1 /* $NetBSD: ufs_rename.c,v 1.12 2015/03/27 17:27:56 riastradh Exp $ */
2
3 /*-
4 * Copyright (c) 2012 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Taylor R Campbell.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 /*
33 * UFS Rename
34 */
35
36 #include <sys/cdefs.h>
37 __KERNEL_RCSID(0, "$NetBSD: ufs_rename.c,v 1.12 2015/03/27 17:27:56 riastradh Exp $");
38
39 #include <sys/param.h>
40 #include <sys/buf.h>
41 #include <sys/errno.h>
42 #include <sys/kauth.h>
43 #include <sys/mount.h>
44 #include <sys/namei.h>
45 #include <sys/pool.h>
46 #include <sys/vnode.h>
47 #include <sys/vnode_if.h>
48 #include <sys/wapbl.h>
49
50 #include <miscfs/genfs/genfs.h>
51
52 #include <ufs/ufs/dir.h>
53 #include <ufs/ufs/inode.h>
54 #include <ufs/ufs/ufs_bswap.h>
55 #include <ufs/ufs/ufs_extern.h>
56 #include <ufs/ufs/ufs_wapbl.h>
57 #include <ufs/ufs/ufsmount.h>
58
59 /*
60 * Forward declarations
61 */
62
63 static int ufs_sane_rename(struct vnode *, struct componentname *,
64 struct vnode *, struct componentname *,
65 kauth_cred_t, bool);
66 static bool ufs_rename_ulr_overlap_p(const struct ufs_lookup_results *,
67 const struct ufs_lookup_results *);
68 static int ufs_rename_recalculate_fulr(struct vnode *,
69 struct ufs_lookup_results *, const struct ufs_lookup_results *,
70 const struct componentname *);
71 static int ufs_direct_namlen(const struct direct *, const struct vnode *);
72 static int ufs_read_dotdot(struct vnode *, kauth_cred_t, ino_t *);
73 static int ufs_dirbuf_dotdot_namlen(const struct dirtemplate *,
74 const struct vnode *);
75
76 static const struct genfs_rename_ops ufs_genfs_rename_ops;
77
78 /*
79 * ufs_sane_rename: The hairiest vop, with the saner API.
80 *
81 * Arguments:
82 *
83 * . fdvp (from directory vnode),
84 * . fcnp (from component name),
85 * . tdvp (to directory vnode),
86 * . tcnp (to component name),
87 * . cred (credentials structure), and
88 * . posixly_correct (flag for behaviour if target & source link same file).
89 *
90 * fdvp and tdvp may be the same, and must be referenced and unlocked.
91 */
92 static int
ufs_sane_rename(struct vnode * fdvp,struct componentname * fcnp,struct vnode * tdvp,struct componentname * tcnp,kauth_cred_t cred,bool posixly_correct)93 ufs_sane_rename(
94 struct vnode *fdvp, struct componentname *fcnp,
95 struct vnode *tdvp, struct componentname *tcnp,
96 kauth_cred_t cred, bool posixly_correct)
97 {
98 struct ufs_lookup_results fulr, tulr;
99
100 return genfs_sane_rename(&ufs_genfs_rename_ops,
101 fdvp, fcnp, &fulr, tdvp, tcnp, &tulr,
102 cred, posixly_correct);
103 }
104
105 /*
106 * ufs_rename: The hairiest vop, with the insanest API. Defer to
107 * genfs_insane_rename immediately.
108 */
109 int
ufs_rename(void * v)110 ufs_rename(void *v)
111 {
112
113 return genfs_insane_rename(v, &ufs_sane_rename);
114 }
115
116 /*
117 * ufs_gro_directory_empty_p: Return true if the directory vp is
118 * empty. dvp is its parent.
119 *
120 * vp and dvp must be locked and referenced.
121 */
122 bool
ufs_gro_directory_empty_p(struct mount * mp,kauth_cred_t cred,struct vnode * vp,struct vnode * dvp)123 ufs_gro_directory_empty_p(struct mount *mp, kauth_cred_t cred,
124 struct vnode *vp, struct vnode *dvp)
125 {
126
127 (void)mp;
128 KASSERT(mp != NULL);
129 KASSERT(vp != NULL);
130 KASSERT(dvp != NULL);
131 KASSERT(vp != dvp);
132 KASSERT(vp->v_mount == mp);
133 KASSERT(dvp->v_mount == mp);
134 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
135 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
136
137 return ufs_dirempty(VTOI(vp), VTOI(dvp)->i_number, cred);
138 }
139
140 /*
141 * ufs_gro_rename_check_possible: Check whether a rename is possible
142 * independent of credentials.
