freebsd-skq/sys/kern/vfs_extattr.c

3913 lines
86 KiB
C
Raw Normal View History

1994-05-24 10:09:53 +00:00
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
* (c) UNIX System Laboratories, Inc.
* All or some portions of this file are derived from material licensed
* to the University of California by American Telephone and Telegraph
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
* the permission of UNIX System Laboratories, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
1999-08-28 01:08:13 +00:00
* $FreeBSD$
1994-05-24 10:09:53 +00:00
*/
/* For 4.3 integer FS ID compatibility */
#include "opt_compat.h"
#include "opt_ffs.h"
1994-05-24 10:09:53 +00:00
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/bio.h>
#include <sys/buf.h>
#include <sys/sysent.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/sysproto.h>
1994-05-24 10:09:53 +00:00
#include <sys/namei.h>
#include <sys/filedesc.h>
#include <sys/kernel.h>
#include <sys/fcntl.h>
1994-05-24 10:09:53 +00:00
#include <sys/file.h>
#include <sys/linker.h>
1994-05-24 10:09:53 +00:00
#include <sys/stat.h>
#include <sys/unistd.h>
1994-05-24 10:09:53 +00:00
#include <sys/vnode.h>
#include <sys/proc.h>
#include <sys/dirent.h>
#include <sys/extattr.h>
#include <sys/jail.h>
1994-05-24 10:09:53 +00:00
#include <machine/limits.h>
#include <miscfs/union/union.h>
#include <sys/sysctl.h>
1994-05-24 10:09:53 +00:00
#include <vm/vm.h>
#include <vm/vm_object.h>
#include <vm/vm_zone.h>
#include <vm/vm_page.h>
1994-05-24 10:09:53 +00:00
static int change_dir __P((struct nameidata *ndp, struct proc *p));
static void checkdirs __P((struct vnode *olddp, struct vnode *newdp));
static int chroot_refuse_vdir_fds __P((struct filedesc *fdp));
static int getutimes __P((const struct timeval *, struct timespec *));
static int setfown __P((struct proc *, struct vnode *, uid_t, gid_t));
static int setfmode __P((struct proc *, struct vnode *, int));
static int setfflags __P((struct proc *, struct vnode *, int));
static int setutimes __P((struct proc *, struct vnode *,
const struct timespec *, int));
static int usermount = 0; /* if 1, non-root can mount fs. */
int (*union_dircheckp) __P((struct proc *, struct vnode **, struct file *));
SYSCTL_INT(_vfs, OID_AUTO, usermount, CTLFLAG_RW, &usermount, 0, "");
1994-05-24 10:09:53 +00:00
/*
* Virtual File System System Calls
*/
/*
* Mount a file system.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct mount_args {
char *type;
1994-05-24 10:09:53 +00:00
char *path;
int flags;
caddr_t data;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
mount(p, uap)
struct proc *p;
struct mount_args /* {
syscallarg(char *) type;
syscallarg(char *) path;
syscallarg(int) flags;
syscallarg(caddr_t) data;
} */ *uap;
{
char *fstype;
char *fspath;
int error;
fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK | M_ZERO);
fspath = malloc(MNAMELEN, M_TEMP, M_WAITOK | M_ZERO);
/*
* vfs_mount() actually takes a kernel string for `type' and
* `path' now, so extract them.
*/
error = copyinstr(SCARG(uap, type), fstype, MFSNAMELEN, NULL);
if (error)
goto finish;
error = copyinstr(SCARG(uap, path), fspath, MNAMELEN, NULL);
if (error)
goto finish;
error = vfs_mount(p, fstype, fspath, SCARG(uap, flags),
SCARG(uap, data));
finish:
free(fstype, M_TEMP);
free(fspath, M_TEMP);
return (error);
}
/*
* vfs_mount(): actually attempt a filesystem mount.
*
* This routine is designed to be a "generic" entry point for routines
* that wish to mount a filesystem. All parameters except `fsdata' are
* pointers into kernel space. `fsdata' is currently still a pointer
* into userspace.
*/
int
vfs_mount(p, fstype, fspath, fsflags, fsdata)
struct proc *p;
char *fstype;
char *fspath;
int fsflags;
void *fsdata;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
struct mount *mp;
struct vfsconf *vfsp;
int error, flag = 0, flag2 = 0;
struct vattr va;
1994-05-24 10:09:53 +00:00
struct nameidata nd;
/*
* Be ultra-paranoid about making sure the type and fspath
* variables will fit in our mp buffers, including the
* terminating NUL.
*/
if ((strlen(fstype) >= MFSNAMELEN - 1) ||
(strlen(fspath) >= MNAMELEN - 1))
return (ENAMETOOLONG);
1994-05-24 10:09:53 +00:00
if (usermount == 0 && (error = suser(p)))
return (error);
/*
* Do not allow NFS export by non-root users.
*/
if (fsflags & MNT_EXPORTED) {
error = suser(p);
if (error)
return (error);
}
/*
* Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
*/
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
if (suser_xxx(p->p_ucred, 0, 0))
fsflags |= MNT_NOSUID | MNT_NODEV;
1994-05-24 10:09:53 +00:00
/*
* Get vnode to be covered
*/
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, fspath, p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vp = nd.ni_vp;
if (fsflags & MNT_UPDATE) {
1994-05-24 10:09:53 +00:00
if ((vp->v_flag & VROOT) == 0) {
vput(vp);
return (EINVAL);
}
mp = vp->v_mount;
flag = mp->mnt_flag;
flag2 = mp->mnt_kern_flag;
1994-05-24 10:09:53 +00:00
/*
* We only allow the filesystem to be reloaded if it
* is currently mounted read-only.
*/
if ((fsflags & MNT_RELOAD) &&
1994-05-24 10:09:53 +00:00
((mp->mnt_flag & MNT_RDONLY) == 0)) {
vput(vp);
return (EOPNOTSUPP); /* Needs translation */
}
/*
* Only root, or the user that did the original mount is
* permitted to update it.
*/
if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid &&
(error = suser(p))) {
vput(vp);
return (error);
}
if (vfs_busy(mp, LK_NOWAIT, 0, p)) {
vput(vp);
return (EBUSY);
}
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&vp->v_interlock);
if ((vp->v_flag & VMOUNT) != 0 ||
vp->v_mountedhere != NULL) {
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
vfs_unbusy(mp, p);
vput(vp);
return (EBUSY);
}
vp->v_flag |= VMOUNT;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
mp->mnt_flag |= fsflags &
(MNT_RELOAD | MNT_FORCE | MNT_UPDATE | MNT_SNAPSHOT);
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
goto update;
}
/*
* If the user is not root, ensure that they own the directory
* onto which we are attempting to mount.
*/
if ((error = VOP_GETATTR(vp, &va, p->p_ucred, p)) ||
(va.va_uid != p->p_ucred->cr_uid &&
(error = suser(p)))) {
vput(vp);
return (error);
}
if ((error = vinvalbuf(vp, V_SAVE, p->p_ucred, p, 0, 0)) != 0) {
vput(vp);
1994-05-24 10:09:53 +00:00
return (error);
}
1994-05-24 10:09:53 +00:00
if (vp->v_type != VDIR) {
vput(vp);
return (ENOTDIR);
}
for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next)
if (!strcmp(vfsp->vfc_name, fstype))
break;
if (vfsp == NULL) {
linker_file_t lf;
/* Only load modules for root (very important!) */
if ((error = suser(p)) != 0) {
vput(vp);
return error;
}
error = linker_load_file(fstype, &lf);
if (error || lf == NULL) {
vput(vp);
if (lf == NULL)
error = ENODEV;
return error;
}
lf->userrefs++;
/* lookup again, see if the VFS was loaded */
for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next)
if (!strcmp(vfsp->vfc_name, fstype))
break;
if (vfsp == NULL) {
lf->userrefs--;
linker_file_unload(lf);
vput(vp);
return (ENODEV);
}
}
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&vp->v_interlock);
if ((vp->v_flag & VMOUNT) != 0 ||
vp->v_mountedhere != NULL) {
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
1994-05-24 10:09:53 +00:00
vput(vp);
return (EBUSY);
}
vp->v_flag |= VMOUNT;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
/*
* Allocate and initialize the filesystem.
*/
mp = malloc(sizeof(struct mount), M_MOUNT, M_WAITOK | M_ZERO);
This mega-commit is meant to fix numerous interrelated problems. There has been some bitrot and incorrect assumptions in the vfs_bio code. These problems have manifest themselves worse on NFS type filesystems, but can still affect local filesystems under certain circumstances. Most of the problems have involved mmap consistancy, and as a side-effect broke the vfs.ioopt code. This code might have been committed seperately, but almost everything is interrelated. 1) Allow (pmap_object_init_pt) prefaulting of buffer-busy pages that are fully valid. 2) Rather than deactivating erroneously read initial (header) pages in kern_exec, we now free them. 3) Fix the rundown of non-VMIO buffers that are in an inconsistent (missing vp) state. 4) Fix the disassociation of pages from buffers in brelse. The previous code had rotted and was faulty in a couple of important circumstances. 5) Remove a gratuitious buffer wakeup in vfs_vmio_release. 6) Remove a crufty and currently unused cluster mechanism for VBLK files in vfs_bio_awrite. When the code is functional, I'll add back a cleaner version. 7) The page busy count wakeups assocated with the buffer cache usage were incorrectly cleaned up in a previous commit by me. Revert to the original, correct version, but with a cleaner implementation. 8) The cluster read code now tries to keep data associated with buffers more aggressively (without breaking the heuristics) when it is presumed that the read data (buffers) will be soon needed. 9) Change to filesystem lockmgr locks so that they use LK_NOPAUSE. The delay loop waiting is not useful for filesystem locks, due to the length of the time intervals. 10) Correct and clean-up spec_getpages. 11) Implement a fully functional nfs_getpages, nfs_putpages. 12) Fix nfs_write so that modifications are coherent with the NFS data on the server disk (at least as well as NFS seems to allow.) 13) Properly support MS_INVALIDATE on NFS. 14) Properly pass down MS_INVALIDATE to lower levels of the VM code from vm_map_clean. 15) Better support the notion of pages being busy but valid, so that fewer in-transit waits occur. (use p->busy more for pageouts instead of PG_BUSY.) Since the page is fully valid, it is still usable for reads. 16) It is possible (in error) for cached pages to be busy. Make the page allocation code handle that case correctly. (It should probably be a printf or panic, but I want the system to handle coding errors robustly. I'll probably add a printf.) 17) Correct the design and usage of vm_page_sleep. It didn't handle consistancy problems very well, so make the design a little less lofty. After vm_page_sleep, if it ever blocked, it is still important to relookup the page (if the object generation count changed), and verify it's status (always.) 18) In vm_pageout.c, vm_pageout_clean had rotted, so clean that up. 19) Push the page busy for writes and VM_PROT_READ into vm_pageout_flush. 20) Fix vm_pager_put_pages and it's descendents to support an int flag instead of a boolean, so that we can pass down the invalidate bit.
1998-03-07 21:37:31 +00:00
lockinit(&mp->mnt_lock, PVFS, "vfslock", 0, LK_NOPAUSE);
(void)vfs_busy(mp, LK_NOWAIT, 0, p);
mp->mnt_op = vfsp->vfc_vfsops;
mp->mnt_vfc = vfsp;
vfsp->vfc_refcount++;
mp->mnt_stat.f_type = vfsp->vfc_typenum;
mp->mnt_flag |= vfsp->vfc_flags & MNT_VISFLAGMASK;
strncpy(mp->mnt_stat.f_fstypename, fstype, MFSNAMELEN);
mp->mnt_stat.f_fstypename[MFSNAMELEN - 1] = '\0';
1994-05-24 10:09:53 +00:00
mp->mnt_vnodecovered = vp;
mp->mnt_stat.f_owner = p->p_ucred->cr_uid;
strncpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN);
mp->mnt_stat.f_mntonname[MNAMELEN - 1] = '\0';
mp->mnt_iosize_max = DFLTPHYS;
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
update:
/*
* Set the mount level flags.
