FreeBSD kernel kern code
vfs_lookup.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)vfs_lookup.c 8.4 (Berkeley) 2/16/94
37 */
38
39#include <sys/cdefs.h>
40__FBSDID("$FreeBSD$");
41
42#include "opt_capsicum.h"
43#include "opt_ktrace.h"
44
45#include <sys/param.h>
46#include <sys/systm.h>
47#include <sys/dirent.h>
48#include <sys/kernel.h>
49#include <sys/capsicum.h>
50#include <sys/fcntl.h>
51#include <sys/jail.h>
52#include <sys/lock.h>
53#include <sys/mutex.h>
54#include <sys/namei.h>
55#include <sys/vnode.h>
56#include <sys/mount.h>
57#include <sys/filedesc.h>
58#include <sys/proc.h>
59#include <sys/sdt.h>
60#include <sys/syscallsubr.h>
61#include <sys/sysctl.h>
62#ifdef KTRACE
63#include <sys/ktrace.h>
64#endif
65#ifdef INVARIANTS
66#include <machine/_inttypes.h>
67#endif
68
69#include <security/audit/audit.h>
70#include <security/mac/mac_framework.h>
71
72#include <vm/uma.h>
73
74#define NAMEI_DIAGNOSTIC 1
75#undef NAMEI_DIAGNOSTIC
76
77SDT_PROVIDER_DEFINE(vfs);
78SDT_PROBE_DEFINE4(vfs, namei, lookup, entry, "struct vnode *", "char *",
79 "unsigned long", "bool");
80SDT_PROBE_DEFINE4(vfs, namei, lookup, return, "int", "struct vnode *", "bool",
81 "struct nameidata");
82
83/* Allocation zone for namei. */
84uma_zone_t namei_zone;
85
86/* Placeholder vnode for mp traversal. */
87static struct vnode *vp_crossmp;
88
89static int
90crossmp_vop_islocked(struct vop_islocked_args *ap)
91{
92
93 return (LK_SHARED);
94}
95
96static int
97crossmp_vop_lock1(struct vop_lock1_args *ap)
98{
99 struct vnode *vp;
100 struct lock *lk __diagused;
101 const char *file __diagused;
102 int flags, line __diagused;
103
104 vp = ap->a_vp;
105 lk = vp->v_vnlock;
106 flags = ap->a_flags;
107 file = ap->a_file;
108 line = ap->a_line;
109
110 if ((flags & LK_SHARED) == 0)
111 panic("invalid lock request for crossmp");
112
113 WITNESS_CHECKORDER(&lk->lock_object, LOP_NEWORDER, file, line,
114 flags & LK_INTERLOCK ? &VI_MTX(vp)->lock_object : NULL);
115 WITNESS_LOCK(&lk->lock_object, 0, file, line);
116 if ((flags & LK_INTERLOCK) != 0)
117 VI_UNLOCK(vp);
118 LOCK_LOG_LOCK("SLOCK", &lk->lock_object, 0, 0, ap->a_file, line);
119 return (0);
120}
121
122static int
123crossmp_vop_unlock(struct vop_unlock_args *ap)
124{
125 struct vnode *vp;
126 struct lock *lk __diagused;
127
128 vp = ap->a_vp;
129 lk = vp->v_vnlock;
130
131 WITNESS_UNLOCK(&lk->lock_object, 0, LOCK_FILE, LOCK_LINE);
132 LOCK_LOG_LOCK("SUNLOCK", &lk->lock_object, 0, 0, LOCK_FILE,
133 LOCK_LINE);
134 return (0);
135}
136
137static struct vop_vector crossmp_vnodeops = {
138 .vop_default = &default_vnodeops,
139 .vop_islocked = crossmp_vop_islocked,
140 .vop_lock1 = crossmp_vop_lock1,
141 .vop_unlock = crossmp_vop_unlock,
142};
143/*
144 * VFS_VOP_VECTOR_REGISTER(crossmp_vnodeops) is not used here since the vnode
145 * gets allocated early. See nameiinit for the direct call below.
146 */
147
148struct nameicap_tracker {
149 struct vnode *dp;
150 TAILQ_ENTRY(nameicap_tracker) nm_link;
151};
152
153/* Zone for cap mode tracker elements used for dotdot capability checks. */
154MALLOC_DEFINE(M_NAMEITRACKER, "namei_tracker", "namei tracking for dotdot");
155
156static void
157nameiinit(void *dummy __unused)
158{
159
160 namei_zone = uma_zcreate("NAMEI", MAXPATHLEN, NULL, NULL, NULL, NULL,
161 UMA_ALIGN_PTR, 0);
162 vfs_vector_op_register(&crossmp_vnodeops);
163 getnewvnode("crossmp", NULL, &crossmp_vnodeops, &vp_crossmp);
164}
165SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nameiinit, NULL);
166
167static int lookup_cap_dotdot = 1;
168SYSCTL_INT(_vfs, OID_AUTO, lookup_cap_dotdot, CTLFLAG_RWTUN,
169 &lookup_cap_dotdot, 0,
170 "enables \"..\" components in path lookup in capability mode");
171static int lookup_cap_dotdot_nonlocal = 1;
172SYSCTL_INT(_vfs, OID_AUTO, lookup_cap_dotdot_nonlocal, CTLFLAG_RWTUN,
173 &lookup_cap_dotdot_nonlocal, 0,
174 "enables \"..\" components in path lookup in capability mode "
175 "on non-local mount");
176
177static void
178nameicap_tracker_add(struct nameidata *ndp, struct vnode *dp)
179{
180 struct nameicap_tracker *nt;
181
182 if ((ndp->ni_lcf & NI_LCF_CAP_DOTDOT) == 0 || dp->v_type != VDIR)
183 return;
184 nt = TAILQ_LAST(&ndp->ni_cap_tracker, nameicap_tracker_head);
185 if (nt != NULL && nt->dp == dp)
186 return;
187 nt = malloc(sizeof(*nt), M_NAMEITRACKER, M_WAITOK);
188 vhold(dp);
189 nt->dp = dp;
190 TAILQ_INSERT_TAIL(&ndp->ni_cap_tracker, nt, nm_link);
191}
192
193static void
194nameicap_cleanup_from(struct nameidata *ndp, struct nameicap_tracker *first)
195{
196 struct nameicap_tracker *nt, *nt1;
197
198 nt = first;
199 TAILQ_FOREACH_FROM_SAFE(nt, &ndp->ni_cap_tracker, nm_link, nt1) {
200 TAILQ_REMOVE(&ndp->ni_cap_tracker, nt, nm_link);
201 vdrop(nt->dp);
202 free(nt, M_NAMEITRACKER);
203 }
204}
205
206static void
207nameicap_cleanup(struct nameidata *ndp)
208{
209 KASSERT(TAILQ_EMPTY(&ndp->ni_cap_tracker) ||
210 (ndp->ni_lcf & NI_LCF_CAP_DOTDOT) != 0, ("not strictrelative"));
211 nameicap_cleanup_from(ndp, NULL);
212}
213
214/*
215 * For dotdot lookups in capability mode, only allow the component
216 * lookup to succeed if the resulting directory was already traversed
217 * during the operation. This catches situations where already
218 * traversed directory is moved to different parent, and then we walk
219 * over it with dotdots.
220 *
221 * Also allow to force failure of dotdot lookups for non-local
222 * filesystems, where external agents might assist local lookups to
223 * escape the compartment.
