nlink--; 398 VTOI(tdvp)->i_flag |= IN_CHANGE; 399 (void)ext2fs_update(tdvp, NULL, NULL, 400 UPDATE_WAIT); 401 } 402 goto whymustithurtsomuch; 403 } 404 } else { 405 if (directory_p) 406 /* XXX WTF? Why purge here? Why not purge others? */ 407 cache_purge(tdvp); 408 409 /* 410 * Make the target directory's entry for tcnp point at 411 * the source node. 412 */ 413 error = ext2fs_dirrewrite(VTOI(tdvp), tulr, VTOI(fvp), tcnp); 414 if (error) 415 goto whymustithurtsomuch; 416 417 /* 418 * If the source and target are directories, and the 419 * target is in the same directory as the source, 420 * decrement the link count of the common parent 421 * directory, since we are removing the target from 422 * that directory. 423 */ 424 if (directory_p && !reparent_p) { 425 KASSERT(fdvp == tdvp); 426 /* XXX check, don't kassert */ 427 KASSERT(0 < VTOI(tdvp)->i_e2fs_nlink); 428 VTOI(tdvp)->i_e2fs_nlink--; 429 VTOI(tdvp)->i_flag |= IN_CHANGE; 430 } 431 432 /* 433 * Adjust the link count of the target to 434 * reflect the dirrewrite above. If this is 435 * a directory it is empty and there are 436 * no links to it, so we can squash the inode and 437 * any space associated with it. We disallowed 438 * renaming over top of a directory with links to 439 * it above, as the remaining link would point to 440 * a directory without "." or ".." entries. 441 */ 442 /* XXX check, don't kassert */ 443 KASSERT(0 < VTOI(tvp)->i_e2fs_nlink); 444 VTOI(tvp)->i_e2fs_nlink--; 445 if (directory_p) { 446 /* 447 * XXX The ext2fs_dirempty call earlier does 448 * not guarantee anything about nlink. 449 */ 450 if (VTOI(tvp)->i_e2fs_nlink != 1) 451 ufs_dirbad(VTOI(tvp), (doff_t)0, 452 "hard-linked directory"); 453 VTOI(tvp)->i_e2fs_nlink = 0; 454 error = ext2fs_truncate(tvp, (off_t)0, IO_SYNC, cred); 455 #if 0 /* XXX This branch was not in ext2fs_rename! */ 456 if (error) 457 goto whymustithurtsomuch; 458 #endif 459 } 460 /* 461 * XXX Why is this here, and not above the preceding 462 * conditional? 463 */ 464 VTOI(tvp)->i_flag |= IN_CHANGE; 465 } 466 467 /* 468 * If the source is a directory with a new parent, the link 469 * count of the old parent directory must be decremented and 470 * ".." set to point to the new parent. 471 */ 472 if (directory_p && reparent_p) { 473 error = ext2fs_rename_replace_dotdot(fvp, fdvp, tdvp, cred); 474 if (error) 475 goto whymustithurtsomuch; 476 477 /* XXX WTF? Why purge here? Why not purge others? */ 478 cache_purge(fdvp); 479 } 480 481 /* 482 * 3) Unlink the source. 483 */ 484 485 /* 486 * ext2fs_direnter may compact the directory in the process of 487 * inserting a new entry. That may invalidate fulr, which we 488 * need in order to remove the old entry. In that case, we 489 * need to recalculate what fulr should be. 490 * 491 * XXX I believe this is necessary only if tvp == NULL as well. 492 */ 493 if (!reparent_p && ext2fs_rename_ulr_overlap_p(fulr, tulr)) { 494 error = ext2fs_rename_recalculate_fulr(fdvp, fulr, tulr, fcnp); 495 #if 0 /* XXX */ 496 if (error) /* XXX Try to back out changes? */ 497 goto whymustithurtsomuch; 498 #endif 499 } 500 501 error = ext2fs_dirremove(fdvp, fulr, fcnp); 502 if (error) 503 goto whymustithurtsomuch; 504 505 /* 506 * XXX Perhaps this should go at the top, in case the file 507 * system is modified but incompletely so because of an 508 * intermediate error. 