1 /* $NetBSD: vfs_lookup.c,v 1.102 2007/12/08 19:29:49 pooka Exp $ */ 2 3 /* 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)vfs_lookup.c 8.10 (Berkeley) 5/27/95 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.102 2007/12/08 19:29:49 pooka Exp $"); 41 42 #include "opt_systrace.h" 43 #include "opt_magiclinks.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/syslimits.h> 49 #include <sys/time.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/errno.h> 54 #include <sys/filedesc.h> 55 #include <sys/hash.h> 56 #include <sys/malloc.h> 57 #include <sys/proc.h> 58 #include <sys/syslog.h> 59 #include <sys/kauth.h> 60 #include <sys/ktrace.h> 61 62 #ifdef SYSTRACE 63 #include <sys/systrace.h> 64 #endif 65 66 #ifndef MAGICLINKS 67 #define MAGICLINKS 0 68 #endif 69 70 struct pathname_internal { 71 char *pathbuf; 72 bool needfree; 73 }; 74 75 int vfs_magiclinks = MAGICLINKS; 76 77 pool_cache_t pnbuf_cache; /* pathname buffer cache */ 78 79 /* 80 * Substitute replacement text for 'magic' strings in symlinks. 81 * Returns 0 if successful, and returns non-zero if an error 82 * occurs. (Currently, the only possible error is running out 83 * of temporary pathname space.) 84 * 85 * Looks for "@<string>" and "@<string>/", where <string> is a 86 * recognized 'magic' string. Replaces the "@<string>" with the 87 * appropriate replacement text. (Note that in some cases the 88 * replacement text may have zero length.) 89 * 90 * This would have been table driven, but the variance in 91 * replacement strings (and replacement string lengths) made 92 * that impractical. 93 */ 94 #define VNL(x) \ 95 (sizeof(x) - 1) 96 97 #define VO '{' 98 #define VC '}' 99 100 #define MATCH(str) \ 101 ((termchar == '/' && i + VNL(str) == *len) || \ 102 (i + VNL(str) < *len && \ 103 cp[i + VNL(str)] == termchar)) && \ 104 !strncmp((str), &cp[i], VNL(str)) 105 106 #define SUBSTITUTE(m, s, sl) \ 107 if ((newlen + (sl)) > MAXPATHLEN) \ 108 return (1); \ 109 i += VNL(m); \ 110 if (termchar != '/') \ 111 i++; \ 112 memcpy(&tmp[newlen], (s), (sl)); \ 113 newlen += (sl); \ 114 change = 1; \ 115 termchar = '/'; 116 117 static int 118 symlink_magic(struct proc *p, char *cp, int *len) 119 { 120 char *tmp; 121 int change, i, newlen; 122 int termchar = '/'; 123 char uidtmp[11]; /* XXX elad */ 124 125 126 tmp = PNBUF_GET(); 127 for (change = i = newlen = 0; i < *len; ) { 128 if (cp[i] != '@') { 129 tmp[newlen++] = cp[i++]; 130 continue; 131 } 132 133 i++; 134 135 /* Check for @{var} syntax. */ 136 if (cp[i] == VO) { 137 termchar = VC; 138 i++; 139 } 140 141 /* 142 * The following checks should be ordered according 143 * to frequency of use. 144 */ 145 if (MATCH("machine_arch")) { 146 SUBSTITUTE("machine_arch", MACHINE_ARCH, 147 sizeof(MACHINE_ARCH) - 1); 148 } else if (MATCH("machine")) { 149 SUBSTITUTE("machine", MACHINE, 150 sizeof(MACHINE) - 1); 151 } else if (MATCH("hostname")) { 152 SUBSTITUTE("hostname", hostname, 153 hostnamelen); 154 } else if (MATCH("osrelease")) { 155 SUBSTITUTE("osrelease", osrelease, 156 strlen(osrelease)); 157 } else if (MATCH("emul")) { 158 SUBSTITUTE("emul", p->p_emul->e_name, 159 strlen(p->p_emul->e_name)); 160 } else if (MATCH("kernel_ident")) { 161 SUBSTITUTE("kernel_ident", kernel_ident, 162 strlen(kernel_ident)); 163 } else if (MATCH("domainname")) { 164 