1 /* $NetBSD: umap_vnops.c,v 1.50 2010/07/02 08:09:51 hannken Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software donated to Berkeley by 8 * the UCLA Ficus project. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)umap_vnops.c 8.6 (Berkeley) 5/22/95 35 */ 36 37 /* 38 * Umap Layer 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: umap_vnops.c,v 1.50 2010/07/02 08:09:51 hannken Exp $"); 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/time.h> 47 #include <sys/vnode.h> 48 #include <sys/mount.h> 49 #include <sys/namei.h> 50 #include <sys/malloc.h> 51 #include <sys/buf.h> 52 #include <sys/kauth.h> 53 54 #include <miscfs/umapfs/umap.h> 55 #include <miscfs/genfs/genfs.h> 56 #include <miscfs/genfs/layer_extern.h> 57 58 /* 59 * Note: If the LAYERFS_MBYPASSDEBUG flag is set, it is possible 60 * that the debug printing will bomb out, because kauth routines 61 * do not handle NOCRED or FSCRED like other credentials and end 62 * up dereferencing an inappropriate pointer. 63 * 64 * That should be fixed in kauth rather than here. 65 */ 66 67 int umap_lookup(void *); 68 int umap_getattr(void *); 69 int umap_print(void *); 70 int umap_rename(void *); 71 72 /* 73 * Global vfs data structures 74 */ 75 /* 76 * XXX - strategy, bwrite are hand coded currently. They should 77 * go away with a merged buffer/block cache. 78 * 79 */ 80 int (**umap_vnodeop_p)(void *); 81 const struct vnodeopv_entry_desc umap_vnodeop_entries[] = { 82 { &vop_default_desc, umap_bypass }, 83 84 { &vop_lookup_desc, umap_lookup }, 85 { &vop_getattr_desc, umap_getattr }, 86 { &vop_print_desc, umap_print }, 87 { &vop_rename_desc, umap_rename }, 88 89 { &vop_fsync_desc, layer_fsync }, 90 { &vop_inactive_desc, layer_inactive }, 91 { &vop_reclaim_desc, layer_reclaim }, 92 { &vop_open_desc, layer_open }, 93 { &vop_setattr_desc, layer_setattr }, 94 { &vop_access_desc, layer_access }, 95 { &vop_remove_desc, layer_remove }, 96 { &vop_rmdir_desc, layer_rmdir }, 97 98 { &vop_bwrite_desc, layer_bwrite }, 99 { &vop_bmap_desc, layer_bmap }, 100 { &vop_getpages_desc, layer_getpages }, 101 { &vop_putpages_desc, layer_putpages }, 102 103 { NULL, NULL } 104 }; 105 const struct vnodeopv_desc umapfs_vnodeop_opv_desc = 106 { &umap_vnodeop_p, umap_vnodeop_entries }; 107 108 /* 109 * This is the 08-June-1999 bypass routine. 110 * See layer_vnops.c:layer_bypass for more details. 111 */ 112 int 113 umap_bypass(void *v) 114 { 115 struct vop_generic_args /* { 116 struct vnodeop_desc *a_desc; 117 <other random data follows, presumably> 118 } */ *ap = v; 119 int (**our_vnodeop_p)(void *); 120 kauth_cred_t *credpp = NULL, credp = 0; 121 kauth_cred_t savecredp = 0, savecompcredp = 0; 122 kauth_cred_t compcredp = 0; 123 struct vnode **this_vp_p; 124 int error; 125 struct vnode *old_vps[VDESC_MAX_VPS], *vp0; 126 struct vnode **vps_p[VDESC_MAX_VPS]; 127 struct vnode ***vppp; 128 struct vnodeop_desc *descp = ap->a_desc; 129 int reles, i, flags; 130 struct componentname **compnamepp = 0; 131 132 #ifdef DIAGNOSTIC 133 /* 134 * We require at least one vp. 135 */ 136 if (descp->vdesc_vp_offsets == NULL || 137 descp->vdesc_vp_offsets[0] == VDESC_NO_OFFSET) 138 panic("%s: no vp's in map.\n", __func__); 139 #endif 140 141 vps_p[0] = 142 VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap); 143 vp0 = *vps_p[0]; 144 flags = MOUNTTOUMAPMOUNT(vp0->v_mount)->umapm_flags; 145 our_vnodeop_p = vp0->v_op; 146 147 if (flags & LAYERFS_MBYPASSDEBUG) 148 printf("%s: %s\n", __func__, descp->vdesc_name); 149 150 /* 151 * Map the vnodes going in. 152 * Later, we'll invoke the operation based on 153 * the first mapped vnode's operation vector. 