1 /* $NetBSD: umap_vnops.c,v 1.52 2011/04/03 01:19:36 rmind Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software donated to Berkeley by 8 * the UCLA Ficus project. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)umap_vnops.c 8.6 (Berkeley) 5/22/95 35 */ 36 37 /* 38 * Umap Layer 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: umap_vnops.c,v 1.52 2011/04/03 01:19:36 rmind Exp $"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/time.h> 47 #include <sys/vnode.h> 48 #include <sys/mount.h> 49 #include <sys/namei.h> 50 #include <sys/malloc.h> 51 #include <sys/buf.h> 52 #include <sys/kauth.h> 53 54 #include <miscfs/umapfs/umap.h> 55 #include <miscfs/genfs/genfs.h> 56 #include <miscfs/genfs/layer_extern.h> 57 58 /* 59 * Note: If the LAYERFS_MBYPASSDEBUG flag is set, it is possible 60 * that the debug printing will bomb out, because kauth routines 61 * do not handle NOCRED or FSCRED like other credentials and end 62 * up dereferencing an inappropriate pointer. 63 * 64 * That should be fixed in kauth rather than here. 65 */ 66 67 int umap_lookup(void *); 68 int umap_getattr(void *); 69 int umap_print(void *); 70 int umap_rename(void *); 71 72 /* 73 * Global vfs data structures 74 */ 75 /* 76 * XXX - strategy, bwrite are hand coded currently. They should 77 * go away with a merged buffer/block cache. 78 * 79 */ 80 int (**umap_vnodeop_p)(void *); 81 const struct vnodeopv_entry_desc umap_vnodeop_entries[] = { 82 { &vop_default_desc, umap_bypass }, 83 84 { &vop_lookup_desc, umap_lookup }, 85 { &vop_getattr_desc, umap_getattr }, 86 { &vop_print_desc, umap_print }, 87 { &vop_rename_desc, umap_rename }, 88 89 { &vop_fsync_desc, layer_fsync }, 90 { &vop_inactive_desc, layer_inactive }, 91 { &vop_reclaim_desc, layer_reclaim }, 92 { &vop_open_desc, layer_open }, 93 { &vop_setattr_desc, layer_setattr }, 94 { &vop_access_desc, layer_access }, 95 { &vop_remove_desc, layer_remove }, 96 { &vop_revoke_desc, layer_revoke }, 97 { &vop_rmdir_desc, layer_rmdir }, 98 99 { &vop_bwrite_desc, layer_bwrite }, 100 { &vop_bmap_desc, layer_bmap }, 101 { &vop_getpages_desc, layer_getpages }, 102 { &vop_putpages_desc, layer_putpages }, 103 104 { NULL, NULL } 105 }; 106 const struct vnodeopv_desc umapfs_vnodeop_opv_desc = 107 { &umap_vnodeop_p, umap_vnodeop_entries }; 108 109 /* 110 * This is the 08-June-1999 bypass routine. 111 * See layer_vnops.c:layer_bypass for more details. 112 */ 113 int 114 umap_bypass(void *v) 115 { 116 struct vop_generic_args /* { 117 struct vnodeop_desc *a_desc; 118 <other random data follows, presumably> 119 } */ *ap = v; 120 int (**our_vnodeop_p)(void *); 121 kauth_cred_t *credpp = NULL, credp = 0; 122 kauth_cred_t savecredp = 0, savecompcredp = 0; 123 kauth_cred_t compcredp = 0; 124 struct vnode **this_vp_p; 125 int error; 126 struct vnode *old_vps[VDESC_MAX_VPS], *vp0; 127 struct vnode **vps_p[VDESC_MAX_VPS]; 128 struct vnode ***vppp; 129 struct vnodeop_desc *descp = ap->a_desc; 130 int reles, i, flags; 131 struct componentname **compnamepp = 0; 132 133 #ifdef DIAGNOSTIC 134 /* 135 * We require at least one vp. 136 */ 137 if (descp->vdesc_vp_offsets == NULL || 138 descp->vdesc_vp_offsets[0] == VDESC_NO_OFFSET) 139 panic("%s: no vp's in map.