1 /* $NetBSD: vfs_lookup.c,v 1.99 2007/11/07 00:23:25 ad Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.99 2007/11/07 00:23:25 ad Exp $"); 41 42 #include "opt_systrace.h" 43 #include "opt_magiclinks.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/syslimits.h> 49 #include <sys/time.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/errno.h> 54 #include <sys/filedesc.h> 55 #include <sys/hash.h> 56 #include <sys/malloc.h> 57 #include <sys/proc.h> 58 #include <sys/syslog.h> 59 #include <sys/kauth.h> 60 #include <sys/ktrace.h> 61 62 #ifdef SYSTRACE 63 #include <sys/systrace.h> 64 #endif 65 66 #ifndef MAGICLINKS 67 #define MAGICLINKS 0 68 #endif 69 70 struct pathname_internal { 71 char *pathbuf; 72 bool needfree; 73 }; 74 75 int vfs_magiclinks = MAGICLINKS; 76 77 pool_cache_t pnbuf_cache; /* pathname buffer cache */ 78 79 /* 80 * Substitute replacement text for 'magic' strings in symlinks. 81 * Returns 0 if successful, and returns non-zero if an error 82 * occurs. (Currently, the only possible error is running out 83 * of temporary pathname space.) 84 * 85 * Looks for "@<string>" and "@<string>/", where <string> is a 86 * recognized 'magic' string. Replaces the "@<string>" with the 87 * appropriate replacement text. (Note that in some cases the 88 * replacement text may have zero length.) 89 * 90 * This would have been table driven, but the variance in 91 * replacement strings (and replacement string lengths) made 92 * that impractical. 93 */ 94 #define VNL(x) \ 95 (sizeof(x) - 1) 96 97 #define VO '{' 98 #define VC '}' 99 100 #define MATCH(str) \ 101 ((termchar == '/' && i + VNL(str) == *len) || \ 102 (i + VNL(str) < *len && \ 103 cp[i + VNL(str)] == termchar)) && \ 104 !strncmp((str), &cp[i], VNL(str)) 105 106 #define SUBSTITUTE(m, s, sl) \ 107 if ((newlen + (sl)) > MAXPATHLEN) \ 108 return (1); \ 109 i += VNL(m); \ 110 if (termchar != '/') \ 111 i++; \ 112 memcpy(&tmp[newlen], (s), (sl)); \ 113 newlen += (sl); \ 114 change = 1; \ 115 termchar = '/'; 116 117 static int 118 symlink_magic(struct proc *p, char *cp, int *len) 119 { 120 char *tmp; 121 int change, i, newlen; 122 int termchar = '/'; 123 124 tmp = PNBUF_GET(); 125 for (change = i = newlen = 0; i < *len; ) { 126 if (cp[i] != '@') { 127 tmp[newlen++] = cp[i++]; 128 continue; 129 } 130 131 i++; 132 133 /* Check for @{var} syntax. */ 134 if (cp[i] == VO) { 135 termchar = VC; 136 i++; 137 } 138 139 /* 140 * The following checks should be ordered according 141 * to frequency of use. 142 */ 143 if (MATCH("machine_arch")) { 144 SUBSTITUTE("machine_arch", MACHINE_ARCH, 145 sizeof(MACHINE_ARCH) - 1); 146 } else if (MATCH("machine")) { 147 SUBSTITUTE("machine", MACHINE, 148 sizeof(MACHINE) - 1); 149 } else if (MATCH("hostname")) { 150 SUBSTITUTE("hostname", hostname, 151 hostnamelen); 152 } else if (MATCH("osrelease")) { 153 SUBSTITUTE("osrelease", osrelease, 154 strlen(osrelease)); 155 } else if (MATCH("emul")) { 156 SUBSTITUTE("emul", p->p_emul->e_name, 157 strlen(p->p_emul->e_name)); 158 } else if (MATCH("kernel_ident")) { 159 SUBSTITUTE("kernel_ident", kernel_ident, 160 strlen(kernel_ident)); 161 } else if (MATCH("domainname")) { 162 SUBSTITUTE("domainname", domainname, 163 domainnamelen); 164 } else if (MATCH("ostype")) { 165 SUBSTITUTE("ostype", ostype, 166 strlen(ostype)); 