1 /* $NetBSD: umap_vnops.c,v 1.46 2009/02/14 17:29:11 plunky Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software donated to Berkeley by 8 * the UCLA Ficus project. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)umap_vnops.c 8.6 (Berkeley) 5/22/95 35 */ 36 37 /* 38 * Umap Layer 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: umap_vnops.c,v 1.46 2009/02/14 17:29:11 plunky Exp $"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/time.h> 47 #include <sys/vnode.h> 48 #include <sys/mount.h> 49 #include <sys/namei.h> 50 #include <sys/malloc.h> 51 #include <sys/buf.h> 52 #include <sys/kauth.h> 53 54 #include <miscfs/umapfs/umap.h> 55 #include <miscfs/genfs/genfs.h> 56 #include <miscfs/genfs/layer_extern.h> 57 58 /* 59 * Note: If the LAYERFS_MBYPASSDEBUG flag is set, it is possible 60 * that the debug printing will bomb out, because kauth routines 61 * do not handle NOCRED or FSCRED like other credentials and end 62 * up dereferencing an inappropriate pointer. 63 * 64 * That should be fixed in kauth rather than here. 65 */ 66 67 int umap_lookup(void *); 68 int umap_getattr(void *); 69 int umap_print(void *); 70 int umap_rename(void *); 71 72 /* 73 * Global vfs data structures 74 */ 75 /* 76 * XXX - strategy, bwrite are hand coded currently. They should 77 * go away with a merged buffer/block cache. 78 * 79 */ 80 int (**umap_vnodeop_p)(void *); 81 const struct vnodeopv_entry_desc umap_vnodeop_entries[] = { 82 { &vop_default_desc, umap_bypass }, 83 84 { &vop_lookup_desc, umap_lookup }, 85 { &vop_getattr_desc, umap_getattr }, 86 { &vop_print_desc, umap_print }, 87 { &vop_rename_desc, umap_rename }, 88 89 { &vop_lock_desc, layer_lock }, 90 { &vop_unlock_desc, layer_unlock }, 91 { &vop_islocked_desc, layer_islocked }, 92 { &vop_fsync_desc, layer_fsync }, 93 { &vop_inactive_desc, layer_inactive }, 94 { &vop_reclaim_desc, layer_reclaim }, 95 { &vop_open_desc, layer_open }, 96 { &vop_setattr_desc, layer_setattr }, 97 { &vop_access_desc, layer_access }, 98 { &vop_remove_desc, layer_remove }, 99 { &vop_rmdir_desc, layer_rmdir }, 100 101 { &vop_bwrite_desc, layer_bwrite }, 102 { &vop_bmap_desc, layer_bmap }, 103 { &vop_getpages_desc, layer_getpages }, 104 { &vop_putpages_desc, layer_putpages }, 105 106 { NULL, NULL } 107 }; 108 const struct vnodeopv_desc umapfs_vnodeop_opv_desc = 109 { &umap_vnodeop_p, umap_vnodeop_entries }; 110 111 /* 112 * This is the 08-June-1999 bypass routine. 113 * See layer_vnops.c:layer_bypass for more details. 114 */ 115 int 116 umap_bypass(v) 117 void *v; 118 { 119 struct vop_generic_args /* { 120 struct vnodeop_desc *a_desc; 121 <other random data follows, presumably> 122 } */ *ap = v; 123 int (**our_vnodeop_p)(void *); 124 kauth_cred_t *credpp = NULL, credp = 0; 125 kauth_cred_t savecredp = 0, savecompcredp = 0; 126 kauth_cred_t compcredp = 0; 127 struct vnode **this_vp_p; 128 int error, error1; 129 struct vnode *old_vps[VDESC_MAX_VPS], *vp0; 130 struct vnode **vps_p[VDESC_MAX_VPS]; 131 struct vnode ***vppp; 132 struct vnodeop_desc *descp = ap->a_desc; 133 int reles, i, flags; 134 struct componentname **compnamepp = 0; 135 136 #ifdef DIAGNOSTIC 137 /* 138 * We require at least one vp. 139 */ 140 if (descp->vdesc_vp_offsets == NULL || 141 descp->vdesc_vp_offsets[0] == VDESC_NO_OFFSET) 142 panic("%s: no vp's in map.