154 */ 155 reles = descp->vdesc_flags; 156 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 157 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 158 break; /* bail out at end of list */ 159 vps_p[i] = this_vp_p = 160 VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[i], 161 ap); 162 /* 163 * We're not guaranteed that any but the first vnode 164 * are of our type. Check for and don't map any 165 * that aren't. (We must always map first vp or vclean fails.) 166 */ 167 if (i && (*this_vp_p == NULL || 168 (*this_vp_p)->v_op != our_vnodeop_p)) { 169 old_vps[i] = NULL; 170 } else { 171 old_vps[i] = *this_vp_p; 172 *(vps_p[i]) = UMAPVPTOLOWERVP(*this_vp_p); 173 /* 174 * XXX - Several operations have the side effect 175 * of vrele'ing their vp's. We must account for 176 * that. (This should go away in the future.) 177 */ 178 if (reles & VDESC_VP0_WILLRELE) 179 vref(*this_vp_p); 180 } 181 182 } 183 184 /* 185 * Fix the credentials. (That's the purpose of this layer.) 186 */ 187 188 if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) { 189 190 credpp = VOPARG_OFFSETTO(kauth_cred_t*, 191 descp->vdesc_cred_offset, ap); 192 193 /* Save old values */ 194 195 savecredp = *credpp; 196 if (savecredp != NOCRED && savecredp != FSCRED) 197 *credpp = kauth_cred_dup(savecredp); 198 credp = *credpp; 199 200 if ((flags & LAYERFS_MBYPASSDEBUG) && 201 kauth_cred_geteuid(credp) != 0) 202 printf("umap_bypass: user was %d, group %d\n", 203 kauth_cred_geteuid(credp), kauth_cred_getegid(credp)); 204 205 /* Map all ids in the credential structure. */ 206 207 umap_mapids(vp0->v_mount, credp); 208 209 if ((flags & LAYERFS_MBYPASSDEBUG) && 210 kauth_cred_geteuid(credp) != 0) 211 printf("umap_bypass: user now %d, group %d\n", 212 kauth_cred_geteuid(credp), kauth_cred_getegid(credp)); 213 } 214 215 /* BSD often keeps a credential in the componentname structure 216 * for speed. If there is one, it better get mapped, too. 217 */ 218 219 if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) { 220 221 compnamepp = VOPARG_OFFSETTO(struct componentname**, 222 descp->vdesc_componentname_offset, ap); 223 224 savecompcredp = (*compnamepp)->cn_cred; 225 if (savecompcredp != NOCRED && savecompcredp != FSCRED) 226 (*compnamepp)->cn_cred = kauth_cred_dup(savecompcredp); 227 compcredp = (*compnamepp)->cn_cred; 228 229 if ((flags & LAYERFS_MBYPASSDEBUG) && 230 kauth_cred_geteuid(compcredp) != 0) 231 printf("umap_bypass: component credit user was %d, group %d\n", 232 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 233 234 /* Map all ids in the credential structure. */ 235 236 umap_mapids(vp0->v_mount, compcredp); 237 238 if ((flags & LAYERFS_MBYPASSDEBUG) && 239 kauth_cred_geteuid(compcredp) != 0) 240 printf("umap_bypass: component credit user now %d, group %d\n", 241 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 242 } 243 244 /* 245 * Call the operation on the lower layer 246 * with the modified argument structure. 247 */ 248 error = VCALL(*vps_p[0], descp->vdesc_offset, ap); 249 250 /* 251 * Maintain the illusion of call-by-value 252 * by restoring vnodes in the argument structure 253 * to their original value. 