167 } else if (MATCH("uid")) { 168 char uidtmp[11]; /* XXX elad */ 169 170 (void)snprintf(uidtmp, sizeof(uidtmp), "%u", 171 kauth_cred_geteuid(kauth_cred_get())); 172 SUBSTITUTE("uid", uidtmp, strlen(uidtmp)); 173 } else { 174 tmp[newlen++] = '@'; 175 if (termchar == VC) 176 tmp[newlen++] = VO; 177 } 178 } 179 180 if (change) { 181 memcpy(cp, tmp, newlen); 182 *len = newlen; 183 } 184 PNBUF_PUT(tmp); 185 186 return (0); 187 } 188 189 #undef VNL 190 #undef VO 191 #undef VC 192 #undef MATCH 193 #undef SUBSTITUTE 194 195 /* 196 * Convert a pathname into a pointer to a locked vnode. 197 * 198 * The FOLLOW flag is set when symbolic links are to be followed 199 * when they occur at the end of the name translation process. 200 * Symbolic links are always followed for all other pathname 201 * components other than the last. 202 * 203 * The segflg defines whether the name is to be copied from user 204 * space or kernel space. 205 * 206 * Overall outline of namei: 207 * 208 * copy in name 209 * get starting directory 210 * while (!done && !error) { 211 * call lookup to search path. 212 * if symbolic link, massage name in buffer and continue 213 * } 214 */ 215 int 216 namei(struct nameidata *ndp) 217 { 218 struct cwdinfo *cwdi; /* pointer to cwd state */ 219 char *cp; /* pointer into pathname argument */ 220 struct vnode *dp; /* the directory we are searching */ 221 struct iovec aiov; /* uio for reading symbolic links */ 222 struct uio auio; 223 int error, linklen; 224 struct componentname *cnp = &ndp->ni_cnd; 225 226 #ifdef DIAGNOSTIC 227 if (!cnp->cn_cred || !cnp->cn_lwp) 228 panic("namei: bad cred/proc"); 229 if (cnp->cn_nameiop & (~OPMASK)) 230 panic("namei: nameiop contaminated with flags"); 231 if (cnp->cn_flags & OPMASK) 232 panic("namei: flags contaminated with nameiops"); 233 #endif 234 235 /* 236 * Get a buffer for the name to be translated, and copy the 237 * name into the buffer. 238 */ 239 if ((cnp->cn_flags & HASBUF) == 0) 240 cnp->cn_pnbuf = PNBUF_GET(); 241 emul_retry: 242 if (ndp->ni_segflg == UIO_SYSSPACE) 243 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, 244 MAXPATHLEN, &ndp->ni_pathlen); 245 else 246 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, 247 MAXPATHLEN, &ndp->ni_pathlen); 248 249 /* 250 * POSIX.1 requirement: "" is not a valid file name. 251 */ 252 if (!error && ndp->ni_pathlen == 1) 253 error = ENOENT; 254 255 if (error) { 256 PNBUF_PUT(cnp->cn_pnbuf); 257 ndp->ni_vp = NULL; 258 return (error); 259 } 260 ndp->ni_loopcnt = 0; 261 262 /* 263 * Get root directory for the translation. 264 */ 265 cwdi = cnp->cn_lwp->l_proc->p_cwdi; 266 rw_enter(&cwdi->cwdi_lock, RW_READER); 267 dp = cwdi->cwdi_rdir; 268 if (dp == NULL) 269 dp = rootvnode; 270 ndp->ni_rootdir = dp; 271 272 /* 273 * Check if starting from root directory or current directory. 274 */ 275 if (cnp->cn_pnbuf[0] == '/') { 276 if (cnp->cn_flags & TRYEMULROOT) { 277 if (cnp->cn_flags & EMULROOTSET) { 278 /* Called from (eg) emul_find_interp() */ 279 dp = ndp->ni_erootdir; 280 } else { 281 if (cwdi->cwdi_edir == NULL 282 || (cnp->cn_pnbuf[1] == '.' 283 && cnp->cn_pnbuf[2] == '.' 