\n", __func__); 143 #endif 144 145 vps_p[0] = 146 VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap); 147 vp0 = *vps_p[0]; 148 flags = MOUNTTOUMAPMOUNT(vp0->v_mount)->umapm_flags; 149 our_vnodeop_p = vp0->v_op; 150 151 if (flags & LAYERFS_MBYPASSDEBUG) 152 printf("%s: %s\n", __func__, descp->vdesc_name); 153 154 /* 155 * Map the vnodes going in. 156 * Later, we'll invoke the operation based on 157 * the first mapped vnode's operation vector. 158 */ 159 reles = descp->vdesc_flags; 160 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 161 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 162 break; /* bail out at end of list */ 163 vps_p[i] = this_vp_p = 164 VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[i], 165 ap); 166 /* 167 * We're not guaranteed that any but the first vnode 168 * are of our type. Check for and don't map any 169 * that aren't. (We must always map first vp or vclean fails.) 170 */ 171 if (i && (*this_vp_p == NULL || 172 (*this_vp_p)->v_op != our_vnodeop_p)) { 173 old_vps[i] = NULL; 174 } else { 175 old_vps[i] = *this_vp_p; 176 *(vps_p[i]) = UMAPVPTOLOWERVP(*this_vp_p); 177 /* 178 * XXX - Several operations have the side effect 179 * of vrele'ing their vp's. We must account for 180 * that. (This should go away in the future.) 181 */ 182 if (reles & VDESC_VP0_WILLRELE) 183 VREF(*this_vp_p); 184 } 185 186 } 187 188 /* 189 * Fix the credentials. (That's the purpose of this layer.) 190 */ 191 192 if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) { 193 194 credpp = VOPARG_OFFSETTO(kauth_cred_t*, 195 descp->vdesc_cred_offset, ap); 196 197 /* Save old values */ 198 199 savecredp = *credpp; 200 if (savecredp != NOCRED && savecredp != FSCRED) 201 *credpp = kauth_cred_dup(savecredp); 202 credp = *credpp; 203 204 if ((flags & LAYERFS_MBYPASSDEBUG) && 205 kauth_cred_geteuid(credp) != 0) 206 printf("umap_bypass: user was %d, group %d\n", 207 kauth_cred_geteuid(credp), kauth_cred_getegid(credp)); 208 209 /* Map all ids in the credential structure. */ 210 211 umap_mapids(vp0->v_mount, credp); 212 213 if ((flags & LAYERFS_MBYPASSDEBUG) && 214 kauth_cred_geteuid(credp) != 0) 215 printf("umap_bypass: user now %d, group %d\n", 216 kauth_cred_geteuid(credp), kauth_cred_getegid(credp)); 217 } 218 219 /* BSD often keeps a credential in the componentname structure 220 * for speed. If there is one, it better get mapped, too. 221 */ 222 223 if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) { 224 225 compnamepp = VOPARG_OFFSETTO(struct componentname**, 226 descp->vdesc_componentname_offset, ap); 227 228 savecompcredp = (*compnamepp)->cn_cred; 229 if (savecompcredp != NOCRED && savecompcredp != FSCRED) 230 (*compnamepp)->cn_cred = kauth_cred_dup(savecompcredp); 231 compcredp = (*compnamepp)->cn_cred; 232 233 if ((flags & LAYERFS_MBYPASSDEBUG) && 234 kauth_cred_geteuid(compcredp) != 0) 235 printf("umap_bypass: component credit user was %d, group %d\n", 236 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 237 238 /* Map all ids in the credential structure. */ 239 240 umap_mapids(vp0->v_mount, compcredp); 241 242 if ((flags & LAYERFS_MBYPASSDEBUG) && 243 kauth_cred_geteuid(compcredp) != 0) 244 printf("umap_bypass: component credit user now %d, group %d\n", 245 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 246 } 247 248 /* 249 * Call the operation on the lower layer 250 * with the modified argument structure. 251 */ 252 error = VCALL(*vps_p[0], descp->vdesc_offset, ap); 253 254 /* 255 * Maintain the illusion of call-by-value 256 * by restoring vnodes in the argument structure 257 * to their original value. 