1 | /* $NetBSD: ufs_rename.c,v 1.13 2016/10/28 20:38:12 jdolecek Exp $ */ |
2 | |
3 | /*- |
4 | * Copyright (c) 2012 The NetBSD Foundation, Inc. |
5 | * All rights reserved. |
6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Taylor R Campbell. |
9 | * |
10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions |
12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. |
15 | * 2. Redistributions in binary form must reproduce the above copyright |
16 | * notice, this list of conditions and the following disclaimer in the |
17 | * documentation and/or other materials provided with the distribution. |
18 | * |
19 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
20 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
23 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
29 | * POSSIBILITY OF SUCH DAMAGE. |
30 | */ |
31 | |
32 | /* |
33 | * UFS Rename |
34 | */ |
35 | |
36 | #include <sys/cdefs.h> |
37 | __KERNEL_RCSID(0, "$NetBSD: ufs_rename.c,v 1.13 2016/10/28 20:38:12 jdolecek Exp $" ); |
38 | |
39 | #include <sys/param.h> |
40 | #include <sys/buf.h> |
41 | #include <sys/errno.h> |
42 | #include <sys/kauth.h> |
43 | #include <sys/mount.h> |
44 | #include <sys/namei.h> |
45 | #include <sys/pool.h> |
46 | #include <sys/vnode.h> |
47 | #include <sys/vnode_if.h> |
48 | #include <sys/wapbl.h> |
49 | |
50 | #include <miscfs/genfs/genfs.h> |
51 | |
52 | #include <ufs/ufs/dir.h> |
53 | #include <ufs/ufs/inode.h> |
54 | #include <ufs/ufs/ufs_bswap.h> |
55 | #include <ufs/ufs/ufs_extern.h> |
56 | #include <ufs/ufs/ufs_wapbl.h> |
57 | #include <ufs/ufs/ufsmount.h> |
58 | |
59 | /* |
60 | * Forward declarations |
61 | */ |
62 | |
63 | static int ufs_sane_rename(struct vnode *, struct componentname *, |
64 | struct vnode *, struct componentname *, |
65 | kauth_cred_t, bool); |
66 | static bool ufs_rename_ulr_overlap_p(const struct ufs_lookup_results *, |
67 | const struct ufs_lookup_results *); |
68 | static int ufs_rename_recalculate_fulr(struct vnode *, |
69 | struct ufs_lookup_results *, const struct ufs_lookup_results *, |
70 | const struct componentname *); |
71 | static int ufs_direct_namlen(const struct direct *, const struct vnode *); |
72 | static int ufs_read_dotdot(struct vnode *, kauth_cred_t, ino_t *); |
73 | static int ufs_dirbuf_dotdot_namlen(const struct dirtemplate *, |
74 | const struct vnode *); |
75 | |
76 | static const struct genfs_rename_ops ufs_genfs_rename_ops; |
77 | |
78 | /* |
79 | * ufs_sane_rename: The hairiest vop, with the saner API. |
80 | * |
81 | * Arguments: |
82 | * |
83 | * . fdvp (from directory vnode), |
84 | * . fcnp (from component name), |
85 | * . tdvp (to directory vnode), |
86 | * . tcnp (to component name), |
87 | * . cred (credentials structure), and |
88 | * . posixly_correct (flag for behaviour if target & source link same file). |
89 | * |
90 | * fdvp and tdvp may be the same, and must be referenced and unlocked. |
91 | */ |
92 | static int |
93 | ufs_sane_rename( |
94 | struct vnode *fdvp, struct componentname *fcnp, |
95 | struct vnode *tdvp, struct componentname *tcnp, |
96 | kauth_cred_t cred, bool posixly_correct) |
97 | { |
98 | struct ufs_lookup_results fulr, tulr; |
99 | |
100 | return genfs_sane_rename(&ufs_genfs_rename_ops, |
101 | fdvp, fcnp, &fulr, tdvp, tcnp, &tulr, |
102 | cred, posixly_correct); |
103 | } |
104 | |
105 | /* |
106 | * ufs_rename: The hairiest vop, with the insanest API. Defer to |
107 | * genfs_insane_rename immediately. |
108 | */ |
109 | int |
110 | ufs_rename(void *v) |
111 | { |
112 | |
113 | return genfs_insane_rename(v, &ufs_sane_rename); |
114 | } |
115 | |
116 | /* |
117 | * ufs_gro_directory_empty_p: Return true if the directory vp is |
118 | * empty. dvp is its parent. |
119 | * |
120 | * vp and dvp must be locked and referenced. |
121 | */ |
122 | bool |
123 | ufs_gro_directory_empty_p(struct mount *mp, kauth_cred_t cred, |
124 | struct vnode *vp, struct vnode *dvp) |
125 | { |
126 | |
127 | (void)mp; |
128 | KASSERT(mp != NULL); |
129 | KASSERT(vp != NULL); |
130 | KASSERT(dvp != NULL); |
131 | KASSERT(vp != dvp); |
132 | KASSERT(vp->v_mount == mp); |
133 | KASSERT(dvp->v_mount == mp); |
134 | KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); |
135 | KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); |
136 | |
137 | return ufs_dirempty(VTOI(vp), VTOI(dvp)->i_number, cred); |
