lfs_rename.c revision 1.24
1 /* $NetBSD: lfs_rename.c,v 1.24 2020/09/05 16:30:13 riastradh Exp $ */ 2 /* from NetBSD: ufs_rename.c,v 1.12 2015/03/27 17:27:56 riastradh Exp */ 3 4 /*- 5 * Copyright (c) 2012 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Taylor R Campbell. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 /*- 33 * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. 34 * All rights reserved. 35 * 36 * This code is derived from software contributed to The NetBSD Foundation 37 * by Konrad E. Schroder <perseant (at) hhhh.org>. 38 * 39 * Redistribution and use in source and binary forms, with or without 40 * modification, are permitted provided that the following conditions 41 * are met: 42 * 1. Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * 2. Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in the 46 * documentation and/or other materials provided with the distribution. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 49 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 50 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 52 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 53 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 54 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 55 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 56 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 57 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 58 * POSSIBILITY OF SUCH DAMAGE. 59 */ 60 /* 61 * Copyright (c) 1986, 1989, 1991, 1993, 1995 62 * The Regents of the University of California. All rights reserved. 63 * 64 * Redistribution and use in source and binary forms, with or without 65 * modification, are permitted provided that the following conditions 66 * are met: 67 * 1. Redistributions of source code must retain the above copyright 68 * notice, this list of conditions and the following disclaimer. 69 * 2. Redistributions in binary form must reproduce the above copyright 70 * notice, this list of conditions and the following disclaimer in the 71 * documentation and/or other materials provided with the distribution. 72 * 3. Neither the name of the University nor the names of its contributors 73 * may be used to endorse or promote products derived from this software 74 * without specific prior written permission. 75 * 76 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 77 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 78 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 79 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 80 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 81 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 82 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 83 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 84 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 85 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 86 * SUCH DAMAGE. 87 * 88 * @(#)lfs_vnops.c 8.13 (Berkeley) 6/10/95 89 */ 90 91 #include <sys/cdefs.h> 92 __KERNEL_RCSID(0, "$NetBSD: lfs_rename.c,v 1.24 2020/09/05 16:30:13 riastradh Exp $"); 93 94 #include <sys/param.h> 95 #include <sys/systm.h> 96 #include <sys/errno.h> 97 #include <sys/namei.h> 98 #include <sys/resourcevar.h> 99 #include <sys/kernel.h> 100 #include <sys/file.h> 101 #include <sys/stat.h> 102 #include <sys/buf.h> 103 #include <sys/proc.h> 104 #include <sys/mount.h> 105 #include <sys/vnode.h> 106 #include <sys/vnode_if.h> 107 #include <sys/pool.h> 108 #include <sys/signalvar.h> 109 #include <sys/kauth.h> 110 #include <sys/syslog.h> 111 112 #include <miscfs/fifofs/fifo.h> 113 #include <miscfs/genfs/genfs.h> 114 #include <miscfs/specfs/specdev.h> 115 116 #include <ufs/lfs/ulfs_inode.h> 117 #include <ufs/lfs/ulfsmount.h> 118 #include <ufs/lfs/ulfs_bswap.h> 119 #include <ufs/lfs/ulfs_extern.h> 120 121 #include <ufs/lfs/lfs.h> 122 #include <ufs/lfs/lfs_accessors.h> 123 #include <ufs/lfs/lfs_extern.h> 124 125 /* 126 * ulfs_gro_directory_empty_p: Return true if the directory vp is 127 * empty. dvp is its parent. 128 * 129 * vp and dvp must be locked and referenced. 