258 */ 259 reles = descp->vdesc_flags; 260 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 261 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 262 break; /* bail out at end of list */ 263 if (old_vps[i]) { 264 *(vps_p[i]) = old_vps[i]; 265 if (reles & VDESC_VP0_WILLUNLOCK) 266 LAYERFS_UPPERUNLOCK(*(vps_p[i]), 0, error1); 267 if (reles & VDESC_VP0_WILLRELE) 268 vrele(*(vps_p[i])); 269 } 270 } 271 272 /* 273 * Map the possible out-going vpp 274 * (Assumes that the lower layer always returns 275 * a VREF'ed vpp unless it gets an error.) 276 */ 277 if (descp->vdesc_vpp_offset != VDESC_NO_OFFSET && 278 !(descp->vdesc_flags & VDESC_NOMAP_VPP) && 279 !error) { 280 /* 281 * XXX - even though some ops have vpp returned vp's, 282 * several ops actually vrele this before returning. 283 * We must avoid these ops. 284 * (This should go away when these ops are regularized.) 285 */ 286 if (descp->vdesc_flags & VDESC_VPP_WILLRELE) 287 goto out; 288 vppp = VOPARG_OFFSETTO(struct vnode***, 289 descp->vdesc_vpp_offset, ap); 290 /* 291 * Only vop_lookup, vop_create, vop_makedir, vop_bmap, 292 * vop_mknod, and vop_symlink return vpp's. vop_bmap 293 * doesn't call bypass as the lower vpp is fine (we're just 294 * going to do i/o on it). vop_lookup doesn't call bypass 295 * as a lookup on "." would generate a locking error. 296 * So all the calls which get us here have a locked vpp. :-) 297 */ 298 error = layer_node_create(old_vps[0]->v_mount, **vppp, *vppp); 299 if (error) { 300 vput(**vppp); 301 **vppp = NULL; 302 } 303 } 304 305 out: 306 /* 307 * Free duplicate cred structure and restore old one. 308 */ 309 if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) { 310 if ((flags & LAYERFS_MBYPASSDEBUG) && credp && 311 kauth_cred_geteuid(credp) != 0) 312 printf("umap_bypass: returning-user was %d\n", 313 kauth_cred_geteuid(credp)); 314 315 if (savecredp != NOCRED && savecredp != FSCRED && credpp) { 316 kauth_cred_free(credp); 317 *credpp = savecredp; 318 if ((flags & LAYERFS_MBYPASSDEBUG) && credpp && 319 kauth_cred_geteuid(*credpp) != 0) 320 printf("umap_bypass: returning-user now %d\n\n", 321 kauth_cred_geteuid(savecredp)); 322 } 323 } 324 325 if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) { 326 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 327 kauth_cred_geteuid(compcredp) != 0) 328 printf("umap_bypass: returning-component-user was %d\n", 329 kauth_cred_geteuid(compcredp)); 330 331 if (savecompcredp != NOCRED && savecompcredp != FSCRED) { 332 kauth_cred_free(compcredp); 333 (*compnamepp)->cn_cred = savecompcredp; 334 if ((flags & LAYERFS_MBYPASSDEBUG) && savecompcredp && 335 kauth_cred_geteuid(savecompcredp) != 0) 336 printf("umap_bypass: returning-component-user now %d\n", 337 kauth_cred_geteuid(savecompcredp)); 338 } 339 } 340 341 return (error); 342 } 343 344 /* 345 * This is based on the 08-June-1999 bypass routine. 346 * See layer_vnops.c:layer_bypass for more details. 347 */ 348 int 349 umap_lookup(v) 350 void *v; 351 { 352 struct vop_lookup_args /* { 353 struct vnodeop_desc *a_desc; 354 struct vnode * a_dvp; 355 struct vnode ** a_vpp; 356 struct componentname * a_cnp; 357 } */ *ap = v; 358 struct componentname *cnp = ap->a_cnp; 359 kauth_cred_t savecompcredp = NULL; 360 kauth_cred_t compcredp = NULL; 361 struct vnode *dvp, *vp, *ldvp; 362 struct mount *mp; 363 int error; 364 int flags, cnf = cnp->cn_flags; 365 366 dvp = ap->a_dvp; 367 mp = dvp->v_mount; 368 369 if ((cnf & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && 370 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 371 return (EROFS); 372 373 flags = MOUNTTOUMAPMOUNT(mp)->umapm_flags; 374 ldvp = UMAPVPTOLOWERVP(dvp); 375 376 if (flags & LAYERFS_MBYPASSDEBUG) 377 printf("umap_lookup\n"); 378 379 /* 380 * Fix the credentials. (That's the purpose of this layer.) 