138 | } |
139 | |
140 | /* |
141 | * ufs_gro_rename_check_possible: Check whether a rename is possible |
142 | * independent of credentials. |
143 | */ |
144 | int |
145 | ufs_gro_rename_check_possible(struct mount *mp, |
146 | struct vnode *fdvp, struct vnode *fvp, |
147 | struct vnode *tdvp, struct vnode *tvp) |
148 | { |
149 | |
150 | (void)mp; |
151 | KASSERT(mp != NULL); |
152 | KASSERT(fdvp != NULL); |
153 | KASSERT(fvp != NULL); |
154 | KASSERT(tdvp != NULL); |
155 | KASSERT(fdvp != fvp); |
156 | KASSERT(fdvp != tvp); |
157 | KASSERT(tdvp != fvp); |
158 | KASSERT(tdvp != tvp); |
159 | KASSERT(fvp != tvp); |
160 | KASSERT(fdvp->v_type == VDIR); |
161 | KASSERT(tdvp->v_type == VDIR); |
162 | KASSERT(fdvp->v_mount == mp); |
163 | KASSERT(fvp->v_mount == mp); |
164 | KASSERT(tdvp->v_mount == mp); |
165 | KASSERT((tvp == NULL) || (tvp->v_mount == mp)); |
166 | KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); |
167 | KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); |
168 | KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); |
169 | KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); |
170 | |
171 | return genfs_ufslike_rename_check_possible( |
172 | VTOI(fdvp)->i_flags, VTOI(fvp)->i_flags, |
173 | VTOI(tdvp)->i_flags, (tvp? VTOI(tvp)->i_flags : 0), |
174 | (tvp != NULL), |
175 | IMMUTABLE, APPEND); |
176 | } |
177 | |
178 | /* |
179 | * ufs_gro_rename_check_permitted: Check whether a rename is permitted |
180 | * given our credentials. |
181 | */ |
182 | int |
183 | ufs_gro_rename_check_permitted(struct mount *mp, kauth_cred_t cred, |
184 | struct vnode *fdvp, struct vnode *fvp, |
185 | struct vnode *tdvp, struct vnode *tvp) |
186 | { |
187 | |
188 | (void)mp; |
189 | KASSERT(mp != NULL); |
190 | KASSERT(fdvp != NULL); |
191 | KASSERT(fvp != NULL); |
192 | KASSERT(tdvp != NULL); |
193 | KASSERT(fdvp != fvp); |
194 | KASSERT(fdvp != tvp); |
195 | KASSERT(tdvp != fvp); |
196 | KASSERT(tdvp != tvp); |
197 | KASSERT(fvp != tvp); |
198 | KASSERT(fdvp->v_type == VDIR); |
199 | KASSERT(tdvp->v_type == VDIR); |
200 | KASSERT(fdvp->v_mount == mp); |
201 | KASSERT(fvp->v_mount == mp); |
202 | KASSERT(tdvp->v_mount == mp); |
203 | KASSERT((tvp == NULL) || (tvp->v_mount == mp)); |
204 | KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); |
205 | KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); |
206 | KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); |
207 | KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); |
208 | |
209 | return genfs_ufslike_rename_check_permitted(cred, |
210 | fdvp, VTOI(fdvp)->i_mode, VTOI(fdvp)->i_uid, |
211 | fvp, VTOI(fvp)->i_uid, |
212 | tdvp, VTOI(tdvp)->i_mode, VTOI(tdvp)->i_uid, |
213 | tvp, (tvp? VTOI(tvp)->i_uid : 0)); |
214 | } |
215 | |
216 | /* |
217 | * ufs_gro_remove_check_possible: Check whether a remove is possible |
218 | * independent of credentials. |
219 | */ |
220 | int |
221 | ufs_gro_remove_check_possible(struct mount *mp, |
222 | struct vnode *dvp, struct vnode *vp) |
223 | { |
224 | |
225 | (void)mp; |
226 | KASSERT(mp != NULL); |
227 | KASSERT(dvp != NULL); |
228 | KASSERT(vp != NULL); |
229 | KASSERT(dvp != vp); |
230 | KASSERT(dvp->v_type == VDIR); |
231 | KASSERT(vp->v_type != VDIR); |
232 | KASSERT(dvp->v_mount == mp); |
233 | KASSERT(vp->v_mount == mp); |
234 | KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); |
235 | KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); |
236 | |
237 | return genfs_ufslike_remove_check_possible( |
238 | VTOI(dvp)->i_flags, VTOI(vp)->i_flags, |
239 | IMMUTABLE, APPEND); |
240 | } |
241 | |
242 | /* |
243 | * ufs_gro_remove_check_permitted: Check whether a remove is permitted |
244 | * given our credentials. |
245 | */ |
246 | int |
247 | ufs_gro_remove_check_permitted(struct mount *mp, kauth_cred_t cred, |
248 | struct vnode *dvp, struct vnode *vp) |
249 | { |
250 | |
251 | (void)mp; |
252 | KASSERT(mp != NULL); |
253 | KASSERT(dvp != NULL); |
254 | KASSERT(vp != NULL); |
255 | KASSERT(dvp != vp); |
256 | KASSERT(dvp->v_type == VDIR); |
257 | KASSERT(vp->v_type != VDIR); |
258 | KASSERT(dvp->v_mount == mp); |
259 | KASSERT(vp->v_mount == mp); |
260 | KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); |
261 | KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); |
262 | |