*/
if (fsflags & MNT_RDONLY)
1994-05-24 10:09:53 +00:00
mp->mnt_flag |= MNT_RDONLY;
else if (mp->mnt_flag & MNT_RDONLY)
mp->mnt_kern_flag |= MNTK_WANTRDWR;
1994-05-24 10:09:53 +00:00
mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME |
MNT_NOSYMFOLLOW | MNT_IGNORE |
MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
mp->mnt_flag |= fsflags & (MNT_NOSUID | MNT_NOEXEC |
MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE |
MNT_NOSYMFOLLOW | MNT_IGNORE |
MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR);
1994-05-24 10:09:53 +00:00
/*
* Mount the filesystem.
* XXX The final recipients of VFS_MOUNT just overwrite the ndp they
* get. No freeing of cn_pnbuf.
1994-05-24 10:09:53 +00:00
*/
error = VFS_MOUNT(mp, fspath, fsdata, &nd, p);
1994-05-24 10:09:53 +00:00
if (mp->mnt_flag & MNT_UPDATE) {
if (mp->mnt_kern_flag & MNTK_WANTRDWR)
1994-05-24 10:09:53 +00:00
mp->mnt_flag &= ~MNT_RDONLY;
mp->mnt_flag &=~
(MNT_UPDATE | MNT_RELOAD | MNT_FORCE | MNT_SNAPSHOT);
mp->mnt_kern_flag &=~ MNTK_WANTRDWR;
if (error) {
1994-05-24 10:09:53 +00:00
mp->mnt_flag = flag;
mp->mnt_kern_flag = flag2;
}
if ((mp->mnt_flag & MNT_RDONLY) == 0) {
if (mp->mnt_syncer == NULL)
error = vfs_allocate_syncvnode(mp);
} else {
if (mp->mnt_syncer != NULL)
vrele(mp->mnt_syncer);
mp->mnt_syncer = NULL;
}
vfs_unbusy(mp, p);
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&vp->v_interlock);
vp->v_flag &= ~VMOUNT;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
vrele(vp);
1994-05-24 10:09:53 +00:00
return (error);
}
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
/*
* Put the new filesystem on the mount list after root.
*/
cache_purge(vp);
if (!error) {
struct vnode *newdp;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&vp->v_interlock);
vp->v_flag &= ~VMOUNT;
vp->v_mountedhere = mp;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
mtx_lock(&mountlist_mtx);
TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list);
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&mountlist_mtx);
if (VFS_ROOT(mp, &newdp))
panic("mount: lost mount");
checkdirs(vp, newdp);
vput(newdp);
VOP_UNLOCK(vp, 0, p);
if ((mp->mnt_flag & MNT_RDONLY) == 0)
error = vfs_allocate_syncvnode(mp);
vfs_unbusy(mp, p);
if ((error = VFS_START(mp, 0, p)) != 0)
vrele(vp);
1994-05-24 10:09:53 +00:00
} else {
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&vp->v_interlock);
vp->v_flag &= ~VMOUNT;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&vp->v_interlock);
mp->mnt_vfc->vfc_refcount--;
vfs_unbusy(mp, p);
1994-05-24 10:09:53 +00:00
free((caddr_t)mp, M_MOUNT);
vput(vp);
}
return (error);
}
/*
* Scan all active processes to see if any of them have a current
* or root directory of `olddp'. If so, replace them with the new
* mount point.
*/
static void
checkdirs(olddp, newdp)
struct vnode *olddp, *newdp;
{
struct filedesc *fdp;
struct proc *p;
if (olddp->v_usecount == 1)
return;
ALLPROC_LOCK(AP_SHARED);
LIST_FOREACH(p, &allproc, p_list) {
fdp = p->p_fd;
if (fdp == NULL)
continue;
if (fdp->fd_cdir == olddp) {
vrele(fdp->fd_cdir);
VREF(newdp);
fdp->fd_cdir = newdp;
}
if (fdp->fd_rdir == olddp) {
vrele(fdp->fd_rdir);
VREF(newdp);
fdp->fd_rdir = newdp;
}
}
ALLPROC_LOCK(AP_RELEASE);
if (rootvnode == olddp) {
vrele(rootvnode);
VREF(newdp);
rootvnode = newdp;
}
}
1994-05-24 10:09:53 +00:00
/*
* Unmount a file system.
*
* Note: unmount takes a path to the vnode mounted on as argument,
* not special file (as before).
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct unmount_args {
char *path;
int flags;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
unmount(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct unmount_args /* {
syscallarg(char *) path;
syscallarg(int) flags;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct vnode *vp;
struct mount *mp;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
NDFREE(&nd, NDF_ONLY_PNBUF);
mp = vp->v_mount;
1994-05-24 10:09:53 +00:00
/*
* Only root, or the user that did the original mount is
* permitted to unmount this filesystem.
1994-05-24 10:09:53 +00:00
*/
if ((mp->mnt_stat.f_owner != p->p_ucred->cr_uid) &&
(error = suser(p))) {
1994-05-24 10:09:53 +00:00
vput(vp);
return (error);
}
/*
* Don't allow unmounting the root file system.
1994-05-24 10:09:53 +00:00
*/
if (mp->mnt_flag & MNT_ROOTFS) {
1994-05-24 10:09:53 +00:00
vput(vp);
return (EINVAL);
}
/*
* Must be the root of the filesystem
*/
if ((vp->v_flag & VROOT) == 0) {
vput(vp);
return (EINVAL);
}
vput(vp);
return (dounmount(mp, SCARG(uap, flags), p));
1994-05-24 10:09:53 +00:00
}
/*
* Do the actual file system unmount.
*/
int
1994-05-24 10:09:53 +00:00
dounmount(mp, flags, p)
struct mount *mp;
1994-05-24 10:09:53 +00:00
int flags;
struct proc *p;
{
struct vnode *coveredvp, *fsrootvp;
1994-05-24 10:09:53 +00:00
int error;
int async_flag;
1994-05-24 10:09:53 +00:00
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
mp->mnt_kern_flag |= MNTK_UNMOUNT;
lockmgr(&mp->mnt_lock, LK_DRAIN | LK_INTERLOCK, &mountlist_mtx, p);
vn_start_write(NULL, &mp, V_WAIT);
if (mp->mnt_flag & MNT_EXPUBLIC)
vfs_setpublicfs(NULL, NULL, NULL);
vfs_msync(mp, MNT_WAIT);
async_flag = mp->mnt_flag & MNT_ASYNC;
1994-05-24 10:09:53 +00:00
mp->mnt_flag &=~ MNT_ASYNC;
cache_purgevfs(mp); /* remove cache entries for this file sys */
if (mp->mnt_syncer != NULL)
vrele(mp->mnt_syncer);
/* Move process cdir/rdir refs on fs root to underlying vnode. */
if (VFS_ROOT(mp, &fsrootvp) == 0) {
if (mp->mnt_vnodecovered != NULL)
checkdirs(fsrootvp, mp->mnt_vnodecovered);
if (fsrootvp == rootvnode) {
vrele(rootvnode);
rootvnode = NULL;
}
vput(fsrootvp);
}
if (((mp->mnt_flag & MNT_RDONLY) ||
(error = VFS_SYNC(mp, MNT_WAIT, p->p_ucred, p)) == 0) ||
(flags & MNT_FORCE)) {
1994-05-24 10:09:53 +00:00
error = VFS_UNMOUNT(mp, flags, p);
}
vn_finished_write(mp);
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
1994-05-24 10:09:53 +00:00
if (error) {
/* Undo cdir/rdir and rootvnode changes made above. */
if (VFS_ROOT(mp, &fsrootvp) == 0) {
if (mp->mnt_vnodecovered != NULL)
checkdirs(mp->mnt_vnodecovered, fsrootvp);
if (rootvnode == NULL) {
rootvnode = fsrootvp;
vref(rootvnode);
}
vput(fsrootvp);
}
if ((mp->mnt_flag & MNT_RDONLY) == 0 && mp->mnt_syncer == NULL)
(void) vfs_allocate_syncvnode(mp);
mp->mnt_kern_flag &= ~MNTK_UNMOUNT;
mp->mnt_flag |= async_flag;
lockmgr(&mp->mnt_lock, LK_RELEASE | LK_INTERLOCK | LK_REENABLE,
&mountlist_mtx, p);
if (mp->mnt_kern_flag & MNTK_MWAIT)
wakeup((caddr_t)mp);
return (error);
}
TAILQ_REMOVE(&mountlist, mp, mnt_list);
if ((coveredvp = mp->mnt_vnodecovered) != NULLVP) {
coveredvp->v_mountedhere = (struct mount *)0;
1994-05-24 10:09:53 +00:00
vrele(coveredvp);
}
mp->mnt_vfc->vfc_refcount--;
if (!LIST_EMPTY(&mp->mnt_vnodelist))
panic("unmount: dangling vnode");
lockmgr(&mp->mnt_lock, LK_RELEASE | LK_INTERLOCK, &mountlist_mtx, p);
lockdestroy(&mp->mnt_lock);
if (mp->mnt_kern_flag & MNTK_MWAIT)
wakeup((caddr_t)mp);
free((caddr_t)mp, M_MOUNT);
return (0);
1994-05-24 10:09:53 +00:00
}
/*
* Sync each mounted filesystem.
*/
#ifndef _SYS_SYSPROTO_H_
struct sync_args {
int dummy;
};
#endif
#ifdef DEBUG
static int syncprt = 0;
SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
sync(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct sync_args *uap;
{
struct mount *mp, *nmp;
1994-05-24 10:09:53 +00:00
int asyncflag;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
if (vfs_busy(mp, LK_NOWAIT, &mountlist_mtx, p)) {
nmp = TAILQ_NEXT(mp, mnt_list);
continue;
}
if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
1994-05-24 10:09:53 +00:00
asyncflag = mp->mnt_flag & MNT_ASYNC;
mp->mnt_flag &= ~MNT_ASYNC;
vfs_msync(mp, MNT_NOWAIT);
VFS_SYNC(mp, MNT_NOWAIT,
((p != NULL) ? p->p_ucred : NOCRED), p);
mp->mnt_flag |= asyncflag;
vn_finished_write(mp);
1994-05-24 10:09:53 +00:00
}
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
nmp = TAILQ_NEXT(mp, mnt_list);
vfs_unbusy(mp, p);
1994-05-24 10:09:53 +00:00
}
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&mountlist_mtx);
#if 0
/*
* XXX don't call vfs_bufstats() yet because that routine
* was not imported in the Lite2 merge.