143 */
144 int
ufs_gro_rename_check_possible(struct mount * mp,struct vnode * fdvp,struct vnode * fvp,struct vnode * tdvp,struct vnode * tvp)145 ufs_gro_rename_check_possible(struct mount *mp,
146 struct vnode *fdvp, struct vnode *fvp,
147 struct vnode *tdvp, struct vnode *tvp)
148 {
149
150 (void)mp;
151 KASSERT(mp != NULL);
152 KASSERT(fdvp != NULL);
153 KASSERT(fvp != NULL);
154 KASSERT(tdvp != NULL);
155 KASSERT(fdvp != fvp);
156 KASSERT(fdvp != tvp);
157 KASSERT(tdvp != fvp);
158 KASSERT(tdvp != tvp);
159 KASSERT(fvp != tvp);
160 KASSERT(fdvp->v_type == VDIR);
161 KASSERT(tdvp->v_type == VDIR);
162 KASSERT(fdvp->v_mount == mp);
163 KASSERT(fvp->v_mount == mp);
164 KASSERT(tdvp->v_mount == mp);
165 KASSERT((tvp == NULL) || (tvp->v_mount == mp));
166 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE);
167 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE);
168 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE);
169 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE));
170
171 return genfs_ufslike_rename_check_possible(
172 VTOI(fdvp)->i_flags, VTOI(fvp)->i_flags,
173 VTOI(tdvp)->i_flags, (tvp? VTOI(tvp)->i_flags : 0),
174 (tvp != NULL),
175 IMMUTABLE, APPEND);
176 }
177
178 /*
179 * ufs_gro_rename_check_permitted: Check whether a rename is permitted
180 * given our credentials.
181 */
182 int
ufs_gro_rename_check_permitted(struct mount * mp,kauth_cred_t cred,struct vnode * fdvp,struct vnode * fvp,struct vnode * tdvp,struct vnode * tvp)183 ufs_gro_rename_check_permitted(struct mount *mp, kauth_cred_t cred,
184 struct vnode *fdvp, struct vnode *fvp,
185 struct vnode *tdvp, struct vnode *tvp)
186 {
187
188 (void)mp;
189 KASSERT(mp != NULL);
190 KASSERT(fdvp != NULL);
191 KASSERT(fvp != NULL);
192 KASSERT(tdvp != NULL);
193 KASSERT(fdvp != fvp);
194 KASSERT(fdvp != tvp);
195 KASSERT(tdvp != fvp);
196 KASSERT(tdvp != tvp);
197 KASSERT(fvp != tvp);
198 KASSERT(fdvp->v_type == VDIR);
199 KASSERT(tdvp->v_type == VDIR);
200 KASSERT(fdvp->v_mount == mp);
201 KASSERT(fvp->v_mount == mp);
202 KASSERT(tdvp->v_mount == mp);
203 KASSERT((tvp == NULL) || (tvp->v_mount == mp));
204 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE);
205 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE);
206 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE);
207 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE));
208
209 return genfs_ufslike_rename_check_permitted(cred,
210 fdvp, VTOI(fdvp)->i_mode, VTOI(fdvp)->i_uid,
211 fvp, VTOI(fvp)->i_uid,
212 tdvp, VTOI(tdvp)->i_mode, VTOI(tdvp)->i_uid,
213 tvp, (tvp? VTOI(tvp)->i_uid : 0));
214 }
215
216 /*
217 * ufs_gro_remove_check_possible: Check whether a remove is possible
218 * independent of credentials.
219 */
220 int
ufs_gro_remove_check_possible(struct mount * mp,struct vnode * dvp,struct vnode * vp)221 ufs_gro_remove_check_possible(struct mount *mp,
222 struct vnode *dvp, struct vnode *vp)
223 {
224
225 (void)mp;
226 KASSERT(mp != NULL);
227 KASSERT(dvp != NULL);
228 KASSERT(vp != NULL);
229 KASSERT(dvp != vp);
230 KASSERT(dvp->v_type == VDIR);
231 KASSERT(vp->v_type != VDIR);
232 KASSERT(dvp->v_mount == mp);
233 KASSERT(vp->v_mount == mp);
234 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
235 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
236
237 return genfs_ufslike_remove_check_possible(
238 VTOI(dvp)->i_flags, VTOI(vp)->i_flags,
239 IMMUTABLE, APPEND);
240 }
241
242 /*
243 * ufs_gro_remove_check_permitted: Check whether a remove is permitted
244 * given our credentials.
245 */
246 int
ufs_gro_remove_check_permitted(struct mount * mp,kauth_cred_t cred,struct vnode * dvp,struct vnode * vp)247 ufs_gro_remove_check_permitted(struct mount *mp, kauth_cred_t cred,
248 struct vnode *dvp, struct vnode *vp)
249 {
250
251 (void)mp;
252 KASSERT(mp != NULL);
253 KASSERT(dvp != NULL);
254 KASSERT(vp != NULL);
255 KASSERT(dvp != vp);
256 KASSERT(dvp->v_type == VDIR);
257 KASSERT(vp->v_type != VDIR);
258 KASSERT(dvp->v_mount == mp);
259 KASSERT(vp->v_mount == mp);
260 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
261 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
262
263 return genfs_ufslike_remove_check_permitted(cred,
264 dvp, VTOI(dvp)->i_mode, VTOI(dvp)->i_uid, vp, VTOI(vp)->i_uid);
265 }
266
267 /*
268 * A virgin directory (no blushing please).
269 *
270 * XXX Copypasta from ufs_vnops.c. Kill!
271 */
272 static const struct dirtemplate mastertemplate = {
273 0, 12, DT_DIR, 1, ".",
274 0, UFS_DIRBLKSIZ - 12, DT_DIR, 2, ".."