254 */ 255 reles = descp->vdesc_flags; 256 for (i = 0; i < VDESC_MAX_VPS; reles >>= 1, i++) { 257 if (descp->vdesc_vp_offsets[i] == VDESC_NO_OFFSET) 258 break; /* bail out at end of list */ 259 if (old_vps[i]) { 260 *(vps_p[i]) = old_vps[i]; 261 if (reles & VDESC_VP0_WILLRELE) 262 vrele(*(vps_p[i])); 263 } 264 } 265 266 /* 267 * Map the possible out-going vpp 268 * (Assumes that the lower layer always returns 269 * a VREF'ed vpp unless it gets an error.) 270 */ 271 if (descp->vdesc_vpp_offset != VDESC_NO_OFFSET && 272 !(descp->vdesc_flags & VDESC_NOMAP_VPP) && 273 !error) { 274 /* 275 * XXX - even though some ops have vpp returned vp's, 276 * several ops actually vrele this before returning. 277 * We must avoid these ops. 278 * (This should go away when these ops are regularized.) 279 */ 280 if (descp->vdesc_flags & VDESC_VPP_WILLRELE) 281 goto out; 282 vppp = VOPARG_OFFSETTO(struct vnode***, 283 descp->vdesc_vpp_offset, ap); 284 /* 285 * Only vop_lookup, vop_create, vop_makedir, vop_bmap, 286 * vop_mknod, and vop_symlink return vpp's. vop_bmap 287 * doesn't call bypass as the lower vpp is fine (we're just 288 * going to do i/o on it). vop_lookup doesn't call bypass 289 * as a lookup on "." would generate a locking error. 290 * So all the calls which get us here have a locked vpp. :-) 291 */ 292 error = layer_node_create(old_vps[0]->v_mount, **vppp, *vppp); 293 if (error) { 294 vput(**vppp); 295 **vppp = NULL; 296 } 297 } 298 299 out: 300 /* 301 * Free duplicate cred structure and restore old one. 302 */ 303 if (descp->vdesc_cred_offset != VDESC_NO_OFFSET) { 304 if ((flags & LAYERFS_MBYPASSDEBUG) && credp && 305 kauth_cred_geteuid(credp) != 0) 306 printf("umap_bypass: returning-user was %d\n", 307 kauth_cred_geteuid(credp)); 308 309 if (savecredp != NOCRED && savecredp != FSCRED && credpp) { 310 kauth_cred_free(credp); 311 *credpp = savecredp; 312 if ((flags & LAYERFS_MBYPASSDEBUG) && credpp && 313 kauth_cred_geteuid(*credpp) != 0) 314 printf("umap_bypass: returning-user now %d\n\n", 315 kauth_cred_geteuid(savecredp)); 316 } 317 } 318 319 if (descp->vdesc_componentname_offset != VDESC_NO_OFFSET) { 320 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 321 kauth_cred_geteuid(compcredp) != 0) 322 printf("umap_bypass: returning-component-user was %d\n", 323 kauth_cred_geteuid(compcredp)); 324 325 if (savecompcredp != NOCRED && savecompcredp != FSCRED) { 326 kauth_cred_free(compcredp); 327 (*compnamepp)->cn_cred = savecompcredp; 328 if ((flags & LAYERFS_MBYPASSDEBUG) && savecompcredp && 329 kauth_cred_geteuid(savecompcredp) != 0) 330 printf("umap_bypass: returning-component-user now %d\n", 331 kauth_cred_geteuid(savecompcredp)); 332 } 333 } 334 335 return (error); 336 } 337 338 /* 339 * This is based on the 08-June-1999 bypass routine. 340 * See layer_vnops.c:layer_bypass for more details. 341 */ 342 int 343 umap_lookup(void *v) 344 { 345 struct vop_lookup_args /* { 346 struct vnodeop_desc *a_desc; 347 struct vnode * a_dvp; 348 struct vnode ** a_vpp; 349 struct componentname * a_cnp; 350 } */ *ap = v; 351 struct componentname *cnp = ap->a_cnp; 352 kauth_cred_t savecompcredp = NULL; 353 kauth_cred_t compcredp = NULL; 354 struct vnode *dvp, *vp, *ldvp; 355 struct mount *mp; 356 int error; 357 int flags, cnf = cnp->cn_flags; 358 359 dvp = ap->a_dvp; 360 mp = dvp->v_mount; 361 362 if ((cnf & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && 363 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 364 return (EROFS); 365 366 flags = MOUNTTOUMAPMOUNT(mp)->umapm_flags; 367 ldvp = UMAPVPTOLOWERVP(dvp); 368 369 if (flags & LAYERFS_MBYPASSDEBUG) 370 printf("umap_lookup\n"); 371 372 /* 373 * Fix the credentials. (That's the purpose of this layer.) 