*/
#ifdef DIAGNOSTIC
if (syncprt)
vfs_bufstats();
#endif /* DIAGNOSTIC */
#endif
1994-05-24 10:09:53 +00:00
return (0);
}
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
/* XXX PRISON: could be per prison flag */
static int prison_quotas;
#if 0
SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
#endif
1994-05-24 10:09:53 +00:00
/*
* Change filesystem quotas.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct quotactl_args {
char *path;
int cmd;
int uid;
caddr_t arg;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
quotactl(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct quotactl_args /* {
syscallarg(char *) path;
syscallarg(int) cmd;
syscallarg(int) uid;
syscallarg(caddr_t) arg;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
1994-05-24 10:09:53 +00:00
int error;
struct nameidata nd;
if (jailed(p->p_ucred) && !prison_quotas)
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
return (EPERM);
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
1994-05-24 10:09:53 +00:00
vrele(nd.ni_vp);
if (error)
return (error);
error = VFS_QUOTACTL(mp, SCARG(uap, cmd), SCARG(uap, uid),
SCARG(uap, arg), p);
vn_finished_write(mp);
return (error);
1994-05-24 10:09:53 +00:00
}
/*
* Get filesystem statistics.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct statfs_args {
char *path;
struct statfs *buf;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
statfs(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct statfs_args /* {
syscallarg(char *) path;
syscallarg(struct statfs *) buf;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct mount *mp;
register struct statfs *sp;
int error;
struct nameidata nd;
struct statfs sb;
1994-05-24 10:09:53 +00:00
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
mp = nd.ni_vp->v_mount;
sp = &mp->mnt_stat;
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vrele(nd.ni_vp);
error = VFS_STATFS(mp, sp, p);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
if (suser_xxx(p->p_ucred, 0, 0)) {
bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
sp = &sb;
}
return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp)));
1994-05-24 10:09:53 +00:00
}
/*
* Get filesystem statistics.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct fstatfs_args {
int fd;
struct statfs *buf;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
fstatfs(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct fstatfs_args /* {
syscallarg(int) fd;
syscallarg(struct statfs *) buf;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct file *fp;
struct mount *mp;
register struct statfs *sp;
int error;
struct statfs sb;
1994-05-24 10:09:53 +00:00
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
mp = ((struct vnode *)fp->f_data)->v_mount;
sp = &mp->mnt_stat;
error = VFS_STATFS(mp, sp, p);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
if (suser_xxx(p->p_ucred, 0, 0)) {
bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
sp = &sb;
}
return (copyout((caddr_t)sp, (caddr_t)SCARG(uap, buf), sizeof(*sp)));
1994-05-24 10:09:53 +00:00
}
/*
* Get statistics on all filesystems.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct getfsstat_args {
struct statfs *buf;
long bufsize;
int flags;
};
#endif
int
getfsstat(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct getfsstat_args /* {
syscallarg(struct statfs *) buf;
syscallarg(long) bufsize;
syscallarg(int) flags;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct mount *mp, *nmp;
register struct statfs *sp;
caddr_t sfsp;
long count, maxcount, error;
maxcount = SCARG(uap, bufsize) / sizeof(struct statfs);
sfsp = (caddr_t)SCARG(uap, buf);
count = 0;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
if (vfs_busy(mp, LK_NOWAIT, &mountlist_mtx, p)) {
nmp = TAILQ_NEXT(mp, mnt_list);
continue;
}
if (sfsp && count < maxcount) {
1994-05-24 10:09:53 +00:00
sp = &mp->mnt_stat;
/*
* If MNT_NOWAIT or MNT_LAZY is specified, do not
* refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
* overrides MNT_WAIT.
1994-05-24 10:09:53 +00:00
*/
if (((SCARG(uap, flags) & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
(SCARG(uap, flags) & MNT_WAIT)) &&
(error = VFS_STATFS(mp, sp, p))) {
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
nmp = TAILQ_NEXT(mp, mnt_list);
vfs_unbusy(mp, p);
1994-05-24 10:09:53 +00:00
continue;
}
1994-05-24 10:09:53 +00:00
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
error = copyout((caddr_t)sp, sfsp, sizeof(*sp));
if (error) {
vfs_unbusy(mp, p);
1994-05-24 10:09:53 +00:00
return (error);
}
1994-05-24 10:09:53 +00:00
sfsp += sizeof(*sp);
}
count++;
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock(&mountlist_mtx);
nmp = TAILQ_NEXT(mp, mnt_list);
vfs_unbusy(mp, p);
1994-05-24 10:09:53 +00:00
}
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock(&mountlist_mtx);
1994-05-24 10:09:53 +00:00
if (sfsp && count > maxcount)
p->p_retval[0] = maxcount;
1994-05-24 10:09:53 +00:00
else
p->p_retval[0] = count;
1994-05-24 10:09:53 +00:00
return (0);
}
/*
* Change current working directory to a given file descriptor.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct fchdir_args {
int fd;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
fchdir(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct fchdir_args /* {
syscallarg(int) fd;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct filedesc *fdp = p->p_fd;
struct vnode *vp, *tdp;
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct file *fp;
int error;
if ((error = getvnode(fdp, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = (struct vnode *)fp->f_data;
VREF(vp);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
if (vp->v_type != VDIR)
error = ENOTDIR;
else
error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
while (!error && (mp = vp->v_mountedhere) != NULL) {
if (vfs_busy(mp, 0, 0, p))
continue;
error = VFS_ROOT(mp, &tdp);
vfs_unbusy(mp, p);
if (error)
break;
vput(vp);
vp = tdp;
}
if (error) {
vput(vp);
1994-05-24 10:09:53 +00:00
return (error);
}
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
vrele(fdp->fd_cdir);
fdp->fd_cdir = vp;
return (0);
}
/*
* Change current working directory (``.'').
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct chdir_args {
char *path;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
chdir(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct chdir_args /* {
syscallarg(char *) path;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct filedesc *fdp = p->p_fd;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = change_dir(&nd, p)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vrele(fdp->fd_cdir);
fdp->fd_cdir = nd.ni_vp;
return (0);
}
/*
* Helper function for raised chroot(2) security function: Refuse if
* any filedescriptors are open directories.
*/
static int
chroot_refuse_vdir_fds(fdp)
struct filedesc *fdp;
{
struct vnode *vp;
struct file *fp;
int error;
int fd;
for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
error = getvnode(fdp, fd, &fp);
if (error)
continue;
vp = (struct vnode *)fp->f_data;
if (vp->v_type != VDIR)
continue;
return(EPERM);
}
return (0);
}
/*
* This sysctl determines if we will allow a process to chroot(2) if it
* has a directory open:
* 0: disallowed for all processes.
* 1: allowed for processes that were not already chroot(2)'ed.
* 2: allowed for all processes.
*/
static int chroot_allow_open_directories = 1;
SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
&chroot_allow_open_directories, 0, "");
1994-05-24 10:09:53 +00:00
/*
* Change notion of root (``/'') directory.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct chroot_args {
char *path;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
chroot(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct chroot_args /* {
syscallarg(char *) path;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct filedesc *fdp = p->p_fd;
int error;
struct nameidata nd;
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
error = suser_xxx(0, p, PRISON_ROOT);
if (error)
return (error);
if (chroot_allow_open_directories == 0 ||
(chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode))
error = chroot_refuse_vdir_fds(fdp);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = change_dir(&nd, p)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
vrele(fdp->fd_rdir);
1994-05-24 10:09:53 +00:00
fdp->fd_rdir = nd.ni_vp;
if (!fdp->fd_jdir) {
fdp->fd_jdir = nd.ni_vp;
VREF(fdp->fd_jdir);
}
1994-05-24 10:09:53 +00:00
return (0);
}
/*
* Common routine for chroot and chdir.
*/
static int
change_dir(ndp, p)
register struct nameidata *ndp;
struct proc *p;
{
struct vnode *vp;
int error;
error = namei(ndp);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
vp = ndp->ni_vp;
if (vp->v_type != VDIR)
error = ENOTDIR;
else
error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
if (error)
vput(vp);
else
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Check permissions, allocate an open file structure,
* and call the device open routine if any.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct open_args {
char *path;
int flags;
int mode;
};
#endif
int
open(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct open_args /* {
syscallarg(char *) path;
syscallarg(int) flags;
syscallarg(int) mode;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct filedesc *fdp = p->p_fd;
struct file *fp;
struct vnode *vp;
struct vattr vat;
struct mount *mp;
1997-10-28 10:29:55 +00:00
int cmode, flags, oflags;
1994-05-24 10:09:53 +00:00
struct file *nfp;
int type, indx, error;
struct flock lf;
struct nameidata nd;
1997-10-28 10:29:55 +00:00
oflags = SCARG(uap, flags);
if ((oflags & O_ACCMODE) == O_ACCMODE)
return (EINVAL);
1997-10-28 10:29:55 +00:00
flags = FFLAGS(oflags);
error = falloc(p, &nfp, &indx);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
fp = nfp;
cmode = ((SCARG(uap, mode) &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
1994-05-24 10:09:53 +00:00
p->p_dupfd = -indx - 1; /* XXX check for fdopen */
/*
* Bump the ref count to prevent another process from closing
* the descriptor while we are blocked in vn_open()
*/
fhold(fp);
error = vn_open(&nd, &flags, cmode);
if (error) {
/*
* release our own reference
*/
fdrop(fp, p);
/*
* handle special fdopen() case. bleh. dupfdopen() is
* responsible for dropping the old contents of ofiles[indx]
* if it succeeds.
*/
1994-05-24 10:09:53 +00:00
if ((error == ENODEV || error == ENXIO) &&
p->p_dupfd >= 0 && /* XXX from fdopen */
1994-05-24 10:09:53 +00:00
(error =
dupfdopen(p, fdp, indx, p->p_dupfd, flags, error)) == 0) {
p->p_retval[0] = indx;
1994-05-24 10:09:53 +00:00
return (0);
}
/*
* Clean up the descriptor, but only if another thread hadn't
* replaced or closed it.
*/
if (fdp->fd_ofiles[indx] == fp) {
fdp->fd_ofiles[indx] = NULL;
fdrop(fp, p);
}
1994-05-24 10:09:53 +00:00
if (error == ERESTART)
error = EINTR;
return (error);
}
p->p_dupfd = 0;
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vp = nd.ni_vp;
/*
* There should be 2 references on the file, one from the descriptor
* table, and one for us.
*
* Handle the case where someone closed the file (via its file
* descriptor) while we were blocked. The end result should look
* like opening the file succeeded but it was immediately closed.
*/
if (fp->f_count == 1) {
KASSERT(fdp->fd_ofiles[indx] != fp,
("Open file descriptor lost all refs"));
VOP_UNLOCK(vp, 0, p);
vn_close(vp, flags & FMASK, fp->f_cred, p);
fdrop(fp, p);
p->p_retval[0] = indx;
return 0;
}
fp->f_data = (caddr_t)vp;
1994-05-24 10:09:53 +00:00
fp->f_flag = flags & FMASK;
fp->f_ops = &vnops;
fp->f_type = (vp->v_type == VFIFO ? DTYPE_FIFO : DTYPE_VNODE);
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
if (flags & (O_EXLOCK | O_SHLOCK)) {
lf.l_whence = SEEK_SET;
lf.l_start = 0;
lf.l_len = 0;
if (flags & O_EXLOCK)
lf.l_type = F_WRLCK;
else
lf.l_type = F_RDLCK;
type = F_FLOCK;
if ((flags & FNONBLOCK) == 0)
type |= F_WAIT;
if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0)
goto bad;
1994-05-24 10:09:53 +00:00
fp->f_flag |= FHASLOCK;
}
if (flags & O_TRUNC) {
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
goto bad;
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
VATTR_NULL(&vat);
vat.va_size = 0;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
error = VOP_SETATTR(vp, &vat, p->p_ucred, p);
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
if (error)
goto bad;
}
/* assert that vn_open created a backing object if one is needed */
KASSERT(!vn_canvmio(vp) || VOP_GETVOBJECT(vp, NULL) == 0,
("open: vmio vnode has no backing object after vn_open"));
/*
* Release our private reference, leaving the one associated with
* the descriptor table intact.
*/
fdrop(fp, p);
p->p_retval[0] = indx;
1994-05-24 10:09:53 +00:00
return (0);
bad:
if (fdp->fd_ofiles[indx] == fp) {
fdp->fd_ofiles[indx] = NULL;
fdrop(fp, p);
}
fdrop(fp, p);
return (error);
1994-05-24 10:09:53 +00:00
}
#ifdef COMPAT_43
/*
* Create a file.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct ocreat_args {
char *path;
int mode;
};
#endif
int
ocreat(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct ocreat_args /* {
syscallarg(char *) path;
syscallarg(int) mode;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct open_args /* {
syscallarg(char *) path;
syscallarg(int) flags;
syscallarg(int) mode;
} */ nuap;
SCARG(&nuap, path) = SCARG(uap, path);
SCARG(&nuap, mode) = SCARG(uap, mode);
SCARG(&nuap, flags) = O_WRONLY | O_CREAT | O_TRUNC;
return (open(p, &nuap));
1994-05-24 10:09:53 +00:00
}
#endif /* COMPAT_43 */
/*
* Create a special file.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct mknod_args {
char *path;
int mode;
int dev;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
mknod(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct mknod_args /* {
syscallarg(char *) path;
syscallarg(int) mode;
syscallarg(int) dev;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
int error;
int whiteout = 0;
1994-05-24 10:09:53 +00:00
struct nameidata nd;
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
switch (SCARG(uap, mode) & S_IFMT) {
case S_IFCHR:
case S_IFBLK:
error = suser(p);
break;
default:
error = suser_xxx(0, p, PRISON_ROOT);
break;
}
if (error)
1994-05-24 10:09:53 +00:00
return (error);
restart:
bwillwrite();
NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
if (vp != NULL) {
vrele(vp);
1994-05-24 10:09:53 +00:00
error = EEXIST;
} else {
1994-05-24 10:09:53 +00:00
VATTR_NULL(&vattr);
vattr.va_mode = (SCARG(uap, mode) & ALLPERMS) &~ p->p_fd->fd_cmask;
vattr.va_rdev = SCARG(uap, dev);
whiteout = 0;
1994-05-24 10:09:53 +00:00
switch (SCARG(uap, mode) & S_IFMT) {
1994-05-24 10:09:53 +00:00
case S_IFMT: /* used by badsect to flag bad sectors */
vattr.va_type = VBAD;
break;
case S_IFCHR:
vattr.va_type = VCHR;
break;
case S_IFBLK:
vattr.va_type = VBLK;
break;
case S_IFWHT:
whiteout = 1;
break;
1994-05-24 10:09:53 +00:00
default:
error = EINVAL;
break;
}
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
1994-05-24 10:09:53 +00:00
if (!error) {
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
if (whiteout)
error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
else {
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
&nd.ni_cnd, &vattr);
1999-11-13 14:35:50 +00:00
if (error == 0)
vput(nd.ni_vp);
}
1994-05-24 10:09:53 +00:00
}
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "mknod");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "mknod");
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Create a named pipe.