284 && cnp->cn_pnbuf[3] == '/')) { 285 ndp->ni_erootdir = NULL; 286 } else { 287 dp = cwdi->cwdi_edir; 288 ndp->ni_erootdir = dp; 289 } 290 } 291 } else 292 ndp->ni_erootdir = NULL; 293 } else { 294 dp = cwdi->cwdi_cdir; 295 ndp->ni_erootdir = NULL; 296 } 297 VREF(dp); 298 rw_exit(&cwdi->cwdi_lock); 299 300 if (ktrpoint(KTR_NAMEI)) { 301 if (ndp->ni_erootdir != NULL) { 302 /* 303 * To make any sense, the trace entry need to have the 304 * text of the emulation path prepended. 305 * Usually we can get this from the current process, 306 * but when called from emul_find_interp() it is only 307 * in the exec_package - so we get it passed in ni_next 308 * (this is a hack). 309 */ 310 const char *emul_path; 311 if (cnp->cn_flags & EMULROOTSET) 312 emul_path = ndp->ni_next; 313 else 314 emul_path = cnp->cn_lwp->l_proc->p_emul->e_path; 315 ktrnamei2(emul_path, strlen(emul_path), 316 cnp->cn_pnbuf, ndp->ni_pathlen); 317 } else 318 ktrnamei(cnp->cn_pnbuf, ndp->ni_pathlen); 319 } 320 321 #ifdef SYSTRACE 322 if (ISSET(cnp->cn_lwp->l_proc->p_flag, PK_SYSTRACE)) 323 systrace_namei(ndp); 324 #endif 325 326 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 327 /* Loop through symbolic links */ 328 for (;;) { 329 if (!dp->v_mount) { 330 /* Give up if the directory is no longer mounted */ 331 vput(dp); 332 PNBUF_PUT(cnp->cn_pnbuf); 333 return (ENOENT); 334 } 335 cnp->cn_nameptr = cnp->cn_pnbuf; 336 ndp->ni_startdir = dp; 337 error = lookup(ndp); 338 if (error != 0) { 339 if (ndp->ni_dvp) { 340 vput(ndp->ni_dvp); 341 } 342 if (ndp->ni_erootdir != NULL) { 343 /* Retry the whole thing from the normal root */ 344 cnp->cn_flags &= ~TRYEMULROOT; 345 goto emul_retry; 346 } 347 PNBUF_PUT(cnp->cn_pnbuf); 348 return (error); 349 } 350 351 /* 352 * Check for symbolic link 353 */ 354 if ((cnp->cn_flags & ISSYMLINK) == 0) { 355 if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp) { 356 if (ndp->ni_dvp == ndp->ni_vp) { 357 vrele(ndp->ni_dvp); 358 } else { 359 vput(ndp->ni_dvp); 360 } 361 } 362 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) 363 PNBUF_PUT(cnp->cn_pnbuf); 364 else 365 cnp->cn_flags |= HASBUF; 366 return (0); 367 } 368 369 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 370 error = ELOOP; 371 break; 372 } 373 if (ndp->ni_vp->v_mount->mnt_flag & MNT_SYMPERM) { 374 error = VOP_ACCESS(ndp->ni_vp, VEXEC, cnp->cn_cred, 375 cnp->cn_lwp); 376 if (error != 0) 377 break; 378 } 379 if (ndp->ni_pathlen > 1) 380 cp = PNBUF_GET(); 381 else 382 cp = cnp->cn_pnbuf; 383 aiov.iov_base = cp; 384 aiov.iov_len = MAXPATHLEN; 385 auio.uio_iov = &aiov; 386 auio.uio_iovcnt = 1; 387 auio.uio_offset = 0; 388 auio.uio_rw = UIO_READ; 389 auio.uio_resid = MAXPATHLEN; 390 UIO_SETUP_SYSSPACE(&auio); 391 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred); 392 if (error) { 393 badlink: 394 if (ndp->ni_pathlen > 1) 395 PNBUF_PUT(cp); 396 break; 397 } 398 linklen = MAXPATHLEN - auio.uio_resid; 399 if (linklen == 0) { 400 error = ENOENT; 401 goto badlink; 402 } 403 404 /* 405 * Do symlink substitution, if appropriate, and 406 * check length for potential overflow. 407 */ 408 if ((vfs_magiclinks && 409 symlink_magic(cnp->cn_lwp->l_proc, cp, &linklen)) || 410 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) { 411 error = ENAMETOOLONG; 412 goto badlink; 413 } 414 if (ndp->ni_pathlen > 1) { 415 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen); 416 PNBUF_PUT(cnp->cn_pnbuf); 417 cnp->cn_pnbuf = cp; 418 } else 419 cnp->cn_pnbuf[linklen] = '\0'; 420 ndp->ni_pathlen += linklen; 421 vput(ndp->ni_vp); 422 dp = ndp->ni_dvp; 423 424 /* 425 * Check if root directory should replace current directory. 