224 */
225static int
226nameicap_check_dotdot(struct nameidata *ndp, struct vnode *dp)
227{
228 struct nameicap_tracker *nt;
229 struct mount *mp;
230
231 if (dp == NULL || dp->v_type != VDIR || (ndp->ni_lcf &
232 NI_LCF_STRICTRELATIVE) == 0)
233 return (0);
234 if ((ndp->ni_lcf & NI_LCF_CAP_DOTDOT) == 0)
235 return (ENOTCAPABLE);
236 mp = dp->v_mount;
237 if (lookup_cap_dotdot_nonlocal == 0 && mp != NULL &&
238 (mp->mnt_flag & MNT_LOCAL) == 0)
239 return (ENOTCAPABLE);
240 TAILQ_FOREACH_REVERSE(nt, &ndp->ni_cap_tracker, nameicap_tracker_head,
241 nm_link) {
242 if (dp == nt->dp) {
243 nt = TAILQ_NEXT(nt, nm_link);
244 if (nt != NULL)
245 nameicap_cleanup_from(ndp, nt);
246 return (0);
247 }
248 }
249 return (ENOTCAPABLE);
250}
251
252static void
253namei_cleanup_cnp(struct componentname *cnp)
254{
255
256 uma_zfree(namei_zone, cnp->cn_pnbuf);
257#ifdef DIAGNOSTIC
258 cnp->cn_pnbuf = NULL;
259 cnp->cn_nameptr = NULL;
260#endif
261}
262
263static int
264namei_handle_root(struct nameidata *ndp, struct vnode **dpp)
265{
266 struct componentname *cnp;
267
268 cnp = &ndp->ni_cnd;
269 if ((ndp->ni_lcf & NI_LCF_STRICTRELATIVE) != 0) {
270#ifdef KTRACE
271 if (KTRPOINT(curthread, KTR_CAPFAIL))
272 ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
273#endif
274 return (ENOTCAPABLE);
275 }
276 while (*(cnp->cn_nameptr) == '/') {
277 cnp->cn_nameptr++;
278 ndp->ni_pathlen--;
279 }
280 *dpp = ndp->ni_rootdir;
281 vrefact(*dpp);
282 return (0);
283}
284
285static int
286namei_setup(struct nameidata *ndp, struct vnode **dpp, struct pwd **pwdp)
287{
288 struct componentname *cnp;
289 struct file *dfp;
290 struct thread *td;
291 struct pwd *pwd;
292 cap_rights_t rights;
293 int error;
294 bool startdir_used;
295
296 cnp = &ndp->ni_cnd;
297 td = curthread;
298
299 startdir_used = false;
300 *pwdp = NULL;
301 *dpp = NULL;
302
303#ifdef CAPABILITY_MODE
304 /*
305 * In capability mode, lookups must be restricted to happen in
306 * the subtree with the root specified by the file descriptor:
307 * - The root must be real file descriptor, not the pseudo-descriptor
308 * AT_FDCWD.
309 * - The passed path must be relative and not absolute.
310 * - If lookup_cap_dotdot is disabled, path must not contain the
311 * '..' components.
312 * - If lookup_cap_dotdot is enabled, we verify that all '..'
313 * components lookups result in the directories which were
314 * previously walked by us, which prevents an escape from
315 * the relative root.
316 */
317 if (IN_CAPABILITY_MODE(td) && (cnp->cn_flags & NOCAPCHECK) == 0) {
318 ndp->ni_lcf |= NI_LCF_STRICTRELATIVE;
319 ndp->ni_resflags |= NIRES_STRICTREL;
320 if (ndp->ni_dirfd == AT_FDCWD) {
321#ifdef KTRACE
322 if (KTRPOINT(td, KTR_CAPFAIL))
323 ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
324#endif
325 return (ECAPMODE);
326 }
327 }
328#endif
329 error = 0;
330
331 /*
332 * Get starting point for the translation.
333 */
334 pwd = pwd_hold(td);
335 /*
336 * The reference on ni_rootdir is acquired in the block below to avoid
337 * back-to-back atomics for absolute lookups.
338 */
339 ndp->ni_rootdir = pwd->pwd_rdir;
340 ndp->ni_topdir = pwd->pwd_jdir;
341
342 if (cnp->cn_pnbuf[0] == '/') {
343 ndp->ni_resflags |= NIRES_ABS;
344 error = namei_handle_root(ndp, dpp);
345 } else {
346 if (ndp->ni_startdir != NULL) {
347 *dpp = ndp->ni_startdir;
348 startdir_used = true;
349 } else if (ndp->ni_dirfd == AT_FDCWD) {
350 *dpp = pwd->pwd_cdir;
351 vrefact(*dpp);
352 } else {
353 rights = *ndp->ni_rightsneeded;
354 cap_rights_set_one(&rights, CAP_LOOKUP);
355
356 if (cnp->cn_flags & AUDITVNODE1)
357 AUDIT_ARG_ATFD1(ndp->ni_dirfd);
358 if (cnp->cn_flags & AUDITVNODE2)
359 AUDIT_ARG_ATFD2(ndp->ni_dirfd);
360 /*
361 * Effectively inlined fgetvp_rights, because
362 * we need to inspect the file as well as
363 * grabbing the vnode. No check for O_PATH,
364 * files to implement its semantic.
365 */
366 error = fget_cap(td, ndp->ni_dirfd, &rights,
367 &dfp, &ndp->ni_filecaps);
368 if (error != 0) {
369 /*
370 * Preserve the error; it should either be EBADF
371 * or capability-related, both of which can be
372 * safely returned to the caller.
373 */
374 } else {
375 if (dfp->f_ops == &badfileops) {
376 error = EBADF;
377 } else if (dfp->f_vnode == NULL) {
378 error = ENOTDIR;
379 } else {
380 *dpp = dfp->f_vnode;
381 vref(*dpp);
382
383 if ((dfp->f_flag & FSEARCH) != 0)
384 cnp->cn_flags |= NOEXECCHECK;
385 }
386 fdrop(dfp, td);
387 }
388#ifdef CAPABILITIES
389 /*
390 * If file descriptor doesn't have all rights,
391 * all lookups relative to it must also be
392 * strictly relative.
393 */
394 CAP_ALL(&rights);
395 if (!cap_rights_contains(&ndp->ni_filecaps.fc_rights,
396 &rights) ||
397 ndp->ni_filecaps.fc_fcntls != CAP_FCNTL_ALL ||
398 ndp->ni_filecaps.fc_nioctls != -1) {
399 ndp->ni_lcf |= NI_LCF_STRICTRELATIVE;
400 ndp->ni_resflags |= NIRES_STRICTREL;
401 }
402#endif
403 }
404 if (error == 0 && (*dpp)->v_type != VDIR &&
405 (cnp->cn_pnbuf[0] != '\0' ||
406 (cnp->cn_flags & EMPTYPATH) == 0))
407 error = ENOTDIR;
408 }
409 if (error == 0 && (cnp->cn_flags & RBENEATH) != 0) {
410 if (cnp->cn_pnbuf[0] == '/') {
411 error = ENOTCAPABLE;
412 } else if ((ndp->ni_lcf & NI_LCF_STRICTRELATIVE) == 0) {
413 ndp->ni_lcf |= NI_LCF_STRICTRELATIVE |
414 NI_LCF_CAP_DOTDOT;
415 }
416 }
417
418 /*
419 * If we are auditing the kernel pathname, save the user pathname.
420 */
421 if (cnp->cn_flags & AUDITVNODE1)
422 AUDIT_ARG_UPATH1_VP(td, ndp->ni_rootdir, *dpp, cnp->cn_pnbuf);
423 if (cnp->cn_flags & AUDITVNODE2)
424 AUDIT_ARG_UPATH2_VP(td, ndp->ni_rootdir, *dpp, cnp->cn_pnbuf);
425 if (ndp->ni_startdir != NULL && !startdir_used)
426 vrele(ndp->ni_startdir);
427 if (error != 0) {
428 if (*dpp != NULL)
429 vrele(*dpp);
430 pwd_drop(pwd);
431 return (error);
432 }
433 if ((ndp->ni_lcf & NI_LCF_STRICTRELATIVE) != 0 &&
434 lookup_cap_dotdot != 0)
435 ndp->ni_lcf |= NI_LCF_CAP_DOTDOT;
436 SDT_PROBE4(vfs, namei, lookup, entry, *dpp, cnp->cn_pnbuf,
437 cnp->cn_flags, false);
438 *pwdp = pwd;
439 return (0);
440}
441
442static int
443namei_getpath(struct nameidata *ndp)
444{
445 struct componentname *cnp;
446 int error;
447
448 cnp = &ndp->ni_cnd;
449
450 /*
451 * Get a buffer for the name to be translated, and copy the
452 * name into the buffer.