1994-05-24 10:09:53 +00:00
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct mkfifo_args {
char *path;
int mode;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
mkfifo(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct mkfifo_args /* {
syscallarg(char *) path;
syscallarg(int) mode;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
int error;
struct nameidata nd;
restart:
bwillwrite();
NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
if (nd.ni_vp != NULL) {
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vrele(nd.ni_vp);
vput(nd.ni_dvp);
1994-05-24 10:09:53 +00:00
return (EEXIST);
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
1994-05-24 10:09:53 +00:00
VATTR_NULL(&vattr);
vattr.va_type = VFIFO;
vattr.va_mode = (SCARG(uap, mode) & ALLPERMS) &~ p->p_fd->fd_cmask;
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1999-11-13 14:35:50 +00:00
if (error == 0)
vput(nd.ni_vp);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
vn_finished_write(mp);
return (error);
1994-05-24 10:09:53 +00:00
}
/*
* Make a hard file link.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct link_args {
char *path;
char *link;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
link(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct link_args /* {
syscallarg(char *) path;
syscallarg(char *) link;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct nameidata nd;
int error;
bwillwrite();
NDINIT(&nd, LOOKUP, FOLLOW|NOOBJ, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vp = nd.ni_vp;
if (vp->v_type == VDIR) {
vrele(vp);
return (EPERM); /* POSIX */
}
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
vrele(vp);
return (error);
}
NDINIT(&nd, CREATE, LOCKPARENT|NOOBJ, UIO_USERSPACE, SCARG(uap, link), p);
if ((error = namei(&nd)) == 0) {
if (nd.ni_vp != NULL) {
vrele(nd.ni_vp);
error = EEXIST;
} else {
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
1994-05-24 10:09:53 +00:00
}
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
1994-05-24 10:09:53 +00:00
}
vrele(vp);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "link");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "link");
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Make a symbolic link.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct symlink_args {
char *path;
char *link;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
symlink(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct symlink_args /* {
syscallarg(char *) path;
syscallarg(char *) link;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
char *path;
int error;
struct nameidata nd;
path = zalloc(namei_zone);
if ((error = copyinstr(SCARG(uap, path), path, MAXPATHLEN, NULL)) != 0)
1994-05-24 10:09:53 +00:00
goto out;
restart:
bwillwrite();
NDINIT(&nd, CREATE, LOCKPARENT|NOOBJ, UIO_USERSPACE, SCARG(uap, link), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
goto out;
if (nd.ni_vp) {
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vrele(nd.ni_vp);
vput(nd.ni_dvp);
1994-05-24 10:09:53 +00:00
error = EEXIST;
goto out;
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
1994-05-24 10:09:53 +00:00
VATTR_NULL(&vattr);
vattr.va_mode = ACCESSPERMS &~ p->p_fd->fd_cmask;
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
1994-05-24 10:09:53 +00:00
error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, path);
NDFREE(&nd, NDF_ONLY_PNBUF);
if (error == 0)
vput(nd.ni_vp);
vput(nd.ni_dvp);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "symlink");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "symlink");
1994-05-24 10:09:53 +00:00
out:
zfree(namei_zone, path);
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Delete a whiteout from the filesystem.
*/
/* ARGSUSED */
int
undelete(p, uap)
struct proc *p;
register struct undelete_args /* {
syscallarg(char *) path;
} */ *uap;
{
int error;
struct mount *mp;
struct nameidata nd;
restart:
bwillwrite();
NDINIT(&nd, DELETE, LOCKPARENT|DOWHITEOUT, UIO_USERSPACE,
SCARG(uap, path), p);
error = namei(&nd);
if (error)
return (error);
if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
NDFREE(&nd, NDF_ONLY_PNBUF);
if (nd.ni_vp)
vrele(nd.ni_vp);
vput(nd.ni_dvp);
return (EEXIST);
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "undelete");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "undelete");
return (error);
}
1994-05-24 10:09:53 +00:00
/*
* Delete a name from the filesystem.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct unlink_args {
char *path;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
unlink(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct unlink_args /* {
syscallarg(char *) path;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
struct vnode *vp;
1994-05-24 10:09:53 +00:00
int error;
struct nameidata nd;
restart:
bwillwrite();
NDINIT(&nd, DELETE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
if (vp->v_type == VDIR)
error = EPERM; /* POSIX */
else {
1994-05-24 10:09:53 +00:00
/*
* The root of a mounted filesystem cannot be deleted.
*
* XXX: can this only be a VDIR case?
1994-05-24 10:09:53 +00:00
*/
if (vp->v_flag & VROOT)
error = EBUSY;
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vrele(vp);
vput(nd.ni_dvp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
if (!error) {
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
1994-05-24 10:09:53 +00:00
}
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
vput(vp);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "unlink");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "unlink");
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Reposition read/write file offset.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct lseek_args {
int fd;
int pad;
off_t offset;
int whence;
};
#endif
int
lseek(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct lseek_args /* {
syscallarg(int) fd;
syscallarg(int) pad;
syscallarg(off_t) offset;
syscallarg(int) whence;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct ucred *cred = p->p_ucred;
register struct filedesc *fdp = p->p_fd;
register struct file *fp;
struct vattr vattr;
int error;
if ((u_int)SCARG(uap, fd) >= fdp->fd_nfiles ||
(fp = fdp->fd_ofiles[SCARG(uap, fd)]) == NULL)
1994-05-24 10:09:53 +00:00
return (EBADF);
if (fp->f_type != DTYPE_VNODE)
return (ESPIPE);
switch (SCARG(uap, whence)) {
1994-05-24 10:09:53 +00:00
case L_INCR:
1998-04-19 22:20:32 +00:00
fp->f_offset += SCARG(uap, offset);
1994-05-24 10:09:53 +00:00
break;
case L_XTND:
error=VOP_GETATTR((struct vnode *)fp->f_data, &vattr, cred, p);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
1998-04-19 22:20:32 +00:00
fp->f_offset = SCARG(uap, offset) + vattr.va_size;
1994-05-24 10:09:53 +00:00
break;
case L_SET:
1998-04-19 22:20:32 +00:00
fp->f_offset = SCARG(uap, offset);
1994-05-24 10:09:53 +00:00
break;
default:
return (EINVAL);
}
1998-04-19 22:20:32 +00:00
*(off_t *)(p->p_retval) = fp->f_offset;
1994-05-24 10:09:53 +00:00
return (0);
}
#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
/*
* Reposition read/write file offset.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct olseek_args {
int fd;
long offset;
int whence;
};
#endif
int
olseek(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct olseek_args /* {
syscallarg(int) fd;
syscallarg(long) offset;
syscallarg(int) whence;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct lseek_args /* {
syscallarg(int) fd;
syscallarg(int) pad;
syscallarg(off_t) offset;
syscallarg(int) whence;
} */ nuap;
1994-05-24 10:09:53 +00:00
int error;
SCARG(&nuap, fd) = SCARG(uap, fd);
SCARG(&nuap, offset) = SCARG(uap, offset);
SCARG(&nuap, whence) = SCARG(uap, whence);
error = lseek(p, &nuap);
1994-05-24 10:09:53 +00:00
return (error);
}
#endif /* COMPAT_43 */
/*
* Check access permissions.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct access_args {
char *path;
int flags;
};
#endif
int
access(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct access_args /* {
syscallarg(char *) path;
syscallarg(int) flags;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct ucred *cred, *tmpcred;
1994-05-24 10:09:53 +00:00
register struct vnode *vp;
int error, flags;
1994-05-24 10:09:53 +00:00
struct nameidata nd;
cred = p->p_ucred;
/*
* Create and modify a temporary credential instead of one that
* is potentially shared. This could also mess up socket
* buffer accounting which can run in an interrupt context.
*
* XXX - Depending on how "threads" are finally implemented, it
* may be better to explicitly pass the credential to namei()
* rather than to modify the potentially shared process structure.
*/
tmpcred = crdup(cred);
tmpcred->cr_uid = p->p_cred->p_ruid;
tmpcred->cr_groups[0] = p->p_cred->p_rgid;
p->p_ucred = tmpcred;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
goto out1;
vp = nd.ni_vp;
/* Flags == 0 means only check for existence. */
if (SCARG(uap, flags)) {
1994-05-24 10:09:53 +00:00
flags = 0;
if (SCARG(uap, flags) & R_OK)
1994-05-24 10:09:53 +00:00
flags |= VREAD;
if (SCARG(uap, flags) & W_OK)
1994-05-24 10:09:53 +00:00
flags |= VWRITE;
if (SCARG(uap, flags) & X_OK)
1994-05-24 10:09:53 +00:00
flags |= VEXEC;
if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
error = VOP_ACCESS(vp, flags, cred, p);
}
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vput(vp);
out1:
p->p_ucred = cred;
crfree(tmpcred);
1994-05-24 10:09:53 +00:00
return (error);
}
#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
/*
* Get file status; this version follows links.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct ostat_args {
char *path;
struct ostat *ub;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
ostat(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct ostat_args /* {
syscallarg(char *) path;
syscallarg(struct ostat *) ub;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct stat sb;
struct ostat osb;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
error = vn_stat(nd.ni_vp, &sb, p);
vput(nd.ni_vp);
if (error)
return (error);
cvtstat(&sb, &osb);
error = copyout((caddr_t)&osb, (caddr_t)SCARG(uap, ub), sizeof (osb));
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Get file status; this version does not follow links.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct olstat_args {
char *path;
struct ostat *ub;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
olstat(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct olstat_args /* {
syscallarg(char *) path;
syscallarg(struct ostat *) ub;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
struct stat sb;
1994-05-24 10:09:53 +00:00
struct ostat osb;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
error = vn_stat(vp, &sb, p);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(vp);
if (error)
return (error);
1994-05-24 10:09:53 +00:00
cvtstat(&sb, &osb);
error = copyout((caddr_t)&osb, (caddr_t)SCARG(uap, ub), sizeof (osb));
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Convert from an old to a new stat structure.