509 */ 510 genfs_rename_knote(fdvp, fvp, tdvp, tvp, 511 ((tvp != NULL) && (VTOI(tvp)->i_e2fs_nlink == 0))); 512 #if 0 /* XXX */ 513 genfs_rename_cache_purge(fdvp, fvp, tdvp, tvp); 514 #endif 515 516 whymustithurtsomuch: 517 KASSERT(0 < VTOI(fvp)->i_e2fs_nlink); 518 VTOI(fvp)->i_e2fs_nlink--; 519 VTOI(fvp)->i_flag |= IN_CHANGE; 520 if (directory_p) 521 VTOI(fvp)->i_flag &=~ IN_RENAME; 522 return error; 523 } 524 525 /* 526 * ext2fs_rename_ulr_overlap_p: True iff tulr overlaps with fulr so 527 * that entering a directory entry at tulr may move fulr. 528 */ 529 static bool 530 ext2fs_rename_ulr_overlap_p(const struct ufs_lookup_results *fulr, 531 const struct ufs_lookup_results *tulr) 532 { 533 doff_t from_prev_start, from_prev_end, to_start, to_end; 534 535 KASSERT(fulr != NULL); 536 KASSERT(tulr != NULL); 537 KASSERT(fulr != tulr); 538 539 /* 540 * fulr is from a DELETE lookup, so fulr->ulr_count is the size 541 * of the preceding entry (d_reclen). 542 */ 543 from_prev_end = fulr->ulr_offset; 544 KASSERT(fulr->ulr_count <= from_prev_end); 545 from_prev_start = (from_prev_end - fulr->ulr_count); 546 547 /* 548 * tulr is from a RENAME lookup, so tulr->ulr_count is the size 549 * of the free space for an entry that we are about to fill. 550 */ 551 to_start = tulr->ulr_offset; 552 KASSERT(tulr->ulr_count < (EXT2FS_MAXDIRSIZE - to_start)); 553 to_end = (to_start + tulr->ulr_count); 554 555 return 556 (((to_start <= from_prev_start) && (from_prev_start < to_end)) || 557 ((to_start <= from_prev_end) && (from_prev_end < to_end))); 558 } 559 560 /* 561 * ext2fs_rename_recalculate_fulr: If we have just entered a directory 562 * into dvp at tulr, and we were about to remove one at fulr for an 563 * entry named fcnp, fulr may be invalid. So, if necessary, 564 * recalculate it. 565 */ 566 static int 567 ext2fs_rename_recalculate_fulr(struct vnode *dvp, 568 struct ufs_lookup_results *fulr, const struct ufs_lookup_results *tulr, 569 const struct componentname *fcnp) 570 { 571 struct mount *mp; 572 struct ufsmount *ump; 573 /* XXX int is a silly type for this; blame ufsmount::um_dirblksiz. */ 574 int directory_block_mask; 575 unsigned long io_block_mask; 576 doff_t offset; /* Offset of entry we're examining. */ 577 doff_t search_end; /* Limit to our search. */ 578 struct buf *bp; /* I/O block we're examining. */ 579 char *dirbuf; /* Pointer into bp's data. */ 580 doff_t dirbuf_offset; /* Offset of dirbuf from directory start. */ 581 struct ext2fs_direct *ep; /* Pointer to the