263 | return genfs_ufslike_remove_check_permitted(cred, |
264 | dvp, VTOI(dvp)->i_mode, VTOI(dvp)->i_uid, vp, VTOI(vp)->i_uid); |
265 | } |
266 | |
267 | /* |
268 | * A virgin directory (no blushing please). |
269 | * |
270 | * XXX Copypasta from ufs_vnops.c. Kill! |
271 | */ |
272 | static const struct dirtemplate mastertemplate = { |
273 | 0, 12, DT_DIR, 1, "." , |
274 | 0, UFS_DIRBLKSIZ - 12, DT_DIR, 2, ".." |
275 | }; |
276 | |
277 | /* |
278 | * ufs_gro_rename: Actually perform the rename operation. |
279 | */ |
280 | int |
281 | ufs_gro_rename(struct mount *mp, kauth_cred_t cred, |
282 | struct vnode *fdvp, struct componentname *fcnp, |
283 | void *fde, struct vnode *fvp, |
284 | struct vnode *tdvp, struct componentname *tcnp, |
285 | void *tde, struct vnode *tvp) |
286 | { |
287 | struct ufs_lookup_results *fulr = fde; |
288 | struct ufs_lookup_results *tulr = tde; |
289 | bool directory_p, reparent_p; |
290 | struct direct *newdir; |
291 | int error; |
292 | |
293 | KASSERT(mp != NULL); |
294 | KASSERT(fdvp != NULL); |
295 | KASSERT(fcnp != NULL); |
296 | KASSERT(fulr != NULL); |
297 | KASSERT(fvp != NULL); |
298 | KASSERT(tdvp != NULL); |
299 | KASSERT(tcnp != NULL); |
300 | KASSERT(tulr != NULL); |
301 | KASSERT(fulr != tulr); |
302 | KASSERT(fdvp != fvp); |
303 | KASSERT(fdvp != tvp); |
304 | KASSERT(tdvp != fvp); |
305 | KASSERT(tdvp != tvp); |
306 | KASSERT(fvp != tvp); |
307 | KASSERT(fdvp->v_mount == mp); |
308 | KASSERT(fvp->v_mount == mp); |
309 | KASSERT(tdvp->v_mount == mp); |
310 | KASSERT((tvp == NULL) || (tvp->v_mount == mp)); |
311 | KASSERT(VOP_ISLOCKED(fdvp) == LK_EXCLUSIVE); |
312 | KASSERT(VOP_ISLOCKED(fvp) == LK_EXCLUSIVE); |
313 | KASSERT(VOP_ISLOCKED(tdvp) == LK_EXCLUSIVE); |
314 | KASSERT((tvp == NULL) || (VOP_ISLOCKED(tvp) == LK_EXCLUSIVE)); |
315 | |
316 | /* |
317 | * We shall need to temporarily bump the link count, so make |
318 | * sure there is room to do so. |
319 | */ |
320 | if ((nlink_t)VTOI(fvp)->i_nlink >= LINK_MAX) |
321 | return EMLINK; |
322 | |
323 | directory_p = (fvp->v_type == VDIR); |
324 | KASSERT(directory_p == ((VTOI(fvp)->i_mode & IFMT) == IFDIR)); |
325 | KASSERT((tvp == NULL) || (directory_p == (tvp->v_type == VDIR))); |
326 | KASSERT((tvp == NULL) || (directory_p == |
327 | ((VTOI(tvp)->i_mode & IFMT) == IFDIR))); |
328 | |
329 | reparent_p = (fdvp != tdvp); |
330 | KASSERT(reparent_p == (VTOI(fdvp)->i_number != VTOI(tdvp)->i_number)); |
331 | |
332 | /* |
333 | * Commence hacking of the data on disk. |
334 | */ |
335 | |
336 | error = UFS_WAPBL_BEGIN(mp); |
337 | if (error) |
338 | goto ihateyou; |
339 | |
340 | /* |
341 | * 1) Bump link count while we're moving stuff |
342 | * around. If we crash somewhere before |
343 | * completing our work, the link count |
344 | * may be wrong, but correctable. |
345 | */ |
346 | |
347 | KASSERT((nlink_t)VTOI(fvp)->i_nlink < LINK_MAX); |
348 | VTOI(fvp)->i_nlink++; |
349 | DIP_ASSIGN(VTOI(fvp), nlink, VTOI(fvp)->i_nlink); |
350 | VTOI(fvp)->i_flag |= IN_CHANGE; |
351 | error = UFS_UPDATE(fvp, NULL, NULL, UPDATE_DIROP); |
352 | if (error) |
353 | goto whymustithurtsomuch; |
354 | |
355 | /* |
356 | * 2) If target doesn't exist, link the target |
357 | * to the source and unlink the source. |
358 | * Otherwise, rewrite the target directory |
359 | * entry to reference the source inode and |
360 | * expunge the original entry's existence. |
361 | */ |
362 | |
363 | if (tvp == NULL) { |
364 | /* |
365 | * Account for ".." in new directory. |
366 | * When source and destination have the same |
367 | * parent we don't fool with the link count. |
368 | */ |
369 | if (directory_p && reparent_p) { |
370 | if ((nlink_t)VTOI(tdvp)->i_nlink >= LINK_MAX) { |
371 | error = EMLINK; |
372 | goto whymustithurtsomuch; |
373 | } |
374 | KASSERT((nlink_t)VTOI(tdvp)->i_nlink < LINK_MAX); |
375 | VTOI(tdvp)->i_nlink++; |
376 | DIP_ASSIGN(VTOI(tdvp), nlink, VTOI(tdvp)->i_nlink); |
377 | VTOI(tdvp)->i_flag |= IN_CHANGE; |
378 | error = UFS_UPDATE(tdvp, NULL, NULL, UPDATE_DIROP); |
379 | if (error) { |
380 | /* |
381 | * Link count update didn't take -- |
382 | * back out the in-memory link count. |
383 | */ |
384 | KASSERT(0 < VTOI(tdvp)->i_nlink); |
385 | VTOI(tdvp)->i_nlink--; |
386 | DIP_ASSIGN(VTOI(tdvp), nlink, |
387 | VTOI(tdvp)->i_nlink); |
388 | VTOI(tdvp)->i_flag |= IN_CHANGE; |