*/
void
1994-05-24 10:09:53 +00:00
cvtstat(st, ost)
struct stat *st;
struct ostat *ost;
{
ost->st_dev = st->st_dev;
ost->st_ino = st->st_ino;
ost->st_mode = st->st_mode;
ost->st_nlink = st->st_nlink;
ost->st_uid = st->st_uid;
ost->st_gid = st->st_gid;
ost->st_rdev = st->st_rdev;
if (st->st_size < (quad_t)1 << 32)
ost->st_size = st->st_size;
else
ost->st_size = -2;
ost->st_atime = st->st_atime;
ost->st_mtime = st->st_mtime;
ost->st_ctime = st->st_ctime;
ost->st_blksize = st->st_blksize;
ost->st_blocks = st->st_blocks;
ost->st_flags = st->st_flags;
ost->st_gen = st->st_gen;
}
#endif /* COMPAT_43 || COMPAT_SUNOS */
/*
* Get file status; this version follows links.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct stat_args {
char *path;
struct stat *ub;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
stat(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct stat_args /* {
syscallarg(char *) path;
syscallarg(struct stat *) ub;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct stat sb;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
error = vn_stat(nd.ni_vp, &sb, p);
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vput(nd.ni_vp);
if (error)
return (error);
error = copyout((caddr_t)&sb, (caddr_t)SCARG(uap, ub), sizeof (sb));
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Get file status; this version does not follow links.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct lstat_args {
char *path;
struct stat *ub;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
lstat(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct lstat_args /* {
syscallarg(char *) path;
syscallarg(struct stat *) ub;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
int error;
struct vnode *vp;
struct stat sb;
1994-05-24 10:09:53 +00:00
struct nameidata nd;
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
error = vn_stat(vp, &sb, p);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(vp);
if (error)
return (error);
error = copyout((caddr_t)&sb, (caddr_t)SCARG(uap, ub), sizeof (sb));
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Implementation of the NetBSD stat() function.
* XXX This should probably be collapsed with the FreeBSD version,
* as the differences are only due to vn_stat() clearing spares at
* the end of the structures. vn_stat could be split to avoid this,
* and thus collapse the following to close to zero code.
*/
void
cvtnstat(sb, nsb)
struct stat *sb;
struct nstat *nsb;
{
nsb->st_dev = sb->st_dev;
nsb->st_ino = sb->st_ino;
nsb->st_mode = sb->st_mode;
nsb->st_nlink = sb->st_nlink;
nsb->st_uid = sb->st_uid;
nsb->st_gid = sb->st_gid;
nsb->st_rdev = sb->st_rdev;
nsb->st_atimespec = sb->st_atimespec;
nsb->st_mtimespec = sb->st_mtimespec;
nsb->st_ctimespec = sb->st_ctimespec;
nsb->st_size = sb->st_size;
nsb->st_blocks = sb->st_blocks;
nsb->st_blksize = sb->st_blksize;
nsb->st_flags = sb->st_flags;
nsb->st_gen = sb->st_gen;
nsb->st_qspare[0] = sb->st_qspare[0];
nsb->st_qspare[1] = sb->st_qspare[1];
}
#ifndef _SYS_SYSPROTO_H_
struct nstat_args {
char *path;
struct nstat *ub;
};
#endif
/* ARGSUSED */
int
nstat(p, uap)
struct proc *p;
register struct nstat_args /* {
syscallarg(char *) path;
syscallarg(struct nstat *) ub;
} */ *uap;
{
struct stat sb;
struct nstat nsb;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = vn_stat(nd.ni_vp, &sb, p);
vput(nd.ni_vp);
if (error)
return (error);
cvtnstat(&sb, &nsb);
error = copyout((caddr_t)&nsb, (caddr_t)SCARG(uap, ub), sizeof (nsb));
return (error);
}
/*
* NetBSD lstat. Get file status; this version does not follow links.
*/
#ifndef _SYS_SYSPROTO_H_
struct lstat_args {
char *path;
struct stat *ub;
};
#endif
/* ARGSUSED */
int
nlstat(p, uap)
struct proc *p;
register struct nlstat_args /* {
syscallarg(char *) path;
syscallarg(struct nstat *) ub;
} */ *uap;
{
int error;
struct vnode *vp;
struct stat sb;
struct nstat nsb;
struct nameidata nd;
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
vp = nd.ni_vp;
NDFREE(&nd, NDF_ONLY_PNBUF);
error = vn_stat(vp, &sb, p);
vput(vp);
if (error)
return (error);
cvtnstat(&sb, &nsb);
error = copyout((caddr_t)&nsb, (caddr_t)SCARG(uap, ub), sizeof (nsb));
return (error);
}
1994-05-24 10:09:53 +00:00
/*
* Get configurable pathname variables.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct pathconf_args {
char *path;
int name;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
pathconf(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct pathconf_args /* {
syscallarg(char *) path;
syscallarg(int) name;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = VOP_PATHCONF(nd.ni_vp, SCARG(uap, name), p->p_retval);
1994-05-24 10:09:53 +00:00
vput(nd.ni_vp);
return (error);
}
/*
* Return target name of a symbolic link.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct readlink_args {
char *path;
char *buf;
int count;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
readlink(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct readlink_args /* {
syscallarg(char *) path;
syscallarg(char *) buf;
syscallarg(int) count;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct vnode *vp;
struct iovec aiov;
struct uio auio;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | NOOBJ, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vp = nd.ni_vp;
if (vp->v_type != VLNK)
error = EINVAL;
else {
aiov.iov_base = SCARG(uap, buf);
aiov.iov_len = SCARG(uap, count);
1994-05-24 10:09:53 +00:00
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
auio.uio_offset = 0;
auio.uio_rw = UIO_READ;
auio.uio_segflg = UIO_USERSPACE;
auio.uio_procp = p;
auio.uio_resid = SCARG(uap, count);
1994-05-24 10:09:53 +00:00
error = VOP_READLINK(vp, &auio, p->p_ucred);
}
vput(vp);
p->p_retval[0] = SCARG(uap, count) - auio.uio_resid;
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Common implementation code for chflags() and fchflags().
*/
static int
setfflags(p, vp, flags)
struct proc *p;
struct vnode *vp;
int flags;
{
int error;
struct mount *mp;
struct vattr vattr;
/*
* Prevent non-root users from setting flags on devices. When
* a device is reused, users can retain ownership of the device
* if they are allowed to set flags and programs assume that
* chown can't fail when done as root.
*/
if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
((error = suser_xxx(p->p_ucred, p, PRISON_ROOT)) != 0))
return (error);
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
return (error);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
VATTR_NULL(&vattr);
vattr.va_flags = flags;
error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
return (error);
}
1994-05-24 10:09:53 +00:00
/*
* Change flags of a file given a path name.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct chflags_args {
char *path;
int flags;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
chflags(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct chflags_args /* {
syscallarg(char *) path;
syscallarg(int) flags;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setfflags(p, nd.ni_vp, SCARG(uap, flags));
vrele(nd.ni_vp);
return error;
1994-05-24 10:09:53 +00:00
}
/*
* Change flags of a file given a file descriptor.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct fchflags_args {
int fd;
int flags;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
fchflags(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct fchflags_args /* {
syscallarg(int) fd;
syscallarg(int) flags;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct file *fp;
int error;
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
return setfflags(p, (struct vnode *) fp->f_data, SCARG(uap, flags));
}
/*
* Common implementation code for chmod(), lchmod() and fchmod().
*/
static int
setfmode(p, vp, mode)
struct proc *p;
struct vnode *vp;
int mode;
{
int error;
struct mount *mp;
struct vattr vattr;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
return (error);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
VATTR_NULL(&vattr);
vattr.va_mode = mode & ALLPERMS;
error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
return error;
1994-05-24 10:09:53 +00:00
}
/*
* Change mode of a file given path name.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct chmod_args {
char *path;
int mode;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
chmod(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct chmod_args /* {
syscallarg(char *) path;
syscallarg(int) mode;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setfmode(p, nd.ni_vp, SCARG(uap, mode));
vrele(nd.ni_vp);
return error;
}
/*
* Change mode of a file given path name (don't follow links.)
*/
#ifndef _SYS_SYSPROTO_H_
struct lchmod_args {
char *path;
int mode;
};
#endif
/* ARGSUSED */
int
lchmod(p, uap)
struct proc *p;
register struct lchmod_args /* {
syscallarg(char *) path;
syscallarg(int) mode;
} */ *uap;
{
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setfmode(p, nd.ni_vp, SCARG(uap, mode));
vrele(nd.ni_vp);
return error;
1994-05-24 10:09:53 +00:00
}
/*
* Change mode of a file given a file descriptor.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct fchmod_args {
int fd;
int mode;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
fchmod(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct fchmod_args /* {
syscallarg(int) fd;
syscallarg(int) mode;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct file *fp;
int error;
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
return setfmode(p, (struct vnode *)fp->f_data, SCARG(uap, mode));
}
/*
* Common implementation for chown(), lchown(), and fchown()
*/
static int
setfown(p, vp, uid, gid)
struct proc *p;
struct vnode *vp;
uid_t uid;
gid_t gid;
{
int error;
struct mount *mp;
struct vattr vattr;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
return (error);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
VATTR_NULL(&vattr);
vattr.va_uid = uid;
vattr.va_gid = gid;
error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
return error;
1994-05-24 10:09:53 +00:00
}
/*
* Set ownership given a path name.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct chown_args {
char *path;
int uid;
int gid;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
chown(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct chown_args /* {
syscallarg(char *) path;
syscallarg(int) uid;
syscallarg(int) gid;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setfown(p, nd.ni_vp, SCARG(uap, uid), SCARG(uap, gid));
vrele(nd.ni_vp);
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Set ownership given a path name, do not cross symlinks.
*/
#ifndef _SYS_SYSPROTO_H_
struct lchown_args {
char *path;
int uid;
int gid;
};
#endif
/* ARGSUSED */
int
lchown(p, uap)
struct proc *p;
register struct lchown_args /* {
syscallarg(char *) path;
syscallarg(int) uid;
syscallarg(int) gid;
} */ *uap;
{
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setfown(p, nd.ni_vp, SCARG(uap, uid), SCARG(uap, gid));
vrele(nd.ni_vp);
return (error);
}
1994-05-24 10:09:53 +00:00
/*
* Set ownership given a file descriptor.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct fchown_args {
int fd;
int uid;
int gid;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
fchown(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct fchown_args /* {
syscallarg(int) fd;
syscallarg(int) uid;
syscallarg(int) gid;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct file *fp;
int error;
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
return setfown(p, (struct vnode *)fp->f_data,
SCARG(uap, uid), SCARG(uap, gid));
}
/*
* Common implementation code for utimes(), lutimes(), and futimes().
*/
static int
getutimes(usrtvp, tsp)
const struct timeval *usrtvp;
struct timespec *tsp;
{
struct timeval tv[2];
int error;
if (usrtvp == NULL) {
microtime(&tv[0]);
TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
tsp[1] = tsp[0];
} else {
if ((error = copyin(usrtvp, tv, sizeof (tv))) != 0)
return (error);
TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
TIMEVAL_TO_TIMESPEC(&tv[1], &tsp[1]);
}
return 0;
}
/*
* Common implementation code for utimes(), lutimes(), and futimes().
*/
static int
setutimes(p, vp, ts, nullflag)
struct proc *p;
struct vnode *vp;
const struct timespec *ts;
int nullflag;
{
int error;
struct mount *mp;
struct vattr vattr;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
return (error);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
VATTR_NULL(&vattr);
vattr.va_atime = ts[0];
vattr.va_mtime = ts[1];
if (nullflag)
vattr.va_vaflags |= VA_UTIMES_NULL;
error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
return error;
1994-05-24 10:09:53 +00:00
}
/*
* Set the access and modification times of a file.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct utimes_args {
char *path;
struct timeval *tptr;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
utimes(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct utimes_args /* {
syscallarg(char *) path;
syscallarg(struct timeval *) tptr;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct timespec ts[2];
struct timeval *usrtvp;
1994-05-24 10:09:53 +00:00
int error;
struct nameidata nd;
usrtvp = SCARG(uap, tptr);
if ((error = getutimes(usrtvp, ts)) != 0)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setutimes(p, nd.ni_vp, ts, usrtvp == NULL);
vrele(nd.ni_vp);
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Set the access and modification times of a file.
*/
#ifndef _SYS_SYSPROTO_H_
struct lutimes_args {
char *path;
struct timeval *tptr;
};
#endif
/* ARGSUSED */
int
lutimes(p, uap)
struct proc *p;
register struct lutimes_args /* {
syscallarg(char *) path;
syscallarg(struct timeval *) tptr;
} */ *uap;
{
struct timespec ts[2];
struct timeval *usrtvp;
int error;
struct nameidata nd;
usrtvp = SCARG(uap, tptr);
if ((error = getutimes(usrtvp, ts)) != 0)
return (error);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
error = setutimes(p, nd.ni_vp, ts, usrtvp == NULL);
vrele(nd.ni_vp);
return (error);
}
/*
* Set the access and modification times of a file.
