/* * Copyright (c) 1994 The Regents of the University of California. * Copyright (c) 1994 Jan-Simon Pendry. * All rights reserved. * * This code is derived from software donated to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)union_vfsops.c 8.7 (Berkeley) 3/5/94 * $Id: union_vfsops.c,v 1.5 1994/09/22 19:38:20 wollman Exp $ */ /* * Union Layer */ #include #include #include #include #include #include #include #include #include #include #include #include #include /* * Mount union filesystem */ int union_mount(mp, path, data, ndp, p) struct mount *mp; char *path; caddr_t data; struct nameidata *ndp; struct proc *p; { int error = 0; struct union_args args; struct vnode *lowerrootvp = NULLVP; struct vnode *upperrootvp = NULLVP; struct union_mount *um; struct ucred *cred = 0; struct ucred *scred; struct vattr va; char *cp = 0; int len; u_int size; #ifdef UNION_DIAGNOSTIC printf("union_mount(mp = %x)\n", mp); #endif /* * Update is a no-op */ if (mp->mnt_flag & MNT_UPDATE) { /* * Need to provide. * 1. a way to convert between rdonly and rdwr mounts. * 2. support for nfs exports. */ error = EOPNOTSUPP; goto bad; } /* * Take a copy of the process's credentials. This isn't * quite right since the euid will always be zero and we * want to get the "real" users credentials. So fix up * the uid field after taking the copy. */ cred = crdup(p->p_ucred); cred->cr_uid = p->p_cred->p_ruid; /* * Ensure the *real* user has write permission on the * mounted-on directory. This allows the mount_union * command to be made setuid root so allowing anyone * to do union mounts onto any directory on which they * have write permission and which they also own. */ error = VOP_GETATTR(mp->mnt_vnodecovered, &va, cred, p); if (error) goto bad; if ((va.va_uid != cred->cr_uid) && (cred->cr_uid != 0)) { error = EACCES; goto bad; } error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, p); if (error) goto bad; /* * Get argument */ error = copyin(data, (caddr_t)&args, sizeof(struct union_args)); if (error) goto bad; lowerrootvp = mp->mnt_vnodecovered; VREF(lowerrootvp); /* * Find upper node. Use the real process credentials, * not the effective ones since this will have come * through a setuid process (mount_union). All this * messing around with permissions is entirely bogus * and should be removed by allowing any user straight * past the mount system call. */ scred = p->p_ucred; p->p_ucred = cred; NDINIT(ndp, LOOKUP, FOLLOW|WANTPARENT, UIO_USERSPACE, args.target, p); p->p_ucred = scred; error = namei(ndp); if (error) goto bad; upperrootvp = ndp->ni_vp; vrele(ndp->ni_dvp); ndp->ni_dvp = NULL; if (upperrootvp->v_type != VDIR) { error = EINVAL; goto bad; } um = (struct union_mount *) malloc(sizeof(struct union_mount), M_UFSMNT, M_WAITOK); /* XXX */ /* * Keep a held reference to the target vnodes. * They are vrele'd in union_unmount. * * Depending on the _BELOW flag, the filesystems are * viewed in a different order. In effect, this is the * same as providing a mount under option to the mount syscall. */ um->um_op = args.mntflags & UNMNT_OPMASK; switch (um->um_op) { case UNMNT_ABOVE: um->um_lowervp = lowerrootvp; um->um_uppervp = upperrootvp; break; case UNMNT_BELOW: um->um_lowervp = upperrootvp; um->um_uppervp = lowerrootvp; break; case UNMNT_REPLACE: vrele(lowerrootvp); lowerrootvp = NULLVP; um->um_uppervp = upperrootvp; um->um_lowervp = lowerrootvp; break; default: error = EINVAL; goto bad; } um->um_cred = cred; um->um_cmode = UN_DIRMODE &~ p->p_fd->fd_cmask; /* * Depending