275 };
276
277 /*
278 * ufs_gro_rename: Actually perform the rename operation.
279 */
280 int
ufs_gro_rename(struct mount * mp,kauth_cred_t cred,struct vnode * fdvp,struct componentname * fcnp,void * fde,struct vnode * fvp,struct vnode * tdvp,struct componentname * tcnp,void * tde,struct vnode * tvp)281 ufs_gro_rename(struct mount *mp, kauth_cred_t cred,
282 struct vnode *fdvp, struct componentname *fcnp,
283 void *fde, struct vnode *fvp,
284 struct vnode *tdvp, struct componentname *tcnp,
285 void *tde, struct vnode *tvp)
286 {
287 struct ufs_lookup_results *fulr = fde;
288 struct ufs_lookup_results *tulr = tde;
289 bool directory_p, reparent_p;
290 struct direct *newdir;
291 int error;
292
293 KASSERT(mp != NULL);
294 KASSERT(fdvp != NULL);
295 KASSERT(fcnp != NULL);
296 KASSERT(fulr != NULL);
297 KASSERT(fvp != NULL);
298 KASSERT(tdvp != NULL);
299 KASSERT(tcnp != NULL);
300 KASSERT(tulr != NULL);
301 KASSERT(fulr != tulr);
302 KASSERT(fdvp != fvp);
303 KASSERT(fdvp != tvp);
304 KASSERT(tdvp != fvp);
305 KASSERT(tdvp != tvp);
306 KASSERT(fvp != tvp);
307 KASSERT(fdvp->v_mount == mp);
308 KASSERT(fvp->v_mount == mp);
309 KASSERT(tdvp->v_mount == mp);
310 KASSERT((tvp == NULL) || (tvp->v_mount == mp));
311 KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE);
312 KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE);
313 KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE);
314 KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE));
315
316 /*
317 * We shall need to temporarily bump the link count, so make
318 * sure there is room to do so.
319 */
320 if ((nlink_t)VTOI(fvp)->i_nlink >= LINK_MAX)
321 return EMLINK;
322
323 directory_p = (fvp->v_type == VDIR);
324 KASSERT(directory_p == ((VTOI(fvp)->i_mode & IFMT) == IFDIR));
325 KASSERT((tvp == NULL) || (directory_p == (tvp->v_type == VDIR)));
326 KASSERT((tvp == NULL) || (directory_p ==
327 ((VTOI(tvp)->i_mode & IFMT) == IFDIR)));
328
329 reparent_p = (fdvp != tdvp);
330 KASSERT(reparent_p == (VTOI(fdvp)->i_number != VTOI(tdvp)->i_number));
331
332 /*
333 * Commence hacking of the data on disk.
334 */
335
336 error = UFS_WAPBL_BEGIN(mp);
337 if (error)
338 goto ihateyou;
339
340 /*
341 * 1) Bump link count while we're moving stuff
342 * around. If we crash somewhere before
343 * completing our work, the link count
344 * may be wrong, but correctable.
345 */
346
347 KASSERT((nlink_t)VTOI(fvp)->i_nlink < LINK_MAX);
348 VTOI(fvp)->i_nlink++;
349 DIP_ASSIGN(VTOI(fvp), nlink, VTOI(fvp)->i_nlink);
350 VTOI(fvp)->i_flag |= IN_CHANGE;
351 error = UFS_UPDATE(fvp, NULL, NULL, UPDATE_DIROP);
352 if (error)
353 goto whymustithurtsomuch;
354
355 /*
356 * 2) If target doesn't exist, link the target
357 * to the source and unlink the source.
358 * Otherwise, rewrite the target directory
359 * entry to reference the source inode and
360 * expunge the original entry's existence.
361 */
362
363 if (tvp == NULL) {
364 /*
365 * Account for ".." in new directory.
366 * When source and destination have the same
367 * parent we don't fool with the link count.
368 */
369 if (directory_p && reparent_p) {
370 if ((nlink_t)VTOI(tdvp)->i_nlink >= LINK_MAX) {
371 error = EMLINK;
372 goto whymustithurtsomuch;
373 }
374 KASSERT((nlink_t)VTOI(tdvp)->i_nlink < LINK_MAX);
375 VTOI(tdvp)->i_nlink++;
376 DIP_ASSIGN(VTOI(tdvp), nlink, VTOI(tdvp)->i_nlink);
377 VTOI(tdvp)->i_flag |= IN_CHANGE;
378 error = UFS_UPDATE(tdvp, NULL, NULL, UPDATE_DIROP);
379 if (error) {
380 /*
381 * Link count update didn't take --
382 * back out the in-memory link count.
383 */
384 KASSERT(0 < VTOI(tdvp)->i_nlink);
385 VTOI(tdvp)->i_nlink--;
386 DIP_ASSIGN(VTOI(tdvp), nlink,
387 VTOI(tdvp)->i_nlink);
388 VTOI(tdvp)->i_flag |= IN_CHANGE;
389 goto whymustithurtsomuch;
390 }
391 }
392
393 newdir = pool_cache_get(ufs_direct_cache, PR_WAITOK);
394 ufs_makedirentry(VTOI(fvp), tcnp, newdir);
395 error = ufs_direnter(tdvp, tulr, NULL, newdir, tcnp, NULL);
396 pool_cache_put(ufs_direct_cache, newdir);
397 if (error) {
398 if (directory_p && reparent_p) {
399 /*
400 * Directory update didn't take, but
401 * the link count update did -- back
402 * out the in-memory link count and the
403 * on-disk link count.