*/
#ifndef _SYS_SYSPROTO_H_
struct futimes_args {
int fd;
struct timeval *tptr;
};
#endif
/* ARGSUSED */
int
futimes(p, uap)
struct proc *p;
register struct futimes_args /* {
syscallarg(int ) fd;
syscallarg(struct timeval *) tptr;
} */ *uap;
{
struct timespec ts[2];
struct file *fp;
struct timeval *usrtvp;
int error;
usrtvp = SCARG(uap, tptr);
if ((error = getutimes(usrtvp, ts)) != 0)
return (error);
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
return (error);
return setutimes(p, (struct vnode *)fp->f_data, ts, usrtvp == NULL);
}
1994-05-24 10:09:53 +00:00
/*
* Truncate a file given its path name.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct truncate_args {
char *path;
int pad;
off_t length;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
truncate(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct truncate_args /* {
syscallarg(char *) path;
syscallarg(int) pad;
syscallarg(off_t) length;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
struct vnode *vp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
int error;
struct nameidata nd;
if (uap->length < 0)
return(EINVAL);
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
vrele(vp);
return (error);
}
NDFREE(&nd, NDF_ONLY_PNBUF);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
if (vp->v_type == VDIR)
error = EISDIR;
else if ((error = vn_writechk(vp)) == 0 &&
(error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p)) == 0) {
VATTR_NULL(&vattr);
vattr.va_size = SCARG(uap, length);
1994-05-24 10:09:53 +00:00
error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
}
vput(vp);
vn_finished_write(mp);
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Truncate a file given a file descriptor.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct ftruncate_args {
int fd;
int pad;
off_t length;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
ftruncate(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct ftruncate_args /* {
syscallarg(int) fd;
syscallarg(int) pad;
syscallarg(off_t) length;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
struct vnode *vp;
struct file *fp;
int error;
if (uap->length < 0)
return(EINVAL);
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
if ((fp->f_flag & FWRITE) == 0)
return (EINVAL);
vp = (struct vnode *)fp->f_data;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
return (error);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
if (vp->v_type == VDIR)
error = EISDIR;
else if ((error = vn_writechk(vp)) == 0) {
VATTR_NULL(&vattr);
vattr.va_size = SCARG(uap, length);
1994-05-24 10:09:53 +00:00
error = VOP_SETATTR(vp, &vattr, fp->f_cred, p);
}
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
1994-05-24 10:09:53 +00:00
return (error);
}
#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
/*
* Truncate a file given its path name.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct otruncate_args {
char *path;
long length;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
otruncate(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct otruncate_args /* {
syscallarg(char *) path;
syscallarg(long) length;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct truncate_args /* {
syscallarg(char *) path;
syscallarg(int) pad;
syscallarg(off_t) length;
} */ nuap;
SCARG(&nuap, path) = SCARG(uap, path);
SCARG(&nuap, length) = SCARG(uap, length);
return (truncate(p, &nuap));
1994-05-24 10:09:53 +00:00
}
/*
* Truncate a file given a file descriptor.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct oftruncate_args {
int fd;
long length;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
oftruncate(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct oftruncate_args /* {
syscallarg(int) fd;
syscallarg(long) length;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct ftruncate_args /* {
syscallarg(int) fd;
syscallarg(int) pad;
syscallarg(off_t) length;
} */ nuap;
SCARG(&nuap, fd) = SCARG(uap, fd);
SCARG(&nuap, length) = SCARG(uap, length);
return (ftruncate(p, &nuap));
1994-05-24 10:09:53 +00:00
}
#endif /* COMPAT_43 || COMPAT_SUNOS */
/*
* Sync an open file.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct fsync_args {
int fd;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
fsync(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct fsync_args /* {
syscallarg(int) fd;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
struct mount *mp;
1994-05-24 10:09:53 +00:00
struct file *fp;
vm_object_t obj;
1994-05-24 10:09:53 +00:00
int error;
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = (struct vnode *)fp->f_data;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
return (error);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
if (VOP_GETVOBJECT(vp, &obj) == 0)
vm_object_page_clean(obj, 0, 0, 0);
error = VOP_FSYNC(vp, fp->f_cred, MNT_WAIT, p);
#ifdef SOFTUPDATES
if (error == 0 && vp->v_mount && (vp->v_mount->mnt_flag & MNT_SOFTDEP))
error = softdep_fsync(vp);
#endif
VOP_UNLOCK(vp, 0, p);
vn_finished_write(mp);
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Rename files. Source and destination must either both be directories,
* or both not be directories. If target is a directory, it must be empty.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct rename_args {
char *from;
char *to;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
rename(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct rename_args /* {
syscallarg(char *) from;
syscallarg(char *) to;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
struct vnode *tvp, *fvp, *tdvp;
1994-05-24 10:09:53 +00:00
struct nameidata fromnd, tond;
int error;
bwillwrite();
1994-05-24 10:09:53 +00:00
NDINIT(&fromnd, DELETE, WANTPARENT | SAVESTART, UIO_USERSPACE,
SCARG(uap, from), p);
if ((error = namei(&fromnd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
fvp = fromnd.ni_vp;
if ((error = vn_start_write(fvp, &mp, V_WAIT | PCATCH)) != 0) {
NDFREE(&fromnd, NDF_ONLY_PNBUF);
vrele(fromnd.ni_dvp);
vrele(fvp);
goto out1;
}
NDINIT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | NOOBJ,
UIO_USERSPACE, SCARG(uap, to), p);
if (fromnd.ni_vp->v_type == VDIR)
tond.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&tond)) != 0) {
/* Translate error code for rename("dir1", "dir2/."). */
if (error == EISDIR && fvp->v_type == VDIR)
error = EINVAL;
NDFREE(&fromnd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vrele(fromnd.ni_dvp);
vrele(fvp);
goto out1;
}
tdvp = tond.ni_dvp;
tvp = tond.ni_vp;
if (tvp != NULL) {
if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
error = ENOTDIR;
goto out;
} else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
error = EISDIR;
goto out;
}
}
if (fvp == tdvp)
error = EINVAL;
/*
* If source is the same as the destination (that is the
* same inode number with the same name in the same directory),
* then there is nothing to do.
*/
if (fvp == tvp && fromnd.ni_dvp == tdvp &&
fromnd.ni_cnd.cn_namelen == tond.ni_cnd.cn_namelen &&
!bcmp(fromnd.ni_cnd.cn_nameptr, tond.ni_cnd.cn_nameptr,
fromnd.ni_cnd.cn_namelen))
error = -1;
out:
if (!error) {
VOP_LEASE(tdvp, p, p->p_ucred, LEASE_WRITE);
if (fromnd.ni_dvp != tdvp) {
VOP_LEASE(fromnd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
}
if (tvp) {
VOP_LEASE(tvp, p, p->p_ucred, LEASE_WRITE);
}
1994-05-24 10:09:53 +00:00
error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
NDFREE(&fromnd, NDF_ONLY_PNBUF);
NDFREE(&tond, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
} else {
NDFREE(&fromnd, NDF_ONLY_PNBUF);
NDFREE(&tond, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
if (tdvp == tvp)
vrele(tdvp);
else
vput(tdvp);
if (tvp)
vput(tvp);
vrele(fromnd.ni_dvp);
vrele(fvp);
}
vrele(tond.ni_startdir);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(fromnd.ni_dvp, "rename");
ASSERT_VOP_UNLOCKED(fromnd.ni_vp, "rename");
ASSERT_VOP_UNLOCKED(tond.ni_dvp, "rename");
ASSERT_VOP_UNLOCKED(tond.ni_vp, "rename");
1994-05-24 10:09:53 +00:00
out1:
if (fromnd.ni_startdir)
vrele(fromnd.ni_startdir);
if (error == -1)
return (0);
return (error);
}
/*
* Make a directory file.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct mkdir_args {
char *path;
int mode;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
mkdir(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct mkdir_args /* {
syscallarg(char *) path;
syscallarg(int) mode;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
struct vnode *vp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
int error;
struct nameidata nd;
restart:
bwillwrite();
NDINIT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, SCARG(uap, path), p);
nd.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
if (vp != NULL) {
NDFREE(&nd, NDF_ONLY_PNBUF);
1994-05-24 10:09:53 +00:00
vrele(vp);
vput(nd.ni_dvp);
1994-05-24 10:09:53 +00:00
return (EEXIST);
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
1994-05-24 10:09:53 +00:00
VATTR_NULL(&vattr);
vattr.va_type = VDIR;
vattr.va_mode = (SCARG(uap, mode) & ACCESSPERMS) &~ p->p_fd->fd_cmask;
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
1994-05-24 10:09:53 +00:00
error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_dvp);
1994-05-24 10:09:53 +00:00
if (!error)
vput(nd.ni_vp);
vn_finished_write(mp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "mkdir");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "mkdir");
1994-05-24 10:09:53 +00:00
return (error);
}
/*
* Remove a directory file.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct rmdir_args {
char *path;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
rmdir(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct rmdir_args /* {
syscallarg(char *) path;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
struct vnode *vp;
1994-05-24 10:09:53 +00:00
int error;
struct nameidata nd;
restart:
bwillwrite();
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
if (vp->v_type != VDIR) {
error = ENOTDIR;
goto out;
}
/*
* No rmdir "." please.
*/
if (nd.ni_dvp == vp) {
error = EINVAL;
goto out;
}
/*
* The root of a mounted filesystem cannot be deleted.
*/
if (vp->v_flag & VROOT) {
1994-05-24 10:09:53 +00:00
error = EBUSY;
goto out;
1994-05-24 10:09:53 +00:00
}
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
NDFREE(&nd, NDF_ONLY_PNBUF);
if (nd.ni_dvp == vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vput(vp);
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
return (error);
goto restart;
}
VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE);
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
vn_finished_write(mp);
out:
NDFREE(&nd, NDF_ONLY_PNBUF);
if (nd.ni_dvp == vp)
vrele(nd.ni_dvp);
else
vput(nd.ni_dvp);
vput(vp);
ASSERT_VOP_UNLOCKED(nd.ni_dvp, "rmdir");
ASSERT_VOP_UNLOCKED(nd.ni_vp, "rmdir");
1994-05-24 10:09:53 +00:00
return (error);
}
#ifdef COMPAT_43
/*
* Read a block of directory entries in a file system independent format.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct ogetdirentries_args {
int fd;
char *buf;
u_int count;
long *basep;
};
#endif
int
ogetdirentries(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct ogetdirentries_args /* {
syscallarg(int) fd;
syscallarg(char *) buf;
syscallarg(u_int) count;
syscallarg(long *) basep;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
1994-05-24 10:09:53 +00:00
struct file *fp;
struct uio auio, kuio;
struct iovec aiov, kiov;
struct dirent *dp, *edp;
caddr_t dirbuf;
int error, eofflag, readcnt;
1994-05-24 10:09:53 +00:00
long loff;
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
if ((fp->f_flag & FREAD) == 0)
return (EBADF);
vp = (struct vnode *)fp->f_data;
unionread:
1994-05-24 10:09:53 +00:00
if (vp->v_type != VDIR)
return (EINVAL);
aiov.iov_base = SCARG(uap, buf);
aiov.iov_len = SCARG(uap, count);
1994-05-24 10:09:53 +00:00
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
auio.uio_rw = UIO_READ;
auio.uio_segflg = UIO_USERSPACE;
auio.uio_procp = p;
auio.uio_resid = SCARG(uap, count);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
loff = auio.uio_offset = fp->f_offset;
# if (BYTE_ORDER != LITTLE_ENDIAN)
if (vp->v_mount->mnt_maxsymlinklen <= 0) {
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
NULL, NULL);
1994-05-24 10:09:53 +00:00
fp->f_offset = auio.uio_offset;
} else
# endif
{
kuio = auio;
kuio.uio_iov = &kiov;
kuio.uio_segflg = UIO_SYSSPACE;
kiov.iov_len = SCARG(uap, count);
MALLOC(dirbuf, caddr_t, SCARG(uap, count), M_TEMP, M_WAITOK);
1994-05-24 10:09:53 +00:00
kiov.iov_base = dirbuf;
error = VOP_READDIR(vp, &kuio, fp->f_cred, &eofflag,
NULL, NULL);
1994-05-24 10:09:53 +00:00
fp->f_offset = kuio.uio_offset;
if (error == 0) {
readcnt = SCARG(uap, count) - kuio.uio_resid;
1994-05-24 10:09:53 +00:00
edp = (struct dirent *)&dirbuf[readcnt];
for (dp = (struct dirent *)dirbuf; dp < edp; ) {
# if (BYTE_ORDER == LITTLE_ENDIAN)
/*
* The expected low byte of
* dp->d_namlen is our dp->d_type.