entry we're examining. */ 582 /* XXX direct::d_reclen is 16-bit; 583 * ufs_lookup_results::ulr_reclen is 32-bit. Blah. */ 584 uint32_t reclen; /* Length of the entry we're examining. */ 585 uint32_t prev_reclen; /* Length of the preceding entry. */ 586 int error; 587 588 KASSERT(dvp != NULL); 589 KASSERT(dvp->v_mount != NULL); 590 KASSERT(VTOI(dvp) != NULL); 591 KASSERT(fulr != NULL); 592 KASSERT(tulr != NULL); 593 KASSERT(fulr != tulr); 594 KASSERT(ext2fs_rename_ulr_overlap_p(fulr, tulr)); 595 596 mp = dvp->v_mount; 597 ump = VFSTOUFS(mp); 598 KASSERT(ump != NULL); 599 KASSERT(ump == VTOI(dvp)->i_ump); 600 601 KASSERT(0 < ump->um_dirblksiz); 602 KASSERT((ump->um_dirblksiz & (ump->um_dirblksiz - 1)) == 0); 603 directory_block_mask = (ump->um_dirblksiz - 1); 604 605 KASSERT(0 < mp->mnt_stat.f_iosize); 606 KASSERT((mp->mnt_stat.f_iosize & (mp->mnt_stat.f_iosize - 1)) == 0); 607 io_block_mask = (mp->mnt_stat.f_iosize - 1); 608 609 offset = tulr->ulr_offset; 610 KASSERT(fulr->ulr_reclen < (EXT2FS_MAXDIRSIZE - fulr->ulr_offset)); 611 search_end = (fulr->ulr_offset + fulr->ulr_reclen); 612 613 dirbuf = NULL; 614 bp = NULL; 615 dirbuf_offset = offset; 616 error = ext2fs_blkatoff(dvp, (off_t)dirbuf_offset, &dirbuf, &bp); 617 if (error) 618 return error; 619 KASSERT(dirbuf != NULL); 620 KASSERT(bp != NULL); 621 622 prev_reclen = fulr->ulr_count; 623 624 /* 625 * Search from offset to search_end for the entry matching 626 * fcnp, which must be there because we found it before and it 627 * should only at most have moved earlier. 628 */ 629 for (;;) { 630 KASSERT(offset < search_end); 631 632 /* 633 * If we are at an I/O block boundary, fetch the next block. 634 */ 635 if ((offset & io_block_mask) == 0) { 636 #ifdef DIAGNOSTIC /* XXX */ 637 printf("%s: directory block of inode 0x%llx" 638 " extends across I/O block boundary," 639 " which shouldn't happen!\n", 640 mp->mnt_stat.f_mntonname, 641 (unsigned long long)VTOI(dvp)->i_number); 642 #endif 643 brelse(bp, 0); 644 dirbuf = NULL; 645 bp = NULL; 646 dirbuf_offset = offset; 647 error = ext2fs_blkatoff(dvp, (off_t)dirbuf_offset, 648 &dirbuf, &bp); 649 if (error) 650 return error; 651 KASSERT(dirbuf != NULL); 652 KASSERT(bp != NULL); 653 } 654 655 /* 656 * Examine the directory entry at offset. 657 */ 658 KASSERT(dirbuf_offset <= offset); 659 ep = (struct ext2fs_direct *) 660 (dirbuf + (offset - dirbuf_offset)); 661 reclen = fs2h16(ep->e2d_reclen); 662 663 if (ep->e2d_ino == 0) 664 goto next; /* Entry is unused. */ 665 666 if (fs2h32(ep->e2d_ino) == WINO) 667 goto next; /* Entry is whiteout. */ 668 669 if (fcnp->cn_namelen != ep->e2d_namlen) 670 goto next; /* Wrong name length. */ 671 672 if (memcmp(ep->e2d_name, fcnp->cn_nameptr, fcnp->cn_namelen)) 673 goto next; /* Wrong name. */ 674 675 /* Got it! */ 676 break; 677 678 next: 679 if (! ((reclen < search_end) && 680 (offset < (search_end - reclen)))) { 681 brelse(bp, 0); 682 return EIO; /* XXX Panic? What? */ 683 } 684 685 KASSERT(reclen < search_end); 686 KASSERT(offset < (search_end - reclen)); 687 prev_reclen = reclen; 688 offset += reclen; 689 } 690 691 /* 692 * Found the entry. Record where. 