426 */ 427 if (cnp->cn_pnbuf[0] == '/') { 428 vput(dp); 429 /* Keep absolute symbolic links inside emulation root */ 430 dp = ndp->ni_erootdir; 431 if (dp == NULL || (cnp->cn_pnbuf[1] == '.' 432 && cnp->cn_pnbuf[2] == '.' 433 && cnp->cn_pnbuf[3] == '/')) { 434 ndp->ni_erootdir = NULL; 435 dp = ndp->ni_rootdir; 436 } 437 VREF(dp); 438 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 439 } 440 } 441 /* Failed to process a symbolic link */ 442 KASSERT(ndp->ni_dvp != ndp->ni_vp); 443 vput(ndp->ni_dvp); 444 vput(ndp->ni_vp); 445 ndp->ni_vp = NULL; 446 PNBUF_PUT(cnp->cn_pnbuf); 447 return (error); 448 } 449 450 /* 451 * Determine the namei hash (for cn_hash) for name. 452 * If *ep != NULL, hash from name to ep-1. 453 * If *ep == NULL, hash from name until the first NUL or '/', and 454 * return the location of this termination character in *ep. 455 * 456 * This function returns an equivalent hash to the MI hash32_strn(). 457 * The latter isn't used because in the *ep == NULL case, determining 458 * the length of the string to the first NUL or `/' and then calling 459 * hash32_strn() involves unnecessary double-handling of the data. 460 */ 461 uint32_t 462 namei_hash(const char *name, const char **ep) 463 { 464 uint32_t hash; 465 466 hash = HASH32_STR_INIT; 467 if (*ep != NULL) { 468 for (; name < *ep; name++) 469 hash = hash * 33 + *(const uint8_t *)name; 470 } else { 471 for (; *name != '\0' && *name != '/'; name++) 472 hash = hash * 33 + *(const uint8_t *)name; 473 *ep = name; 474 } 475 return (hash + (hash >> 5)); 476 } 477 478 /* 479 * Search a pathname. 480 * This is a very central and rather complicated routine. 481 * 482 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 483 * The starting directory is taken from ni_startdir. The pathname is 484 * descended until done, or a symbolic link is encountered. The variable 485 * ni_more is clear if the path is completed; it is set to one if a 486 * symbolic link needing interpretation is encountered. 487 * 488 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 489 * whether the name is to be looked up, created, renamed, or deleted. 490 * When CREATE, RENAME, or DELETE is specified, information usable in 491 * creating, renaming, or deleting a directory entry may be calculated. 492 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 493 * locked. Otherwise the parent directory is not returned. If the target 494 * of the pathname exists and LOCKLEAF is or'ed into the flag the target 495 * is returned locked, otherwise it is returned unlocked. When creating 496 * or renaming and LOCKPARENT is specified, the target may not be ".". 497 * When deleting and LOCKPARENT is specified, the target may be ".". 498 * 499 * Overall outline of lookup: 500 * 501 * dirloop: 502 * identify next component of name at ndp->ni_ptr 503 * handle degenerate case where name is null string 504 * if .. and crossing mount points and on mounted filesys, find parent 505 * call VOP_LOOKUP routine for next component name 506 * directory vnode returned in ni_dvp, locked. 507 * component vnode returned in ni_vp (if it exists), locked. 