\n", __func__); 140 #endif 141 142 vps_p[0] = 143 VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap); 144 vp0 = *vps_p[0]; 145 flags = MOUNTTOUMAPMOUNT(vp0->v_mount)->umapm_flags; 146 our_vnodeop_p = vp0->v_op; 147 148 if (flags & LAYERFS_MBYPASSDEBUG) 149 printf("%s: %s\n", __func__, descp->vdesc_name); 150 151 /* 152 * Map the vnodes going in. 153 * Later, we'll invoke the operation based on 154 * the first mapped vnode's operation vector. 155 */ 156 reles = descp->vdesc_flags; 157 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 158 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 159 break; /* bail out at end of list */ 160 vps_p[i] = this_vp_p = 161 VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[i], 162 ap); 163 /* 164 * We're not guaranteed that any but the first vnode 165 * are of our type. Check for and don't map any 166 * that aren't. (We must always map first vp or vclean fails.) 167 */ 168 if (i && (*this_vp_p == NULL || 169 (*this_vp_p)->v_op != our_vnodeop_p)) { 170 old_vps[i] = NULL; 171 } else { 172 old_vps[i] = *this_vp_p; 173 *(vps_p[i]) = UMAPVPTOLOWERVP(*this_vp_p); 174 /* 175 * XXX - Several operations have the side effect 176 * of vrele'ing their vp's. We must account for 177 * that. (This should go away in the future.) 178 */ 179 if (reles & VDESC_VP0_WILLRELE) 180 vref(*this_vp_p); 181 } 182 183 } 184 185 /* 186 * Fix the credentials. (That's the purpose of this layer.) 187 */ 188 189 if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) { 190 191 credpp = VOPARG_OFFSETTO(kauth_cred_t*, 192 descp->vdesc_cred_offset, ap); 193 194 /* Save old values */ 195 196 savecredp = *credpp; 197 if (savecredp != NOCRED && savecredp != FSCRED) 198 *credpp = kauth_cred_dup(savecredp); 199 credp = *credpp; 200 201 if ((flags & LAYERFS_MBYPASSDEBUG) && 202 kauth_cred_geteuid(credp) != 0) 203 printf("umap_bypass: user was %d, group %d\n", 204 kauth_cred_geteuid(credp), kauth_cred_getegid(credp)); 205 206 /* Map all ids in the credential structure. */ 207 208 umap_mapids(vp0->v_mount, credp); 209 210 if ((flags & LAYERFS_MBYPASSDEBUG) && 211 kauth_cred_geteuid(credp) != 0) 212 printf("umap_bypass: user now %d, group %d\n", 213 kauth_cred_geteuid(credp), kauth_cred_getegid(credp)); 214 } 215 216 /* BSD often keeps a credential in the componentname structure 217 * for speed. If there is one, it better get mapped, too. 218 */ 219 220 if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) { 221 222 compnamepp = VOPARG_OFFSETTO(struct componentname**, 223 descp->vdesc_componentname_offset, ap); 224 225 savecompcredp = (*compnamepp)->cn_cred; 226 if (savecompcredp != NOCRED && savecompcredp != FSCRED) 227 (*compnamepp)->cn_cred = kauth_cred_dup(savecompcredp); 228 compcredp = (*compnamepp)->cn_cred; 229 230 if ((flags & LAYERFS_MBYPASSDEBUG) && 231 kauth_cred_geteuid(compcredp) != 0) 232 printf("umap_bypass: component credit user was %d, group %d\n", 233 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 234 235 /* Map all ids in the credential structure. */ 236 237 umap_mapids(vp0->v_mount, compcredp); 238 239 if ((flags & LAYERFS_MBYPASSDEBUG) && 240 kauth_cred_geteuid(compcredp) != 0) 241 printf("umap_bypass: component credit user now %d, group %d\n", 242 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 243 } 244 245 /* 246 * Call the operation on the lower layer 247 * with the modified argument structure. 