389 | goto whymustithurtsomuch; |
390 | } |
391 | } |
392 | |
393 | newdir = pool_cache_get(ufs_direct_cache, PR_WAITOK); |
394 | ufs_makedirentry(VTOI(fvp), tcnp, newdir); |
395 | error = ufs_direnter(tdvp, tulr, NULL, newdir, tcnp, NULL); |
396 | pool_cache_put(ufs_direct_cache, newdir); |
397 | if (error) { |
398 | if (directory_p && reparent_p) { |
399 | /* |
400 | * Directory update didn't take, but |
401 | * the link count update did -- back |
402 | * out the in-memory link count and the |
403 | * on-disk link count. |
404 | */ |
405 | KASSERT(0 < VTOI(tdvp)->i_nlink); |
406 | VTOI(tdvp)->i_nlink--; |
407 | DIP_ASSIGN(VTOI(tdvp), nlink, |
408 | VTOI(tdvp)->i_nlink); |
409 | VTOI(tdvp)->i_flag |= IN_CHANGE; |
410 | (void)UFS_UPDATE(tdvp, NULL, NULL, |
411 | UPDATE_WAIT | UPDATE_DIROP); |
412 | } |
413 | goto whymustithurtsomuch; |
414 | } |
415 | } else { |
416 | if (directory_p) |
417 | /* XXX WTF? Why purge here? Why not purge others? */ |
418 | cache_purge(tdvp); |
419 | |
420 | /* |
421 | * Make the target directory's entry for tcnp point at |
422 | * the source node. |
423 | * |
424 | * XXX ufs_dirrewrite decrements tvp's link count, but |
425 | * doesn't touch the link count of the new inode. Go |
426 | * figure. |
427 | */ |
428 | error = ufs_dirrewrite(VTOI(tdvp), tulr->ulr_offset, |
429 | VTOI(tvp), VTOI(fvp)->i_number, IFTODT(VTOI(fvp)->i_mode), |
430 | ((directory_p && reparent_p) ? reparent_p : directory_p), |
431 | IN_CHANGE | IN_UPDATE); |
432 | if (error) |
433 | goto whymustithurtsomuch; |
434 | |
435 | /* |
436 | * If the source and target are directories, and the |
437 | * target is in the same directory as the source, |
438 | * decrement the link count of the common parent |
439 | * directory, since we are removing the target from |
440 | * that directory. |
441 | */ |
442 | if (directory_p && !reparent_p) { |
443 | KASSERT(fdvp == tdvp); |
444 | /* XXX check, don't kassert */ |
445 | KASSERT(0 < VTOI(tdvp)->i_nlink); |
446 | VTOI(tdvp)->i_nlink--; |
447 | DIP_ASSIGN(VTOI(tdvp), nlink, VTOI(tdvp)->i_nlink); |
448 | VTOI(tdvp)->i_flag |= IN_CHANGE; |
449 | UFS_WAPBL_UPDATE(tdvp, NULL, NULL, 0); |
450 | } |
451 | |
452 | if (directory_p) { |
453 | /* |
454 | * XXX I don't understand the following comment |
455 | * from ufs_rename -- in particular, the part |
456 | * about `there may be other hard links'. |
457 | * |
458 | * Truncate inode. The only stuff left in the directory |
459 | * is "." and "..". The "." reference is inconsequential |
460 | * since we are quashing it. We have removed the "." |
461 | * reference and the reference in the parent directory, |
462 | * but there may be other hard links. |
463 | * |
464 | * XXX The ufs_dirempty call earlier does |
465 | * not guarantee anything about nlink. |
466 | */ |
467 | if (VTOI(tvp)->i_nlink != 1) |
468 | ufs_dirbad(VTOI(tvp), (doff_t)0, |
469 | "hard-linked directory" ); |
470 | VTOI(tvp)->i_nlink = 0; |
471 | DIP_ASSIGN(VTOI(tvp), nlink, 0); |
472 | (void) UFS_TRUNCATE(tvp, (off_t)0, IO_SYNC, cred); |
473 | } |
474 | } |
475 | |
476 | /* |
477 | * If the source is a directory with a new parent, the link |
478 | * count of the old parent directory must be decremented and |
479 | * ".." set to point to the new parent. |
480 | * |
481 | * XXX ufs_dirrewrite updates the link count of fdvp, but not |
482 | * the link count of fvp or the link count of tdvp. Go figure. |
483 | */ |
484 | if (directory_p && reparent_p) { |
485 | error = ufs_dirrewrite(VTOI(fvp), mastertemplate.dot_reclen, |
486 | VTOI(fdvp), VTOI(tdvp)->i_number, DT_DIR, 0, IN_CHANGE); |
487 | #if 0 /* XXX This branch was not in ufs_rename! */ |
488 | if (error) |
489 | goto whymustithurtsomuch; |
490 | #endif |
491 | |
492 | /* XXX WTF? Why purge here? Why not purge others? */ |
493 | cache_purge(fdvp); |
494 | } |
495 | |
496 | /* |
497 | * 3) Unlink the source. |
498 | */ |
499 | |
500 | /* |
501 | * ufs_direnter may compact the directory in the process of |
502 | * inserting a new entry. That may invalidate fulr, which we |
503 | * need in order to remove the old entry. In that case, we |
504 | * need to recalculate what fulr should be. |
505 | */ |
506 | if (!reparent_p && (tvp == NULL) && |
507 | ufs_rename_ulr_overlap_p(fulr, tulr)) { |
508 | error = ufs_rename_recalculate_fulr(fdvp, fulr, tulr, fcnp); |