* The high MBZ byte of dp->d_namlen
* is our dp->d_namlen.
*/
dp->d_type = dp->d_namlen;
dp->d_namlen = 0;
# else
/*
* The dp->d_type is the high byte
* of the expected dp->d_namlen,
* so must be zero'ed.
*/
dp->d_type = 0;
# endif
if (dp->d_reclen > 0) {
dp = (struct dirent *)
((char *)dp + dp->d_reclen);
} else {
error = EIO;
break;
}
}
if (dp >= edp)
error = uiomove(dirbuf, readcnt, &auio);
}
FREE(dirbuf, M_TEMP);
}
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
if (error)
return (error);
if (SCARG(uap, count) == auio.uio_resid) {
if (union_dircheckp) {
error = union_dircheckp(p, &vp, fp);
if (error == -1)
goto unionread;
if (error)
return (error);
}
if ((vp->v_flag & VROOT) &&
(vp->v_mount->mnt_flag & MNT_UNION)) {
struct vnode *tvp = vp;
vp = vp->v_mount->mnt_vnodecovered;
VREF(vp);
fp->f_data = (caddr_t) vp;
fp->f_offset = 0;
vrele(tvp);
goto unionread;
}
}
error = copyout((caddr_t)&loff, (caddr_t)SCARG(uap, basep),
sizeof(long));
p->p_retval[0] = SCARG(uap, count) - auio.uio_resid;
1994-05-24 10:09:53 +00:00
return (error);
}
#endif /* COMPAT_43 */
1994-05-24 10:09:53 +00:00
/*
* Read a block of directory entries in a file system independent format.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct getdirentries_args {
int fd;
char *buf;
u_int count;
long *basep;
};
#endif
int
getdirentries(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct getdirentries_args /* {
syscallarg(int) fd;
syscallarg(char *) buf;
syscallarg(u_int) count;
syscallarg(long *) basep;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp;
1994-05-24 10:09:53 +00:00
struct file *fp;
struct uio auio;
struct iovec aiov;
long loff;
int error, eofflag;
1994-05-24 10:09:53 +00:00
if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
if ((fp->f_flag & FREAD) == 0)
return (EBADF);
vp = (struct vnode *)fp->f_data;
unionread:
if (vp->v_type != VDIR)
return (EINVAL);
aiov.iov_base = SCARG(uap, buf);
aiov.iov_len = SCARG(uap, count);
1994-05-24 10:09:53 +00:00
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
auio.uio_rw = UIO_READ;
auio.uio_segflg = UIO_USERSPACE;
auio.uio_procp = p;
auio.uio_resid = SCARG(uap, count);
/* vn_lock(vp, LK_SHARED | LK_RETRY, p); */
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
1994-05-24 10:09:53 +00:00
loff = auio.uio_offset = fp->f_offset;
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
1994-05-24 10:09:53 +00:00
fp->f_offset = auio.uio_offset;
VOP_UNLOCK(vp, 0, p);
1994-05-24 10:09:53 +00:00
if (error)
return (error);
if (SCARG(uap, count) == auio.uio_resid) {
if (union_dircheckp) {
error = union_dircheckp(p, &vp, fp);
if (error == -1)
goto unionread;
if (error)
return (error);
}
if ((vp->v_flag & VROOT) &&
(vp->v_mount->mnt_flag & MNT_UNION)) {
struct vnode *tvp = vp;
vp = vp->v_mount->mnt_vnodecovered;
VREF(vp);
fp->f_data = (caddr_t) vp;
fp->f_offset = 0;
vrele(tvp);
1994-05-24 10:09:53 +00:00
goto unionread;
}
}
if (SCARG(uap, basep) != NULL) {
error = copyout((caddr_t)&loff, (caddr_t)SCARG(uap, basep),
sizeof(long));
}
p->p_retval[0] = SCARG(uap, count) - auio.uio_resid;
1994-05-24 10:09:53 +00:00
return (error);
}
#ifndef _SYS_SYSPROTO_H_
struct getdents_args {
int fd;
char *buf;
size_t count;
};
#endif
int
getdents(p, uap)
struct proc *p;
register struct getdents_args /* {
syscallarg(int) fd;
syscallarg(char *) buf;
syscallarg(u_int) count;
} */ *uap;
{
struct getdirentries_args ap;
ap.fd = uap->fd;
ap.buf = uap->buf;
ap.count = uap->count;
ap.basep = NULL;
return getdirentries(p, &ap);
}
1994-05-24 10:09:53 +00:00
/*
* Set the mode mask for creation of filesystem nodes.
Commit major SMP cleanups and move the BGL (big giant lock) in the syscall path inward. A system call may select whether it needs the MP lock or not (the default being that it does need it). A great deal of conditional SMP code for various deadended experiments has been removed. 'cil' and 'cml' have been removed entirely, and the locking around the cpl has been removed. The conditional separately-locked fast-interrupt code has been removed, meaning that interrupts must hold the CPL now (but they pretty much had to anyway). Another reason for doing this is that the original separate-lock for interrupts just doesn't apply to the interrupt thread mechanism being contemplated. Modifications to the cpl may now ONLY occur while holding the MP lock. For example, if an otherwise MP safe syscall needs to mess with the cpl, it must hold the MP lock for the duration and must (as usual) save/restore the cpl in a nested fashion. This is precursor work for the real meat coming later: avoiding having to hold the MP lock for common syscalls and I/O's and interrupt threads. It is expected that the spl mechanisms and new interrupt threading mechanisms will be able to run in tandem, allowing a slow piecemeal transition to occur. This patch should result in a moderate performance improvement due to the considerable amount of code that has been removed from the critical path, especially the simplification of the spl*() calls. The real performance gains will come later. Approved by: jkh Reviewed by: current, bde (exception.s) Some work taken from: luoqi's patch
2000-03-28 07:16:37 +00:00
*
* MP SAFE
1994-05-24 10:09:53 +00:00
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct umask_args {
int newmask;
};
#endif
int
umask(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
struct umask_args /* {
syscallarg(int) newmask;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
register struct filedesc *fdp;
fdp = p->p_fd;
p->p_retval[0] = fdp->fd_cmask;
fdp->fd_cmask = SCARG(uap, newmask) & ALLPERMS;
1994-05-24 10:09:53 +00:00
return (0);
}
/*
* Void all references to file by ripping underlying filesystem
* away from vnode.
*/
#ifndef _SYS_SYSPROTO_H_
1994-05-24 10:09:53 +00:00
struct revoke_args {
char *path;
};
#endif
1994-05-24 10:09:53 +00:00
/* ARGSUSED */
int
revoke(p, uap)
1994-05-24 10:09:53 +00:00
struct proc *p;
register struct revoke_args /* {
syscallarg(char *) path;
} */ *uap;
1994-05-24 10:09:53 +00:00
{
struct mount *mp;
struct vnode *vp;
1994-05-24 10:09:53 +00:00
struct vattr vattr;
int error;
struct nameidata nd;
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
1994-05-24 10:09:53 +00:00
return (error);
vp = nd.ni_vp;
NDFREE(&nd, NDF_ONLY_PNBUF);
if (vp->v_type != VCHR) {
error = EINVAL;
goto out;
}
if ((error = VOP_GETATTR(vp, &vattr, p->p_ucred, p)) != 0)
1994-05-24 10:09:53 +00:00
goto out;
if (p->p_ucred->cr_uid != vattr.va_uid &&
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
(error = suser_xxx(0, p, PRISON_ROOT)))
1994-05-24 10:09:53 +00:00
goto out;
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
goto out;
if (vcount(vp) > 1)
VOP_REVOKE(vp, REVOKEALL);
vn_finished_write(mp);
1994-05-24 10:09:53 +00:00
out:
vrele(vp);
return (error);
}
/*
* Convert a user file descriptor to a kernel file entry.
*/
int
1994-05-24 10:09:53 +00:00
getvnode(fdp, fd, fpp)
struct filedesc *fdp;
int fd;
struct file **fpp;
1994-05-24 10:09:53 +00:00
{
struct file *fp;
if ((u_int)fd >= fdp->fd_nfiles ||
(fp = fdp->fd_ofiles[fd]) == NULL)
return (EBADF);
if (fp->f_type != DTYPE_VNODE && fp->f_type != DTYPE_FIFO)
1994-05-24 10:09:53 +00:00
return (EINVAL);
*fpp = fp;
return (0);
}
/*
* Get (NFS) file handle
*/
#ifndef _SYS_SYSPROTO_H_
struct getfh_args {
char *fname;
fhandle_t *fhp;
};
#endif
int
getfh(p, uap)
struct proc *p;
register struct getfh_args *uap;
{
struct nameidata nd;
fhandle_t fh;
register struct vnode *vp;
int error;
/*
* Must be super user
*/
error = suser(p);
if (error)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->fname, p);
error = namei(&nd);
if (error)
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
vp = nd.ni_vp;
bzero(&fh, sizeof(fh));
fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
error = VFS_VPTOFH(vp, &fh.fh_fid);
vput(vp);
if (error)
return (error);
error = copyout(&fh, uap->fhp, sizeof (fh));
return (error);
}
/*
* syscall for the rpc.lockd to use to translate a NFS file handle into
* an open descriptor.
*
* warning: do not remove the suser() call or this becomes one giant
* security hole.
*/
#ifndef _SYS_SYSPROTO_H_
struct fhopen_args {
const struct fhandle *u_fhp;
int flags;
};
#endif
int
fhopen(p, uap)
struct proc *p;
struct fhopen_args /* {
syscallarg(const struct fhandle *) u_fhp;
syscallarg(int) flags;
} */ *uap;
{
struct mount *mp;
struct vnode *vp;
struct fhandle fhp;
struct vattr vat;
struct vattr *vap = &vat;
struct flock lf;
struct file *fp;
register struct filedesc *fdp = p->p_fd;
int fmode, mode, error, type;
struct file *nfp;
int indx;
/*
* Must be super user
*/
error = suser(p);
if (error)
return (error);
fmode = FFLAGS(SCARG(uap, flags));
/* why not allow a non-read/write open for our lockd? */
if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
return (EINVAL);
error = copyin(SCARG(uap,u_fhp), &fhp, sizeof(fhp));
if (error)
return(error);
/* find the mount point */
mp = vfs_getvfs(&fhp.fh_fsid);
if (mp == NULL)
return (ESTALE);
/* now give me my vnode, it gets returned to me locked */
error = VFS_FHTOVP(mp, &fhp.fh_fid, &vp);
if (error)
return (error);
/*
* from now on we have to make sure not
* to forget about the vnode
* any error that causes an abort must vput(vp)
* just set error = err and 'goto bad;'.