453 */
454 cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK);
455 if (ndp->ni_segflg == UIO_SYSSPACE) {
456 error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN,
457 &ndp->ni_pathlen);
458 } else {
459 error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN,
460 &ndp->ni_pathlen);
461 }
462
463 if (__predict_false(error != 0))
464 return (error);
465
466 cnp->cn_nameptr = cnp->cn_pnbuf;
467 return (0);
468}
469
470static int
471namei_emptypath(struct nameidata *ndp)
472{
473 struct componentname *cnp;
474 struct pwd *pwd;
475 struct vnode *dp;
476 int error;
477
478 cnp = &ndp->ni_cnd;
479 MPASS(*cnp->cn_pnbuf == '\0');
480 MPASS((cnp->cn_flags & EMPTYPATH) != 0);
481 MPASS((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0);
482
483 ndp->ni_resflags |= NIRES_EMPTYPATH;
484 error = namei_setup(ndp, &dp, &pwd);
485 if (error != 0) {
486 namei_cleanup_cnp(cnp);
487 goto errout;
488 }
489
490 /*
491 * Usecount on dp already provided by namei_setup.
492 */
493 ndp->ni_vp = dp;
494 namei_cleanup_cnp(cnp);
495 pwd_drop(pwd);
496 NDVALIDATE(ndp);
497 if ((cnp->cn_flags & LOCKLEAF) != 0) {
498 VOP_LOCK(dp, (cnp->cn_flags & LOCKSHARED) != 0 ?
499 LK_SHARED : LK_EXCLUSIVE);
500 if (VN_IS_DOOMED(dp)) {
501 vput(dp);
502 error = ENOENT;
503 goto errout;
504 }
505 }
506 SDT_PROBE4(vfs, namei, lookup, return, 0, ndp->ni_vp, false, ndp);
507 return (0);
508
509errout:
510 SDT_PROBE4(vfs, namei, lookup, return, error, NULL, false, ndp);
511 return (error);
512}
513
514/*
515 * Convert a pathname into a pointer to a locked vnode.
516 *
517 * The FOLLOW flag is set when symbolic links are to be followed
518 * when they occur at the end of the name translation process.
519 * Symbolic links are always followed for all other pathname
520 * components other than the last.
521 *
522 * The segflg defines whether the name is to be copied from user
523 * space or kernel space.
524 *
525 * Overall outline of namei:
526 *
527 * copy in name
528 * get starting directory
529 * while (!done && !error) {
530 * call lookup to search path.
531 * if symbolic link, massage name in buffer and continue
532 * }
533 */
534int
535namei(struct nameidata *ndp)
536{
537 char *cp; /* pointer into pathname argument */
538 struct vnode *dp; /* the directory we are searching */
539 struct iovec aiov; /* uio for reading symbolic links */
540 struct componentname *cnp;
541 struct thread *td;
542 struct pwd *pwd;
543 struct uio auio;
544 int error, linklen;
545 enum cache_fpl_status status;
546
547 cnp = &ndp->ni_cnd;
548 td = curthread;
549#ifdef INVARIANTS
550 KASSERT((ndp->ni_debugflags & NAMEI_DBG_CALLED) == 0,
551 ("%s: repeated call to namei without NDREINIT", __func__));
552 KASSERT(ndp->ni_debugflags == NAMEI_DBG_INITED,
553 ("%s: bad debugflags %d", __func__, ndp->ni_debugflags));
554 ndp->ni_debugflags |= NAMEI_DBG_CALLED;
555 if (ndp->ni_startdir != NULL)
556 ndp->ni_debugflags |= NAMEI_DBG_HADSTARTDIR;
557 if (cnp->cn_flags & FAILIFEXISTS) {
558 KASSERT(cnp->cn_nameiop == CREATE,
559 ("%s: FAILIFEXISTS passed for op %d", __func__, cnp->cn_nameiop));
560 /*
561 * The limitation below is to restrict hairy corner cases.
562 */
563 KASSERT((cnp->cn_flags & (LOCKPARENT | LOCKLEAF)) == LOCKPARENT,
564 ("%s: FAILIFEXISTS must be passed with LOCKPARENT and without LOCKLEAF",
565 __func__));
566 }
567 /*
568 * For NDVALIDATE.
569 *
570 * While NDINIT may seem like a more natural place to do it, there are
571 * callers which directly modify flags past invoking init.
572 */
573 cnp->cn_origflags = cnp->cn_flags;
574#endif
575 ndp->ni_cnd.cn_cred = td->td_ucred;
576 KASSERT(ndp->ni_resflags == 0, ("%s: garbage in ni_resflags: %x\n",
577 __func__, ndp->ni_resflags));
578 KASSERT(cnp->cn_cred && td->td_proc, ("namei: bad cred/proc"));
579 KASSERT((cnp->cn_flags & NAMEI_INTERNAL_FLAGS) == 0,
580 ("namei: unexpected flags: %" PRIx64 "\n",
581 cnp->cn_flags & NAMEI_INTERNAL_FLAGS));
582 if (cnp->cn_flags & NOCACHE)
583 KASSERT(cnp->cn_nameiop != LOOKUP,
584 ("%s: NOCACHE passed with LOOKUP", __func__));
585 MPASS(ndp->ni_startdir == NULL || ndp->ni_startdir->v_type == VDIR ||
586 ndp->ni_startdir->v_type == VBAD);
587
588 ndp->ni_lcf = 0;
589 ndp->ni_loopcnt = 0;
590 ndp->ni_vp = NULL;
591
592 error = namei_getpath(ndp);
593 if (__predict_false(error != 0)) {
594 namei_cleanup_cnp(cnp);
595 SDT_PROBE4(vfs, namei, lookup, return, error, NULL,
596 false, ndp);
597 return (error);
598 }
599
600#ifdef KTRACE
601 if (KTRPOINT(td, KTR_NAMEI)) {
602 ktrnamei(cnp->cn_pnbuf);
603 }
604#endif
605 TSNAMEI(curthread->td_proc->p_pid, cnp->cn_pnbuf);
606
607 /*
608 * First try looking up the target without locking any vnodes.
609 *
610 * We may need to start from scratch or pick up where it left off.
611 */
612 error = cache_fplookup(ndp, &status, &pwd);
613 switch (status) {
614 case CACHE_FPL_STATUS_UNSET:
615 __assert_unreachable();
616 break;
617 case CACHE_FPL_STATUS_HANDLED:
618 if (error == 0)
619 NDVALIDATE(ndp);
620 return (error);
621 case CACHE_FPL_STATUS_PARTIAL:
622 TAILQ_INIT(&ndp->ni_cap_tracker);
623 dp = ndp->ni_startdir;
624 break;
625 case CACHE_FPL_STATUS_DESTROYED:
626 ndp->ni_loopcnt = 0;
627 error = namei_getpath(ndp);
628 if (__predict_false(error != 0)) {
629 namei_cleanup_cnp(cnp);
630 return (error);
631 }
632 /* FALLTHROUGH */
633 case CACHE_FPL_STATUS_ABORTED:
634 TAILQ_INIT(&ndp->ni_cap_tracker);
635 MPASS(ndp->ni_lcf == 0);
636 if (*cnp->cn_pnbuf == '\0') {
637 if ((cnp->cn_flags & EMPTYPATH) != 0) {
638 return (namei_emptypath(ndp));
639 }
640 namei_cleanup_cnp(cnp);
641 SDT_PROBE4(vfs, namei, lookup, return, ENOENT, NULL,
642 false, ndp);
643 return (ENOENT);
644 }
645 error = namei_setup(ndp, &dp, &pwd);
646 if (error != 0) {
647 namei_cleanup_cnp(cnp);
648 return (error);
649 }
650 break;
651 }
652
653 /*
654 * Locked lookup.