509 | #if 0 /* XXX */ |
510 | if (error) /* XXX Try to back out changes? */ |
511 | goto whymustithurtsomuch; |
512 | #endif |
513 | } |
514 | |
515 | /* |
516 | * XXX 0 means !isrmdir. But can't this be an rmdir? |
517 | * XXX Well, turns out that argument to ufs_dirremove is ignored... |
518 | * XXX And it turns out ufs_dirremove updates the link count of fvp. |
519 | * XXX But it doesn't update the link count of fdvp. Go figure. |
520 | * XXX fdvp's link count is updated in ufs_dirrewrite instead. |
521 | * XXX Actually, sometimes it doesn't update fvp's link count. |
522 | * XXX I hate the world. |
523 | */ |
524 | error = ufs_dirremove(fdvp, fulr, VTOI(fvp), fcnp->cn_flags, 0); |
525 | if (error) |
526 | #if 0 /* XXX */ |
527 | goto whymustithurtsomuch; |
528 | #endif |
529 | goto arghmybrainhurts; |
530 | |
531 | /* |
532 | * XXX Perhaps this should go at the top, in case the file |
533 | * system is modified but incompletely so because of an |
534 | * intermediate error. |
535 | */ |
536 | genfs_rename_knote(fdvp, fvp, tdvp, tvp, |
537 | ((tvp != NULL) && (VTOI(tvp)->i_nlink == 0))); |
538 | #if 0 /* XXX */ |
539 | genfs_rename_cache_purge(fdvp, fvp, tdvp, tvp); |
540 | #endif |
541 | goto arghmybrainhurts; |
542 | |
543 | whymustithurtsomuch: |
544 | KASSERT(0 < VTOI(fvp)->i_nlink); |
545 | VTOI(fvp)->i_nlink--; |
546 | DIP_ASSIGN(VTOI(fvp), nlink, VTOI(fvp)->i_nlink); |
547 | VTOI(fvp)->i_flag |= IN_CHANGE; |
548 | UFS_WAPBL_UPDATE(fvp, NULL, NULL, 0); |
549 | |
550 | arghmybrainhurts: |
551 | UFS_WAPBL_END(mp); |
552 | |
553 | ihateyou: |
554 | return error; |
555 | } |
556 | |
557 | /* |
558 | * ufs_rename_ulr_overlap_p: True iff tulr overlaps with fulr so that |
559 | * entering a directory entry at tulr may move fulr. |
560 | */ |
561 | static bool |
562 | ufs_rename_ulr_overlap_p(const struct ufs_lookup_results *fulr, |
563 | const struct ufs_lookup_results *tulr) |
564 | { |
565 | doff_t from_prev_start, from_prev_end, to_start, to_end; |
566 | |
567 | KASSERT(fulr != NULL); |
568 | KASSERT(tulr != NULL); |
569 | KASSERT(fulr != tulr); |
570 | |
571 | /* |
572 | * fulr is from a DELETE lookup, so fulr->ulr_count is the size |
573 | * of the preceding entry (d_reclen). |
574 | */ |
575 | from_prev_end = fulr->ulr_offset; |
576 | KASSERT(fulr->ulr_count <= from_prev_end); |
577 | from_prev_start = (from_prev_end - fulr->ulr_count); |
578 | |
579 | /* |
580 | * tulr is from a RENAME lookup, so tulr->ulr_count is the size |
581 | * of the free space for an entry that we are about to fill. |
582 | */ |
583 | to_start = tulr->ulr_offset; |
584 | KASSERT(tulr->ulr_count < (UFS_MAXDIRSIZE - to_start)); |
585 | to_end = (to_start + tulr->ulr_count); |
586 | |
587 | return |
588 | (((to_start <= from_prev_start) && (from_prev_start < to_end)) || |
589 | ((to_start <= from_prev_end) && (from_prev_end < to_end))); |
590 | } |
591 | |
592 | /* |
593 | * ufs_rename_recalculate_fulr: If we have just entered a directory into |
594 | * dvp at tulr, and we were about to remove one at fulr for an entry |
595 | * named fcnp, fulr may be invalid. So, if necessary, recalculate it. |
596 | */ |
597 | static int |
598 | ufs_rename_recalculate_fulr(struct vnode *dvp, |
599 | struct ufs_lookup_results *fulr, const struct ufs_lookup_results *tulr, |
600 | const struct componentname *fcnp) |
601 | { |
602 | struct mount *mp; |
603 | struct ufsmount *ump; |
604 | int needswap; |
605 | /* XXX int is a silly type for this; blame ufsmount::um_dirblksiz. */ |
606 | int dirblksiz; |
607 | doff_t search_start, search_end; |
608 | doff_t offset; /* Offset of entry we're examining. */ |
609 | struct buf *bp; /* I/O block we're examining. */ |
610 | char *dirbuf; /* Pointer into directory at search_start. */ |
611 | struct direct *ep; /* Pointer to the entry we're examining. */ |
612 | /* XXX direct::d_reclen is 16-bit; |
613 | * ufs_lookup_results::ulr_reclen is 32-bit. Blah. */ |
614 | uint32_t reclen; /* Length of the entry we're examining. */ |
615 | uint32_t prev_reclen; /* Length of the preceding entry. */ |
616 | int error; |
617 | |
618 | KASSERT(dvp != NULL); |
619 | KASSERT(dvp->v_mount != NULL); |
620 | KASSERT(VTOI(dvp) != NULL); |
621 | KASSERT(fulr != NULL); |
622 | KASSERT(tulr != NULL); |
623 | KASSERT(fulr != tulr); |
624 | KASSERT(ufs_rename_ulr_overlap_p(fulr, tulr)); |