130 */ 131 static bool 132 ulfs_gro_directory_empty_p(struct mount *mp, kauth_cred_t cred, 133 struct vnode *vp, struct vnode *dvp) 134 { 135 136 (void)mp; 137 KASSERT(mp != NULL); 138 KASSERT(vp != NULL); 139 KASSERT(dvp != NULL); 140 KASSERT(vp != dvp); 141 KASSERT(vp->v_mount == mp); 142 KASSERT(dvp->v_mount == mp); 143 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 144 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 145 146 return ulfs_dirempty(VTOI(vp), VTOI(dvp)->i_number, cred); 147 } 148 149 /* 150 * ulfs_gro_rename_check_possible: Check whether a rename is possible 151 * independent of credentials. 152 */ 153 static int 154 ulfs_gro_rename_check_possible(struct mount *mp, 155 struct vnode *fdvp, struct vnode *fvp, 156 struct vnode *tdvp, struct vnode *tvp) 157 { 158 159 (void)mp; 160 KASSERT(mp != NULL); 161 KASSERT(fdvp != NULL); 162 KASSERT(fvp != NULL); 163 KASSERT(tdvp != NULL); 164 KASSERT(fdvp != fvp); 165 KASSERT(fdvp != tvp); 166 KASSERT(tdvp != fvp); 167 KASSERT(tdvp != tvp); 168 KASSERT(fvp != tvp); 169 KASSERT(fdvp->v_type == VDIR); 170 KASSERT(tdvp->v_type == VDIR); 171 KASSERT(fdvp->v_mount == mp); 172 KASSERT(fvp->v_mount == mp); 173 KASSERT(tdvp->v_mount == mp); 174 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 175 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 176 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 177 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 178 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 179 180 return genfs_ufslike_rename_check_possible( 181 VTOI(fdvp)->i_flags, VTOI(fvp)->i_flags, 182 VTOI(tdvp)->i_flags, (tvp? VTOI(tvp)->i_flags : 0), 183 (tvp != NULL), 184 IMMUTABLE, APPEND); 185 } 186 187 /* 188 * ulfs_gro_rename_check_permitted: Check whether a rename is permitted 189 * given our credentials. 190 */ 191 static int 192 ulfs_gro_rename_check_permitted(struct mount *mp, kauth_cred_t cred, 193 struct vnode *fdvp, struct vnode *fvp, 194 struct vnode *tdvp, struct vnode *tvp) 195 { 196 197 (void)mp; 198 KASSERT(mp != NULL); 199 KASSERT(fdvp != NULL); 200 KASSERT(fvp != NULL); 201 KASSERT(tdvp != NULL); 202 KASSERT(fdvp != fvp); 203 KASSERT(fdvp != tvp); 204 KASSERT(tdvp != fvp); 205 KASSERT(tdvp != tvp); 206 KASSERT(fvp != tvp); 207 KASSERT(fdvp->v_type == VDIR); 208 KASSERT(tdvp->v_type == VDIR); 209 KASSERT(fdvp->v_mount == mp); 210 KASSERT(fvp->v_mount == mp); 211 KASSERT(tdvp->v_mount == mp); 212 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 213 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 214 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 215 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 216 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 217 218 return genfs_ufslike_rename_check_permitted(cred, 219 fdvp, VTOI(fdvp)->i_mode, VTOI(fdvp)->i_uid, 220 fvp, VTOI(fvp)->i_uid, 221 tdvp, VTOI(tdvp)->i_mode, VTOI(tdvp)->i_uid, 222 tvp, (tvp? VTOI(tvp)->i_uid : 0)); 223 } 224 225 /* 226 * ulfs_gro_remove_check_possible: Check whether a remove is possible 227 * independent of credentials. 228 */ 229 static int 230 ulfs_gro_remove_check_possible(struct mount *mp, 231 struct vnode *dvp, struct vnode *vp) 232 { 233 234 (void)mp; 235 KASSERT(mp != NULL); 236 KASSERT(dvp != NULL); 237 KASSERT(vp != NULL); 238 KASSERT(dvp != vp); 239 KASSERT(dvp->v_type == VDIR); 240 KASSERT(vp->v_type != VDIR); 241 KASSERT(dvp->v_mount == mp); 242 KASSERT(vp->v_mount == mp); 243 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 244 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 245 246 return genfs_ufslike_remove_check_possible( 247 VTOI(dvp)->i_flags, VTOI(vp)->i_flags, 248 IMMUTABLE, APPEND); 249 } 250 251 /* 252 * ulfs_gro_remove_check_permitted: Check whether a remove is permitted 253 * given our credentials. 254 */ 255 static int 256 ulfs_gro_remove_check_permitted(struct mount *mp, kauth_cred_t cred, 257 struct vnode *dvp, struct vnode *vp) 258 { 259 260 (void)mp; 261 KASSERT(mp != NULL); 262 KASSERT(dvp != NULL); 263 KASSERT(vp != NULL); 264 KASSERT(dvp != vp); 265 KASSERT(dvp->v_type == VDIR); 266 KASSERT(vp->v_type != VDIR); 267 KASSERT(dvp->v_mount == mp); 268 KASSERT(vp->v_mount == mp); 269 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 270 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 271 272 return genfs_ufslike_remove_check_permitted(cred, 273 dvp, VTOI(dvp)->i_mode, VTOI(dvp)->i_uid, vp, VTOI(vp)->i_uid); 274 } 275 276 /* 277 * ulfs_rename_ulr_overlap_p: True iff tulr overlaps with fulr so that 278 * entering a directory entry at tulr may move fulr. 279 */ 280 static bool 281 ulfs_rename_ulr_overlap_p(const struct ulfs_lookup_results *fulr, 282 const struct ulfs_lookup_results *tulr) 283 { 284 doff_t from_prev_start, from_prev_end, to_start, to_end; 285 286 KASSERT(fulr != NULL); 287 KASSERT(tulr != NULL); 288 KASSERT(fulr != tulr); 289 290 /* 291 * fulr is from a DELETE lookup, so fulr->ulr_count is the size 292 * of the preceding entry (d_reclen). 