404 */
405 KASSERT(0 < VTOI(tdvp)->i_nlink);
406 VTOI(tdvp)->i_nlink--;
407 DIP_ASSIGN(VTOI(tdvp), nlink,
408 VTOI(tdvp)->i_nlink);
409 VTOI(tdvp)->i_flag |= IN_CHANGE;
410 (void)UFS_UPDATE(tdvp, NULL, NULL,
411 UPDATE_WAIT | UPDATE_DIROP);
412 }
413 goto whymustithurtsomuch;
414 }
415 } else {
416 if (directory_p)
417 /* XXX WTF? Why purge here? Why not purge others? */
418 cache_purge(tdvp);
419
420 /*
421 * Make the target directory's entry for tcnp point at
422 * the source node.
423 *
424 * XXX ufs_dirrewrite decrements tvp's link count, but
425 * doesn't touch the link count of the new inode. Go
426 * figure.
427 */
428 error = ufs_dirrewrite(VTOI(tdvp), tulr->ulr_offset,
429 VTOI(tvp), VTOI(fvp)->i_number, IFTODT(VTOI(fvp)->i_mode),
430 ((directory_p && reparent_p) ? reparent_p : directory_p),
431 IN_CHANGE | IN_UPDATE);
432 if (error)
433 goto whymustithurtsomuch;
434
435 /*
436 * If the source and target are directories, and the
437 * target is in the same directory as the source,
438 * decrement the link count of the common parent
439 * directory, since we are removing the target from
440 * that directory.
441 */
442 if (directory_p && !reparent_p) {
443 KASSERT(fdvp == tdvp);
444 /* XXX check, don't kassert */
445 KASSERT(0 < VTOI(tdvp)->i_nlink);
446 VTOI(tdvp)->i_nlink--;
447 DIP_ASSIGN(VTOI(tdvp), nlink, VTOI(tdvp)->i_nlink);
448 VTOI(tdvp)->i_flag |= IN_CHANGE;
449 UFS_WAPBL_UPDATE(tdvp, NULL, NULL, 0);
450 }
451
452 if (directory_p) {
453 /*
454 * XXX I don't understand the following comment
455 * from ufs_rename -- in particular, the part
456 * about `there may be other hard links'.
457 *
458 * Truncate inode. The only stuff left in the directory
459 * is "." and "..". The "." reference is inconsequential
460 * since we are quashing it. We have removed the "."
461 * reference and the reference in the parent directory,
462 * but there may be other hard links.
463 *
464 * XXX The ufs_dirempty call earlier does
465 * not guarantee anything about nlink.
466 */
467 if (VTOI(tvp)->i_nlink != 1)
468 ufs_dirbad(VTOI(tvp), (doff_t)0,
469 "hard-linked directory");
470 VTOI(tvp)->i_nlink = 0;
471 DIP_ASSIGN(VTOI(tvp), nlink, 0);
472 error = UFS_TRUNCATE(tvp, (off_t)0, IO_SYNC, cred);
473 if (error)
474 goto whymustithurtsomuch;
475 }
476 }
477
478 /*
479 * If the source is a directory with a new parent, the link
480 * count of the old parent directory must be decremented and
481 * ".." set to point to the new parent.
482 *
483 * XXX ufs_dirrewrite updates the link count of fdvp, but not
484 * the link count of fvp or the link count of tdvp. Go figure.
485 */
486 if (directory_p && reparent_p) {
487 error = ufs_dirrewrite(VTOI(fvp), mastertemplate.dot_reclen,
488 VTOI(fdvp), VTOI(tdvp)->i_number, DT_DIR, 0, IN_CHANGE);
489 #if 0 /* XXX This branch was not in ufs_rename! */
490 if (error)
491 goto whymustithurtsomuch;
492 #endif
493
494 /* XXX WTF? Why purge here? Why not purge others? */
495 cache_purge(fdvp);
496 }
497
498 /*
499 * 3) Unlink the source.
500 */
501
502 /*
503 * ufs_direnter may compact the directory in the process of
504 * inserting a new entry. That may invalidate fulr, which we
505 * need in order to remove the old entry. In that case, we
506 * need to recalculate what fulr should be.
507 */
508 if (!reparent_p && (tvp == NULL) &&
509 ufs_rename_ulr_overlap_p(fulr, tulr)) {
510 error = ufs_rename_recalculate_fulr(fdvp, fulr, tulr, fcnp);
511 #if 0 /* XXX */
512 if (error) /* XXX Try to back out changes? */
513 goto whymustithurtsomuch;
514 #endif
515 }
516
517 /*
518 * XXX 0 means !isrmdir. But can't this be an rmdir?
519 * XXX Well, turns out that argument to ufs_dirremove is ignored...
520 * XXX And it turns out ufs_dirremove updates the link count of fvp.