655 */
656 for (;;) {
657 ndp->ni_startdir = dp;
658 error = vfs_lookup(ndp);
659 if (error != 0)
660 goto out;
661
662 /*
663 * If not a symbolic link, we're done.
664 */
665 if ((cnp->cn_flags & ISSYMLINK) == 0) {
666 SDT_PROBE4(vfs, namei, lookup, return, error,
667 (error == 0 ? ndp->ni_vp : NULL), false, ndp);
668 if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) {
669 namei_cleanup_cnp(cnp);
670 } else
671 cnp->cn_flags |= HASBUF;
672 nameicap_cleanup(ndp);
673 pwd_drop(pwd);
674 if (error == 0)
675 NDVALIDATE(ndp);
676 return (error);
677 }
678 if (ndp->ni_loopcnt++ >= MAXSYMLINKS) {
679 error = ELOOP;
680 break;
681 }
682#ifdef MAC
683 if ((cnp->cn_flags & NOMACCHECK) == 0) {
684 error = mac_vnode_check_readlink(td->td_ucred,
685 ndp->ni_vp);
686 if (error != 0)
687 break;
688 }
689#endif
690 if (ndp->ni_pathlen > 1)
691 cp = uma_zalloc(namei_zone, M_WAITOK);
692 else
693 cp = cnp->cn_pnbuf;
694 aiov.iov_base = cp;
695 aiov.iov_len = MAXPATHLEN;
696 auio.uio_iov = &aiov;
697 auio.uio_iovcnt = 1;
698 auio.uio_offset = 0;
699 auio.uio_rw = UIO_READ;
700 auio.uio_segflg = UIO_SYSSPACE;
701 auio.uio_td = td;
702 auio.uio_resid = MAXPATHLEN;
703 error = VOP_READLINK(ndp->ni_vp, &auio, cnp->cn_cred);
704 if (error != 0) {
705 if (ndp->ni_pathlen > 1)
706 uma_zfree(namei_zone, cp);
707 break;
708 }
709 linklen = MAXPATHLEN - auio.uio_resid;
710 if (linklen == 0) {
711 if (ndp->ni_pathlen > 1)
712 uma_zfree(namei_zone, cp);
713 error = ENOENT;
714 break;
715 }
716 if (linklen + ndp->ni_pathlen > MAXPATHLEN) {
717 if (ndp->ni_pathlen > 1)
718 uma_zfree(namei_zone, cp);
719 error = ENAMETOOLONG;
720 break;
721 }
722 if (ndp->ni_pathlen > 1) {
723 bcopy(ndp->ni_next, cp + linklen, ndp->ni_pathlen);
724 uma_zfree(namei_zone, cnp->cn_pnbuf);
725 cnp->cn_pnbuf = cp;
726 } else
727 cnp->cn_pnbuf[linklen] = '\0';
728 ndp->ni_pathlen += linklen;
729 vput(ndp->ni_vp);
730 dp = ndp->ni_dvp;
731 /*
732 * Check if root directory should replace current directory.
733 */
734 cnp->cn_nameptr = cnp->cn_pnbuf;
735 if (*(cnp->cn_nameptr) == '/') {
736 vrele(dp);
737 error = namei_handle_root(ndp, &dp);
738 if (error != 0)
739 goto out;
740 }
741 }
742 vput(ndp->ni_vp);
743 ndp->ni_vp = NULL;
744 vrele(ndp->ni_dvp);
745out:
746 MPASS(error != 0);
747 SDT_PROBE4(vfs, namei, lookup, return, error, NULL, false, ndp);
748 namei_cleanup_cnp(cnp);
749 nameicap_cleanup(ndp);
750 pwd_drop(pwd);
751 return (error);
752}
753
754static int
755compute_cn_lkflags(struct mount *mp, int lkflags, int cnflags)
756{
757
758 if (mp == NULL || ((lkflags & LK_SHARED) &&
759 !(mp->mnt_kern_flag & MNTK_LOOKUP_SHARED))) {
760 lkflags &= ~LK_SHARED;
761 lkflags |= LK_EXCLUSIVE;
762 }
763 lkflags |= LK_NODDLKTREAT;
764 return (lkflags);
765}
766
767static __inline int
768needs_exclusive_leaf(struct mount *mp, int flags)
769{
770
771 /*
772 * Intermediate nodes can use shared locks, we only need to
773 * force an exclusive lock for leaf nodes.
774 */
775 if ((flags & (ISLASTCN | LOCKLEAF)) != (ISLASTCN | LOCKLEAF))
776 return (0);
777
778 /* Always use exclusive locks if LOCKSHARED isn't set. */
779 if (!(flags & LOCKSHARED))
780 return (1);
781
782 /*
783 * For lookups during open(), if the mount point supports
784 * extended shared operations, then use a shared lock for the
785 * leaf node, otherwise use an exclusive lock.
786 */
787 if ((flags & ISOPEN) != 0)
788 return (!MNT_EXTENDED_SHARED(mp));
789
790 /*
791 * Lookup requests outside of open() that specify LOCKSHARED
792 * only need a shared lock on the leaf vnode.
793 */
794 return (0);
795}
796
797/*
798 * Various filesystems expect to be able to copy a name component with length
799 * bounded by NAME_MAX into a directory entry buffer of size MAXNAMLEN. Make
800 * sure that these are the same size.
801 */
802_Static_assert(MAXNAMLEN == NAME_MAX,
803 "MAXNAMLEN and NAME_MAX have different values");
804
805/*
806 * Search a pathname.
807 * This is a very central and rather complicated routine.
808 *
809 * The pathname is pointed to by ni_ptr and is of length ni_pathlen.
810 * The starting directory is taken from ni_startdir. The pathname is
811 * descended until done, or a symbolic link is encountered. The variable
812 * ni_more is clear if the path is completed; it is set to one if a
813 * symbolic link needing interpretation is encountered.
814 *
815 * The flag argument is LOOKUP, CREATE, RENAME, or DELETE depending on
816 * whether the name is to be looked up, created, renamed, or deleted.
817 * When CREATE, RENAME, or DELETE is specified, information usable in
818 * creating, renaming, or deleting a directory entry may be calculated.
819 * If flag has LOCKPARENT or'ed into it, the parent directory is returned
820 * locked. If flag has WANTPARENT or'ed into it, the parent directory is
821 * returned unlocked. Otherwise the parent directory is not returned. If
822 * the target of the pathname exists and LOCKLEAF is or'ed into the flag
823 * the target is returned locked, otherwise it is returned unlocked.
824 * When creating or renaming and LOCKPARENT is specified, the target may not
825 * be ".". When deleting and LOCKPARENT is specified, the target may be ".".
826 *
827 * Overall outline of lookup:
828 *
829 * dirloop:
830 * identify next component of name at ndp->ni_ptr
831 * handle degenerate case where name is null string
832 * if .. and crossing mount points and on mounted filesys, find parent
833 * call VOP_LOOKUP routine for next component name
834 * directory vnode returned in ni_dvp, unlocked unless LOCKPARENT set
835 * component vnode returned in ni_vp (if it exists), locked.