693 */ 694 fulr->ulr_offset = offset; 695 fulr->ulr_reclen = reclen; 696 697 /* 698 * Record the preceding record length, but not if we're at the 699 * start of a directory block. 700 */ 701 fulr->ulr_count = ((offset & directory_block_mask)? prev_reclen : 0); 702 703 brelse(bp, 0); 704 return 0; 705 } 706 707 /* 708 * ext2fs_gro_remove: Rename an object over another link to itself, 709 * effectively removing just the original link. 710 */ 711 static int 712 ext2fs_gro_remove(struct mount *mp, kauth_cred_t cred, 713 struct vnode *dvp, struct componentname *cnp, void *de, struct vnode *vp) 714 { 715 struct ufs_lookup_results *ulr = de; 716 int error; 717 718 (void)mp; 719 KASSERT(mp != NULL); 720 KASSERT(dvp != NULL); 721 KASSERT(cnp != NULL); 722 KASSERT(ulr != NULL); 723 KASSERT(vp != NULL); 724 KASSERT(dvp != vp); 725 KASSERT(dvp->v_mount == mp); 726 KASSERT(vp->v_mount == mp); 727 KASSERT(dvp->v_type == VDIR); 728 KASSERT(vp->v_type != VDIR); 729 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 730 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 731 732 error = ext2fs_dirremove(dvp, ulr, cnp); 733 if (error) 734 return error; 735 736 KASSERT(0 < VTOI(vp)->i_e2fs_nlink); 737 VTOI(vp)->i_e2fs_nlink--; 738 VTOI(vp)->i_flag |= IN_CHANGE; 739 740 VN_KNOTE(dvp, NOTE_WRITE); 741 VN_KNOTE(vp, (VTOI(vp)->i_e2fs_nlink? NOTE_LINK : NOTE_DELETE)); 742 743 return 0; 744 } 745 746 /* 747 * ext2fs_gro_lookup: Look up and save the lookup results. 748 */ 749 static int 750 ext2fs_gro_lookup(struct mount *mp, struct vnode *dvp, 751 struct componentname *cnp, void *de_ret, struct vnode **vp_ret) 752 { 753 struct ufs_lookup_results *ulr_ret = de_ret; 754 struct vnode *vp; 755 int error; 756 757 (void)mp; 758 KASSERT(mp != NULL); 759 KASSERT(dvp != NULL); 760 KASSERT(cnp != NULL); 761 KASSERT(ulr_ret != NULL); 762 KASSERT(vp_ret != NULL); 763 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 764 765 /* Kludge cargo-culted from dholland's ufs_rename. */ 766 cnp->cn_flags &=~ MODMASK; 767 cnp->cn_flags |= (LOCKPARENT | LOCKLEAF); 768 769 error = relookup(dvp, &vp, cnp, 0 /* dummy */); 770 if ((error == 0) && (vp == NULL)) { 771 error = ENOENT; 772 goto out; 773 } else if (error) { 774 return error; 775 } 776 777 /* 778 * Thanks to VFS insanity, relookup locks vp, which screws us 779 * in various ways. 780 */ 781 KASSERT(vp != NULL); 782 VOP_UNLOCK(vp); 783 784 out: *ulr_ret = VTOI(dvp)->i_crap; 785 *vp_ret = vp; 786 return error; 787 } 788 789 /* 790 * ext2fs_rmdired_p: Check whether the directory vp has been rmdired. 791 * 792 * vp must be locked and referenced. 