381 * 382 * BSD often keeps a credential in the componentname structure 383 * for speed. If there is one, it better get mapped, too. 384 */ 385 386 if ((savecompcredp = cnp->cn_cred)) { 387 compcredp = kauth_cred_dup(savecompcredp); 388 cnp->cn_cred = compcredp; 389 390 if ((flags & LAYERFS_MBYPASSDEBUG) && 391 kauth_cred_geteuid(compcredp) != 0) 392 printf("umap_lookup: component credit user was %d, group %d\n", 393 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 394 395 /* Map all ids in the credential structure. */ 396 umap_mapids(mp, compcredp); 397 } 398 399 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 400 kauth_cred_geteuid(compcredp) != 0) 401 printf("umap_lookup: component credit user now %d, group %d\n", 402 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 403 404 ap->a_dvp = ldvp; 405 error = VCALL(ldvp, ap->a_desc->vdesc_offset, ap); 406 vp = *ap->a_vpp; 407 *ap->a_vpp = NULL; 408 409 if (error == EJUSTRETURN && (cnf & ISLASTCN) && 410 (dvp->v_mount->mnt_flag & MNT_RDONLY) && 411 (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME)) 412 error = EROFS; 413 414 /* Do locking fixup as appropriate. See layer_lookup() for info */ 415 if (ldvp == vp) { 416 *ap->a_vpp = dvp; 417 VREF(dvp); 418 vrele(vp); 419 } else if (vp != NULL) { 420 error = layer_node_create(mp, vp, ap->a_vpp); 421 if (error) { 422 vput(vp); 423 } 424 } 425 426 /* 427 * Free duplicate cred structure and restore old one. 428 */ 429 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 430 kauth_cred_geteuid(compcredp) != 0) 431 printf("umap_lookup: returning-component-user was %d\n", 432 kauth_cred_geteuid(compcredp)); 433 434 if (savecompcredp != NOCRED && savecompcredp != FSCRED) { 435 if (compcredp) 436 kauth_cred_free(compcredp); 437 cnp->cn_cred = savecompcredp; 438 if ((flags & LAYERFS_MBYPASSDEBUG) && savecompcredp && 439 kauth_cred_geteuid(savecompcredp) != 0) 440 printf("umap_lookup: returning-component-user now %d\n", 441 kauth_cred_geteuid(savecompcredp)); 442 } 443 444 return (error); 445 } 446 447 /* 448 * We handle getattr to change the fsid. 449 */ 450 int 451 umap_getattr(v) 452 void *v; 453 { 454 struct vop_getattr_args /* { 455 struct vnode *a_vp; 456 struct vattr *a_vap; 457 kauth_cred_t a_cred; 458 struct lwp *a_l; 459 } */ *ap = v; 460 uid_t uid; 461 gid_t gid; 462 int error, tmpid, nentries, gnentries, flags; 463 u_long (*mapdata)[2]; 464 u_long (*gmapdata)[2]; 465 struct vnode **vp1p; 466 const struct vnodeop_desc *descp = ap->a_desc; 467 468 if ((error = umap_bypass(ap)) != 0) 469 return (error); 470 /* Requires that arguments be restored. */ 471 ap->a_vap->va_fsid = ap->a_vp->v_mount->mnt_stat.f_fsidx.__fsid_val[0]; 472 473 flags = MOUNTTOUMAPMOUNT(ap->a_vp->v_mount)->umapm_flags; 474 /* 475 * Umap needs to map the uid and gid returned by a stat 476 * into the proper values for this site. This involves 477 * finding the returned uid in the mapping information, 478 * translating it into the uid on the other end, 479 * and filling in the proper field in the vattr 480 * structure pointed to by ap->a_vap. The group 481 * is easier, since currently all groups will be 482 * translate to the NULLGROUP. 