248 */ 249 error = VCALL(*vps_p[0], descp->vdesc_offset, ap); 250 251 /* 252 * Maintain the illusion of call-by-value 253 * by restoring vnodes in the argument structure 254 * to their original value. 255 */ 256 reles = descp->vdesc_flags; 257 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 258 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 259 break; /* bail out at end of list */ 260 if (old_vps[i]) { 261 *(vps_p[i]) = old_vps[i]; 262 if (reles & VDESC_VP0_WILLRELE) 263 vrele(*(vps_p[i])); 264 } 265 } 266 267 /* 268 * Map the possible out-going vpp 269 * (Assumes that the lower layer always returns 270 * a VREF'ed vpp unless it gets an error.) 271 */ 272 if (descp->vdesc_vpp_offset != VDESC_NO_OFFSET && !error) { 273 vppp = VOPARG_OFFSETTO(struct vnode***, 274 descp->vdesc_vpp_offset, ap); 275 /* 276 * Only vop_lookup, vop_create, vop_makedir, vop_bmap, 277 * vop_mknod, and vop_symlink return vpp's. vop_bmap 278 * doesn't call bypass as the lower vpp is fine (we're just 279 * going to do i/o on it). vop_lookup doesn't call bypass 280 * as a lookup on "." would generate a locking error. 281 * So all the calls which get us here have a locked vpp. :-) 282 */ 283 error = layer_node_create(old_vps[0]->v_mount, **vppp, *vppp); 284 if (error) { 285 vput(**vppp); 286 **vppp = NULL; 287 } 288 } 289 290 /* 291 * Free duplicate cred structure and restore old one. 292 */ 293 if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) { 294 if ((flags & LAYERFS_MBYPASSDEBUG) && credp && 295 kauth_cred_geteuid(credp) != 0) 296 printf("umap_bypass: returning-user was %d\n", 297 kauth_cred_geteuid(credp)); 298 299 if (savecredp != NOCRED && savecredp != FSCRED && credpp) { 300 kauth_cred_free(credp); 301 *credpp = savecredp; 302 if ((flags & LAYERFS_MBYPASSDEBUG) && credpp && 303 kauth_cred_geteuid(*credpp) != 0) 304 printf("umap_bypass: returning-user now %d\n\n", 305 kauth_cred_geteuid(savecredp)); 306 } 307 } 308 309 if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) { 310 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 311 kauth_cred_geteuid(compcredp) != 0) 312 printf("umap_bypass: returning-component-user was %d\n", 313 kauth_cred_geteuid(compcredp)); 314 315 if (savecompcredp != NOCRED && savecompcredp != FSCRED) { 316 kauth_cred_free(compcredp); 317 (*compnamepp)->cn_cred = savecompcredp; 318 if ((flags & LAYERFS_MBYPASSDEBUG) && savecompcredp && 319 kauth_cred_geteuid(savecompcredp) != 0) 320 printf("umap_bypass: returning-component-user now %d\n", 321 kauth_cred_geteuid(savecompcredp)); 322 } 323 } 324 325 return (error); 326 } 327 328 /* 329 * This is based on the 08-June-1999 bypass routine. 330 * See layer_vnops.c:layer_bypass for more details. 331 */ 332 int 333 umap_lookup(void *v) 334 { 335 struct vop_lookup_args /* { 336 struct vnodeop_desc *a_desc; 337 struct vnode * a_dvp; 338 struct vnode ** a_vpp; 339 struct componentname * a_cnp; 340 } */ *ap = v; 341 struct componentname *cnp = ap->a_cnp; 342 kauth_cred_t savecompcredp = NULL; 343 kauth_cred_t compcredp = NULL; 344 struct vnode *dvp, *vp, *ldvp; 345 struct mount *mp; 346 int error; 347 int flags, cnf = cnp->cn_flags; 348 349 dvp = ap->a_dvp; 350 mp = dvp->v_mount; 351 352 if ((cnf & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && 353 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 354 return (EROFS); 355 356 flags = MOUNTTOUMAPMOUNT(mp)->umapm_flags; 357 ldvp = UMAPVPTOLOWERVP(dvp); 358 359 if (flags & LAYERFS_MBYPASSDEBUG) 360 printf("umap_lookup\n"); 361 362 /* 363 * Fix the credentials. (That's the purpose of this layer.) 