521 * XXX But it doesn't update the link count of fdvp. Go figure.
522 * XXX fdvp's link count is updated in ufs_dirrewrite instead.
523 * XXX Actually, sometimes it doesn't update fvp's link count.
524 * XXX I hate the world.
525 */
526 error = ufs_dirremove(fdvp, fulr, VTOI(fvp), fcnp->cn_flags, 0);
527 if (error)
528 #if 0 /* XXX */
529 goto whymustithurtsomuch;
530 #endif
531 goto arghmybrainhurts;
532
533 /*
534 * XXX Perhaps this should go at the top, in case the file
535 * system is modified but incompletely so because of an
536 * intermediate error.
537 */
538 genfs_rename_knote(fdvp, fvp, tdvp, tvp,
539 ((tvp != NULL) && (VTOI(tvp)->i_nlink == 0)));
540 #if 0 /* XXX */
541 genfs_rename_cache_purge(fdvp, fvp, tdvp, tvp);
542 #endif
543 goto arghmybrainhurts;
544
545 whymustithurtsomuch:
546 KASSERT(0 < VTOI(fvp)->i_nlink);
547 VTOI(fvp)->i_nlink--;
548 DIP_ASSIGN(VTOI(fvp), nlink, VTOI(fvp)->i_nlink);
549 VTOI(fvp)->i_flag |= IN_CHANGE;
550 UFS_WAPBL_UPDATE(fvp, NULL, NULL, 0);
551
552 arghmybrainhurts:
553 UFS_WAPBL_END(mp);
554
555 ihateyou:
556 return error;
557 }
558
559 /*
560 * ufs_rename_ulr_overlap_p: True iff tulr overlaps with fulr so that
561 * entering a directory entry at tulr may move fulr.
562 */
563 static bool
ufs_rename_ulr_overlap_p(const struct ufs_lookup_results * fulr,const struct ufs_lookup_results * tulr)564 ufs_rename_ulr_overlap_p(const struct ufs_lookup_results *fulr,
565 const struct ufs_lookup_results *tulr)
566 {
567 doff_t from_prev_start, from_prev_end, to_start, to_end;
568
569 KASSERT(fulr != NULL);
570 KASSERT(tulr != NULL);
571 KASSERT(fulr != tulr);
572
573 /*
574 * fulr is from a DELETE lookup, so fulr->ulr_count is the size
575 * of the preceding entry (d_reclen).
576 */
577 from_prev_end = fulr->ulr_offset;
578 KASSERT(fulr->ulr_count <= from_prev_end);
579 from_prev_start = (from_prev_end - fulr->ulr_count);
580
581 /*
582 * tulr is from a RENAME lookup, so tulr->ulr_count is the size
583 * of the free space for an entry that we are about to fill.
584 */
585 to_start = tulr->ulr_offset;
586 KASSERT(tulr->ulr_count < (UFS_MAXDIRSIZE - to_start));
587 to_end = (to_start + tulr->ulr_count);
588
589 return
590 (((to_start <= from_prev_start) && (from_prev_start < to_end)) ||
591 ((to_start <= from_prev_end) && (from_prev_end < to_end)));
592 }
593
594 /*
595 * ufs_rename_recalculate_fulr: If we have just entered a directory into
596 * dvp at tulr, and we were about to remove one at fulr for an entry
597 * named fcnp, fulr may be invalid. So, if necessary, recalculate it.
598 */
599 static int
ufs_rename_recalculate_fulr(struct vnode * dvp,struct ufs_lookup_results * fulr,const struct ufs_lookup_results * tulr,const struct componentname * fcnp)600 ufs_rename_recalculate_fulr(struct vnode *dvp,
601 struct ufs_lookup_results *fulr, const struct ufs_lookup_results *tulr,
602 const struct componentname *fcnp)
603 {
604 struct mount *mp;
605 struct ufsmount *ump;
606 int needswap;
607 /* XXX int is a silly type for this; blame ufsmount::um_dirblksiz. */
608 int dirblksiz;
609 doff_t search_start, search_end;
610 doff_t offset; /* Offset of entry we're examining. */
611 struct buf *bp; /* I/O block we're examining. */
612 char *dirbuf; /* Pointer into directory at search_start. */
613 struct direct *ep; /* Pointer to the entry we're examining. */
614 /* XXX direct::d_reclen is 16-bit;
615 * ufs_lookup_results::ulr_reclen is 32-bit. Blah. */
616 uint32_t reclen; /* Length of the entry we're examining. */
617 uint32_t prev_reclen; /* Length of the preceding entry. */
618 int error;
619
620 KASSERT(dvp != NULL);
621 KASSERT(dvp->v_mount != NULL);
622 KASSERT(VTOI(dvp) != NULL);
623 KASSERT(fulr != NULL);
624 KASSERT(tulr != NULL);
625 KASSERT(fulr != tulr);
626 KASSERT(ufs_rename_ulr_overlap_p(fulr, tulr));
627
628 mp = dvp->v_mount;
629 ump = VFSTOUFS(mp);
630 KASSERT(ump != NULL);
631 KASSERT(ump == VTOI(dvp)->i_ump);
632
633 needswap = UFS_MPNEEDSWAP(ump);
634
635 dirblksiz = ump->um_dirblksiz;
636 KASSERT(0 < dirblksiz);
637 KASSERT((dirblksiz & (dirblksiz - 1)) == 0);
638
639 /* A directory block may not span across multiple I/O blocks. */
640 KASSERT(dirblksiz <= mp->mnt_stat.f_iosize);
641
642 /* Find the bounds of the search. */
643 search_start = tulr->ulr_offset;
644 KASSERT(fulr->ulr_reclen < (UFS_MAXDIRSIZE - fulr->ulr_offset));
645 search_end = (fulr->ulr_offset + fulr->ulr_reclen);
646
647 /* Compaction must happen only within a directory block. (*) */
648 KASSERT(search_start <= search_end);
649 KASSERT((search_end - (search_start &~ (dirblksiz - 1))) <= dirblksiz);
650
651 dirbuf = NULL;
652 bp = NULL;
653 error = ufs_blkatoff(dvp, (off_t)search_start, &dirbuf, &bp, false);
654 if (error)
655 return error;
656 KASSERT(dirbuf != NULL);
657 KASSERT(bp != NULL);
658
659 /*
660 * Guarantee we sha'n't go past the end of the buffer we got.