508 * if result vnode is mounted on and crossing mount points, 509 * find mounted on vnode 510 * if more components of name, do next level at dirloop 511 * return the answer in ni_vp, locked if LOCKLEAF set 512 * if LOCKPARENT set, return locked parent in ni_dvp 513 */ 514 int 515 lookup(struct nameidata *ndp) 516 { 517 const char *cp; /* pointer into pathname argument */ 518 struct vnode *dp = 0; /* the directory we are searching */ 519 struct vnode *tdp; /* saved dp */ 520 struct mount *mp; /* mount table entry */ 521 int docache; /* == 0 do not cache last component */ 522 int rdonly; /* lookup read-only flag bit */ 523 int error = 0; 524 int slashes; 525 struct componentname *cnp = &ndp->ni_cnd; 526 struct lwp *l = cnp->cn_lwp; 527 528 /* 529 * Setup: break out flag bits into variables. 530 */ 531 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 532 if (cnp->cn_nameiop == DELETE) 533 docache = 0; 534 rdonly = cnp->cn_flags & RDONLY; 535 ndp->ni_dvp = NULL; 536 cnp->cn_flags &= ~ISSYMLINK; 537 dp = ndp->ni_startdir; 538 ndp->ni_startdir = NULLVP; 539 540 /* 541 * If we have a leading string of slashes, remove them, and just make 542 * sure the current node is a directory. 543 */ 544 cp = cnp->cn_nameptr; 545 if (*cp == '/') { 546 do { 547 cp++; 548 } while (*cp == '/'); 549 ndp->ni_pathlen -= cp - cnp->cn_nameptr; 550 cnp->cn_nameptr = cp; 551 552 if (dp->v_type != VDIR) { 553 error = ENOTDIR; 554 vput(dp); 555 goto bad; 556 } 557 558 /* 559 * If we've exhausted the path name, then just return the 560 * current node. 561 */ 562 if (cnp->cn_nameptr[0] == '\0') { 563 ndp->ni_vp = dp; 564 cnp->cn_flags |= ISLASTCN; 565 goto terminal; 566 } 567 } 568 569 dirloop: 570 /* 571 * Search a new directory. 572 * 573 * The cn_hash value is for use by vfs_cache. 574 * The last component of the filename is left accessible via 575 * cnp->cn_nameptr for callers that need the name. Callers needing 576 * the name set the SAVENAME flag. When done, they assume 577 * responsibility for freeing the pathname buffer. 578 * 579 * At this point, our only vnode state is that "dp" is held and locked. 580 */ 581 cnp->cn_consume = 0; 582 cp = NULL; 583 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 584 cnp->cn_namelen = cp - cnp->cn_nameptr; 585 if (cnp->cn_namelen > NAME_MAX) { 586 vput(dp); 587 error = ENAMETOOLONG; 588 ndp->ni_dvp = NULL; 589 goto bad; 590 } 591 #ifdef NAMEI_DIAGNOSTIC 592 { char c = *cp; 593 *(char *)cp = '\0'; 594 printf("{%s}: ", cnp->cn_nameptr); 595 *(char *)cp = c; } 596 #endif /* NAMEI_DIAGNOSTIC */ 597 ndp->ni_pathlen -= cnp->cn_namelen; 598 ndp->ni_next = cp; 599 /* 600 * If this component is followed by a slash, then move the pointer to 601 * the next component forward, and remember that this component must be 602 * a directory. 603 */ 604 if (*cp == '/') { 605 do { 606 cp++; 607 } while (*cp == '/'); 608 slashes = cp - ndp->ni_next; 609 ndp->ni_pathlen -= slashes; 610 ndp->ni_next = cp; 611 cnp->cn_flags |= REQUIREDIR; 612 } else { 613 slashes = 0; 614 cnp->cn_flags &= ~REQUIREDIR; 615 } 616 /* 617 * We do special processing on the last component, whether or not it's 618 * a directory. Cache all intervening lookups, but not the final one. 619 */ 620 if (*cp == '\0') { 621 if (docache) 622 cnp->cn_flags |= MAKEENTRY; 623 else 624 cnp->cn_flags &= ~MAKEENTRY; 625 cnp->cn_flags |= ISLASTCN; 626 } else { 627 cnp->cn_flags |= MAKEENTRY; 628 cnp->cn_flags &= ~ISLASTCN; 629 } 630 if (cnp->cn_namelen == 2 && 631 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 632 cnp->cn_flags |= ISDOTDOT; 633 else 634 cnp->cn_flags &= ~ISDOTDOT; 635 636 /* 637 * Handle "..": two special cases. 