793 */ 794 static bool 795 ext2fs_rmdired_p(struct vnode *vp) 796 { 797 798 KASSERT(vp != NULL); 799 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 800 KASSERT(vp->v_type == VDIR); 801 802 /* XXX Is this correct? */ 803 return (ext2fs_size(VTOI(vp)) == 0); 804 } 805 806 /* 807 * ext2fs_gro_genealogy: Analyze the genealogy of the source and target 808 * directories. 809 */ 810 static int 811 ext2fs_gro_genealogy(struct mount *mp, kauth_cred_t cred, 812 struct vnode *fdvp, struct vnode *tdvp, 813 struct vnode **intermediate_node_ret) 814 { 815 struct vnode *vp, *dvp; 816 ino_t dotdot_ino; 817 int error; 818 819 KASSERT(mp != NULL); 820 KASSERT(fdvp != NULL); 821 KASSERT(tdvp != NULL); 822 KASSERT(fdvp != tdvp); 823 KASSERT(intermediate_node_ret != NULL); 824 KASSERT(fdvp->v_mount == mp); 825 KASSERT(tdvp->v_mount == mp); 826 KASSERT(fdvp->v_type == VDIR); 827 KASSERT(tdvp->v_type == VDIR); 828 829 /* 830 * We need to provisionally lock tdvp to keep rmdir from 831 * deleting it -- or any ancestor -- at an inopportune moment. 832 */ 833 error = ext2fs_gro_lock_directory(mp, tdvp); 834 if (error) 835 return error; 836 837 vp = tdvp; 838 vref(vp); 839 840 for (;;) { 841 KASSERT(vp != NULL); 842 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 843 KASSERT(vp->v_mount == mp); 844 KASSERT(vp->v_type == VDIR); 845 KASSERT(!ext2fs_rmdired_p(vp)); 846 847 /* Did we hit the root without finding fdvp? */ 848 if (VTOI(vp)->i_number == ROOTINO) { 849 vput(vp); 850 *intermediate_node_ret = NULL; 851 return 0; 852 } 853 854 error = ext2fs_read_dotdot(vp, cred, &dotdot_ino); 855 if (error) { 856 vput(vp); 857 return error; 858 } 859 860 /* Did we find that fdvp is an ancestor of tdvp? */ 861 if (VTOI(fdvp)->i_number == dotdot_ino) { 862 /* Unlock vp, but keep it referenced. */ 863 VOP_UNLOCK(vp); 864 *intermediate_node_ret = vp; 865 return 0; 866 } 867 868 /* Neither -- keep ascending the family tree. */ 869 870 /* 871 * Unlock vp so that we can lock the parent, but keep 872 * vp referenced until after we have found the parent, 873 * so that dotdot_ino will not be recycled. 874 * 875 * XXX This guarantees that vp's inode number will not 876 * be recycled, but why can't dotdot_ino be recycled? 877 */ 878 VOP_UNLOCK(vp); 879 error = VFS_VGET(mp, dotdot_ino, &dvp); 880 vrele(vp); 881 if (error) 882 return error; 883 884 KASSERT(dvp != NULL); 885 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 886 vp = dvp; 887 888 if (vp->v_type != VDIR) { 889 /* 890 * XXX Panic? Print a warning? Can this 891 * happen if we lose the race I suspect to 892 * exist above, and the `..' inode number has 893 * been recycled? 894 */ 895 vput(vp); 896 return ENOTDIR; 897 } 898 899 if (ext2fs_rmdired_p(vp)) { 900 vput(vp); 901 return ENOENT; 902 } 903 } 904 } 905 906 /* 907 * ext2fs_read_dotdot: Store in *ino_ret the inode number of the parent 908 * of the directory vp. 909 */ 910 static int 911 ext2fs_read_dotdot(struct vnode *vp, kauth_cred_t cred, ino_t *ino_ret) 912 { 913 struct ext2fs_dirtemplate dirbuf; 914 int error; 915 916 KASSERT(vp != NULL); 917 KASSERT(ino_ret != NULL); 918 KASSERT(vp->v_type == VDIR); 919 920 error = vn_rdwr(UIO_READ, vp, &dirbuf, sizeof dirbuf, (off_t)0, 921 UIO_SYSSPACE, IO_NODELOCKED, cred, NULL, NULL); 922 if (error) 923 return error; 924 925 if (dirbuf.dotdot_namlen != 2 || 926 dirbuf.dotdot_name[0] != '.' || 927 dirbuf.dotdot_name[1] != '.') 