625 | |
626 | mp = dvp->v_mount; |
627 | ump = VFSTOUFS(mp); |
628 | KASSERT(ump != NULL); |
629 | KASSERT(ump == VTOI(dvp)->i_ump); |
630 | |
631 | needswap = UFS_MPNEEDSWAP(ump); |
632 | |
633 | dirblksiz = ump->um_dirblksiz; |
634 | KASSERT(0 < dirblksiz); |
635 | KASSERT((dirblksiz & (dirblksiz - 1)) == 0); |
636 | |
637 | /* A directory block may not span across multiple I/O blocks. */ |
638 | KASSERT(dirblksiz <= mp->mnt_stat.f_iosize); |
639 | |
640 | /* Find the bounds of the search. */ |
641 | search_start = tulr->ulr_offset; |
642 | KASSERT(fulr->ulr_reclen < (UFS_MAXDIRSIZE - fulr->ulr_offset)); |
643 | search_end = (fulr->ulr_offset + fulr->ulr_reclen); |
644 | |
645 | /* Compaction must happen only within a directory block. (*) */ |
646 | KASSERT(search_start <= search_end); |
647 | KASSERT((search_end - (search_start &~ (dirblksiz - 1))) <= dirblksiz); |
648 | |
649 | dirbuf = NULL; |
650 | bp = NULL; |
651 | error = ufs_blkatoff(dvp, (off_t)search_start, &dirbuf, &bp, false); |
652 | if (error) |
653 | return error; |
654 | KASSERT(dirbuf != NULL); |
655 | KASSERT(bp != NULL); |
656 | |
657 | /* |
658 | * Guarantee we sha'n't go past the end of the buffer we got. |
659 | * dirbuf is bp->b_data + (search_start & (iosize - 1)), and |
660 | * the valid range is [bp->b_data, bp->b_data + bp->b_bcount). |
661 | */ |
662 | KASSERT((search_end - search_start) <= |
663 | (bp->b_bcount - (search_start & (mp->mnt_stat.f_iosize - 1)))); |
664 | |
665 | prev_reclen = fulr->ulr_count; |
666 | offset = search_start; |
667 | |
668 | /* |
669 | * Search from search_start to search_end for the entry matching |
670 | * fcnp, which must be there because we found it before and it |
671 | * should only at most have moved earlier. |
672 | */ |
673 | for (;;) { |
674 | KASSERT(search_start <= offset); |
675 | KASSERT(offset < search_end); |
676 | |
677 | /* |
678 | * Examine the directory entry at offset. |
679 | */ |
680 | ep = (struct direct *)(dirbuf + (offset - search_start)); |
681 | reclen = ufs_rw16(ep->d_reclen, needswap); |
682 | |
683 | if (ep->d_ino == 0) |
684 | goto next; /* Entry is unused. */ |
685 | |
686 | if (ufs_rw32(ep->d_ino, needswap) == UFS_WINO) |
687 | goto next; /* Entry is whiteout. */ |
688 | |
689 | if (fcnp->cn_namelen != ufs_direct_namlen(ep, dvp)) |
690 | goto next; /* Wrong name length. */ |
691 | |
692 | if (memcmp(ep->d_name, fcnp->cn_nameptr, fcnp->cn_namelen)) |
693 | goto next; /* Wrong name. */ |
694 | |
695 | /* Got it! */ |
696 | break; |
697 | |
698 | next: |
699 | if (! ((reclen < search_end) && |
700 | (offset < (search_end - reclen)))) { |
701 | brelse(bp, 0); |
702 | return EIO; /* XXX Panic? What? */ |
703 | } |
704 | |
705 | /* We may not move past the search end. */ |
706 | KASSERT(reclen < search_end); |
707 | KASSERT(offset < (search_end - reclen)); |
708 | |
709 | /* |
710 | * We may not move across a directory block boundary; |
711 | * see (*) above. |
712 | */ |
713 | KASSERT((offset &~ (dirblksiz - 1)) == |
714 | ((offset + reclen) &~ (dirblksiz - 1))); |
715 | |
716 | prev_reclen = reclen; |
717 | offset += reclen; |
718 | } |
719 | |
720 | /* |
721 | * Found the entry. Record where. |
722 | */ |
723 | fulr->ulr_offset = offset; |
724 | fulr->ulr_reclen = reclen; |
725 | |
726 | /* |
727 | * Record the preceding record length, but not if we're at the |
728 | * start of a directory block. |
729 | */ |
730 | fulr->ulr_count = ((offset & (dirblksiz - 1))? prev_reclen : 0); |
731 | |
732 | brelse(bp, 0); |
733 | return 0; |
734 | } |
735 | |
736 | /* |
737 | * ufs_direct_namlen: Return the namlen of the directory entry ep from |
738 | * the directory vp. |
739 | */ |
740 | static int /* XXX int? uint8_t? */ |
741 | ufs_direct_namlen(const struct direct *ep, const struct vnode *vp) |
742 | { |
743 | bool swap; |
744 | |
745 | KASSERT(ep != NULL); |
746 | KASSERT(vp != NULL); |
747 | KASSERT(VTOI(vp) != NULL); |
748 | KASSERT(VTOI(vp)->i_ump != NULL); |
749 | |
750 | #if (BYTE_ORDER == LITTLE_ENDIAN) |
751 | swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) == 0); |
752 | #else |
753 | swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) != 0); |
754 | #endif |
755 | |
756 | return ((FSFMT(vp) && swap)? ep->d_type : ep->d_namlen); |
757 | } |
758 | |
759 | /* |