SUBSTITUTE("domainname", domainname, 165 domainnamelen); 166 } else if (MATCH("ostype")) { 167 SUBSTITUTE("ostype", ostype, 168 strlen(ostype)); 169 } else if (MATCH("uid")) { 170 (void)snprintf(uidtmp, sizeof(uidtmp), "%u", 171 kauth_cred_geteuid(kauth_cred_get())); 172 SUBSTITUTE("uid", uidtmp, strlen(uidtmp)); 173 } else if (MATCH("ruid")) { 174 (void)snprintf(uidtmp, sizeof(uidtmp), "%u", 175 kauth_cred_getuid(kauth_cred_get())); 176 SUBSTITUTE("ruid", uidtmp, strlen(uidtmp)); 177 } else { 178 tmp[newlen++] = '@'; 179 if (termchar == VC) 180 tmp[newlen++] = VO; 181 } 182 } 183 184 if (change) { 185 memcpy(cp, tmp, newlen); 186 *len = newlen; 187 } 188 PNBUF_PUT(tmp); 189 190 return (0); 191 } 192 193 #undef VNL 194 #undef VO 195 #undef VC 196 #undef MATCH 197 #undef SUBSTITUTE 198 199 /* 200 * Convert a pathname into a pointer to a locked vnode. 201 * 202 * The FOLLOW flag is set when symbolic links are to be followed 203 * when they occur at the end of the name translation process. 204 * Symbolic links are always followed for all other pathname 205 * components other than the last. 206 * 207 * The segflg defines whether the name is to be copied from user 208 * space or kernel space. 209 * 210 * Overall outline of namei: 211 * 212 * copy in name 213 * get starting directory 214 * while (!done && !error) { 215 * call lookup to search path. 216 * if symbolic link, massage name in buffer and continue 217 * } 218 */ 219 int 220 namei(struct nameidata *ndp) 221 { 222 struct cwdinfo *cwdi; /* pointer to cwd state */ 223 char *cp; /* pointer into pathname argument */ 224 struct vnode *dp; /* the directory we are searching */ 225 struct iovec aiov; /* uio for reading symbolic links */ 226 struct lwp *l = curlwp; /* thread doing namei() */ 227 struct uio auio; 228 int error, linklen; 229 struct componentname *cnp = &ndp->ni_cnd; 230 231 #ifdef DIAGNOSTIC 232 if (!cnp->cn_cred) 233 panic("namei: bad cred/proc"); 234 if (cnp->cn_nameiop & (~OPMASK)) 235 panic("namei: nameiop contaminated with flags"); 236 if (cnp->cn_flags & OPMASK) 237 panic("namei: flags contaminated with nameiops"); 238 #endif 239 240 /* 241 * Get a buffer for the name to be translated, and copy the 242 * name into the buffer. 243 */ 244 if ((cnp->cn_flags & HASBUF) == 0) 245 cnp->cn_pnbuf = PNBUF_GET(); 246 emul_retry: 247 if (ndp->ni_segflg == UIO_SYSSPACE) 248 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, 249 MAXPATHLEN, &ndp->ni_pathlen); 250 else 251 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, 252 MAXPATHLEN, &ndp->ni_pathlen); 253 254 /* 255 * POSIX.1 requirement: "" is not a valid file name. 256 */ 257 if (!error && ndp->ni_pathlen == 1) 258 error = ENOENT; 259 260 if (error) { 261 PNBUF_PUT(cnp->cn_pnbuf); 262 ndp->ni_vp = NULL; 263 return (error); 264 } 265 ndp->ni_loopcnt = 0; 266 267 /* 268 * Get root directory for the translation. 269 */ 270 cwdi = l->l_proc->p_cwdi; 271 rw_enter(&cwdi->cwdi_lock, RW_READER); 272 dp = cwdi->cwdi_rdir; 273 if (dp == NULL) 274 dp = rootvnode; 275 ndp->ni_rootdir = dp; 276 277 /* 278 * Check if starting from root directory or current directory. 279 */ 280 if (cnp->cn_pnbuf[0] == '/') { 281 if (cnp->cn_flags & TRYEMULROOT) { 282 if (cnp->cn_flags & EMULROOTSET) { 283 /* Called from (eg) emul_find_interp() */ 284 dp = ndp->ni_erootdir; 285 } else { 286 if (cwdi->cwdi_edir == NULL 287 || (cnp->cn_pnbuf[1] == '.' 