293 */ 294 from_prev_end = fulr->ulr_offset; 295 KASSERT(fulr->ulr_count <= from_prev_end); 296 from_prev_start = (from_prev_end - fulr->ulr_count); 297 298 /* 299 * tulr is from a RENAME lookup, so tulr->ulr_count is the size 300 * of the free space for an entry that we are about to fill. 301 */ 302 to_start = tulr->ulr_offset; 303 KASSERT(tulr->ulr_count < (LFS_MAXDIRSIZE - to_start)); 304 to_end = (to_start + tulr->ulr_count); 305 306 return 307 (((to_start <= from_prev_start) && (from_prev_start < to_end)) || 308 ((to_start <= from_prev_end) && (from_prev_end < to_end))); 309 } 310 311 /* 312 * ulfs_direct_namlen: Return the namlen of the directory entry ep from 313 * the directory vp. 314 */ 315 static int /* XXX int? uint8_t? */ 316 ulfs_direct_namlen(const LFS_DIRHEADER *ep, const struct vnode *vp) 317 { 318 struct lfs *fs; 319 320 KASSERT(ep != NULL); 321 KASSERT(vp != NULL); 322 KASSERT(VTOI(vp) != NULL); 323 KASSERT(VTOI(vp)->i_ump != NULL); 324 KASSERT(VTOI(vp)->i_lfs != NULL); 325 fs = VTOI(vp)->i_lfs; 326 327 return lfs_dir_getnamlen(fs, ep); 328 } 329 330 /* 331 * ulfs_rename_recalculate_fulr: If we have just entered a directory into 332 * dvp at tulr, and we were about to remove one at fulr for an entry 333 * named fcnp, fulr may be invalid. So, if necessary, recalculate it. 334 */ 335 static int 336 ulfs_rename_recalculate_fulr(struct vnode *dvp, 337 struct ulfs_lookup_results *fulr, const struct ulfs_lookup_results *tulr, 338 const struct componentname *fcnp) 339 { 340 struct mount *mp; 341 struct lfs *fs; 342 struct ulfsmount *ump; 343 /* XXX int is a silly type for this; blame ulfsmount::um_dirblksiz. */ 344 int dirblksiz; 345 doff_t search_start, search_end; 346 doff_t offset; /* Offset of entry we're examining. */ 347 struct buf *bp; /* I/O block we're examining. */ 348 char *dirbuf; /* Pointer into directory at search_start. */ 349 LFS_DIRHEADER *ep; /* Pointer to the entry we're examining. */ 350 /* XXX direct::d_reclen is 16-bit; 351 * ulfs_lookup_results::ulr_reclen is 32-bit. Blah. */ 352 uint32_t reclen; /* Length of the entry we're examining. */ 353 uint32_t prev_reclen; /* Length of the preceding entry. */ 354 int error; 355 356 KASSERT(dvp != NULL); 357 KASSERT(dvp->v_mount != NULL); 358 KASSERT(VTOI(dvp) != NULL); 359 KASSERT(fulr != NULL); 360 KASSERT(tulr != NULL); 361 KASSERT(fulr != tulr); 362 KASSERT(ulfs_rename_ulr_overlap_p(fulr, tulr)); 363 364 mp = dvp->v_mount; 365 ump = VFSTOULFS(mp); 366 fs = ump->um_lfs; 367 KASSERT(ump != NULL); 368 KASSERT(ump == VTOI(dvp)->i_ump); 369 KASSERT(fs == VTOI(dvp)->i_lfs); 370 371 dirblksiz = fs->um_dirblksiz; 372 KASSERT(0 < dirblksiz); 373 KASSERT((dirblksiz & (dirblksiz - 1)) == 0); 374 375 /* A directory block may not span across multiple I/O blocks. */ 376 KASSERT(dirblksiz <= mp->mnt_stat.f_iosize); 377 378 /* Find the bounds of the search. */ 379 search_start = tulr->ulr_offset; 380 KASSERT(fulr->ulr_reclen < (LFS_MAXDIRSIZE - fulr->ulr_offset)); 381 search_end = (fulr->ulr_offset + fulr->ulr_reclen); 382 383 /* Compaction must happen only within a directory block. (*) */ 384 KASSERT(search_start <= search_end); 385 KASSERT((search_end - (search_start &~ (dirblksiz - 1))) <= dirblksiz); 386 387 dirbuf = NULL; 388 bp = NULL; 389 error = ulfs_blkatoff(dvp, (off_t)search_start, &dirbuf, &bp, false); 390 if (error) 391 return error; 392 KASSERT(dirbuf != NULL); 393 KASSERT(bp != NULL); 394 395 /* 396 * Guarantee we sha'n't go past the end of the buffer we got. 397 * dirbuf is bp->b_data + (search_start & (iosize - 1)), and 398 * the valid range is [bp->b_data, bp->b_data + bp->b_bcount). 