638 * 1. If at root directory (e.g. after chroot) 639 * or at absolute root directory 640 * then ignore it so can't get out. 641 * 1a. If at the root of the emulation filesystem go to the real 642 * root. So "/../<path>" is always absolute. 643 * 1b. If we have somehow gotten out of a jail, warn 644 * and also ignore it so we can't get farther out. 645 * 2. If this vnode is the root of a mounted 646 * filesystem, then replace it with the 647 * vnode which was mounted on so we take the 648 * .. in the other file system. 649 */ 650 if (cnp->cn_flags & ISDOTDOT) { 651 struct proc *p = l->l_proc; 652 653 for (;;) { 654 if (dp == ndp->ni_rootdir || dp == rootvnode) { 655 ndp->ni_dvp = dp; 656 ndp->ni_vp = dp; 657 VREF(dp); 658 goto nextname; 659 } 660 if (ndp->ni_rootdir != rootvnode) { 661 int retval; 662 663 VOP_UNLOCK(dp, 0); 664 retval = vn_isunder(dp, ndp->ni_rootdir, l); 665 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 666 if (!retval) { 667 /* Oops! We got out of jail! */ 668 log(LOG_WARNING, 669 "chrooted pid %d uid %d (%s) " 670 "detected outside of its chroot\n", 671 p->p_pid, kauth_cred_geteuid(l->l_cred), 672 p->p_comm); 673 /* Put us at the jail root. */ 674 vput(dp); 675 dp = ndp->ni_rootdir; 676 ndp->ni_dvp = dp; 677 ndp->ni_vp = dp; 678 VREF(dp); 679 VREF(dp); 680 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 681 goto nextname; 682 } 683 } 684 if ((dp->v_vflag & VV_ROOT) == 0 || 685 (cnp->cn_flags & NOCROSSMOUNT)) 686 break; 687 tdp = dp; 688 dp = dp->v_mount->mnt_vnodecovered; 689 vput(tdp); 690 VREF(dp); 691 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 692 } 693 } 694 695 /* 696 * We now have a segment name to search for, and a directory to search. 697 * Again, our only vnode state is that "dp" is held and locked. 698 */ 699 unionlookup: 700 ndp->ni_dvp = dp; 701 ndp->ni_vp = NULL; 702 error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp); 703 if (error != 0) { 704 #ifdef DIAGNOSTIC 705 if (ndp->ni_vp != NULL) 706 panic("leaf `%s' should be empty", cnp->cn_nameptr); 707 #endif /* DIAGNOSTIC */ 708 #ifdef NAMEI_DIAGNOSTIC 709 printf("not found\n"); 710 #endif /* NAMEI_DIAGNOSTIC */ 711 if ((error == ENOENT) && 712 (dp->v_vflag & VV_ROOT) && 713 (dp->v_mount->mnt_flag & MNT_UNION)) { 714 tdp = dp; 715 dp = dp->v_mount->mnt_vnodecovered; 716 vput(tdp); 717 VREF(dp); 718 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 719 goto unionlookup; 720 } 721 722 if (error != EJUSTRETURN) 723 goto bad; 724 725 /* 726 * If this was not the last component, or there were trailing 727 * slashes, and we are not going to create a directory, 728 * then the name must exist. 729 */ 730 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) { 731 error = ENOENT; 732 goto bad; 733 } 734 735 /* 736 * If creating and at end of pathname, then can consider 737 * allowing file to be created. 