661 * dirbuf is bp->b_data + (search_start & (iosize - 1)), and
662 * the valid range is [bp->b_data, bp->b_data + bp->b_bcount).
663 */
664 KASSERT((search_end - search_start) <=
665 (bp->b_bcount - (search_start & (mp->mnt_stat.f_iosize - 1))));
666
667 prev_reclen = fulr->ulr_count;
668 offset = search_start;
669
670 /*
671 * Search from search_start to search_end for the entry matching
672 * fcnp, which must be there because we found it before and it
673 * should only at most have moved earlier.
674 */
675 for (;;) {
676 KASSERT(search_start <= offset);
677 KASSERT(offset < search_end);
678
679 /*
680 * Examine the directory entry at offset.
681 */
682 ep = (struct direct *)(dirbuf + (offset - search_start));
683 reclen = ufs_rw16(ep->d_reclen, needswap);
684
685 if (ep->d_ino == 0)
686 goto next; /* Entry is unused. */
687
688 if (ufs_rw32(ep->d_ino, needswap) == UFS_WINO)
689 goto next; /* Entry is whiteout. */
690
691 if (fcnp->cn_namelen != ufs_direct_namlen(ep, dvp))
692 goto next; /* Wrong name length. */
693
694 if (memcmp(ep->d_name, fcnp->cn_nameptr, fcnp->cn_namelen))
695 goto next; /* Wrong name. */
696
697 /* Got it! */
698 break;
699
700 next:
701 if (! ((reclen < search_end) &&
702 (offset < (search_end - reclen)))) {
703 brelse(bp, 0);
704 return EIO; /* XXX Panic? What? */
705 }
706
707 /* We may not move past the search end. */
708 KASSERT(reclen < search_end);
709 KASSERT(offset < (search_end - reclen));
710
711 /*
712 * We may not move across a directory block boundary;
713 * see (*) above.
714 */
715 KASSERT((offset &~ (dirblksiz - 1)) ==
716 ((offset + reclen) &~ (dirblksiz - 1)));
717
718 prev_reclen = reclen;
719 offset += reclen;
720 }
721
722 /*
723 * Found the entry. Record where.
724 */
725 fulr->ulr_offset = offset;
726 fulr->ulr_reclen = reclen;
727
728 /*
729 * Record the preceding record length, but not if we're at the
730 * start of a directory block.
731 */
732 fulr->ulr_count = ((offset & (dirblksiz - 1))? prev_reclen : 0);
733
734 brelse(bp, 0);
735 return 0;
736 }
737
738 /*
739 * ufs_direct_namlen: Return the namlen of the directory entry ep from
740 * the directory vp.
741 */
742 static int /* XXX int? uint8_t? */
ufs_direct_namlen(const struct direct * ep,const struct vnode * vp)743 ufs_direct_namlen(const struct direct *ep, const struct vnode *vp)
744 {
745 bool swap;
746
747 KASSERT(ep != NULL);
748 KASSERT(vp != NULL);
749 KASSERT(VTOI(vp) != NULL);
750 KASSERT(VTOI(vp)->i_ump != NULL);
751
752 #if (BYTE_ORDER == LITTLE_ENDIAN)
753 swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) == 0);
754 #else
755 swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) != 0);
756 #endif
757
758 return ((FSFMT(vp) && swap)? ep->d_type : ep->d_namlen);
759 }
760
761 /*
762 * ufs_gro_remove: Rename an object over another link to itself,
763 * effectively removing just the original link.