364 * 365 * BSD often keeps a credential in the componentname structure 366 * for speed. If there is one, it better get mapped, too. 367 */ 368 369 if ((savecompcredp = cnp->cn_cred)) { 370 compcredp = kauth_cred_dup(savecompcredp); 371 cnp->cn_cred = compcredp; 372 373 if ((flags & LAYERFS_MBYPASSDEBUG) && 374 kauth_cred_geteuid(compcredp) != 0) 375 printf("umap_lookup: component credit user was %d, group %d\n", 376 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 377 378 /* Map all ids in the credential structure. */ 379 umap_mapids(mp, compcredp); 380 } 381 382 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 383 kauth_cred_geteuid(compcredp) != 0) 384 printf("umap_lookup: component credit user now %d, group %d\n", 385 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 386 387 ap->a_dvp = ldvp; 388 error = VCALL(ldvp, ap->a_desc->vdesc_offset, ap); 389 vp = *ap->a_vpp; 390 *ap->a_vpp = NULL; 391 392 if (error == EJUSTRETURN && (cnf & ISLASTCN) && 393 (dvp->v_mount->mnt_flag & MNT_RDONLY) && 394 (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME)) 395 error = EROFS; 396 397 /* Do locking fixup as appropriate. See layer_lookup() for info */ 398 if (ldvp == vp) { 399 *ap->a_vpp = dvp; 400 vref(dvp); 401 vrele(vp); 402 } else if (vp != NULL) { 403 error = layer_node_create(mp, vp, ap->a_vpp); 404 if (error) { 405 vput(vp); 406 } 407 } 408 409 /* 410 * Free duplicate cred structure and restore old one. 411 */ 412 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 413 kauth_cred_geteuid(compcredp) != 0) 414 printf("umap_lookup: returning-component-user was %d\n", 415 kauth_cred_geteuid(compcredp)); 416 417 if (savecompcredp != NOCRED && savecompcredp != FSCRED) { 418 if (compcredp) 419 kauth_cred_free(compcredp); 420 cnp->cn_cred = savecompcredp; 421 if ((flags & LAYERFS_MBYPASSDEBUG) && savecompcredp && 422 kauth_cred_geteuid(savecompcredp) != 0) 423 printf("umap_lookup: returning-component-user now %d\n", 424 kauth_cred_geteuid(savecompcredp)); 425 } 426 427 return (error); 428 } 429 430 /* 431 * We handle getattr to change the fsid. 432 */ 433 int 434 umap_getattr(void *v) 435 { 436 struct vop_getattr_args /* { 437 struct vnode *a_vp; 438 struct vattr *a_vap; 439 kauth_cred_t a_cred; 440 struct lwp *a_l; 441 } */ *ap = v; 442 uid_t uid; 443 gid_t gid; 444 int error, tmpid, nentries, gnentries, flags; 445 u_long (*mapdata)[2]; 446 u_long (*gmapdata)[2]; 447 struct vnode **vp1p; 448 const struct vnodeop_desc *descp = ap->a_desc; 449 450 if ((error = umap_bypass(ap)) != 0) 451 return (error); 452 /* Requires that arguments be restored. */ 453 ap->a_vap->va_fsid = ap->a_vp->v_mount->mnt_stat.f_fsidx.__fsid_val[0]; 454 455 flags = MOUNTTOUMAPMOUNT(ap->a_vp->v_mount)->umapm_flags; 456 /* 457 * Umap needs to map the uid and gid returned by a stat 458 * into the proper values for this site. This involves 459 * finding the returned uid in the mapping information, 460 * translating it into the uid on the other end, 461 * and filling in the proper field in the vattr 462 * structure pointed to by ap->a_vap. The group 463 * is easier, since currently all groups will be 464 * translate to the NULLGROUP. 