399 */ 400 KASSERT((search_end - search_start) <= 401 (bp->b_bcount - (search_start & (mp->mnt_stat.f_iosize - 1)))); 402 403 prev_reclen = fulr->ulr_count; 404 offset = search_start; 405 406 /* 407 * Search from search_start to search_end for the entry matching 408 * fcnp, which must be there because we found it before and it 409 * should only at most have moved earlier. 410 */ 411 for (;;) { 412 KASSERT(search_start <= offset); 413 KASSERT(offset < search_end); 414 415 /* 416 * Examine the directory entry at offset. 417 */ 418 ep = (LFS_DIRHEADER *)(dirbuf + (offset - search_start)); 419 reclen = lfs_dir_getreclen(fs, ep); 420 421 if (lfs_dir_getino(fs, ep) == 0) 422 goto next; /* Entry is unused. */ 423 424 if (lfs_dir_getino(fs, ep) == ULFS_WINO) 425 goto next; /* Entry is whiteout. */ 426 427 if (fcnp->cn_namelen != ulfs_direct_namlen(ep, dvp)) 428 goto next; /* Wrong name length. */ 429 430 if (memcmp(lfs_dir_nameptr(fs, ep), fcnp->cn_nameptr, fcnp->cn_namelen)) 431 goto next; /* Wrong name. */ 432 433 /* Got it! */ 434 break; 435 436 next: 437 if (! ((reclen < search_end) && 438 (offset < (search_end - reclen)))) { 439 brelse(bp, 0); 440 return EIO; /* XXX Panic? What? */ 441 } 442 443 /* We may not move past the search end. */ 444 KASSERT(reclen < search_end); 445 KASSERT(offset < (search_end - reclen)); 446 447 /* 448 * We may not move across a directory block boundary; 449 * see (*) above. 450 */ 451 KASSERT((offset &~ (dirblksiz - 1)) == 452 ((offset + reclen) &~ (dirblksiz - 1))); 453 454 prev_reclen = reclen; 455 offset += reclen; 456 } 457 458 /* 459 * Found the entry. Record where. 460 */ 461 fulr->ulr_offset = offset; 462 fulr->ulr_reclen = reclen; 463 464 /* 465 * Record the preceding record length, but not if we're at the 466 * start of a directory block. 467 */ 468 fulr->ulr_count = ((offset & (dirblksiz - 1))? prev_reclen : 0); 469 470 brelse(bp, 0); 471 return 0; 472 } 473 474 /* 475 * ulfs_gro_remove: Rename an object over another link to itself, 476 * effectively removing just the original link. 477 */ 478 static int 479 ulfs_gro_remove(struct mount *mp, kauth_cred_t cred, 480 struct vnode *dvp, struct componentname *cnp, void *de, struct vnode *vp) 481 { 482 struct ulfs_lookup_results *ulr = de; 483 int error; 484 485 KASSERT(mp != NULL); 486 KASSERT(dvp != NULL); 487 KASSERT(cnp != NULL); 488 KASSERT(ulr != NULL); 489 KASSERT(vp != NULL); 490 KASSERT(dvp != vp); 491 KASSERT(dvp->v_mount == mp); 492 KASSERT(vp->v_mount == mp); 493 KASSERT(dvp->v_type == VDIR); 494 KASSERT(vp->v_type != VDIR); 495 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 496 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 497 KASSERT(cnp->cn_nameiop == DELETE); 498 499 /* XXX ulfs_dirremove decrements vp's link count for us. */ 500 error = ulfs_dirremove(dvp, ulr, VTOI(vp), cnp->cn_flags, 0); 501 if (error) 502 goto out1; 503 504 VN_KNOTE(dvp, NOTE_WRITE); 505 VN_KNOTE(vp, (VTOI(vp)->i_nlink? NOTE_LINK : NOTE_DELETE)); 506 507 out1: 508 return error; 509 } 510 511 /* 512 * ulfs_gro_lookup: Look up and save the lookup results. 513 */ 514 static int 515 ulfs_gro_lookup(struct mount *mp, struct vnode *dvp, 516 struct componentname *cnp, void *de_ret, struct vnode **vp_ret) 517 { 518 struct ulfs_lookup_results *ulr_ret = de_ret; 519 struct vnode *vp = NULL; 520 int error; 521 522 (void)mp; 523 KASSERT(mp != NULL); 524 KASSERT(dvp != NULL); 525 KASSERT(cnp != NULL); 526 KASSERT(ulr_ret != NULL); 527 KASSERT(vp_ret != NULL); 528 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 529 530 /* Kludge cargo-culted from dholland's ulfs_rename. */ 531 cnp->cn_flags &=~ MODMASK; 532 cnp->cn_flags |= (LOCKPARENT | LOCKLEAF); 533 534 error = relookup(dvp, &vp, cnp, 0 /* dummy */); 535 if ((error == 0) && (vp == NULL)) { 536 error = ENOENT; 537 goto out; 538 } else if (error) { 539 return error; 540 } 541 542 /* 543 * Thanks to VFS insanity, relookup locks vp, which screws us 544 * in various ways. 545 */ 546 KASSERT(vp != NULL); 547 VOP_UNLOCK(vp); 548 549 out: *ulr_ret = VTOI(dvp)->i_crap; 550 *vp_ret = vp; 551 return error; 552 } 553 554 /* 555 * ulfs_rmdired_p: Check whether the directory vp has been rmdired. 556 * 557 * vp must be locked and referenced. 