836 * if result vnode is mounted on and crossing mount points,
837 * find mounted on vnode
838 * if more components of name, do next level at dirloop
839 * return the answer in ni_vp, locked if LOCKLEAF set
840 * if LOCKPARENT set, return locked parent in ni_dvp
841 * if WANTPARENT set, return unlocked parent in ni_dvp
842 */
843int
844vfs_lookup(struct nameidata *ndp)
845{
846 char *cp; /* pointer into pathname argument */
847 char *prev_ni_next; /* saved ndp->ni_next */
848 char *nulchar; /* location of '\0' in cn_pnbuf */
849 struct vnode *dp = NULL; /* the directory we are searching */
850 struct vnode *tdp; /* saved dp */
851 struct mount *mp; /* mount table entry */
852 struct prison *pr;
853 size_t prev_ni_pathlen; /* saved ndp->ni_pathlen */
854 int docache; /* == 0 do not cache last component */
855 int wantparent; /* 1 => wantparent or lockparent flag */
856 int rdonly; /* lookup read-only flag bit */
857 int error = 0;
858 int dpunlocked = 0; /* dp has already been unlocked */
859 int relookup = 0; /* do not consume the path component */
860 struct componentname *cnp = &ndp->ni_cnd;
861 int lkflags_save;
862 int ni_dvp_unlocked;
863
864 /*
865 * Setup: break out flag bits into variables.
866 */
867 ni_dvp_unlocked = 0;
868 wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
869 KASSERT(cnp->cn_nameiop == LOOKUP || wantparent,
870 ("CREATE, DELETE, RENAME require LOCKPARENT or WANTPARENT."));
871 /*
872 * When set to zero, docache causes the last component of the
873 * pathname to be deleted from the cache and the full lookup
874 * of the name to be done (via VOP_CACHEDLOOKUP()). Often
875 * filesystems need some pre-computed values that are made
876 * during the full lookup, for instance UFS sets dp->i_offset.
877 *
878 * The docache variable is set to zero when requested by the
879 * NOCACHE flag and for all modifying operations except CREATE.
880 */
881 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE;
882 if (cnp->cn_nameiop == DELETE ||
883 (wantparent && cnp->cn_nameiop != CREATE &&
884 cnp->cn_nameiop != LOOKUP))
885 docache = 0;
886 rdonly = cnp->cn_flags & RDONLY;
887 cnp->cn_flags &= ~ISSYMLINK;
888 ndp->ni_dvp = NULL;
889 /*
890 * We use shared locks until we hit the parent of the last cn then
891 * we adjust based on the requesting flags.
892 */
893 cnp->cn_lkflags = LK_SHARED;
894 dp = ndp->ni_startdir;
895 ndp->ni_startdir = NULLVP;
896 vn_lock(dp,
897 compute_cn_lkflags(dp->v_mount, cnp->cn_lkflags | LK_RETRY,
898 cnp->cn_flags));
899
900dirloop:
901 /*
902 * Search a new directory.
903 *
904 * The last component of the filename is left accessible via
905 * cnp->cn_nameptr for callers that need the name. Callers needing
906 * the name set the SAVENAME flag. When done, they assume
907 * responsibility for freeing the pathname buffer.
908 *
909 * Store / as a temporary sentinel so that we only have one character
910 * to test for. Pathnames tend to be short so this should not be
911 * resulting in cache misses.
912 */
913 nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1];
914 KASSERT(*nulchar == '\0',
915 ("%s: expected nul at %p; string [%s]\n", __func__, nulchar,
916 cnp->cn_pnbuf));
917 *nulchar = '/';
918 for (cp = cnp->cn_nameptr; *cp != '/'; cp++) {
919 KASSERT(*cp != '\0',
920 ("%s: encountered unexpected nul; string [%s]\n", __func__,
921 cnp->cn_nameptr));
922 continue;
923 }
924 *nulchar = '\0';
925 cnp->cn_namelen = cp - cnp->cn_nameptr;
926 if (cnp->cn_namelen > NAME_MAX) {
927 error = ENAMETOOLONG;
928 goto bad;
929 }
930#ifdef NAMEI_DIAGNOSTIC
931 { char c = *cp;
932 *cp = '\0';
933 printf("{%s}: ", cnp->cn_nameptr);
934 *cp = c; }
935#endif
936 prev_ni_pathlen = ndp->ni_pathlen;
937 ndp->ni_pathlen -= cnp->cn_namelen;
938 KASSERT(ndp->ni_pathlen <= PATH_MAX,
939 ("%s: ni_pathlen underflow to %zd\n", __func__, ndp->ni_pathlen));
940 prev_ni_next = ndp->ni_next;
941 ndp->ni_next = cp;
942
943 /*
944 * Replace multiple slashes by a single slash and trailing slashes
945 * by a null. This must be done before VOP_LOOKUP() because some
946 * fs's don't know about trailing slashes. Remember if there were
947 * trailing slashes to handle symlinks, existing non-directories
948 * and non-existing files that won't be directories specially later.
949 */
950 while (*cp == '/' && (cp[1] == '/' || cp[1] == '\0')) {
951 cp++;
952 ndp->ni_pathlen--;
953 if (*cp == '\0') {
954 *ndp->ni_next = '\0';
955 cnp->cn_flags |= TRAILINGSLASH;
956 }
957 }
958 ndp->ni_next = cp;
959
960 cnp->cn_flags |= MAKEENTRY;
961 if (*cp == '\0' && docache == 0)
962 cnp->cn_flags &= ~MAKEENTRY;
963 if (cnp->cn_namelen == 2 &&
964 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
965 cnp->cn_flags |= ISDOTDOT;
966 else
967 cnp->cn_flags &= ~ISDOTDOT;
968 if (*ndp->ni_next == 0)
969 cnp->cn_flags |= ISLASTCN;
970 else
971 cnp->cn_flags &= ~ISLASTCN;
972
973 if ((cnp->cn_flags & ISLASTCN) != 0 &&
974 cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.' &&
975 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
976 error = EINVAL;
977 goto bad;
978 }
979
980 nameicap_tracker_add(ndp, dp);
981
982 /*
983 * Check for degenerate name (e.g. / or "")
984 * which is a way of talking about a directory,
985 * e.g. like "/." or ".".
986 */
987 if (cnp->cn_nameptr[0] == '\0') {
988 if (dp->v_type != VDIR) {
989 error = ENOTDIR;
990 goto bad;
991 }
992 if (cnp->cn_nameiop != LOOKUP) {
993 error = EISDIR;
994 goto bad;
995 }
996 if (wantparent) {
997 ndp->ni_dvp = dp;
998 VREF(dp);
999 }
1000 ndp->ni_vp = dp;
1001
1002 if (cnp->cn_flags & AUDITVNODE1)
1003 AUDIT_ARG_VNODE1(dp);
1004 else if (cnp->cn_flags & AUDITVNODE2)
1005 AUDIT_ARG_VNODE2(dp);
1006
1007 if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF)))
1008 VOP_UNLOCK(dp);
1009 /* XXX This should probably move to the top of function. */
1010 if (cnp->cn_flags & SAVESTART)
1011 panic("lookup: SAVESTART");
1012 goto success;
1013 }
1014
1015 /*
1016 * Handle "..": five special cases.
1017 * 0. If doing a capability lookup and lookup_cap_dotdot is
1018 * disabled, return ENOTCAPABLE.
1019 * 1. Return an error if this is the last component of
1020 * the name and the operation is DELETE or RENAME.
1021 * 2. If at root directory (e.g. after chroot)
1022 * or at absolute root directory
1023 * then ignore it so can't get out.
1024 * 3. If this vnode is the root of a mounted
1025 * filesystem, then replace it with the
1026 * vnode which was mounted on so we take the
1027 * .. in the other filesystem.
1028 * 4. If the vnode is the top directory of
1029 * the jail or chroot, don't let them out.
1030 * 5. If doing a capability lookup and lookup_cap_dotdot is
1031 * enabled, return ENOTCAPABLE if the lookup would escape
1032 * from the initial file descriptor directory. Checks are
1033 * done by ensuring that namei() already traversed the
1034 * result of dotdot lookup.