760 | * ufs_gro_remove: Rename an object over another link to itself, |
761 | * effectively removing just the original link. |
762 | */ |
763 | int |
764 | ufs_gro_remove(struct mount *mp, kauth_cred_t cred, |
765 | struct vnode *dvp, struct componentname *cnp, void *de, struct vnode *vp) |
766 | { |
767 | struct ufs_lookup_results *ulr = de; |
768 | int error; |
769 | |
770 | KASSERT(mp != NULL); |
771 | KASSERT(dvp != NULL); |
772 | KASSERT(cnp != NULL); |
773 | KASSERT(ulr != NULL); |
774 | KASSERT(vp != NULL); |
775 | KASSERT(dvp != vp); |
776 | KASSERT(dvp->v_mount == mp); |
777 | KASSERT(vp->v_mount == mp); |
778 | KASSERT(dvp->v_type == VDIR); |
779 | KASSERT(vp->v_type != VDIR); |
780 | KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); |
781 | KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); |
782 | KASSERT(cnp->cn_nameiop == DELETE); |
783 | |
784 | error = UFS_WAPBL_BEGIN(mp); |
785 | if (error) |
786 | goto out0; |
787 | |
788 | /* XXX ufs_dirremove decrements vp's link count for us. */ |
789 | error = ufs_dirremove(dvp, ulr, VTOI(vp), cnp->cn_flags, 0); |
790 | if (error) |
791 | goto out1; |
792 | |
793 | VN_KNOTE(dvp, NOTE_WRITE); |
794 | VN_KNOTE(vp, (VTOI(vp)->i_nlink? NOTE_LINK : NOTE_DELETE)); |
795 | |
796 | out1: UFS_WAPBL_END(mp); |
797 | out0: |
798 | return error; |
799 | } |
800 | |
801 | /* |
802 | * ufs_gro_lookup: Look up and save the lookup results. |
803 | */ |
804 | int |
805 | ufs_gro_lookup(struct mount *mp, struct vnode *dvp, |
806 | struct componentname *cnp, void *de_ret, struct vnode **vp_ret) |
807 | { |
808 | struct ufs_lookup_results *ulr_ret = de_ret; |
809 | struct vnode *vp = NULL; |
810 | int error; |
811 | |
812 | (void)mp; |
813 | KASSERT(mp != NULL); |
814 | KASSERT(dvp != NULL); |
815 | KASSERT(cnp != NULL); |
816 | KASSERT(ulr_ret != NULL); |
817 | KASSERT(vp_ret != NULL); |
818 | KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); |
819 | |
820 | /* Kludge cargo-culted from dholland's ufs_rename. */ |
821 | cnp->cn_flags &=~ MODMASK; |
822 | cnp->cn_flags |= (LOCKPARENT | LOCKLEAF); |
823 | |
824 | error = relookup(dvp, &vp, cnp, 0 /* dummy */); |
825 | if ((error == 0) && (vp == NULL)) { |
826 | error = ENOENT; |
827 | goto out; |
828 | } else if (error) { |
829 | return error; |
830 | } |
831 | |
832 | /* |
833 | * Thanks to VFS insanity, relookup locks vp, which screws us |
834 | * in various ways. |
835 | */ |
836 | KASSERT(vp != NULL); |
837 | VOP_UNLOCK(vp); |
838 | |
839 | out: *ulr_ret = VTOI(dvp)->i_crap; |
840 | *vp_ret = vp; |
841 | return error; |
842 | } |
843 | |
844 | /* |
845 | * ufs_rmdired_p: Check whether the directory vp has been rmdired. |
846 | * |
847 | * vp must be locked and referenced. |
848 | */ |
849 | static bool |
850 | ufs_rmdired_p(struct vnode *vp) |
851 | { |
852 | |
853 | KASSERT(vp != NULL); |
854 | KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); |
855 | KASSERT(vp->v_type == VDIR); |
856 | |
857 | /* XXX Is this correct? */ |
858 | return (VTOI(vp)->i_size == 0); |
859 | } |
860 | |
861 | /* |
862 | * ufs_read_dotdot: Store in *ino_ret the inode number of the parent |
863 | * of the directory vp. |
864 | */ |
865 | static int |
866 | ufs_read_dotdot(struct vnode *vp, kauth_cred_t cred, ino_t *ino_ret) |
867 | { |
868 | struct dirtemplate dirbuf; |
869 | int error; |
870 | |
871 | KASSERT(vp != NULL); |
872 | KASSERT(ino_ret != NULL); |
873 | KASSERT(vp->v_type == VDIR); |
874 | |
875 | error = ufs_bufio(UIO_READ, vp, &dirbuf, sizeof dirbuf, (off_t)0, |
876 | IO_NODELOCKED, cred, NULL, NULL); |
877 | if (error) |
878 | return error; |
879 | |
880 | if (ufs_dirbuf_dotdot_namlen(&dirbuf, vp) != 2 || |
881 | dirbuf.dotdot_name[0] != '.' || |
882 | dirbuf.dotdot_name[1] != '.') |
883 | /* XXX Panic? Print warning? */ |
884 | return ENOTDIR; |
885 | |
886 | *ino_ret = ufs_rw32(dirbuf.dotdot_ino, |
887 | UFS_MPNEEDSWAP(VTOI(vp)->i_ump)); |
888 | return 0; |
889 | } |
890 | |
891 | /* |
892 | * ufs_dirbuf_dotdot_namlen: Return the namlen of the directory buffer |
893 | * dirbuf that came from the directory vp. Swap byte order if |
894 | * necessary. |
895 | */ |
896 | static int /* XXX int? uint8_t? */ |
897 | ufs_dirbuf_dotdot_namlen(const struct dirtemplate *dirbuf, |
898 | const struct vnode *vp) |
899 | { |
900 | bool swap; |
901 | |
902 | KASSERT(dirbuf != NULL); |