374 * 375 * BSD often keeps a credential in the componentname structure 376 * for speed. If there is one, it better get mapped, too. 377 */ 378 379 if ((savecompcredp = cnp->cn_cred)) { 380 compcredp = kauth_cred_dup(savecompcredp); 381 cnp->cn_cred = compcredp; 382 383 if ((flags & LAYERFS_MBYPASSDEBUG) && 384 kauth_cred_geteuid(compcredp) != 0) 385 printf("umap_lookup: component credit user was %d, group %d\n", 386 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 387 388 /* Map all ids in the credential structure. */ 389 umap_mapids(mp, compcredp); 390 } 391 392 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 393 kauth_cred_geteuid(compcredp) != 0) 394 printf("umap_lookup: component credit user now %d, group %d\n", 395 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 396 397 ap->a_dvp = ldvp; 398 error = VCALL(ldvp, ap->a_desc->vdesc_offset, ap); 399 vp = *ap->a_vpp; 400 *ap->a_vpp = NULL; 401 402 if (error == EJUSTRETURN && (cnf & ISLASTCN) && 403 (dvp->v_mount->mnt_flag & MNT_RDONLY) && 404 (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME)) 405 error = EROFS; 406 407 /* Do locking fixup as appropriate. See layer_lookup() for info */ 408 if (ldvp == vp) { 409 *ap->a_vpp = dvp; 410 vref(dvp); 411 vrele(vp); 412 } else if (vp != NULL) { 413 error = layer_node_create(mp, vp, ap->a_vpp); 414 if (error) { 415 vput(vp); 416 } 417 } 418 419 /* 420 * Free duplicate cred structure and restore old one. 421 */ 422 if ((flags & LAYERFS_MBYPASSDEBUG) && compcredp && 423 kauth_cred_geteuid(compcredp) != 0) 424 printf("umap_lookup: returning-component-user was %d\n", 425 kauth_cred_geteuid(compcredp)); 426 427 if (savecompcredp != NOCRED && savecompcredp != FSCRED) { 428 if (compcredp) 429 kauth_cred_free(compcredp); 430 cnp->cn_cred = savecompcredp; 431 if ((flags & LAYERFS_MBYPASSDEBUG) && savecompcredp && 432 kauth_cred_geteuid(savecompcredp) != 0) 433 printf("umap_lookup: returning-component-user now %d\n", 434 kauth_cred_geteuid(savecompcredp)); 435 } 436 437 return (error); 438 } 439 440 /* 441 * We handle getattr to change the fsid. 442 */ 443 int 444 umap_getattr(void *v) 445 { 446 struct vop_getattr_args /* { 447 struct vnode *a_vp; 448 struct vattr *a_vap; 449 kauth_cred_t a_cred; 450 struct lwp *a_l; 451 } */ *ap = v; 452 uid_t uid; 453 gid_t gid; 454 int error, tmpid, nentries, gnentries, flags; 455 u_long (*mapdata)[2]; 456 u_long (*gmapdata)[2]; 457 struct vnode **vp1p; 458 const struct vnodeop_desc *descp = ap->a_desc; 459 460 if ((error = umap_bypass(ap)) != 0) 461 return (error); 462 /* Requires that arguments be restored. */ 463 ap->a_vap->va_fsid = ap->a_vp->v_mount->mnt_stat.f_fsidx.__fsid_val[0]; 464 465 flags = MOUNTTOUMAPMOUNT(ap->a_vp->v_mount)->umapm_flags; 466 /* 467 * Umap needs to map the uid and gid returned by a stat 468 * into the proper values for this site. This involves 469 * finding the returned uid in the mapping information, 470 * translating it into the uid on the other end, 471 * and filling in the proper field in the vattr 472 * structure pointed to by ap->a_vap. The group 473 * is easier, since currently all groups will be 474 * translate to the NULLGROUP. 