288 && cnp->cn_pnbuf[2] == '.' 289 && cnp->cn_pnbuf[3] == '/')) { 290 ndp->ni_erootdir = NULL; 291 } else { 292 dp = cwdi->cwdi_edir; 293 ndp->ni_erootdir = dp; 294 } 295 } 296 } else 297 ndp->ni_erootdir = NULL; 298 } else { 299 dp = cwdi->cwdi_cdir; 300 ndp->ni_erootdir = NULL; 301 } 302 VREF(dp); 303 rw_exit(&cwdi->cwdi_lock); 304 305 if (ktrpoint(KTR_NAMEI)) { 306 if (ndp->ni_erootdir != NULL) { 307 /* 308 * To make any sense, the trace entry need to have the 309 * text of the emulation path prepended. 310 * Usually we can get this from the current process, 311 * but when called from emul_find_interp() it is only 312 * in the exec_package - so we get it passed in ni_next 313 * (this is a hack). 314 */ 315 const char *emul_path; 316 if (cnp->cn_flags & EMULROOTSET) 317 emul_path = ndp->ni_next; 318 else 319 emul_path = l->l_proc->p_emul->e_path; 320 ktrnamei2(emul_path, strlen(emul_path), 321 cnp->cn_pnbuf, ndp->ni_pathlen); 322 } else 323 ktrnamei(cnp->cn_pnbuf, ndp->ni_pathlen); 324 } 325 326 #ifdef SYSTRACE 327 if (ISSET(l->l_proc->p_flag, PK_SYSTRACE)) 328 systrace_namei(ndp); 329 #endif 330 331 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 332 /* Loop through symbolic links */ 333 for (;;) { 334 if (!dp->v_mount) { 335 /* Give up if the directory is no longer mounted */ 336 vput(dp); 337 PNBUF_PUT(cnp->cn_pnbuf); 338 return (ENOENT); 339 } 340 cnp->cn_nameptr = cnp->cn_pnbuf; 341 ndp->ni_startdir = dp; 342 error = lookup(ndp); 343 if (error != 0) { 344 if (ndp->ni_dvp) { 345 vput(ndp->ni_dvp); 346 } 347 if (ndp->ni_erootdir != NULL) { 348 /* Retry the whole thing from the normal root */ 349 cnp->cn_flags &= ~TRYEMULROOT; 350 goto emul_retry; 351 } 352 PNBUF_PUT(cnp->cn_pnbuf); 353 return (error); 354 } 355 356 /* 357 * Check for symbolic link 358 */ 359 if ((cnp->cn_flags & ISSYMLINK) == 0) { 360 if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp) { 361 if (ndp->ni_dvp == ndp->ni_vp) { 362 vrele(ndp->ni_dvp); 363 } else { 364 vput(ndp->ni_dvp); 365 } 366 } 367 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) 368 PNBUF_PUT(cnp->cn_pnbuf); 369 else 370 cnp->cn_flags |= HASBUF; 371 return (0); 372 } 373 374 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) { 375 error = ELOOP; 376 break; 377 } 378 if (ndp->ni_vp->v_mount->mnt_flag & MNT_SYMPERM) { 379 error = VOP_ACCESS(ndp->ni_vp, VEXEC, cnp->cn_cred); 380 if (error != 0) 381 break; 382 } 383 if (ndp->ni_pathlen > 1) 384 cp = PNBUF_GET(); 385 else 386 cp = cnp->cn_pnbuf; 387 aiov.iov_base = cp; 388 aiov.iov_len = MAXPATHLEN; 389 auio.uio_iov = &aiov; 390 auio.uio_iovcnt = 1; 391 auio.uio_offset = 0; 392 auio.uio_rw = UIO_READ; 393 auio.uio_resid = MAXPATHLEN; 394 UIO_SETUP_SYSSPACE(&auio); 395 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred); 396 if (error) { 397 badlink: 398 if (ndp->ni_pathlen > 1) 399 PNBUF_PUT(cp); 400 break; 401 } 402 linklen = MAXPATHLEN - auio.uio_resid; 403 if (linklen == 0) { 404 error = ENOENT; 405 goto badlink; 406 } 407 408 /* 409 * Do symlink substitution, if appropriate, and 410 * check length for potential overflow. 