903 | KASSERT(vp != NULL); |
904 | KASSERT(VTOI(vp) != NULL); |
905 | KASSERT(VTOI(vp)->i_ump != NULL); |
906 | |
907 | #if (BYTE_ORDER == LITTLE_ENDIAN) |
908 | swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) == 0); |
909 | #else |
910 | swap = (UFS_MPNEEDSWAP(VTOI(vp)->i_ump) != 0); |
911 | #endif |
912 | |
913 | return ((FSFMT(vp) && swap)? |
914 | dirbuf->dotdot_type : dirbuf->dotdot_namlen); |
915 | } |
916 | |
917 | /* |
918 | * ufs_gro_genealogy: Analyze the genealogy of the source and target |
919 | * directories. |
920 | */ |
921 | int |
922 | ufs_gro_genealogy(struct mount *mp, kauth_cred_t cred, |
923 | struct vnode *fdvp, struct vnode *tdvp, |
924 | struct vnode **intermediate_node_ret) |
925 | { |
926 | struct vnode *vp, *dvp; |
927 | ino_t dotdot_ino = 0; /* XXX: gcc */ |
928 | int error; |
929 | |
930 | KASSERT(mp != NULL); |
931 | KASSERT(fdvp != NULL); |
932 | KASSERT(tdvp != NULL); |
933 | KASSERT(fdvp != tdvp); |
934 | KASSERT(intermediate_node_ret != NULL); |
935 | KASSERT(fdvp->v_mount == mp); |
936 | KASSERT(tdvp->v_mount == mp); |
937 | KASSERT(fdvp->v_type == VDIR); |
938 | KASSERT(tdvp->v_type == VDIR); |
939 | |
940 | /* |
941 | * We need to provisionally lock tdvp to keep rmdir from |
942 | * deleting it -- or any ancestor -- at an inopportune moment. |
943 | */ |
944 | error = ufs_gro_lock_directory(mp, tdvp); |
945 | if (error) |
946 | return error; |
947 | |
948 | vp = tdvp; |
949 | vref(vp); |
950 | |
951 | for (;;) { |
952 | KASSERT(vp != NULL); |
953 | KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); |
954 | KASSERT(vp->v_mount == mp); |
955 | KASSERT(vp->v_type == VDIR); |
956 | KASSERT(!ufs_rmdired_p(vp)); |
957 | |
958 | /* Did we hit the root without finding fdvp? */ |
959 | if (VTOI(vp)->i_number == UFS_ROOTINO) { |
960 | vput(vp); |
961 | *intermediate_node_ret = NULL; |
962 | return 0; |
963 | } |
964 | |
965 | error = ufs_read_dotdot(vp, cred, &dotdot_ino); |
966 | if (error) { |
967 | vput(vp); |
968 | return error; |
969 | } |
970 | |
971 | /* Did we find that fdvp is an ancestor of tdvp? */ |
972 | if (VTOI(fdvp)->i_number == dotdot_ino) { |
973 | /* Unlock vp, but keep it referenced. */ |
974 | VOP_UNLOCK(vp); |
975 | *intermediate_node_ret = vp; |
976 | return 0; |
977 | } |
978 | |
979 | /* Neither -- keep ascending the family tree. */ |
980 | error = vcache_get(mp, &dotdot_ino, sizeof(dotdot_ino), &dvp); |
981 | vput(vp); |
982 | if (error) |
983 | return error; |
984 | error = vn_lock(dvp, LK_EXCLUSIVE); |
985 | if (error) { |
986 | vrele(dvp); |
987 | return error; |
988 | } |
989 | |
990 | KASSERT(dvp != NULL); |
991 | KASSERT(VOP_ISLOCKED(dvp) == LK_EXCLUSIVE); |
992 | vp = dvp; |
993 | |
994 | if (vp->v_type != VDIR) { |
995 | /* |
996 | * XXX Panic? Print a warning? Can this |
997 | * happen if we lose the race I suspect to |
998 | * exist above, and the `..' inode number has |
999 | * been recycled? |
1000 | */ |
1001 | vput(vp); |
1002 | return ENOTDIR; |
1003 | } |
1004 | |
1005 | if (ufs_rmdired_p(vp)) { |
1006 | vput(vp); |
1007 | return ENOENT; |
1008 | } |
1009 | } |
1010 | } |
1011 | |
1012 | /* |
1013 | * ufs_gro_lock_directory: Lock the directory vp, but fail if it has |
1014 | * been rmdir'd. |
1015 | */ |
1016 | int |
1017 | ufs_gro_lock_directory(struct mount *mp, struct vnode *vp) |
1018 | { |
1019 | |
1020 | (void)mp; |
1021 | KASSERT(mp != NULL); |
1022 | KASSERT(vp != NULL); |
1023 | KASSERT(vp->v_mount == mp); |
1024 | |
1025 | vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); |
1026 | |
1027 | if (ufs_rmdired_p(vp)) { |
1028 | VOP_UNLOCK(vp); |
1029 | return ENOENT; |
1030 | } |
1031 | |
1032 | return 0; |
1033 | } |
1034 | |
1035 | static const struct genfs_rename_ops ufs_genfs_rename_ops = { |
1036 | .gro_directory_empty_p = ufs_gro_directory_empty_p, |
1037 | .gro_rename_check_possible = ufs_gro_rename_check_possible, |
1038 | .gro_rename_check_permitted = ufs_gro_rename_check_permitted, |
1039 | .gro_remove_check_possible = ufs_gro_remove_check_possible, |
1040 | .gro_remove_check_permitted = ufs_gro_remove_check_permitted, |
1041 | .gro_rename = ufs_gro_rename, |
1042 | .gro_remove = ufs_gro_remove, |
1043 | .gro_lookup = ufs_gro_lookup, |
1044 | .gro_genealogy = ufs_gro_genealogy, |
1045 | .gro_lock_directory = ufs_gro_lock_directory, |
1046 | }; |
1047 | |