475 */ 476 477 /* Find entry in map */ 478 479 uid = ap->a_vap->va_uid; 480 gid = ap->a_vap->va_gid; 481 if ((flags & LAYERFS_MBYPASSDEBUG)) 482 printf("umap_getattr: mapped uid = %d, mapped gid = %d\n", uid, 483 gid); 484 485 vp1p = VOPARG_OFFSETTO(struct vnode**, descp->vdesc_vp_offsets[0], ap); 486 nentries = MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_nentries; 487 mapdata = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_mapdata); 488 gnentries = MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gnentries; 489 gmapdata = (MOUNTTOUMAPMOUNT((*vp1p)->v_mount)->info_gmapdata); 490 491 /* Reverse map the uid for the vnode. Since it's a reverse 492 map, we can't use umap_mapids() to do it. */ 493 494 tmpid = umap_reverse_findid(uid, mapdata, nentries); 495 496 if (tmpid != -1) { 497 ap->a_vap->va_uid = (uid_t) tmpid; 498 if ((flags & LAYERFS_MBYPASSDEBUG)) 499 printf("umap_getattr: original uid = %d\n", uid); 500 } else 501 ap->a_vap->va_uid = (uid_t) NOBODY; 502 503 /* Reverse map the gid for the vnode. */ 504 505 tmpid = umap_reverse_findid(gid, gmapdata, gnentries); 506 507 if (tmpid != -1) { 508 ap->a_vap->va_gid = (gid_t) tmpid; 509 if ((flags & LAYERFS_MBYPASSDEBUG)) 510 printf("umap_getattr: original gid = %d\n", gid); 511 } else 512 ap->a_vap->va_gid = (gid_t) NULLGROUP; 513 514 return (0); 515 } 516 517 int 518 umap_print(void *v) 519 { 520 struct vop_print_args /* { 521 struct vnode *a_vp; 522 } */ *ap = v; 523 struct vnode *vp = ap->a_vp; 524 printf("\ttag VT_UMAPFS, vp=%p, lowervp=%p\n", vp, 525 UMAPVPTOLOWERVP(vp)); 526 return (0); 527 } 528 529 int 530 umap_rename(void *v) 531 { 532 struct vop_rename_args /* { 533 struct vnode *a_fdvp; 534 struct vnode *a_fvp; 535 struct componentname *a_fcnp; 536 struct vnode *a_tdvp; 537 struct vnode *a_tvp; 538 struct componentname *a_tcnp; 539 } */ *ap = v; 540 int error, flags; 541 struct componentname *compnamep; 542 kauth_cred_t compcredp, savecompcredp; 543 struct vnode *vp; 544 struct vnode *tvp; 545 546 /* 547 * Rename is irregular, having two componentname structures. 548 * We need to map the cre in the second structure, 549 * and then bypass takes care of the rest. 550 */ 551 552 vp = ap->a_fdvp; 553 flags = MOUNTTOUMAPMOUNT(vp->v_mount)->umapm_flags; 554 compnamep = ap->a_tcnp; 555 compcredp = compnamep->cn_cred; 556 557 savecompcredp = compcredp; 558 compcredp = compnamep->cn_cred = kauth_cred_dup(savecompcredp); 559 560 if ((flags & LAYERFS_MBYPASSDEBUG) && 561 kauth_cred_geteuid(compcredp) != 0) 562 printf("umap_rename: rename component credit user was %d, group %d\n", 563 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 564 565 /* Map all ids in the credential structure. */ 566 567 umap_mapids(vp->v_mount, compcredp); 568 569 if ((flags & LAYERFS_MBYPASSDEBUG) && 570 kauth_cred_geteuid(compcredp) != 0) 571 printf("umap_rename: rename component credit user now %d, group %d\n", 572 kauth_cred_geteuid(compcredp), kauth_cred_getegid(compcredp)); 573 574 tvp = ap->a_tvp; 575 if (tvp) { 576 if (tvp->v_mount != vp->v_mount) 577 tvp = NULL; 578 else 579 vref(tvp); 580 } 581 error = umap_bypass(ap); 582 if (tvp) { 583 if (error == 0) 584 VTOLAYER(tvp)->layer_flags |= LAYERFS_REMOVED; 585 vrele(tvp); 586 } 587 588 /* Restore the additional mapped componentname cred structure. */ 589 590 kauth_cred_free(compcredp); 591 compnamep->cn_cred = savecompcredp; 592 593 return error; 594 } 595