738 */ 739 if (rdonly) { 740 error = EROFS; 741 goto bad; 742 } 743 744 /* 745 * We return with ni_vp NULL to indicate that the entry 746 * doesn't currently exist, leaving a pointer to the 747 * (possibly locked) directory vnode in ndp->ni_dvp. 748 */ 749 if (cnp->cn_flags & SAVESTART) { 750 ndp->ni_startdir = ndp->ni_dvp; 751 VREF(ndp->ni_startdir); 752 } 753 return (0); 754 } 755 #ifdef NAMEI_DIAGNOSTIC 756 printf("found\n"); 757 #endif /* NAMEI_DIAGNOSTIC */ 758 759 /* 760 * Take into account any additional components consumed by the 761 * underlying filesystem. This will include any trailing slashes after 762 * the last component consumed. 763 */ 764 if (cnp->cn_consume > 0) { 765 ndp->ni_pathlen -= cnp->cn_consume - slashes; 766 ndp->ni_next += cnp->cn_consume - slashes; 767 cnp->cn_consume = 0; 768 if (ndp->ni_next[0] == '\0') 769 cnp->cn_flags |= ISLASTCN; 770 } 771 772 dp = ndp->ni_vp; 773 774 /* 775 * "dp" and "ndp->ni_dvp" are both locked and held, 776 * and may be the same vnode. 777 */ 778 779 /* 780 * Check to see if the vnode has been mounted on; 781 * if so find the root of the mounted file system. 782 */ 783 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) && 784 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 785 if (vfs_busy(mp, 0, 0)) 786 continue; 787 788 KASSERT(ndp->ni_dvp != dp); 789 VOP_UNLOCK(ndp->ni_dvp, 0); 790 vput(dp); 791 error = VFS_ROOT(mp, &tdp); 792 vfs_unbusy(mp); 793 if (error) { 794 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY); 795 goto bad; 796 } 797 VOP_UNLOCK(tdp, 0); 798 ndp->ni_vp = dp = tdp; 799 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY); 800 vn_lock(ndp->ni_vp, LK_EXCLUSIVE | LK_RETRY); 801 } 802 803 /* 804 * Check for symbolic link. Back up over any slashes that we skipped, 805 * as we will need them again. 806 */ 807 if ((dp->v_type == VLNK) && (cnp->cn_flags & (FOLLOW|REQUIREDIR))) { 808 ndp->ni_pathlen += slashes; 809 ndp->ni_next -= slashes; 810 cnp->cn_flags |= ISSYMLINK; 811 return (0); 812 } 813 814 /* 815 * Check for directory, if the component was followed by a series of 816 * slashes. 817 */ 818 if ((dp->v_type != VDIR) && (cnp->cn_flags & REQUIREDIR)) { 819 error = ENOTDIR; 820 KASSERT(dp != ndp->ni_dvp); 821 vput(dp); 822 goto bad; 823 } 824 825 nextname: 826 827 /* 828 * Not a symbolic link. If this was not the last component, then 829 * continue at the next component, else return. 830 */ 831 if (!(cnp->cn_flags & ISLASTCN)) { 832 cnp->cn_nameptr = ndp->ni_next; 833 if (ndp->ni_dvp == dp) { 834 vrele(ndp->ni_dvp); 835 } else { 836 vput(ndp->ni_dvp); 837 } 838 goto dirloop; 839 } 840 841 terminal: 842 if (dp == ndp->ni_erootdir) { 843 /* 844 * We are about to return the emulation root. 845 * This isn't a good idea because code might repeatedly 846 * lookup ".." until the file matches that returned 847 * for "/" and loop forever. 848 * So convert it to the real root. 849 */ 850 if (ndp->ni_dvp == dp) 851 vrele(dp); 852 else 853 if (ndp->ni_dvp != NULL) 854 vput(ndp->ni_dvp); 855 ndp->ni_dvp = NULL; 856 vput(dp); 857 dp = ndp->ni_rootdir; 858 VREF(dp); 859 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 860 ndp->ni_vp = dp; 861 } 862 863 /* 864 * If the caller requested the parent node (i.e. 865 * it's a CREATE, DELETE, or RENAME), and we don't have one 866 * (because this is the root directory), then we must fail. 867 */ 868 if (ndp->ni_dvp == NULL && cnp->cn_nameiop != LOOKUP) { 869 switch (cnp->cn_nameiop) { 870 case CREATE: 871 error = EEXIST; 872 break; 873 case DELETE: 874 case RENAME: 875 error = EBUSY; 876 break; 877 default: 878 KASSERT(0); 879 } 880 vput(dp); 881 goto bad; 882 } 883 884 /* 885 * Disallow directory write attempts on read-only lookups. 