1035 */
1036 if (cnp->cn_flags & ISDOTDOT) {
1037 if ((ndp->ni_lcf & (NI_LCF_STRICTRELATIVE | NI_LCF_CAP_DOTDOT))
1038 == NI_LCF_STRICTRELATIVE) {
1039#ifdef KTRACE
1040 if (KTRPOINT(curthread, KTR_CAPFAIL))
1041 ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
1042#endif
1043 error = ENOTCAPABLE;
1044 goto bad;
1045 }
1046 if ((cnp->cn_flags & ISLASTCN) != 0 &&
1047 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
1048 error = EINVAL;
1049 goto bad;
1050 }
1051 for (;;) {
1052 for (pr = cnp->cn_cred->cr_prison; pr != NULL;
1053 pr = pr->pr_parent)
1054 if (dp == pr->pr_root)
1055 break;
1056 if (dp == ndp->ni_rootdir ||
1057 dp == ndp->ni_topdir ||
1058 dp == rootvnode ||
1059 pr != NULL ||
1060 ((dp->v_vflag & VV_ROOT) != 0 &&
1061 (cnp->cn_flags & NOCROSSMOUNT) != 0)) {
1062 ndp->ni_dvp = dp;
1063 ndp->ni_vp = dp;
1064 VREF(dp);
1065 goto nextname;
1066 }
1067 if ((dp->v_vflag & VV_ROOT) == 0)
1068 break;
1069 if (VN_IS_DOOMED(dp)) { /* forced unmount */
1070 error = ENOENT;
1071 goto bad;
1072 }
1073 tdp = dp;
1074 dp = dp->v_mount->mnt_vnodecovered;
1075 VREF(dp);
1076 vput(tdp);
1077 vn_lock(dp,
1078 compute_cn_lkflags(dp->v_mount, cnp->cn_lkflags |
1079 LK_RETRY, ISDOTDOT));
1080 error = nameicap_check_dotdot(ndp, dp);
1081 if (error != 0) {
1082#ifdef KTRACE
1083 if (KTRPOINT(curthread, KTR_CAPFAIL))
1084 ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
1085#endif
1086 goto bad;
1087 }
1088 }
1089 }
1090
1091 /*
1092 * We now have a segment name to search for, and a directory to search.
1093 */
1094unionlookup:
1095#ifdef MAC
1096 error = mac_vnode_check_lookup(cnp->cn_cred, dp, cnp);
1097 if (error)
1098 goto bad;
1099#endif
1100 ndp->ni_dvp = dp;
1101 ndp->ni_vp = NULL;
1102 ASSERT_VOP_LOCKED(dp, "lookup");
1103 /*
1104 * If we have a shared lock we may need to upgrade the lock for the
1105 * last operation.
1106 */
1107 if ((cnp->cn_flags & LOCKPARENT) && (cnp->cn_flags & ISLASTCN) &&
1108 dp != vp_crossmp && VOP_ISLOCKED(dp) == LK_SHARED)
1109 vn_lock(dp, LK_UPGRADE|LK_RETRY);
1110 if (VN_IS_DOOMED(dp)) {
1111 error = ENOENT;
1112 goto bad;
1113 }
1114 /*
1115 * If we're looking up the last component and we need an exclusive
1116 * lock, adjust our lkflags.
1117 */
1118 if (needs_exclusive_leaf(dp->v_mount, cnp->cn_flags))
1119 cnp->cn_lkflags = LK_EXCLUSIVE;
1120#ifdef NAMEI_DIAGNOSTIC
1121 vn_printf(dp, "lookup in ");
1122#endif
1123 lkflags_save = cnp->cn_lkflags;
1124 cnp->cn_lkflags = compute_cn_lkflags(dp->v_mount, cnp->cn_lkflags,
1125 cnp->cn_flags);
1126 error = VOP_LOOKUP(dp, &ndp->ni_vp, cnp);
1127 cnp->cn_lkflags = lkflags_save;
1128 if (error != 0) {
1129 KASSERT(ndp->ni_vp == NULL, ("leaf should be empty"));
1130#ifdef NAMEI_DIAGNOSTIC
1131 printf("not found\n");
1132#endif
1133 if ((error == ENOENT) &&
1134 (dp->v_vflag & VV_ROOT) && (dp->v_mount != NULL) &&
1135 (dp->v_mount->mnt_flag & MNT_UNION)) {
1136 tdp = dp;
1137 dp = dp->v_mount->mnt_vnodecovered;
1138 VREF(dp);
1139 vput(tdp);
1140 vn_lock(dp,
1141 compute_cn_lkflags(dp->v_mount, cnp->cn_lkflags |
1142 LK_RETRY, cnp->cn_flags));
1143 nameicap_tracker_add(ndp, dp);
1144 goto unionlookup;
1145 }
1146
1147 if (error == ERELOOKUP) {
1148 vref(dp);
1149 ndp->ni_vp = dp;
1150 error = 0;
1151 relookup = 1;
1152 goto good;
1153 }
1154
1155 if (error != EJUSTRETURN)
1156 goto bad;
1157 /*
1158 * At this point, we know we're at the end of the
1159 * pathname. If creating / renaming, we can consider
1160 * allowing the file or directory to be created / renamed,
1161 * provided we're not on a read-only filesystem.
1162 */
1163 if (rdonly) {
1164 error = EROFS;
1165 goto bad;
1166 }
1167 /* trailing slash only allowed for directories */
1168 if ((cnp->cn_flags & TRAILINGSLASH) &&
1169 !(cnp->cn_flags & WILLBEDIR)) {
1170 error = ENOENT;
1171 goto bad;
1172 }
1173 if ((cnp->cn_flags & LOCKPARENT) == 0)
1174 VOP_UNLOCK(dp);
1175 /*
1176 * We return with ni_vp NULL to indicate that the entry
1177 * doesn't currently exist, leaving a pointer to the
1178 * (possibly locked) directory vnode in ndp->ni_dvp.
1179 */
1180 if (cnp->cn_flags & SAVESTART) {
1181 ndp->ni_startdir = ndp->ni_dvp;
1182 VREF(ndp->ni_startdir);
1183 }
1184 goto success;
1185 }
1186
1187good:
1188#ifdef NAMEI_DIAGNOSTIC
1189 printf("found\n");
1190#endif
1191 dp = ndp->ni_vp;
1192
1193 /*
1194 * Check to see if the vnode has been mounted on;
1195 * if so find the root of the mounted filesystem.
1196 */
1197 while (dp->v_type == VDIR && (mp = dp->v_mountedhere) &&
1198 (cnp->cn_flags & NOCROSSMOUNT) == 0) {
1199 if (vfs_busy(mp, 0))
1200 continue;
1201 vput(dp);
1202 if (dp != ndp->ni_dvp)
1203 vput(ndp->ni_dvp);
1204 else
1205 vrele(ndp->ni_dvp);
1206 vrefact(vp_crossmp);
1207 ndp->ni_dvp = vp_crossmp;
1208 error = VFS_ROOT(mp, compute_cn_lkflags(mp, cnp->cn_lkflags,
1209 cnp->cn_flags), &tdp);
1210 vfs_unbusy(mp);
1211 if (vn_lock(vp_crossmp, LK_SHARED | LK_NOWAIT))
1212 panic("vp_crossmp exclusively locked or reclaimed");
1213 if (error) {
1214 dpunlocked = 1;
1215 goto bad2;
1216 }
1217 ndp->ni_vp = dp = tdp;
1218 }
1219
1220 /*
1221 * Check for symbolic link
1222 */
1223 if ((dp->v_type == VLNK) &&
1224 ((cnp->cn_flags & FOLLOW) || (cnp->cn_flags & TRAILINGSLASH) ||
1225 *ndp->ni_next == '/')) {
1226 cnp->cn_flags |= ISSYMLINK;
1227 if (VN_IS_DOOMED(dp)) {
1228 /*
1229 * We can't know whether the directory was mounted with
1230 * NOSYMFOLLOW, so we can't follow safely.