558 */ 559 static bool 560 ulfs_rmdired_p(struct vnode *vp) 561 { 562 563 KASSERT(vp != NULL); 564 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 565 KASSERT(vp->v_type == VDIR); 566 567 /* XXX Is this correct? */ 568 return (VTOI(vp)->i_size == 0); 569 } 570 571 /* 572 * ulfs_read_dotdot: Store in *ino_ret the inode number of the parent 573 * of the directory vp. 574 */ 575 static int 576 ulfs_read_dotdot(struct vnode *vp, kauth_cred_t cred, ino_t *ino_ret) 577 { 578 struct lfs *fs; 579 union lfs_dirtemplate dirbuf; 580 LFS_DIRHEADER *dotdot; 581 const char *name; 582 int error; 583 584 KASSERT(vp != NULL); 585 KASSERT(ino_ret != NULL); 586 KASSERT(vp->v_type == VDIR); 587 588 KASSERT(VTOI(vp) != NULL); 589 KASSERT(VTOI(vp)->i_lfs != NULL); 590 fs = VTOI(vp)->i_lfs; 591 592 error = ulfs_bufio(UIO_READ, vp, &dirbuf, sizeof dirbuf, (off_t)0, 593 IO_NODELOCKED, cred, NULL, NULL); 594 if (error) 595 return error; 596 597 dotdot = lfs_dirtemplate_dotdot(fs, &dirbuf); 598 name = lfs_dirtemplate_dotdotname(fs, &dirbuf); 599 if (lfs_dir_getnamlen(fs, dotdot) != 2 || 600 name[0] != '.' || 601 name[1] != '.') 602 /* XXX Panic? Print warning? */ 603 return ENOTDIR; 604 605 *ino_ret = lfs_dir_getino(fs, dotdot); 606 return 0; 607 } 608 609 /* 610 * ulfs_gro_lock_directory: Lock the directory vp, but fail if it has 611 * been rmdir'd. 612 */ 613 static int 614 ulfs_gro_lock_directory(struct mount *mp, struct vnode *vp) 615 { 616 617 (void)mp; 618 KASSERT(mp != NULL); 619 KASSERT(vp != NULL); 620 KASSERT(vp->v_mount == mp); 621 622 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 623 624 if (ulfs_rmdired_p(vp)) { 625 VOP_UNLOCK(vp); 626 return ENOENT; 627 } 628 629 return 0; 630 } 631 632 /* 633 * ulfs_gro_genealogy: Analyze the genealogy of the source and target 634 * directories. 635 */ 636 static int 637 ulfs_gro_genealogy(struct mount *mp, kauth_cred_t cred, 638 struct vnode *fdvp, struct vnode *tdvp, 639 struct vnode **intermediate_node_ret) 640 { 641 struct vnode *vp, *dvp; 642 ino_t dotdot_ino = -1; /* XXX gcc 4.8: maybe-uninitialized */ 643 int error; 644 645 KASSERT(mp != NULL); 646 KASSERT(fdvp != NULL); 647 KASSERT(tdvp != NULL); 648 KASSERT(fdvp != tdvp); 649 KASSERT(intermediate_node_ret != NULL); 650 KASSERT(fdvp->v_mount == mp); 651 KASSERT(tdvp->v_mount == mp); 652 KASSERT(fdvp->v_type == VDIR); 653 KASSERT(tdvp->v_type == VDIR); 654 655 /* 656 * We need to provisionally lock tdvp to keep rmdir from 657 * deleting it -- or any ancestor -- at an inopportune moment. 658 */ 659 error = ulfs_gro_lock_directory(mp, tdvp); 660 if (error) 661 return error; 662 663 vp = tdvp; 664 vref(vp); 665 666 for (;;) { 667 KASSERT(vp != NULL); 668 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 669 KASSERT(vp->v_mount == mp); 670 KASSERT(vp->v_type == VDIR); 671 KASSERT(!ulfs_rmdired_p(vp)); 672 673 /* Did we hit the root without finding fdvp? */ 674 if (VTOI(vp)->i_number == ULFS_ROOTINO) { 675 vput(vp); 676 *intermediate_node_ret = NULL; 677 return 0; 678 } 679 680 error = ulfs_read_dotdot(vp, cred, &dotdot_ino); 681 if (error) { 682 vput(vp); 683 return error; 684 } 685 686 /* Did we find that fdvp is an ancestor of tdvp? */ 687 if (VTOI(fdvp)->i_number == dotdot_ino) { 688 /* Unlock vp, but keep it referenced. */ 689 VOP_UNLOCK(vp); 690 *intermediate_node_ret = vp; 691 return 0; 692 } 693 694 /* Neither -- keep ascending the family tree. */ 695 error = vcache_get(mp, &dotdot_ino, sizeof(dotdot_ino), &dvp); 696 vput(vp); 697 if (error) 698 return error; 699 error = vn_lock(dvp, LK_EXCLUSIVE); 700 if (error) { 701 vrele(dvp); 702 return error; 703 } 704 705 KASSERT(dvp != NULL); 706 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); 707 vp = dvp; 708 709 if (vp->v_type != VDIR) { 710 /* 711 * XXX Panic? Print a warning? Can this 712 * happen if we lose the race I suspect to 713 * exist above, and the `..' inode number has 714 * been recycled? 715 */ 716 vput(vp); 717 return ENOTDIR; 718 } 719 720 if (ulfs_rmdired_p(vp)) { 721 vput(vp); 722 return ENOENT; 723 } 724 } 725 } 726 727 /* 728 * ulfs_gro_rename: Actually perform the rename operation. 