411 */ 412 if ((vfs_magiclinks && 413 symlink_magic(l->l_proc, cp, &linklen)) || 414 (linklen + ndp->ni_pathlen >= MAXPATHLEN)) { 415 error = ENAMETOOLONG; 416 goto badlink; 417 } 418 if (ndp->ni_pathlen > 1) { 419 memcpy(cp + linklen, ndp->ni_next, ndp->ni_pathlen); 420 PNBUF_PUT(cnp->cn_pnbuf); 421 cnp->cn_pnbuf = cp; 422 } else 423 cnp->cn_pnbuf[linklen] = '\0'; 424 ndp->ni_pathlen += linklen; 425 vput(ndp->ni_vp); 426 dp = ndp->ni_dvp; 427 428 /* 429 * Check if root directory should replace current directory. 430 */ 431 if (cnp->cn_pnbuf[0] == '/') { 432 vput(dp); 433 /* Keep absolute symbolic links inside emulation root */ 434 dp = ndp->ni_erootdir; 435 if (dp == NULL || (cnp->cn_pnbuf[1] == '.' 436 && cnp->cn_pnbuf[2] == '.' 437 && cnp->cn_pnbuf[3] == '/')) { 438 ndp->ni_erootdir = NULL; 439 dp = ndp->ni_rootdir; 440 } 441 VREF(dp); 442 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 443 } 444 } 445 /* Failed to process a symbolic link */ 446 KASSERT(ndp->ni_dvp != ndp->ni_vp); 447 vput(ndp->ni_dvp); 448 vput(ndp->ni_vp); 449 ndp->ni_vp = NULL; 450 PNBUF_PUT(cnp->cn_pnbuf); 451 return (error); 452 } 453 454 /* 455 * Determine the namei hash (for cn_hash) for name. 456 * If *ep != NULL, hash from name to ep-1. 457 * If *ep == NULL, hash from name until the first NUL or '/', and 458 * return the location of this termination character in *ep. 459 * 460 * This function returns an equivalent hash to the MI hash32_strn(). 461 * The latter isn't used because in the *ep == NULL case, determining 462 * the length of the string to the first NUL or `/' and then calling 463 * hash32_strn() involves unnecessary double-handling of the data. 464 */ 465 uint32_t 466 namei_hash(const char *name, const char **ep) 467 { 468 uint32_t hash; 469 470 hash = HASH32_STR_INIT; 471 if (*ep != NULL) { 472 for (; name < *ep; name++) 473 hash = hash * 33 + *(const uint8_t *)name; 474 } else { 475 for (; *name != '\0' && *name != '/'; name++) 476 hash = hash * 33 + *(const uint8_t *)name; 477 *ep = name; 478 } 479 return (hash + (hash >> 5)); 480 } 481 482 /* 483 * Search a pathname. 484 * This is a very central and rather complicated routine. 485 * 486 * The pathname is pointed to by ni_ptr and is of length ni_pathlen. 487 * The starting directory is taken from ni_startdir. The pathname is 488 * descended until done, or a symbolic link is encountered. The variable 489 * ni_more is clear if the path is completed; it is set to one if a 490 * symbolic link needing interpretation is encountered. 491 * 492 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on 493 * whether the name is to be looked up, created, renamed, or deleted. 494 * When CREATE, RENAME, or DELETE is specified, information usable in 495 * creating, renaming, or deleting a directory entry may be calculated. 496 * If flag has LOCKPARENT or'ed into it, the parent directory is returned 497 * locked. Otherwise the parent directory is not returned. If the target 498 * of the pathname exists and LOCKLEAF is or'ed into the flag the target 499 * is returned locked, otherwise it is returned unlocked. When creating 500 * or renaming and LOCKPARENT is specified, the target may not be ".". 501 * When deleting and LOCKPARENT is specified, the target may be ".". 502 * 503 * Overall outline of lookup: 504 * 505 * dirloop: 506 * identify next component of name at ndp->ni_ptr 507 * handle degenerate case where name is null string 508 * if .. and crossing mount points and on mounted filesys, find parent 509 * call VOP_LOOKUP routine for next component name 510 * directory vnode returned in ni_dvp, locked. 