1231 */
1232 error = ENOENT;
1233 goto bad2;
1234 }
1235 if (dp->v_mount->mnt_flag & MNT_NOSYMFOLLOW) {
1236 error = EACCES;
1237 goto bad2;
1238 }
1239 /*
1240 * Symlink code always expects an unlocked dvp.
1241 */
1242 if (ndp->ni_dvp != ndp->ni_vp) {
1243 VOP_UNLOCK(ndp->ni_dvp);
1244 ni_dvp_unlocked = 1;
1245 }
1246 goto success;
1247 }
1248
1249nextname:
1250 /*
1251 * Not a symbolic link that we will follow. Continue with the
1252 * next component if there is any; otherwise, we're done.
1253 */
1254 KASSERT((cnp->cn_flags & ISLASTCN) || *ndp->ni_next == '/',
1255 ("lookup: invalid path state."));
1256 if (relookup) {
1257 relookup = 0;
1258 ndp->ni_pathlen = prev_ni_pathlen;
1259 ndp->ni_next = prev_ni_next;
1260 if (ndp->ni_dvp != dp)
1261 vput(ndp->ni_dvp);
1262 else
1263 vrele(ndp->ni_dvp);
1264 goto dirloop;
1265 }
1266 if (cnp->cn_flags & ISDOTDOT) {
1267 error = nameicap_check_dotdot(ndp, ndp->ni_vp);
1268 if (error != 0) {
1269#ifdef KTRACE
1270 if (KTRPOINT(curthread, KTR_CAPFAIL))
1271 ktrcapfail(CAPFAIL_LOOKUP, NULL, NULL);
1272#endif
1273 goto bad2;
1274 }
1275 }
1276 if (*ndp->ni_next == '/') {
1277 cnp->cn_nameptr = ndp->ni_next;
1278 while (*cnp->cn_nameptr == '/') {
1279 cnp->cn_nameptr++;
1280 ndp->ni_pathlen--;
1281 }
1282 if (ndp->ni_dvp != dp)
1283 vput(ndp->ni_dvp);
1284 else
1285 vrele(ndp->ni_dvp);
1286 goto dirloop;
1287 }
1288 /*
1289 * If we're processing a path with a trailing slash,
1290 * check that the end result is a directory.
1291 */
1292 if ((cnp->cn_flags & TRAILINGSLASH) && dp->v_type != VDIR) {
1293 error = ENOTDIR;
1294 goto bad2;
1295 }
1296 /*
1297 * Disallow directory write attempts on read-only filesystems.
1298 */
1299 if (rdonly &&
1300 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
1301 error = EROFS;
1302 goto bad2;
1303 }
1304 if (cnp->cn_flags & SAVESTART) {
1305 ndp->ni_startdir = ndp->ni_dvp;
1306 VREF(ndp->ni_startdir);
1307 }
1308 if (!wantparent) {
1309 ni_dvp_unlocked = 2;
1310 if (ndp->ni_dvp != dp)
1311 vput(ndp->ni_dvp);
1312 else
1313 vrele(ndp->ni_dvp);
1314 } else if ((cnp->cn_flags & LOCKPARENT) == 0 && ndp->ni_dvp != dp) {
1315 VOP_UNLOCK(ndp->ni_dvp);
1316 ni_dvp_unlocked = 1;
1317 }
1318
1319 if (cnp->cn_flags & AUDITVNODE1)
1320 AUDIT_ARG_VNODE1(dp);
1321 else if (cnp->cn_flags & AUDITVNODE2)
1322 AUDIT_ARG_VNODE2(dp);
1323
1324 if ((cnp->cn_flags & LOCKLEAF) == 0)
1325 VOP_UNLOCK(dp);
1326success:
1327 /*
1328 * FIXME: for lookups which only cross a mount point to fetch the
1329 * root vnode, ni_dvp will be set to vp_crossmp. This can be a problem
1330 * if either WANTPARENT or LOCKPARENT is set.
1331 */
1332 /*
1333 * Because of shared lookup we may have the vnode shared locked, but
1334 * the caller may want it to be exclusively locked.
1335 */
1336 if (needs_exclusive_leaf(dp->v_mount, cnp->cn_flags) &&
1337 VOP_ISLOCKED(dp) != LK_EXCLUSIVE) {
1338 vn_lock(dp, LK_UPGRADE | LK_RETRY);
1339 if (VN_IS_DOOMED(dp)) {
1340 error = ENOENT;
1341 goto bad2;
1342 }
1343 }
1344 if (ndp->ni_vp != NULL) {
1345 if ((cnp->cn_flags & ISDOTDOT) == 0)
1346 nameicap_tracker_add(ndp, ndp->ni_vp);
1347 if ((cnp->cn_flags & (FAILIFEXISTS | ISSYMLINK)) == FAILIFEXISTS)
1348 goto bad_eexist;
1349 }
1350 return (0);
1351
1352bad2:
1353 if (ni_dvp_unlocked != 2) {
1354 if (dp != ndp->ni_dvp && !ni_dvp_unlocked)
1355 vput(ndp->ni_dvp);
1356 else
1357 vrele(ndp->ni_dvp);
1358 }
1359bad:
1360 if (!dpunlocked)
1361 vput(dp);
1362 ndp->ni_vp = NULL;
1363 return (error);
1364bad_eexist:
1365 /*
1366 * FAILIFEXISTS handling.
1367 *
1368 * XXX namei called with LOCKPARENT but not LOCKLEAF has the strange
1369 * behaviour of leaving the vnode unlocked if the target is the same
1370 * vnode as the parent.
1371 */
1372 MPASS((cnp->cn_flags & ISSYMLINK) == 0);
1373 if (ndp->ni_vp == ndp->ni_dvp)
1374 vrele(ndp->ni_dvp);
1375 else
1376 vput(ndp->ni_dvp);
1377 vrele(ndp->ni_vp);
1378 ndp->ni_dvp = NULL;
1379 ndp->ni_vp = NULL;
1380 NDFREE(ndp, NDF_ONLY_PNBUF);
1381 return (EEXIST);
1382}
1383
1384/*
1385 * relookup - lookup a path name component
1386 * Used by lookup to re-acquire things.
1387 */
1388int
1389vfs_relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp)
1390{
1391 struct vnode *dp = NULL; /* the directory we are searching */
1392 int rdonly; /* lookup read-only flag bit */
1393 int error = 0;
1394
1395 KASSERT(cnp->cn_flags & ISLASTCN,
1396 ("relookup: Not given last component."));
1397 /*
1398 * Setup: break out flag bits into variables.
1399 */
1400 KASSERT((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) != 0,
1401 ("relookup: parent not wanted"));
1402 rdonly = cnp->cn_flags & RDONLY;
1403 cnp->cn_flags &= ~ISSYMLINK;
1404 dp = dvp;
1405 cnp->cn_lkflags = LK_EXCLUSIVE;
1406 vn_lock(dp, LK_EXCLUSIVE | LK_RETRY);
1407
1408 /*
1409 * Search a new directory.
1410 *
1411 * The last component of the filename is left accessible via
1412 * cnp->cn_nameptr for callers that need the name. Callers needing
1413 * the name set the SAVENAME flag. When done, they assume
1414 * responsibility for freeing the pathname buffer.
1415 */
1416#ifdef NAMEI_DIAGNOSTIC
1417 printf("{%s}: ", cnp->cn_nameptr);
1418#endif
1419
1420 /*
1421 * Check for "" which represents the root directory after slash
1422 * removal.
1423 */
1424 if (cnp->cn_nameptr[0] == '\0') {
1425 /*
1426 * Support only LOOKUP for "/" because lookup()
1427 * can't succeed for CREATE, DELETE and RENAME.