886 * Prefers EEXIST over EROFS for the CREATE case. 887 */ 888 if (rdonly && 889 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 890 error = EROFS; 891 if (dp != ndp->ni_dvp) { 892 vput(dp); 893 } 894 goto bad; 895 } 896 if (ndp->ni_dvp != NULL) { 897 if (cnp->cn_flags & SAVESTART) { 898 ndp->ni_startdir = ndp->ni_dvp; 899 VREF(ndp->ni_startdir); 900 } 901 } 902 if ((cnp->cn_flags & LOCKLEAF) == 0) { 903 VOP_UNLOCK(dp, 0); 904 } 905 return (0); 906 907 bad: 908 ndp->ni_vp = NULL; 909 return (error); 910 } 911 912 /* 913 * Reacquire a path name component. 914 * dvp is locked on entry and exit. 915 * *vpp is locked on exit unless it's NULL. 916 */ 917 int 918 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp) 919 { 920 int rdonly; /* lookup read-only flag bit */ 921 int error = 0; 922 #ifdef DEBUG 923 uint32_t newhash; /* DEBUG: check name hash */ 924 const char *cp; /* DEBUG: check name ptr/len */ 925 #endif /* DEBUG */ 926 927 /* 928 * Setup: break out flag bits into variables. 929 */ 930 rdonly = cnp->cn_flags & RDONLY; 931 cnp->cn_flags &= ~ISSYMLINK; 932 933 /* 934 * Search a new directory. 935 * 936 * The cn_hash value is for use by vfs_cache. 937 * The last component of the filename is left accessible via 938 * cnp->cn_nameptr for callers that need the name. Callers needing 939 * the name set the SAVENAME flag. When done, they assume 940 * responsibility for freeing the pathname buffer. 941 */ 942 #ifdef DEBUG 943 cp = NULL; 944 newhash = namei_hash(cnp->cn_nameptr, &cp); 945 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash) 946 panic("relookup: bad hash"); 947 if (cnp->cn_namelen != cp - cnp->cn_nameptr) 948 panic("relookup: bad len"); 949 while (*cp == '/') 950 cp++; 951 if (*cp != 0) 952 panic("relookup: not last component"); 953 #endif /* DEBUG */ 954 955 /* 956 * Check for degenerate name (e.g. / or "") 957 * which is a way of talking about a directory, 958 * e.g. like "/." or ".". 959 */ 960 if (cnp->cn_nameptr[0] == '\0') 961 panic("relookup: null name"); 962 963 if (cnp->cn_flags & ISDOTDOT) 964 panic("relookup: lookup on dot-dot"); 965 966 /* 967 * We now have a segment name to search for, and a directory to search. 968 */ 969 if ((error = VOP_LOOKUP(dvp, vpp, cnp)) != 0) { 970 #ifdef DIAGNOSTIC 971 if (*vpp != NULL) 972 panic("leaf `%s' should be empty", cnp->cn_nameptr); 973 #endif 974 if (error != EJUSTRETURN) 975 goto bad; 976 } 977 978 #ifdef DIAGNOSTIC 979 /* 980 * Check for symbolic link 981 */ 982 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW)) 983 panic("relookup: symlink found"); 984 #endif 985 986 /* 987 * Check for read-only lookups. 988 */ 989 if (rdonly && cnp->cn_nameiop != LOOKUP) { 990 error = EROFS; 991 if (*vpp) { 992 vput(*vpp); 993 } 994 goto bad; 995 } 996 if (cnp->cn_flags & SAVESTART) 997 VREF(dvp); 998 return (0); 999 1000 bad: 1001 *vpp = NULL; 1002 return (error); 1003 } 1004