*/
/*
* from vn_open
*/
if (vp->v_type == VLNK) {
error = EMLINK;
goto bad;
}
if (vp->v_type == VSOCK) {
error = EOPNOTSUPP;
goto bad;
}
mode = 0;
if (fmode & (FWRITE | O_TRUNC)) {
if (vp->v_type == VDIR) {
error = EISDIR;
goto bad;
}
error = vn_writechk(vp);
if (error)
goto bad;
mode |= VWRITE;
}
if (fmode & FREAD)
mode |= VREAD;
if (mode) {
error = VOP_ACCESS(vp, mode, p->p_ucred, p);
if (error)
goto bad;
}
if (fmode & O_TRUNC) {
VOP_UNLOCK(vp, 0, p); /* XXX */
if ((error = vn_start_write(NULL, &mp, V_WAIT | PCATCH)) != 0) {
vrele(vp);
return (error);
}
VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); /* XXX */
VATTR_NULL(vap);
vap->va_size = 0;
error = VOP_SETATTR(vp, vap, p->p_ucred, p);
vn_finished_write(mp);
if (error)
goto bad;
}
error = VOP_OPEN(vp, fmode, p->p_ucred, p);
if (error)
goto bad;
/*
* Make sure that a VM object is created for VMIO support.
*/
if (vn_canvmio(vp) == TRUE) {
if ((error = vfs_object_create(vp, p, p->p_ucred)) != 0)
goto bad;
}
if (fmode & FWRITE)
vp->v_writecount++;
/*
* end of vn_open code
*/
if ((error = falloc(p, &nfp, &indx)) != 0)
goto bad;
fp = nfp;
/*
* Hold an extra reference to avoid having fp ripped out
* from under us while we block in the lock op
*/
fhold(fp);
nfp->f_data = (caddr_t)vp;
nfp->f_flag = fmode & FMASK;
nfp->f_ops = &vnops;
nfp->f_type = DTYPE_VNODE;
if (fmode & (O_EXLOCK | O_SHLOCK)) {
lf.l_whence = SEEK_SET;
lf.l_start = 0;
lf.l_len = 0;
if (fmode & O_EXLOCK)
lf.l_type = F_WRLCK;
else
lf.l_type = F_RDLCK;
type = F_FLOCK;
if ((fmode & FNONBLOCK) == 0)
type |= F_WAIT;
VOP_UNLOCK(vp, 0, p);
if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf, type)) != 0) {
/*
* The lock request failed. Normally close the
* descriptor but handle the case where someone might
* have dup()d or close()d it when we weren't looking.
*/
if (fdp->fd_ofiles[indx] == fp) {
fdp->fd_ofiles[indx] = NULL;
fdrop(fp, p);
}
/*
* release our private reference
*/
fdrop(fp, p);
return(error);
}
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
fp->f_flag |= FHASLOCK;
}
if ((vp->v_type == VREG) && (VOP_GETVOBJECT(vp, NULL) != 0))
vfs_object_create(vp, p, p->p_ucred);
VOP_UNLOCK(vp, 0, p);
fdrop(fp, p);
p->p_retval[0] = indx;
return (0);
bad:
vput(vp);
return (error);
}
/*
* Stat an (NFS) file handle.
*/
#ifndef _SYS_SYSPROTO_H_
struct fhstat_args {
struct fhandle *u_fhp;
struct stat *sb;
};
#endif
int
fhstat(p, uap)
struct proc *p;
register struct fhstat_args /* {
syscallarg(struct fhandle *) u_fhp;
syscallarg(struct stat *) sb;
} */ *uap;
{
struct stat sb;
fhandle_t fh;
struct mount *mp;
struct vnode *vp;
int error;
/*
* Must be super user
*/
error = suser(p);
if (error)
return (error);
error = copyin(SCARG(uap, u_fhp), &fh, sizeof(fhandle_t));
if (error)
return (error);
if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
return (ESTALE);
if ((error = VFS_FHTOVP(mp, &fh.fh_fid, &vp)))
return (error);
error = vn_stat(vp, &sb, p);
vput(vp);
if (error)
return (error);
error = copyout(&sb, SCARG(uap, sb), sizeof(sb));
return (error);
}
/*
* Implement fstatfs() for (NFS) file handles.
*/
#ifndef _SYS_SYSPROTO_H_
struct fhstatfs_args {
struct fhandle *u_fhp;
struct statfs *buf;
};
#endif
int
fhstatfs(p, uap)
struct proc *p;
struct fhstatfs_args /* {
syscallarg(struct fhandle) *u_fhp;
syscallarg(struct statfs) *buf;
} */ *uap;
{
struct statfs *sp;
struct mount *mp;
struct vnode *vp;
struct statfs sb;
fhandle_t fh;
int error;
/*
* Must be super user
*/
if ((error = suser(p)))
return (error);
if ((error = copyin(SCARG(uap, u_fhp), &fh, sizeof(fhandle_t))) != 0)
return (error);
if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
return (ESTALE);
if ((error = VFS_FHTOVP(mp, &fh.fh_fid, &vp)))
return (error);
mp = vp->v_mount;
sp = &mp->mnt_stat;
vput(vp);
if ((error = VFS_STATFS(mp, sp, p)) != 0)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
if (suser_xxx(p->p_ucred, 0, 0)) {
bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
sp = &sb;
}
return (copyout(sp, SCARG(uap, buf), sizeof(*sp)));
}
/*
* Syscall to push extended attribute configuration information into the
* VFS. Accepts a path, which it converts to a mountpoint, as well as
* a command (int cmd), and attribute name and misc data. For now, the
* attribute name is left in userspace for consumption by the VFS_op.
* It will probably be changed to be copied into sysspace by the
* syscall in the future, once issues with various consumers of the
* attribute code have raised their hands.
*
* Currently this is used only by UFS Extended Attributes.
*/
int
extattrctl(p, uap)
struct proc *p;
struct extattrctl_args *uap;
{
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
struct vnode *filename_vp;
struct nameidata nd;
struct mount *mp;
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
char attrname[EXTATTR_MAXNAMELEN];
int error;
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
/*
* SCARG(uap, attrname) not always defined. We check again later
* when we invoke the VFS call so as to pass in NULL there if needed.
*/
if (SCARG(uap, attrname) != NULL) {
error = copyinstr(SCARG(uap, attrname), attrname,
EXTATTR_MAXNAMELEN, NULL);
if (error)
return (error);
}
/*
* SCARG(uap, filename) not always defined. If it is, grab
* a vnode lock, which VFS_EXTATTRCTL() will later release.
*/
filename_vp = NULL;
if (SCARG(uap, filename) != NULL) {
NDINIT(&nd, LOOKUP | LOCKLEAF, FOLLOW, UIO_USERSPACE,
SCARG(uap, filename), p);
if ((error = namei(&nd)) != 0)
return (error);
filename_vp = nd.ni_vp;
NDFREE(&nd, NDF_NO_VP_RELE | NDF_NO_VP_UNLOCK);
}
/* SCARG(uap, path) always defined. */
NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
NDFREE(&nd, 0);
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
if (error) {
if (filename_vp)
vrele(filename_vp);
return (error);
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
}
if (SCARG(uap, attrname) != NULL) {
error = VFS_EXTATTRCTL(mp, SCARG(uap, cmd), filename_vp,
SCARG(uap, namespace), attrname, p);
} else {
error = VFS_EXTATTRCTL(mp, SCARG(uap, cmd), filename_vp,
SCARG(uap, namespace), NULL, p);
}
vn_finished_write(mp);
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
/*
* VFS_EXTATTRCTL will have unlocked, but not de-ref'd,
* filename_vp, so vrele it if it is defined.
*/
if (filename_vp != NULL)
vrele(filename_vp);
return (error);
}
/*
* Syscall to set a named extended attribute on a file or directory.
* Accepts attribute name, and a uio structure pointing to the data to set.
* The uio is consumed in the style of writev(). The real work happens
* in VOP_SETEXTATTR().
*/
int
extattr_set_file(p, uap)
struct proc *p;
struct extattr_set_file_args *uap;
{
struct nameidata nd;
struct mount *mp;
struct uio auio;
struct iovec *iov, *needfree = NULL, aiov[UIO_SMALLIOV];
char attrname[EXTATTR_MAXNAMELEN];
u_int iovlen, cnt;
int error, i;
error = copyin(SCARG(uap, attrname), attrname, EXTATTR_MAXNAMELEN);
if (error)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return(error);
if ((error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH)) != 0) {
NDFREE(&nd, 0);
return (error);
}
iovlen = uap->iovcnt * sizeof(struct iovec);
if (uap->iovcnt > UIO_SMALLIOV) {
if (uap->iovcnt > UIO_MAXIOV) {
error = EINVAL;
goto done;
}
MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
needfree = iov;
} else
iov = aiov;
auio.uio_iov = iov;
auio.uio_iovcnt = uap->iovcnt;
auio.uio_rw = UIO_WRITE;
auio.uio_segflg = UIO_USERSPACE;
auio.uio_procp = p;
auio.uio_offset = 0;
if ((error = copyin((caddr_t)uap->iovp, (caddr_t)iov, iovlen)))
goto done;
auio.uio_resid = 0;
for (i = 0; i < uap->iovcnt; i++) {
if (iov->iov_len > INT_MAX - auio.uio_resid) {
error = EINVAL;
goto done;
}
auio.uio_resid += iov->iov_len;
iov++;
}
cnt = auio.uio_resid;
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
error = VOP_SETEXTATTR(nd.ni_vp, SCARG(uap, namespace), attrname,
&auio, p->p_cred->pc_ucred, p);
cnt -= auio.uio_resid;
p->p_retval[0] = cnt;
done:
if (needfree)
FREE(needfree, M_IOV);
NDFREE(&nd, 0);
vn_finished_write(mp);
return (error);
}
/*
* Syscall to get a named extended attribute on a file or directory.
* Accepts attribute name, and a uio structure pointing to a buffer for the
* data. The uio is consumed in the style of readv(). The real work
* happens in VOP_GETEXTATTR();
*/
int
extattr_get_file(p, uap)
struct proc *p;
struct extattr_get_file_args *uap;
{
struct nameidata nd;
struct uio auio;
struct iovec *iov, *needfree, aiov[UIO_SMALLIOV];
char attrname[EXTATTR_MAXNAMELEN];
u_int iovlen, cnt;
int error, i;
error = copyin(SCARG(uap, attrname), attrname, EXTATTR_MAXNAMELEN);
if (error)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return (error);
iovlen = uap->iovcnt * sizeof (struct iovec);
if (uap->iovcnt > UIO_SMALLIOV) {
if (uap->iovcnt > UIO_MAXIOV) {
NDFREE(&nd, 0);
return (EINVAL);
}
MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
needfree = iov;
} else {
iov = aiov;
needfree = NULL;
}
auio.uio_iov = iov;
auio.uio_iovcnt = uap->iovcnt;
auio.uio_rw = UIO_READ;
auio.uio_segflg = UIO_USERSPACE;
auio.uio_procp = p;
auio.uio_offset = 0;
if ((error = copyin((caddr_t)uap->iovp, (caddr_t)iov, iovlen)))
goto done;
auio.uio_resid = 0;
for (i = 0; i < uap->iovcnt; i++) {
if (iov->iov_len > INT_MAX - auio.uio_resid) {
error = EINVAL;
goto done;
}
auio.uio_resid += iov->iov_len;
iov++;
}
cnt = auio.uio_resid;
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
error = VOP_GETEXTATTR(nd.ni_vp, SCARG(uap, namespace), attrname,
&auio, p->p_cred->pc_ucred, p);
cnt -= auio.uio_resid;
p->p_retval[0] = cnt;
done:
if (needfree)
FREE(needfree, M_IOV);
NDFREE(&nd, 0);
return(error);
}
/*
* Syscall to delete a named extended attribute from a file or directory.
* Accepts attribute name. The real work happens in VOP_SETEXTATTR().
*/
int
extattr_delete_file(p, uap)
struct proc *p;
struct extattr_delete_file_args *uap;
{
struct mount *mp;
struct nameidata nd;
char attrname[EXTATTR_MAXNAMELEN];
int error;
error = copyin(SCARG(uap, attrname), attrname, EXTATTR_MAXNAMELEN);
if (error)
return(error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
return(error);
if ((error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH)) != 0) {
NDFREE(&nd, 0);
return (error);
}
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests. o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly. o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace. o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front. o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files. o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates. Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
error = VOP_SETEXTATTR(nd.ni_vp, SCARG(uap, namespace), attrname,
NULL, p->p_cred->pc_ucred, p);
NDFREE(&nd, 0);
vn_finished_write(mp);
return(error);
}