928 /* XXX Panic? Print warning? */ 929 return ENOTDIR; 930 931 *ino_ret = fs2h32(dirbuf.dotdot_ino); 932 return 0; 933 } 934 935 /* 936 * ext2fs_rename_replace_dotdot: Change the target of the `..' entry of 937 * the directory vp from fdvp to tdvp. 938 */ 939 static int 940 ext2fs_rename_replace_dotdot(struct vnode *vp, 941 struct vnode *fdvp, struct vnode *tdvp, 942 kauth_cred_t cred) 943 { 944 struct ext2fs_dirtemplate dirbuf; 945 int error; 946 947 /* XXX Does it make sense to do this before the sanity checks below? */ 948 KASSERT(0 < VTOI(fdvp)->i_e2fs_nlink); 949 VTOI(fdvp)->i_e2fs_nlink--; 950 VTOI(fdvp)->i_flag |= IN_CHANGE; 951 952 error = vn_rdwr(UIO_READ, vp, &dirbuf, sizeof dirbuf, (off_t)0, 953 UIO_SYSSPACE, IO_NODELOCKED, cred, NULL, NULL); 954 if (error) 955 return error; 956 957 if (dirbuf.dotdot_namlen != 2 || 958 dirbuf.dotdot_name[0] != '.' || 959 dirbuf.dotdot_name[1] != '.') { 960 ufs_dirbad(VTOI(vp), (doff_t)12, "bad `..' entry"); 961 return 0; 962 } 963 964 if (fs2h32(dirbuf.dotdot_ino) != VTOI(fdvp)->i_number) { 965 ufs_dirbad(VTOI(vp), (doff_t)12, 966 "`..' does not point at parent"); 967 return 0; 968 } 969 970 dirbuf.dotdot_ino = h2fs32(VTOI(tdvp)->i_number); 971 /* XXX WTF? Why not check error? */ 972 (void)vn_rdwr(UIO_WRITE, vp, &dirbuf, sizeof dirbuf, (off_t)0, 973 UIO_SYSSPACE, (IO_NODELOCKED | IO_SYNC), cred, NULL, NULL); 974 975 return 0; 976 } 977 978 /* 979 * ext2fs_gro_lock_directory: Lock the directory vp, but fail if it has 980 * been rmdir'd. 981 */ 982 static int 983 ext2fs_gro_lock_directory(struct mount *mp, struct vnode *vp) 984 { 985 986 (void)mp; 987 KASSERT(mp != NULL); 988 KASSERT(vp != NULL); 989 KASSERT(vp->v_mount == mp); 990 991 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 992 993 if (ext2fs_rmdired_p(vp)) { 994 VOP_UNLOCK(vp); 995 return ENOENT; 996 } 997 998 return 0; 999 } 1000 1001 static const struct genfs_rename_ops ext2fs_genfs_rename_ops = { 1002 .gro_directory_empty_p = ext2fs_gro_directory_empty_p, 1003 .gro_rename_check_possible = ext2fs_gro_rename_check_possible, 1004 .gro_rename_check_permitted = ext2fs_gro_rename_check_permitted, 1005 .gro_remove_check_possible = ext2fs_gro_remove_check_possible, 1006 .gro_remove_check_permitted = ext2fs_gro_remove_check_permitted, 1007 .gro_rename = ext2fs_gro_rename, 1008 .gro_remove = ext2fs_gro_remove, 1009 .gro_lookup = ext2fs_gro_lookup, 1010 .gro_genealogy = ext2fs_gro_genealogy, 1011 .gro_lock_directory = ext2fs_gro_lock_directory, 1012 }; 1013
Indexes created Thu Oct 02 10:09:58 GMT 2025