729 */ 730 static int 731 ulfs_gro_rename(struct mount *mp, kauth_cred_t cred, 732 struct vnode *fdvp, struct componentname *fcnp, 733 void *fde, struct vnode *fvp, 734 struct vnode *tdvp, struct componentname *tcnp, 735 void *tde, struct vnode *tvp) 736 { 737 struct lfs *fs; 738 struct ulfs_lookup_results *fulr = fde; 739 struct ulfs_lookup_results *tulr = tde; 740 bool directory_p, reparent_p; 741 int error; 742 743 KASSERT(mp != NULL); 744 KASSERT(fdvp != NULL); 745 KASSERT(fcnp != NULL); 746 KASSERT(fulr != NULL); 747 KASSERT(fvp != NULL); 748 KASSERT(tdvp != NULL); 749 KASSERT(tcnp != NULL); 750 KASSERT(tulr != NULL); 751 KASSERT(fulr != tulr); 752 KASSERT(fdvp != fvp); 753 KASSERT(fdvp != tvp); 754 KASSERT(tdvp != fvp); 755 KASSERT(tdvp != tvp); 756 KASSERT(fvp != tvp); 757 KASSERT(fdvp->v_mount == mp); 758 KASSERT(fvp->v_mount == mp); 759 KASSERT(tdvp->v_mount == mp); 760 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 761 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 762 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 763 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 764 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 765 766 fs = VTOI(fdvp)->i_lfs; 767 KASSERT(fs == VTOI(tdvp)->i_lfs); 768 769 /* 770 * We shall need to temporarily bump the link count, so make 771 * sure there is room to do so. 772 */ 773 if ((nlink_t)VTOI(fvp)->i_nlink >= LINK_MAX) 774 return EMLINK; 775 776 directory_p = (fvp->v_type == VDIR); 777 KASSERT(directory_p == ((VTOI(fvp)->i_mode & LFS_IFMT) == LFS_IFDIR)); 778 KASSERT((tvp == NULL) || (directory_p == (tvp->v_type == VDIR))); 779 KASSERT((tvp == NULL) || (directory_p == 780 ((VTOI(tvp)->i_mode & LFS_IFMT) == LFS_IFDIR))); 781 782 reparent_p = (fdvp != tdvp); 783 KASSERT(reparent_p == (VTOI(fdvp)->i_number != VTOI(tdvp)->i_number)); 784 785 /* 786 * Commence hacking of the data on disk. 787 */ 788 789 error = 0; 790 791 /* 792 * 1) Bump link count while we're moving stuff 793 * around. If we crash somewhere before 794 * completing our work, the link count 795 * may be wrong, but correctable. 796 */ 797 798 KASSERT((nlink_t)VTOI(fvp)->i_nlink < LINK_MAX); 799 VTOI(fvp)->i_nlink++; 800 DIP_ASSIGN(VTOI(fvp), nlink, VTOI(fvp)->i_nlink); 801 VTOI(fvp)->i_state |= IN_CHANGE; 802 error = lfs_update(fvp, NULL, NULL, UPDATE_DIROP); 803 if (error) 804 goto whymustithurtsomuch; 805 806 /* 807 * 2) If target doesn't exist, link the target 808 * to the source and unlink the source. 809 * Otherwise, rewrite the target directory 810 * entry to reference the source inode and 811 * expunge the original entry's existence. 812 */ 813 814 if (tvp == NULL) { 815 /* 816 * Account for ".." in new directory. 817 * When source and destination have the same 818 * parent we don't fool with the link count. 819 */ 820 if (directory_p && reparent_p) { 821 if ((nlink_t)VTOI(tdvp)->i_nlink >= LINK_MAX) { 822 error = EMLINK; 823 goto whymustithurtsomuch; 824 } 825 KASSERT((nlink_t)VTOI(tdvp)->i_nlink < LINK_MAX); 826 VTOI(tdvp)->i_nlink++; 827 DIP_ASSIGN(VTOI(tdvp), nlink, VTOI(tdvp)->i_nlink); 828 VTOI(tdvp)->i_state |= IN_CHANGE; 829 error = lfs_update(tdvp, NULL, NULL, UPDATE_DIROP); 830 if (error) { 831 /* 832 * Link count update didn't take -- 833 * back out the in-memory link count. 834 */ 835 KASSERT(0 < VTOI(tdvp)->i_nlink); 836 VTOI(tdvp)->i_nlink--; 837 DIP_ASSIGN(VTOI(tdvp), nlink, 838 VTOI(tdvp)->i_nlink); 839 VTOI(tdvp)->i_state |= IN_CHANGE; 840 goto whymustithurtsomuch; 841 } 842 } 843 844 error = ulfs_direnter(tdvp, tulr, 845 NULL, tcnp, VTOI(fvp)->i_number, LFS_IFTODT(VTOI(fvp)->i_mode), 846 NULL); 847 if (error) { 848 if (directory_p && reparent_p) { 849 /* 850 * Directory update didn't take, but 851 * the link count update did -- back 852 * out the in-memory link count and the 853 * on-disk link count. 854 */ 855 KASSERT(0 < VTOI(tdvp)->i_nlink); 856 VTOI(tdvp)->i_nlink--; 857 DIP_ASSIGN(VTOI(tdvp), nlink, 858 VTOI(tdvp)->i_nlink); 859 VTOI(tdvp)->i_state |= IN_CHANGE; 860 (void)lfs_update(tdvp, NULL, NULL, 861 UPDATE_WAIT | UPDATE_DIROP); 862 } 863 goto whymustithurtsomuch; 864 } 865 } else { 866 if (directory_p) 867 /* XXX WTF? Why purge here? Why not purge others? */ 868 cache_purge(tdvp); 869 870 /* 871 * Make the target directory's entry for tcnp point at 872 * the source node. 873 * 874 * XXX ulfs_dirrewrite decrements tvp's link count, but 875 * doesn't touch the link count of the new inode. Go 876 * figure. 