465 */ 466 467 /* Find entry in map */ 468 469 uid = ap->a_vap->va_uid; 470 gid = ap->a_vap->va_gid; 471 if ((flags & LAYERFS_MBYPASSDEBUG)) 472 printf("umap_getattr: mapped uid = %d, mapped gid = %d\n", uid, 473 gid); 474 475 vp1p = VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap); 476 nentries = MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_nentries; 477 mapdata = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_mapdata); 478 gnentries = MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gnentries; 479 gmapdata = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gmapdata); 480 481 /* Reverse map the uid for the vnode. Since it's a reverse 482 map, we can't use umap_mapids() to do it. */ 483 484 tmpid = umap_reverse_findid(uid, mapdata, nentries); 485 486 if (tmpid != -1) { 487 ap->a_vap->va_uid = (uid_t) tmpid; 488 if ((flags & LAYERFS_MBYPASSDEBUG)) 489 printf("umap_getattr: original uid = %d\n", uid); 490 } else 491 ap->a_vap->va_uid = (uid_t) NOBODY; 492 493 /* Reverse map the gid for the vnode. */ 494 495 tmpid = umap_reverse_findid(gid, gmapdata, gnentries); 496 497 if (tmpid != -1) { 498 ap->a_vap->va_gid = (gid_t) tmpid; 499 if ((flags & LAYERFS_MBYPASSDEBUG)) 500 printf("umap_getattr: original gid = %d\n", gid); 501 } else 502 ap->a_vap->va_gid = (gid_t) NULLGROUP; 503 504 return (0); 505 } 506 507 int 508 umap_print(void *v) 509 { 510 struct vop_print_args /* { 511 struct vnode *a_vp; 512 } */ *ap = v; 513 struct vnode *vp = ap->a_vp; 514 printf("\ttag VT_UMAPFS, vp=%p, lowervp=%p\n", vp, 515 UMAPVPTOLOWERVP(vp)); 516 return (0); 517 } 518 519 int 520 umap_rename(void *v) 521 { 522 struct vop_rename_args /* { 523 struct vnode *a_fdvp; 524 struct vnode *a_fvp; 525 struct componentname *a_fcnp; 526 struct vnode *a_tdvp; 527 struct vnode *a_tvp; 528 struct componentname *a_tcnp; 529 } */ *ap = v; 530 int error, flags; 531 struct componentname *compnamep; 532 kauth_cred_t compcredp, savecompcredp; 533 struct vnode *vp; 534 struct vnode *tvp; 535 536 /* 537 * Rename is irregular, having two componentname structures. 538 * We need to map the cre in the second structure, 539 * and then bypass takes care of the rest. 540 */ 541 542 vp = ap->a_fdvp; 543 flags = MOUNTTOUMAPMOUNT(vp->v_mount)->umapm_flags; 544 compnamep = ap->a_tcnp; 545 compcredp = compnamep->cn_cred; 546 547 savecompcredp = compcredp; 548 compcredp = compnamep->cn_cred = kauth_cred_dup(savecompcredp); 549 550 if ((flags & LAYERFS_MBYPASSDEBUG) && 551 kauth_cred_geteuid(compcredp) != 0) 552 printf("umap_rename: rename component credit user was %d, group %d\n", 553 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 554 555 /* Map all ids in the credential structure. */ 556 557 umap_mapids(vp->v_mount, compcredp); 558 559 if ((flags & LAYERFS_MBYPASSDEBUG) && 560 kauth_cred_geteuid(compcredp) != 0) 561 printf("umap_rename: rename component credit user now %d, group %d\n", 562 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 563 564 tvp = ap->a_tvp; 565 if (tvp) { 566 if (tvp->v_mount != vp->v_mount) 567 tvp = NULL; 568 else 569 vref(tvp); 570 } 571 error = umap_bypass(ap); 572 if (tvp) { 573 if (error == 0) 574 VTOLAYER(tvp)->layer_flags |= LAYERFS_REMOVED; 575 vrele(tvp); 576 } 577 578 /* Restore the additional mapped componentname cred structure. */ 579 580 kauth_cred_free(compcredp); 581 compnamep->cn_cred = savecompcredp; 582 583 return error; 584 } 585