764 */
765 int
ufs_gro_remove(struct mount * mp,kauth_cred_t cred,struct vnode * dvp,struct componentname * cnp,void * de,struct vnode * vp)766 ufs_gro_remove(struct mount *mp, kauth_cred_t cred,
767 struct vnode *dvp, struct componentname *cnp, void *de, struct vnode *vp)
768 {
769 struct ufs_lookup_results *ulr = de;
770 int error;
771
772 KASSERT(mp != NULL);
773 KASSERT(dvp != NULL);
774 KASSERT(cnp != NULL);
775 KASSERT(ulr != NULL);
776 KASSERT(vp != NULL);
777 KASSERT(dvp != vp);
778 KASSERT(dvp->v_mount == mp);
779 KASSERT(vp->v_mount == mp);
780 KASSERT(dvp->v_type == VDIR);
781 KASSERT(vp->v_type != VDIR);
782 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
783 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
784 KASSERT(cnp->cn_nameiop == DELETE);
785
786 error = UFS_WAPBL_BEGIN(mp);
787 if (error)
788 goto out0;
789
790 /* XXX ufs_dirremove decrements vp's link count for us. */
791 error = ufs_dirremove(dvp, ulr, VTOI(vp), cnp->cn_flags, 0);
792 if (error)
793 goto out1;
794
795 VN_KNOTE(dvp, NOTE_WRITE);
796 VN_KNOTE(vp, (VTOI(vp)->i_nlink? NOTE_LINK : NOTE_DELETE));
797
798 out1: UFS_WAPBL_END(mp);
799 out0:
800 return error;
801 }
802
803 /*
804 * ufs_gro_lookup: Look up and save the lookup results.
805 */
806 int
ufs_gro_lookup(struct mount * mp,struct vnode * dvp,struct componentname * cnp,void * de_ret,struct vnode ** vp_ret)807 ufs_gro_lookup(struct mount *mp, struct vnode *dvp,
808 struct componentname *cnp, void *de_ret, struct vnode **vp_ret)
809 {
810 struct ufs_lookup_results *ulr_ret = de_ret;
811 struct vnode *vp = NULL;
812 int error;
813
814 (void)mp;
815 KASSERT(mp != NULL);
816 KASSERT(dvp != NULL);
817 KASSERT(cnp != NULL);
818 KASSERT(ulr_ret != NULL);
819 KASSERT(vp_ret != NULL);
820 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
821
822 /* Kludge cargo-culted from dholland's ufs_rename. */
823 cnp->cn_flags &=~ MODMASK;
824 cnp->cn_flags |= (LOCKPARENT | LOCKLEAF);
825
826 error = relookup(dvp, &vp, cnp, 0 /* dummy */);
827 if ((error == 0) && (vp == NULL)) {
828 error = ENOENT;
829 goto out;
830 } else if (error) {
831 return error;
832 }
833
834 /*
835 * Thanks to VFS insanity, relookup locks vp, which screws us
836 * in various ways.
837 */
838 KASSERT(vp != NULL);
839 VOP_UNLOCK(vp);
840
841 out: *ulr_ret = VTOI(dvp)->i_crap;
842 *vp_ret = vp;
843 return error;
844 }
845
846 /*
847 * ufs_rmdired_p: Check whether the directory vp has been rmdired.
848 *
849 * vp must be locked and referenced.
850 */
851 static bool
ufs_rmdired_p(struct vnode * vp)852 ufs_rmdired_p(struct vnode *vp)
853 {
854
855 KASSERT(vp != NULL);
856 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
857 KASSERT(vp->v_type == VDIR);
858
859 /* XXX Is this correct? */
860 return (VTOI(vp)->i_size == 0);
861 }
862
863 /*
864 * ufs_read_dotdot: Store in *ino_ret the inode number of the parent
865 * of the directory vp.
866 */
867 static int
ufs_read_dotdot(struct vnode * vp,kauth_cred_t cred,ino_t * ino_ret)868 ufs_read_dotdot(struct vnode *vp, kauth_cred_t cred, ino_t *ino_ret)
869 {
870 struct dirtemplate dirbuf;
871 int error;
872
873 KASSERT(vp != NULL);
874 KASSERT(ino_ret != NULL);
875 KASSERT(vp->v_type == VDIR);
876
877 error = ufs_bufio(UIO_READ, vp, &dirbuf, sizeof dirbuf, (off_t)0,
878 IO_NODELOCKED, cred, NULL, NULL);
879 if (error)
880 return error;
881
882 if (ufs_dirbuf_dotdot_namlen(&dirbuf, vp) != 2 ||
883 dirbuf.dotdot_name[0] != '.' ||
884 dirbuf.dotdot_name[1] != '.')
885 /* XXX Panic? Print warning? */
886 return ENOTDIR;
887
888 *ino_ret = ufs_rw32(dirbuf.dotdot_ino,
889 UFS_MPNEEDSWAP(VTOI(vp)->i_ump));
890 return 0;
891 }
892
893 /*
894 * ufs_dirbuf_dotdot_namlen: Return the namlen of the directory buffer
895 * dirbuf that came from the directory vp. Swap byte order if
896 * necessary.
897 */
898 static int /* XXX int? uint8_t? */
ufs_dirbuf_dotdot_namlen(const struct dirtemplate * dirbuf,const struct vnode * vp)899 ufs_dirbuf_dotdot_namlen(const struct dirtemplate *dirbuf,
900 const struct vnode *vp)
901 {
902 bool swap;
903
904 KASSERT(dirbuf != NULL);
905 KASSERT(vp != NULL);
906 KASSERT(VTOI(vp) != NULL);
907 KASSERT(VTOI(vp)->i_ump != NULL);
908
909 #if (BYTE_ORDER == LITTLE_ENDIAN)
910 swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) == 0);
911 #else
912 swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) != 0);
913 #endif
914
915 return ((FSFMT(vp) && swap)?