on what you think the MNT_LOCAL flag might mean, * you may want the && to be || on the conditional below. * At the moment it has been defined that the filesystem is * only local if it is all local, ie the MNT_LOCAL flag implies * that the entire namespace is local. If you think the MNT_LOCAL * flag implies that some of the files might be stored locally * then you will want to change the conditional. */ if (um->um_op == UNMNT_ABOVE) { if (((um->um_lowervp == NULLVP) || (um->um_lowervp->v_mount->mnt_flag & MNT_LOCAL)) && (um->um_uppervp->v_mount->mnt_flag & MNT_LOCAL)) mp->mnt_flag |= MNT_LOCAL; } /* * Copy in the upper layer's RDONLY flag. This is for the benefit * of lookup() which explicitly checks the flag, rather than asking * the filesystem for it's own opinion. This means, that an update * mount of the underlying filesystem to go from rdonly to rdwr * will leave the unioned view as read-only. */ mp->mnt_flag |= (um->um_uppervp->v_mount->mnt_flag & MNT_RDONLY); /* * This is a user mount. Privilege check for unmount * will be done in union_unmount. */ mp->mnt_flag |= MNT_USER; mp->mnt_data = (qaddr_t) um; getnewfsid(mp, MOUNT_UNION); (void) copyinstr(path, mp->mnt_stat.f_mntonname, MNAMELEN - 1, &size); bzero(mp->mnt_stat.f_mntonname + size, MNAMELEN - size); switch (um->um_op) { case UNMNT_ABOVE: cp = ""; break; case UNMNT_BELOW: cp = ""; break; case UNMNT_REPLACE: cp = ""; break; } len = strlen(cp); bcopy(cp, mp->mnt_stat.f_mntfromname, len); cp = mp->mnt_stat.f_mntfromname + len; len = MNAMELEN - len; (void) copyinstr(args.target, cp, len - 1, &size); bzero(cp + size, len - size); #ifdef UNION_DIAGNOSTIC printf("union_mount: from %s, on %s\n", mp->mnt_stat.f_mntfromname, mp->mnt_stat.f_mntonname); #endif return (0); bad: if (cred) crfree(cred); if (upperrootvp) vrele(upperrootvp); if (lowerrootvp) vrele(lowerrootvp); return (error); } /* * VFS start. Nothing needed here - the start routine * on the underlying filesystem(s) will have been called * when that filesystem was mounted. */ int union_start(mp, flags, p) struct mount *mp; int flags; struct proc *p; { return (0); } /* * Free reference to union layer */ int union_unmount(mp, mntflags, p) struct mount *mp; int mntflags; struct proc *p; { struct union_mount *um = MOUNTTOUNIONMOUNT(mp); struct vnode *um_rootvp; int error; int flags = 0; extern int doforce; #ifdef UNION_DIAGNOSTIC printf("union_unmount(mp = %x)\n", mp); #endif /* only the mounter, or superuser can unmount */ if ((p->p_cred->p_ruid != um->um_cred->cr_uid) && (error = suser(p->p_ucred, &p->p_acflag))) return (error); if (mntflags & MNT_FORCE) { /* union can never be rootfs so don't check for it */ if (!doforce) return (EINVAL); flags |= FORCECLOSE; } error = union_root(mp, &um_rootvp); if (error) return (error); if (um_rootvp->v_usecount > 1) { vput(um_rootvp); return (EBUSY); } error = vflush(mp, um_rootvp, flags); if (error) { vput(um_rootvp); return (error); } #ifdef UNION_DIAGNOSTIC vprint("alias root of lower", um_rootvp); #endif /* * Discard references to upper and lower target vnodes. */ if (um->um_lowervp) vrele(um->um_lowervp); vrele(um->um_uppervp); crfree(um->um_cred); /* * Release reference on underlying root vnode */ vput(um_rootvp); /* * And blow it away for future re-use */ vgone(um_rootvp); /* * Finally, throw away the union_mount structure */ free(mp->mnt_data, M_UFSMNT); /* XXX */ mp->mnt_data = 0; return (0); } int union_root(mp, vpp) struct mount *mp; struct vnode **vpp; { struct union_mount *um = MOUNTTOUNIONMOUNT(mp); int error; int loselock; #ifdef UNION_DIAGNOSTIC printf("union_root(mp = %x, lvp = %x, uvp = %x)\n", mp, um->um_lowervp, um->um_uppervp); #endif /* * Return locked reference to root. */ VREF(um->um_uppervp); if ((um->um_op == UNMNT_BELOW) && VOP_ISLOCKED(um->um_uppervp)) { loselock = 1; } else { VOP_LOCK(um->um_uppervp); loselock = 0; } if (um->um_lowervp) VREF(um->um_lowervp); error = union_allocvp(vpp, mp, (struct vnode *) 0, (struct vnode *) 0, (struct componentname *) 0, um->um_uppervp, um->um_lowervp); if (error) { if (!loselock) VOP_UNLOCK(um->um_uppervp); vrele(um->um_uppervp); if (um->um_lowervp) vrele(um->um_lowervp); } else { (*vpp)->v_flag |= VROOT; if (loselock) VTOUNION(*vpp)->un_flags &= ~UN_ULOCK; } return (error); } int union_quotactl(mp, cmd, uid, arg, p) struct mount *mp; int cmd; uid_t uid; caddr_t arg; struct proc *p; { return (EOPNOTSUPP); } int union_statfs(mp, sbp, p) struct mount *mp; struct statfs *sbp; struct proc *p; { int error; struct union_mount *um = MOUNTTOUNIONMOUNT(mp); struct statfs mstat; int lbsize; #ifdef UNION_DIAGNOSTIC printf("union_statfs(mp = %x, lvp = %x, uvp = %x)\n", mp, um->um_lowervp, um->um_uppervp); #endif bzero(&mstat, sizeof(mstat)); if (um->um_lowervp) { error = VFS_STATFS(um->um_lowervp->v_mount, &mstat, p); if (error) return (error); } /* now copy across the "interesting" information and fake the rest */ #if 0 sbp->f_type = mstat.f_type; sbp->f_flags = mstat.f_flags; sbp->f_bsize = mstat.f_bsize; sbp->f_iosize = mstat.f_iosize; #endif lbsize = mstat.f_bsize; sbp->f_blocks = mstat.f_blocks; sbp->f_bfree = mstat.f_bfree; sbp->f_bavail = mstat.f_bavail; sbp->f_files = mstat.f_files; sbp->f_ffree = mstat.f_ffree; error = VFS_STATFS(um->um_uppervp->v_mount, &mstat, p); if (error) return (error); sbp->f_type = MOUNT_UNION; sbp->f_flags = mstat.f_flags; sbp->f_bsize = mstat.f_bsize; sbp->f_iosize = mstat.f_iosize; /* * if the lower and upper blocksizes differ, then frig the * block counts so that the sizes reported by df make some * kind of sense. none of this makes sense though. */ if (mstat.f_bsize != lbsize) { sbp->f_blocks = sbp->f_blocks * lbsize / mstat.f_bsize; sbp->f_bfree = sbp->f_bfree * lbsize / mstat.f_bsize; sbp->f_bavail = sbp->f_bavail * lbsize / mstat.f_bsize; } sbp->f_blocks += mstat.f_blocks; sbp->f_bfree += mstat.f_bfree; sbp->f_bavail += mstat.f_bavail; sbp->f_files += mstat.f_files; sbp->f_ffree += mstat.f_ffree; if (sbp != &mp->mnt_stat) { bcopy(&mp->mnt_stat.f_fsid, &sbp->f_fsid, sizeof(sbp->f_fsid)); bcopy(mp->mnt_stat.f_mntonname, sbp->f_mntonname, MNAMELEN); bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, MNAMELEN); } return (0); } int union_sync(mp, waitfor, cred, p) struct mount *mp; int waitfor; struct ucred *cred; struct proc *p; { /* * XXX - Assumes no data cached at union layer. */ return (0); } int union_vget(mp, ino, vpp) struct mount *mp; ino_t ino; struct vnode **vpp; { return (EOPNOTSUPP); } int union_fhtovp(mp, fidp, nam, vpp, exflagsp, credanonp) struct mount *mp; struct fid *fidp; struct mbuf *nam; struct vnode **vpp; int *exflagsp; struct ucred **credanonp; { return (EOPNOTSUPP); } int union_vptofh(vp, fhp) struct vnode *vp; struct fid *fhp; { return (EOPNOTSUPP); } int union_init __P((void)); struct vfsops union_vfsops = { union_mount, union_start, union_unmount, union_root, union_quotactl, union_statfs, union_sync, union_vget, union_fhtovp, union_vptofh, union_init, }; VFS_SET(union_vfsops, union, MOUNT_UNION, 0);