483 */ 484 485 /* Find entry in map */ 486 487 uid = ap->a_vap->va_uid; 488 gid = ap->a_vap->va_gid; 489 if ((flags & LAYERFS_MBYPASSDEBUG)) 490 printf("umap_getattr: mapped uid = %d, mapped gid = %d\n", uid, 491 gid); 492 493 vp1p = VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap); 494 nentries = MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_nentries; 495 mapdata = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_mapdata); 496 gnentries = MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gnentries; 497 gmapdata = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gmapdata); 498 499 /* Reverse map the uid for the vnode. Since it's a reverse 500 map, we can't use umap_mapids() to do it. */ 501 502 tmpid = umap_reverse_findid(uid, mapdata, nentries); 503 504 if (tmpid != -1) { 505 ap->a_vap->va_uid = (uid_t) tmpid; 506 if ((flags & LAYERFS_MBYPASSDEBUG)) 507 printf("umap_getattr: original uid = %d\n", uid); 508 } else 509 ap->a_vap->va_uid = (uid_t) NOBODY; 510 511 /* Reverse map the gid for the vnode. */ 512 513 tmpid = umap_reverse_findid(gid, gmapdata, gnentries); 514 515 if (tmpid != -1) { 516 ap->a_vap->va_gid = (gid_t) tmpid; 517 if ((flags & LAYERFS_MBYPASSDEBUG)) 518 printf("umap_getattr: original gid = %d\n", gid); 519 } else 520 ap->a_vap->va_gid = (gid_t) NULLGROUP; 521 522 return (0); 523 } 524 525 int 526 umap_print(v) 527 void *v; 528 { 529 struct vop_print_args /* { 530 struct vnode *a_vp; 531 } */ *ap = v; 532 struct vnode *vp = ap->a_vp; 533 printf("\ttag VT_UMAPFS, vp=%p, lowervp=%p\n", vp, 534 UMAPVPTOLOWERVP(vp)); 535 return (0); 536 } 537 538 int 539 umap_rename(v) 540 void *v; 541 { 542 struct vop_rename_args /* { 543 struct vnode *a_fdvp; 544 struct vnode *a_fvp; 545 struct componentname *a_fcnp; 546 struct vnode *a_tdvp; 547 struct vnode *a_tvp; 548 struct componentname *a_tcnp; 549 } */ *ap = v; 550 int error, flags; 551 struct componentname *compnamep; 552 kauth_cred_t compcredp, savecompcredp; 553 struct vnode *vp; 554 struct vnode *tvp; 555 556 /* 557 * Rename is irregular, having two componentname structures. 558 * We need to map the cre in the second structure, 559 * and then bypass takes care of the rest. 560 */ 561 562 vp = ap->a_fdvp; 563 flags = MOUNTTOUMAPMOUNT(vp->v_mount)->umapm_flags; 564 compnamep = ap->a_tcnp; 565 compcredp = compnamep->cn_cred; 566 567 savecompcredp = compcredp; 568 compcredp = compnamep->cn_cred = kauth_cred_dup(savecompcredp); 569 570 if ((flags & LAYERFS_MBYPASSDEBUG) && 571 kauth_cred_geteuid(compcredp) != 0) 572 printf("umap_rename: rename component credit user was %d, group %d\n", 573 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 574 575 /* Map all ids in the credential structure. */ 576 577 umap_mapids(vp->v_mount, compcredp); 578 579 if ((flags & LAYERFS_MBYPASSDEBUG) && 580 kauth_cred_geteuid(compcredp) != 0) 581 printf("umap_rename: rename component credit user now %d, group %d\n", 582 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 583 584 tvp = ap->a_tvp; 585 if (tvp) { 586 if (tvp->v_mount != vp->v_mount) 587 tvp = NULL; 588 else 589 vref(tvp); 590 } 591 error = umap_bypass(ap); 592 if (tvp) { 593 if (error == 0) 594 VTOLAYER(tvp)->layer_flags |= LAYERFS_REMOVED; 595 vrele(tvp); 596 } 597 598 /* Restore the additional mapped componentname cred structure. */ 599 600 kauth_cred_free(compcredp); 601 compnamep->cn_cred = savecompcredp; 602 603 return error; 604 } 605