877 */ 878 error = ulfs_dirrewrite(VTOI(tdvp), tulr->ulr_offset, 879 VTOI(tvp), VTOI(fvp)->i_number, LFS_IFTODT(VTOI(fvp)->i_mode), 880 ((directory_p && reparent_p) ? reparent_p : directory_p), 881 IN_CHANGE | IN_UPDATE); 882 if (error) 883 goto whymustithurtsomuch; 884 885 /* 886 * If the source and target are directories, and the 887 * target is in the same directory as the source, 888 * decrement the link count of the common parent 889 * directory, since we are removing the target from 890 * that directory. 891 */ 892 if (directory_p && !reparent_p) { 893 KASSERT(fdvp == tdvp); 894 /* XXX check, don't kassert */ 895 KASSERT(0 < VTOI(tdvp)->i_nlink); 896 VTOI(tdvp)->i_nlink--; 897 DIP_ASSIGN(VTOI(tdvp), nlink, VTOI(tdvp)->i_nlink); 898 VTOI(tdvp)->i_state |= IN_CHANGE; 899 } 900 901 if (directory_p) { 902 /* 903 * XXX I don't understand the following comment 904 * from ulfs_rename -- in particular, the part 905 * about `there may be other hard links'. 906 * 907 * Truncate inode. The only stuff left in the directory 908 * is "." and "..". The "." reference is inconsequential 909 * since we are quashing it. We have removed the "." 910 * reference and the reference in the parent directory, 911 * but there may be other hard links. 912 * 913 * XXX The ulfs_dirempty call earlier does 914 * not guarantee anything about nlink. 915 */ 916 if (VTOI(tvp)->i_nlink != 1) 917 ulfs_dirbad(VTOI(tvp), (doff_t)0, 918 "hard-linked directory"); 919 VTOI(tvp)->i_nlink = 0; 920 DIP_ASSIGN(VTOI(tvp), nlink, 0); 921 error = lfs_truncate(tvp, (off_t)0, IO_SYNC, cred); 922 if (error) 923 goto whymustithurtsomuch; 924 } 925 } 926 927 /* 928 * If the source is a directory with a new parent, the link 929 * count of the old parent directory must be decremented and 930 * ".." set to point to the new parent. 931 * 932 * XXX ulfs_dirrewrite updates the link count of fdvp, but not 933 * the link count of fvp or the link count of tdvp. Go figure. 934 */ 935 if (directory_p && reparent_p) { 936 off_t position; 937 938 /* 939 * The .. entry goes immediately after the . entry, so 940 * the position is the record length of the . entry, 941 * namely LFS_DIRECTSIZ(1). 942 */ 943 position = LFS_DIRECTSIZ(fs, 1); 944 error = ulfs_dirrewrite(VTOI(fvp), position, 945 VTOI(fdvp), VTOI(tdvp)->i_number, LFS_DT_DIR, 0, IN_CHANGE); 946 #if 0 /* XXX This branch was not in ulfs_rename! */ 947 if (error) 948 goto whymustithurtsomuch; 949 #endif 950 951 /* XXX WTF? Why purge here? Why not purge others? */ 952 cache_purge(fdvp); 953 } 954 955 /* 956 * 3) Unlink the source. 957 */ 958 959 /* 960 * ulfs_direnter may compact the directory in the process of 961 * inserting a new entry. That may invalidate fulr, which we 962 * need in order to remove the old entry. In that case, we 963 * need to recalculate what fulr should be. 964 */ 965 if (!reparent_p && (tvp == NULL) && 966 ulfs_rename_ulr_overlap_p(fulr, tulr)) { 967 error = ulfs_rename_recalculate_fulr(fdvp, fulr, tulr, fcnp); 968 #if 0 /* XXX */ 969 if (error) /* XXX Try to back out changes? */ 970 goto whymustithurtsomuch; 971 #endif 972 } 973 974 /* 975 * XXX 0 means !isrmdir. But can't this be an rmdir? 976 * XXX Well, turns out that argument to ulfs_dirremove is ignored... 977 * XXX And it turns out ulfs_dirremove updates the link count of fvp. 978 * XXX But it doesn't update the link count of fdvp. Go figure. 979 * XXX fdvp's link count is updated in ulfs_dirrewrite instead. 980 * XXX Actually, sometimes it doesn't update fvp's link count. 981 * XXX I hate the world. 982 */ 983 error = ulfs_dirremove(fdvp, fulr, VTOI(fvp), fcnp->cn_flags, 0); 984 if (error) 985 #if 0 /* XXX */ 986 goto whymustithurtsomuch; 987 #endif 988 goto arghmybrainhurts; 989 990 /* 991 * XXX Perhaps this should go at the top, in case the file 992 * system is modified but incompletely so because of an 993 * intermediate error. 994 */ 995 genfs_rename_knote(fdvp, fvp, tdvp, tvp, 996 ((tvp != NULL) && (VTOI(tvp)->i_nlink == 0))); 997 #if 0 /* XXX */ 998 genfs_rename_cache_purge(fdvp, fvp, tdvp, tvp); 999 #endif 1000 goto arghmybrainhurts; 1001 1002 whymustithurtsomuch: 1003 KASSERT(0 < VTOI(fvp)->i_nlink); 1004 VTOI(fvp)->i_nlink--; 1005 DIP_ASSIGN(VTOI(fvp), nlink, VTOI(fvp)->i_nlink); 1006 VTOI(fvp)->i_state |= IN_CHANGE; 1007 1008 arghmybrainhurts: 1009 /*ihateyou:*/ 1010 return error; 1011 } 1012 1013 /* 1014 * lfs_gro_rename: Actually perform the rename operation. Do a little 1015 * LFS bookkeeping and then defer to ulfs_gro_rename. 