511 * component vnode returned in ni_vp (if it exists), locked. 512 * if result vnode is mounted on and crossing mount points, 513 * find mounted on vnode 514 * if more components of name, do next level at dirloop 515 * return the answer in ni_vp, locked if LOCKLEAF set 516 * if LOCKPARENT set, return locked parent in ni_dvp 517 */ 518 int 519 lookup(struct nameidata *ndp) 520 { 521 const char *cp; /* pointer into pathname argument */ 522 struct vnode *dp = 0; /* the directory we are searching */ 523 struct vnode *tdp; /* saved dp */ 524 struct mount *mp; /* mount table entry */ 525 int docache; /* == 0 do not cache last component */ 526 int rdonly; /* lookup read-only flag bit */ 527 int error = 0; 528 int slashes; 529 struct componentname *cnp = &ndp->ni_cnd; 530 struct lwp *l = curlwp; 531 532 /* 533 * Setup: break out flag bits into variables. 534 */ 535 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 536 if (cnp->cn_nameiop == DELETE) 537 docache = 0; 538 rdonly = cnp->cn_flags & RDONLY; 539 ndp->ni_dvp = NULL; 540 cnp->cn_flags &= ~ISSYMLINK; 541 dp = ndp->ni_startdir; 542 ndp->ni_startdir = NULLVP; 543 544 /* 545 * If we have a leading string of slashes, remove them, and just make 546 * sure the current node is a directory. 547 */ 548 cp = cnp->cn_nameptr; 549 if (*cp == '/') { 550 do { 551 cp++; 552 } while (*cp == '/'); 553 ndp->ni_pathlen -= cp - cnp->cn_nameptr; 554 cnp->cn_nameptr = cp; 555 556 if (dp->v_type != VDIR) { 557 error = ENOTDIR; 558 vput(dp); 559 goto bad; 560 } 561 562 /* 563 * If we've exhausted the path name, then just return the 564 * current node. 565 */ 566 if (cnp->cn_nameptr[0] == '\0') { 567 ndp->ni_vp = dp; 568 cnp->cn_flags |= ISLASTCN; 569 goto terminal; 570 } 571 } 572 573 dirloop: 574 /* 575 * Search a new directory. 576 * 577 * The cn_hash value is for use by vfs_cache. 578 * The last component of the filename is left accessible via 579 * cnp->cn_nameptr for callers that need the name. Callers needing 580 * the name set the SAVENAME flag. When done, they assume 581 * responsibility for freeing the pathname buffer. 582 * 583 * At this point, our only vnode state is that "dp" is held and locked. 584 */ 585 cnp->cn_consume = 0; 586 cp = NULL; 587 cnp->cn_hash = namei_hash(cnp->cn_nameptr, &cp); 588 cnp->cn_namelen = cp - cnp->cn_nameptr; 589 if (cnp->cn_namelen > NAME_MAX) { 590 vput(dp); 591 error = ENAMETOOLONG; 592 ndp->ni_dvp = NULL; 593 goto bad; 594 } 595 #ifdef NAMEI_DIAGNOSTIC 596 { char c = *cp; 597 *(char *)cp = '\0'; 598 printf("{%s}: ", cnp->cn_nameptr); 599 *(char *)cp = c; } 600 #endif /* NAMEI_DIAGNOSTIC */ 601 ndp->ni_pathlen -= cnp->cn_namelen; 602 ndp->ni_next = cp; 603 /* 604 * If this component is followed by a slash, then move the pointer to 605 * the next component forward, and remember that this component must be 606 * a directory. 