916 dirbuf->dotdot_type : dirbuf->dotdot_namlen);
917 }
918
919 /*
920 * ufs_gro_genealogy: Analyze the genealogy of the source and target
921 * directories.
922 */
923 int
ufs_gro_genealogy(struct mount * mp,kauth_cred_t cred,struct vnode * fdvp,struct vnode * tdvp,struct vnode ** intermediate_node_ret)924 ufs_gro_genealogy(struct mount *mp, kauth_cred_t cred,
925 struct vnode *fdvp, struct vnode *tdvp,
926 struct vnode **intermediate_node_ret)
927 {
928 struct vnode *vp, *dvp;
929 ino_t dotdot_ino = 0; /* XXX: gcc */
930 int error;
931
932 KASSERT(mp != NULL);
933 KASSERT(fdvp != NULL);
934 KASSERT(tdvp != NULL);
935 KASSERT(fdvp != tdvp);
936 KASSERT(intermediate_node_ret != NULL);
937 KASSERT(fdvp->v_mount == mp);
938 KASSERT(tdvp->v_mount == mp);
939 KASSERT(fdvp->v_type == VDIR);
940 KASSERT(tdvp->v_type == VDIR);
941
942 /*
943 * We need to provisionally lock tdvp to keep rmdir from
944 * deleting it -- or any ancestor -- at an inopportune moment.
945 */
946 error = ufs_gro_lock_directory(mp, tdvp);
947 if (error)
948 return error;
949
950 vp = tdvp;
951 vref(vp);
952
953 for (;;) {
954 KASSERT(vp != NULL);
955 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
956 KASSERT(vp->v_mount == mp);
957 KASSERT(vp->v_type == VDIR);
958 KASSERT(!ufs_rmdired_p(vp));
959
960 /* Did we hit the root without finding fdvp? */
961 if (VTOI(vp)->i_number == UFS_ROOTINO) {
962 vput(vp);
963 *intermediate_node_ret = NULL;
964 return 0;
965 }
966
967 error = ufs_read_dotdot(vp, cred, &dotdot_ino);
968 if (error) {
969 vput(vp);
970 return error;
971 }
972
973 /* Did we find that fdvp is an ancestor of tdvp? */
974 if (VTOI(fdvp)->i_number == dotdot_ino) {
975 /* Unlock vp, but keep it referenced. */
976 VOP_UNLOCK(vp);
977 *intermediate_node_ret = vp;
978 return 0;
979 }
980
981 /* Neither -- keep ascending the family tree. */
982 error = vcache_get(mp, &dotdot_ino, sizeof(dotdot_ino), &dvp);
983 vput(vp);
984 if (error)
985 return error;
986 error = vn_lock(dvp, LK_EXCLUSIVE);
987 if (error) {
988 vrele(dvp);
989 return error;
990 }
991
992 KASSERT(dvp != NULL);
993 KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE);
994 vp = dvp;
995
996 if (vp->v_type != VDIR) {
997 /*
998 * XXX Panic? Print a warning? Can this
999 * happen if we lose the race I suspect to
1000 * exist above, and the `..' inode number has
1001 * been recycled?
1002 */
1003 vput(vp);
1004 return ENOTDIR;
1005 }
1006
1007 if (ufs_rmdired_p(vp)) {
1008 vput(vp);
1009 return ENOENT;
1010 }
1011 }
1012 }
1013
1014 /*
1015 * ufs_gro_lock_directory: Lock the directory vp, but fail if it has
1016 * been rmdir'd.
1017 */
1018 int
ufs_gro_lock_directory(struct mount * mp,struct vnode * vp)1019 ufs_gro_lock_directory(struct mount *mp, struct vnode *vp)
1020 {
1021
1022 (void)mp;
1023 KASSERT(mp != NULL);
1024 KASSERT(vp != NULL);
1025 KASSERT(vp->v_mount == mp);
1026
1027 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
1028
1029 if (ufs_rmdired_p(vp)) {
1030 VOP_UNLOCK(vp);
1031 return ENOENT;
1032 }
1033
1034 return 0;
1035 }
1036
1037 static const struct genfs_rename_ops ufs_genfs_rename_ops = {
1038 .gro_directory_empty_p = ufs_gro_directory_empty_p,
1039 .gro_rename_check_possible = ufs_gro_rename_check_possible,
1040 .gro_rename_check_permitted = ufs_gro_rename_check_permitted,
1041 .gro_remove_check_possible = ufs_gro_remove_check_possible,
1042 .gro_remove_check_permitted = ufs_gro_remove_check_permitted,
1043 .gro_rename = ufs_gro_rename,
1044 .gro_remove = ufs_gro_remove,
1045 .gro_lookup = ufs_gro_lookup,
1046 .gro_genealogy = ufs_gro_genealogy,
1047 .gro_lock_directory = ufs_gro_lock_directory,
1048 };
1049