1016 */ 1017 static int 1018 lfs_gro_rename(struct mount *mp, kauth_cred_t cred, 1019 struct vnode *fdvp, struct componentname *fcnp, 1020 void *fde, struct vnode *fvp, 1021 struct vnode *tdvp, struct componentname *tcnp, 1022 void *tde, struct vnode *tvp) 1023 { 1024 int error; 1025 1026 KASSERT(mp != NULL); 1027 KASSERT(fdvp != NULL); 1028 KASSERT(fcnp != NULL); 1029 KASSERT(fde != NULL); 1030 KASSERT(fvp != NULL); 1031 KASSERT(tdvp != NULL); 1032 KASSERT(tcnp != NULL); 1033 KASSERT(tde != NULL); 1034 KASSERT(fdvp != fvp); 1035 KASSERT(fdvp != tvp); 1036 KASSERT(tdvp != fvp); 1037 KASSERT(tdvp != tvp); 1038 KASSERT(fvp != tvp); 1039 KASSERT(fdvp->v_mount == mp); 1040 KASSERT(fvp->v_mount == mp); 1041 KASSERT(tdvp->v_mount == mp); 1042 KASSERT((tvp == NULL) || (tvp->v_mount == mp)); 1043 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); 1044 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); 1045 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); 1046 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); 1047 1048 error = lfs_set_dirop(tdvp, tvp); 1049 if (error != 0) 1050 return error; 1051 1052 MARK_VNODE(fdvp); 1053 MARK_VNODE(fvp); 1054 1055 error = ulfs_gro_rename(mp, cred, 1056 fdvp, fcnp, fde, fvp, 1057 tdvp, tcnp, tde, tvp); 1058 1059 if (tvp && VTOI(tvp)->i_nlink == 0) 1060 lfs_orphan(VTOI(tvp)->i_lfs, VTOI(tvp)->i_number); 1061 1062 UNMARK_VNODE(fdvp); 1063 UNMARK_VNODE(fvp); 1064 UNMARK_VNODE(tdvp); 1065 if (tvp) { 1066 UNMARK_VNODE(tvp); 1067 } 1068 lfs_unset_dirop(VFSTOULFS(mp)->um_lfs, tdvp, "rename"); 1069 vrele(tdvp); 1070 if (tvp) { 1071 vrele(tvp); 1072 } 1073 1074 return error; 1075 } 1076 1077 static const struct genfs_rename_ops lfs_genfs_rename_ops = { 1078 .gro_directory_empty_p = ulfs_gro_directory_empty_p, 1079 .gro_rename_check_possible = ulfs_gro_rename_check_possible, 1080 .gro_rename_check_permitted = ulfs_gro_rename_check_permitted, 1081 .gro_remove_check_possible = ulfs_gro_remove_check_possible, 1082 .gro_remove_check_permitted = ulfs_gro_remove_check_permitted, 1083 .gro_rename = lfs_gro_rename, 1084 .gro_remove = ulfs_gro_remove, 1085 .gro_lookup = ulfs_gro_lookup, 1086 .gro_genealogy = ulfs_gro_genealogy, 1087 .gro_lock_directory = ulfs_gro_lock_directory, 1088 }; 1089 1090 /* 1091 * lfs_sane_rename: The hairiest vop, with the saner API. 1092 * 1093 * Arguments: 1094 * 1095 * . fdvp (from directory vnode), 1096 * . fcnp (from component name), 1097 * . tdvp (to directory vnode), 1098 * . tcnp (to component name), 1099 * . cred (credentials structure), and 1100 * . posixly_correct (flag for behaviour if target & source link same file). 1101 * 1102 * fdvp and tdvp may be the same, and must be referenced and unlocked. 1103 */ 1104 static int 1105 lfs_sane_rename( 1106 struct vnode *fdvp, struct componentname *fcnp, 1107 struct vnode *tdvp, struct componentname *tcnp, 1108 kauth_cred_t cred, bool posixly_correct) 1109 { 1110 struct ulfs_lookup_results fulr, tulr; 1111 1112 /* 1113 * XXX Provisional kludge -- ulfs_lookup does not reject rename 1114 * of . or .. (from or to), so we hack it here. This is not 1115 * the right place: it should be caller's responsibility to 1116 * reject this case. 1117 */ 1118 KASSERT(fcnp != NULL); 1119 KASSERT(tcnp != NULL); 1120 KASSERT(fcnp != tcnp); 1121 KASSERT(fcnp->cn_nameptr != NULL); 1122 KASSERT(tcnp->cn_nameptr != NULL); 1123 1124 if ((fcnp->cn_flags | tcnp->cn_flags) & ISDOTDOT) 1125 return EINVAL; /* XXX EISDIR? */ 1126 if ((fcnp->cn_namelen == 1) && (fcnp->cn_nameptr[0] == '.')) 1127 return EINVAL; 1128 if ((tcnp->cn_namelen == 1) && (tcnp->cn_nameptr[0] == '.')) 1129 return EINVAL; 1130 1131 return genfs_sane_rename(&lfs_genfs_rename_ops, 1132 fdvp, fcnp, &fulr, tdvp, tcnp, &tulr, 1133 cred, posixly_correct); 1134 } 1135 1136 /* 1137 * lfs_rename: The hairiest vop, with the insanest API. Defer to 1138 * genfs_insane_rename immediately. 1139 */ 1140 int 1141 lfs_rename(void *v) 1142 { 1143 1144 return genfs_insane_rename(v, &lfs_sane_rename); 1145 } 1146
Indexes created Thu Oct 02 14:10:14 GMT 2025