607 */ 608 if (*cp == '/') { 609 do { 610 cp++; 611 } while (*cp == '/'); 612 slashes = cp - ndp->ni_next; 613 ndp->ni_pathlen -= slashes; 614 ndp->ni_next = cp; 615 cnp->cn_flags |= REQUIREDIR; 616 } else { 617 slashes = 0; 618 cnp->cn_flags &= ~REQUIREDIR; 619 } 620 /* 621 * We do special processing on the last component, whether or not it's 622 * a directory. Cache all intervening lookups, but not the final one. 623 */ 624 if (*cp == '\0') { 625 if (docache) 626 cnp->cn_flags |= MAKEENTRY; 627 else 628 cnp->cn_flags &= ~MAKEENTRY; 629 cnp->cn_flags |= ISLASTCN; 630 } else { 631 cnp->cn_flags |= MAKEENTRY; 632 cnp->cn_flags &= ~ISLASTCN; 633 } 634 if (cnp->cn_namelen == 2 && 635 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 636 cnp->cn_flags |= ISDOTDOT; 637 else 638 cnp->cn_flags &= ~ISDOTDOT; 639 640 /* 641 * Handle "..": two special cases. 642 * 1. If at root directory (e.g. after chroot) 643 * or at absolute root directory 644 * then ignore it so can't get out. 645 * 1a. If at the root of the emulation filesystem go to the real 646 * root. So "/../<path>" is always absolute. 647 * 1b. If we have somehow gotten out of a jail, warn 648 * and also ignore it so we can't get farther out. 649 * 2. If this vnode is the root of a mounted 650 * filesystem, then replace it with the 651 * vnode which was mounted on so we take the 652 * .. in the other file system. 653 */ 654 if (cnp->cn_flags & ISDOTDOT) { 655 struct proc *p = l->l_proc; 656 657 for (;;) { 658 if (dp == ndp->ni_rootdir || dp == rootvnode) { 659 ndp->ni_dvp = dp; 660 ndp->ni_vp = dp; 661 VREF(dp); 662 goto nextname; 663 } 664 if (ndp->ni_rootdir != rootvnode) { 665 int retval; 666 667 VOP_UNLOCK(dp, 0); 668 retval = vn_isunder(dp, ndp->ni_rootdir, l); 669 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 670 if (!retval) { 671 /* Oops! We got out of jail! */ 672 log(LOG_WARNING, 673 "chrooted pid %d uid %d (%s) " 674 "detected outside of its chroot\n", 675 p->p_pid, kauth_cred_geteuid(l->l_cred), 676 p->p_comm); 677 /* Put us at the jail root. */ 678 vput(dp); 679 dp = ndp->ni_rootdir; 680 ndp->ni_dvp = dp; 681 ndp->ni_vp = dp; 682 VREF(dp); 683 VREF(dp); 684 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 685 goto nextname; 686 } 687 } 688 if ((dp->v_vflag & VV_ROOT) == 0 || 689 (cnp->cn_flags & NOCROSSMOUNT)) 690 break; 691 tdp = dp; 692 dp = dp->v_mount->mnt_vnodecovered; 693 vput(tdp); 694 VREF(dp); 695 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 696 } 697 } 698 699 /* 700 * We now have a segment name to search for, and a directory to search. 701 * Again, our only vnode state is that "dp" is held and locked. 702 */ 703 unionlookup: 704 ndp->ni_dvp = dp; 705 ndp->ni_vp = NULL; 706 error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp); 707 if (error != 0) { 708 #ifdef DIAGNOSTIC 709 if (ndp->ni_vp != NULL) 710 panic("leaf `%s' should be empty", cnp->cn_nameptr); 711 #endif /* DIAGNOSTIC */ 712 #ifdef NAMEI_DIAGNOSTIC 713 printf("not found\n"); 714 #endif /* NAMEI_DIAGNOSTIC */ 715 if ((error == ENOENT) && 716 (dp->v_vflag & VV_ROOT) && 717 (dp->v_mount->mnt_flag & MNT_UNION)) { 718 tdp = dp; 719 dp = dp->v_mount->mnt_vnodecovered; 720 vput(tdp); 721 VREF(dp); 722 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 723 goto unionlookup; 724 } 725 726 if (error != EJUSTRETURN) 727 goto bad; 728 729 /* 730 * If this was not the last component, or there were trailing 731 * slashes, and we are not going to create a directory, 732 * then the name must exist. 733 */ 734 if ((cnp->cn_flags & (REQUIREDIR | CREATEDIR)) == REQUIREDIR) { 735 error = ENOENT; 736 goto bad; 737 } 738 739 /* 740 * If creating and at end of pathname, then can consider 741 * allowing file to be created. 742 */ 743 if (rdonly) { 744 error = EROFS; 745 goto bad; 746 } 747 748 /* 749 * We return with ni_vp NULL to indicate that the entry 750 * doesn't currently exist, leaving a pointer to the 751 * (possibly locked) directory vnode in ndp->ni_dvp. 752 */ 753 if (cnp->cn_flags & SAVESTART) { 754 ndp->ni_startdir = ndp->ni_dvp; 755 VREF(ndp->ni_startdir); 756 } 757 return (0); 758 } 759 #ifdef NAMEI_DIAGNOSTIC 760 printf("found\n"); 761 #endif /* NAMEI_DIAGNOSTIC */ 762 763 /* 764 * Take into account any additional components consumed by the 765 * underlying filesystem. This will include any trailing slashes after 766 * the last component consumed. 767 */ 768 if (cnp->cn_consume > 0) { 769 ndp->ni_pathlen -= cnp->cn_consume - slashes; 770 ndp->ni_next += cnp->cn_consume - slashes; 771 cnp->cn_consume = 0; 772 if (ndp->ni_next[0] == '\0') 773 cnp->cn_flags |= ISLASTCN; 774 } 775 776 dp = ndp->ni_vp; 777 778 /* 779 * "dp" and "ndp->ni_dvp" are both locked and held, 780 * and may be the same vnode. 781 */ 782 783 /* 784 * Check to see if the vnode has been mounted on; 785 * if so find the root of the mounted file system. 786 */ 787 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) && 788 (cnp->cn_flags & NOCROSSMOUNT) == 0) { 789 if (vfs_busy(mp, 0, 0)) 790 continue; 791 792 KASSERT(ndp->ni_dvp != dp); 793 VOP_UNLOCK(ndp->ni_dvp, 0); 794 vput(dp); 795 error = VFS_ROOT(mp, &tdp); 796 vfs_unbusy(mp); 797 if (error) { 798 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY); 799 goto bad; 800 } 801 VOP_UNLOCK(tdp, 0); 802 ndp->ni_vp = dp = tdp; 803 vn_lock(ndp->ni_dvp, LK_EXCLUSIVE | LK_RETRY); 804 vn_lock(ndp->ni_vp, LK_EXCLUSIVE | LK_RETRY); 805 } 806 807 /* 808 * Check for symbolic link. Back up over any slashes that we skipped, 809 * as we will need them again. 810 */ 811 if ((dp->v_type == VLNK) && (cnp->cn_flags & (FOLLOW|REQUIREDIR))) { 812 ndp->ni_pathlen += slashes; 813 ndp->ni_next -= slashes; 814 cnp->cn_flags |= ISSYMLINK; 815 return (0); 816 } 817 818 /* 819 * Check for directory, if the component was followed by a series of 820 * slashes. 821 */ 822 if ((dp->v_type != VDIR) && (cnp->cn_flags & REQUIREDIR)) { 823 error = ENOTDIR; 824 KASSERT(dp != ndp->ni_dvp); 825 vput(dp); 826 goto bad; 827 } 828 829 nextname: 830 831 /* 832 * Not a symbolic link. If this was not the last component, then 833 * continue at the next component, else return. 834 */ 835 if (!(cnp->cn_flags & ISLASTCN)) { 836 cnp->cn_nameptr = ndp->ni_next; 837 if (ndp->ni_dvp == dp) { 838 vrele(ndp->ni_dvp); 839 } else { 840 vput(ndp->ni_dvp); 841 } 842 goto dirloop; 843 } 844 845 terminal: 846 if (dp == ndp->ni_erootdir) { 847 /* 848 * We are about to return the emulation root. 849 * This isn't a good idea because code might repeatedly 850 * lookup ".." until the file matches that returned 851 * for "/" and loop forever. 852 * So convert it to the real root. 853 */ 854 if (ndp->ni_dvp == dp) 855 vrele(dp); 856 else 857 if (ndp->ni_dvp != NULL) 858 vput(ndp->ni_dvp); 859 ndp->ni_dvp = NULL; 860 vput(dp); 861 dp = ndp->ni_rootdir; 862 VREF(dp); 863 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY); 864 ndp->ni_vp = dp; 865 } 866 867 /* 868 * If the caller requested the parent node (i.e. 869 * it's a CREATE, DELETE, or RENAME), and we don't have one 870 * (because this is the root directory), then we must fail. 871 */ 872 if (ndp->ni_dvp == NULL && cnp->cn_nameiop != LOOKUP) { 873 switch (cnp->cn_nameiop) { 874 case CREATE: 875 error = EEXIST; 876 break; 877 case DELETE: 878 case RENAME: 879 error = EBUSY; 880 break; 881 default: 882 KASSERT(0); 883 } 884 vput(dp); 885 goto bad; 886 } 887 888 /* 889 * Disallow directory write attempts on read-only lookups. 890 * Prefers EEXIST over EROFS for the CREATE case. 891 */ 892 if (rdonly && 893 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { 894 error = EROFS; 895 if (dp != ndp->ni_dvp) { 896 vput(dp); 897 } 898 goto bad; 899 } 900 if (ndp->ni_dvp != NULL) { 901 if (cnp->cn_flags & SAVESTART) { 902 ndp->ni_startdir = ndp->ni_dvp; 903 VREF(ndp->ni_startdir); 904 } 905 } 906 if ((cnp->cn_flags & LOCKLEAF) == 0) { 907 VOP_UNLOCK(dp, 0); 908 } 909 return (0); 910 911 bad: 912 ndp->ni_vp = NULL; 913 return (error); 914 } 915 916 /* 917 * Reacquire a path name component. 918 * dvp is locked on entry and exit. 919 * *vpp is locked on exit unless it's NULL. 920 */ 921 int 922 relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp) 923 { 924 int rdonly; /* lookup read-only flag bit */ 925 int error = 0; 926 #ifdef DEBUG 927 uint32_t newhash; /* DEBUG: check name hash */ 928 const char *cp; /* DEBUG: check name ptr/len */ 929 #endif /* DEBUG */ 930 931 /* 932 * Setup: break out flag bits into variables. 933 */ 934 rdonly = cnp->cn_flags & RDONLY; 935 cnp->cn_flags &= ~ISSYMLINK; 936 937 /* 938 * Search a new directory. 939 * 940 * The cn_hash value is for use by vfs_cache. 941 * The last component of the filename is left accessible via 942 * cnp->cn_nameptr for callers that need the name. Callers needing 943 * the name set the SAVENAME flag. When done, they assume 944 * responsibility for freeing the pathname buffer. 945 */ 946 #ifdef DEBUG 947 cp = NULL; 948 newhash = namei_hash(cnp->cn_nameptr, &cp); 949 if ((uint32_t)newhash != (uint32_t)cnp->cn_hash) 950 panic("relookup: bad hash"); 951 if (cnp->cn_namelen != cp - cnp->cn_nameptr) 952 panic("relookup: bad len"); 953 while (*cp == '/') 954 cp++; 955 if (*cp != 0) 956 panic("relookup: not last component"); 957 #endif /* DEBUG */ 958 959 /* 960 * Check for degenerate name (e.g. / or "") 961 * which is a way of talking about a directory, 962 * e.g. like "/." or ".". 963 */ 964 if (cnp->cn_nameptr[0] == '\0') 965 panic("relookup: null name"); 966 967 if (cnp->cn_flags & ISDOTDOT) 968 panic("relookup: lookup on dot-dot"); 969 970 /* 971 * We now have a segment name to search for, and a directory to search. 972 */ 973 if ((error = VOP_LOOKUP(dvp, vpp, cnp)) != 0) { 974 #ifdef DIAGNOSTIC 975 if (*vpp != NULL) 976 panic("leaf `%s' should be empty", cnp->cn_nameptr); 977 #endif 978 if (error != EJUSTRETURN) 979 goto bad; 980 } 981 982 #ifdef DIAGNOSTIC 983 /* 984 * Check for symbolic link 985 */ 986 if (*vpp && (*vpp)->v_type == VLNK && (cnp->cn_flags & FOLLOW)) 987 panic("relookup: symlink found"); 988 #endif 989 990 /* 991 * Check for read-only lookups. 992 */ 993 if (rdonly && cnp->cn_nameiop != LOOKUP) { 994 error = EROFS; 995 if (*vpp) { 996 vput(*vpp); 997 } 998 goto bad; 999 } 1000 if (cnp->cn_flags & SAVESTART) 1001 VREF(dvp); 1002 return (0); 1003 1004 bad: 1005 *vpp = NULL; 1006 return (error); 1007 } 1008