1428 */
1429 KASSERT(cnp->cn_nameiop == LOOKUP, ("nameiop must be LOOKUP"));
1430 KASSERT(dp->v_type == VDIR, ("dp is not a directory"));
1431
1432 if (!(cnp->cn_flags & LOCKLEAF))
1433 VOP_UNLOCK(dp);
1434 *vpp = dp;
1435 /* XXX This should probably move to the top of function. */
1436 if (cnp->cn_flags & SAVESTART)
1437 panic("lookup: SAVESTART");
1438 return (0);
1439 }
1440
1441 if (cnp->cn_flags & ISDOTDOT)
1442 panic ("relookup: lookup on dot-dot");
1443
1444 /*
1445 * We now have a segment name to search for, and a directory to search.
1446 */
1447#ifdef NAMEI_DIAGNOSTIC
1448 vn_printf(dp, "search in ");
1449#endif
1450 if ((error = VOP_LOOKUP(dp, vpp, cnp)) != 0) {
1451 KASSERT(*vpp == NULL, ("leaf should be empty"));
1452 if (error != EJUSTRETURN)
1453 goto bad;
1454 /*
1455 * If creating and at end of pathname, then can consider
1456 * allowing file to be created.
1457 */
1458 if (rdonly) {
1459 error = EROFS;
1460 goto bad;
1461 }
1462 /* ASSERT(dvp == ndp->ni_startdir) */
1463 if (cnp->cn_flags & SAVESTART)
1464 VREF(dvp);
1465 if ((cnp->cn_flags & LOCKPARENT) == 0)
1466 VOP_UNLOCK(dp);
1467 /*
1468 * We return with ni_vp NULL to indicate that the entry
1469 * doesn't currently exist, leaving a pointer to the
1470 * (possibly locked) directory vnode in ndp->ni_dvp.
1471 */
1472 return (0);
1473 }
1474
1475 dp = *vpp;
1476
1477 /*
1478 * Disallow directory write attempts on read-only filesystems.
1479 */
1480 if (rdonly &&
1481 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
1482 if (dvp == dp)
1483 vrele(dvp);
1484 else
1485 vput(dvp);
1486 error = EROFS;
1487 goto bad;
1488 }
1489 /*
1490 * Set the parent lock/ref state to the requested state.
1491 */
1492 if ((cnp->cn_flags & LOCKPARENT) == 0 && dvp != dp)
1493 VOP_UNLOCK(dvp);
1494 /*
1495 * Check for symbolic link
1496 */
1497 KASSERT(dp->v_type != VLNK || !(cnp->cn_flags & FOLLOW),
1498 ("relookup: symlink found.\n"));
1499
1500 /* ASSERT(dvp == ndp->ni_startdir) */
1501 if (cnp->cn_flags & SAVESTART)
1502 VREF(dvp);
1503
1504 if ((cnp->cn_flags & LOCKLEAF) == 0)
1505 VOP_UNLOCK(dp);
1506 return (0);
1507bad:
1508 vput(dp);
1509 *vpp = NULL;
1510 return (error);
1511}
1512
1513/*
1514 * Free data allocated by namei(); see namei(9) for details.
1515 */
1516void
1517NDFREE_PNBUF(struct nameidata *ndp)
1518{
1519
1520 if ((ndp->ni_cnd.cn_flags & HASBUF) != 0) {
1521 MPASS((ndp->ni_cnd.cn_flags & (SAVENAME | SAVESTART)) != 0);
1522 uma_zfree(namei_zone, ndp->ni_cnd.cn_pnbuf);
1523 ndp->ni_cnd.cn_flags &= ~HASBUF;
1524 }
1525}
1526
1527/*
1528 * NDFREE_PNBUF replacement for callers that know there is no buffer.
1529 *
1530 * This is a hack. Preferably the VFS layer would not produce anything more
1531 * than it was asked to do. Unfortunately several non-LOOKUP cases can add the
1532 * HASBUF flag to the result. Even then an interface could be implemented where
1533 * the caller specifies what they expected to see in the result and what they
1534 * are going to take care of.
1535 *
1536 * In the meantime provide this kludge as a trivial replacement for NDFREE_PNBUF
1537 * calls scattered throughout the kernel where we know for a fact the flag must not
1538 * be seen.
1539 */
1540#ifdef INVARIANTS
1541void
1542NDFREE_NOTHING(struct nameidata *ndp)
1543{
1544 struct componentname *cnp;
1545
1546 cnp = &ndp->ni_cnd;
1547 KASSERT(cnp->cn_nameiop == LOOKUP, ("%s: got non-LOOKUP op %d\n",
1548 __func__, cnp->cn_nameiop));
1549 KASSERT((cnp->cn_flags & (SAVENAME | HASBUF)) == 0,
1550 ("%s: bad flags \%" PRIx64 "\n", __func__, cnp->cn_flags));
1551}
1552#endif
1553
1554void
1555(NDFREE)(struct nameidata *ndp, const u_int flags)
1556{
1557 int unlock_dvp;
1558 int unlock_vp;
1559
1560 unlock_dvp = 0;
1561 unlock_vp = 0;
1562
1563 if (!(flags & NDF_NO_FREE_PNBUF)) {
1564 NDFREE_PNBUF(ndp);
1565 }
1566 if (!(flags & NDF_NO_VP_UNLOCK) &&
1567 (ndp->ni_cnd.cn_flags & LOCKLEAF) && ndp->ni_vp)
1568 unlock_vp = 1;
1569 if (!(flags & NDF_NO_DVP_UNLOCK) &&
1570 (ndp->ni_cnd.cn_flags & LOCKPARENT) &&
1571 ndp->ni_dvp != ndp->ni_vp)
1572 unlock_dvp = 1;
1573 if (!(flags & NDF_NO_VP_RELE) && ndp->ni_vp) {
1574 if (unlock_vp) {
1575 vput(ndp->ni_vp);
1576 unlock_vp = 0;
1577 } else
1578 vrele(ndp->ni_vp);
1579 ndp->ni_vp = NULL;
1580 }
1581 if (unlock_vp)
1582 VOP_UNLOCK(ndp->ni_vp);
1583 if (!(flags & NDF_NO_DVP_RELE) &&
1584 (ndp->ni_cnd.cn_flags & (LOCKPARENT|WANTPARENT))) {
1585 if (unlock_dvp) {
1586 vput(ndp->ni_dvp);
1587 unlock_dvp = 0;
1588 } else
1589 vrele(ndp->ni_dvp);
1590 ndp->ni_dvp = NULL;
1591 }
1592 if (unlock_dvp)
1593 VOP_UNLOCK(ndp->ni_dvp);
1594 if (!(flags & NDF_NO_STARTDIR_RELE) &&
1595 (ndp->ni_cnd.cn_flags & SAVESTART)) {
1596 vrele(ndp->ni_startdir);
1597 ndp->ni_startdir = NULL;
1598 }
1599}
1600
1601#ifdef INVARIANTS
1602/*
1603 * Validate the final state of ndp after the lookup.
1604 *
1605 * Historically filesystems were allowed to modify cn_flags. Most notably they
1606 * can add SAVENAME to the request, resulting in HASBUF and pushing subsequent
1607 * clean up to the consumer. In practice this seems to only concern != LOOKUP
1608 * operations.
1609 *
1610 * As a step towards stricter API contract this routine validates the state to
1611 * clean up. Note validation is a work in progress with the intent of becoming
1612 * stricter over time.
1613 */
1614#define NDMODIFYINGFLAGS (LOCKLEAF | LOCKPARENT | WANTPARENT | SAVENAME | SAVESTART | HASBUF)
1615void
1616NDVALIDATE(struct nameidata *ndp)
1617{
1618 struct componentname *cnp;
1619 uint64_t used, orig;
1620
1621 cnp = &ndp->ni_cnd;
1622 orig = cnp->cn_origflags;
1623 used = cnp->cn_flags;
1624 switch (cnp->cn_nameiop) {
1625 case LOOKUP:
1626 /*
1627 * For plain lookup we require strict conformance -- nothing
1628 * to clean up if it was not requested by the caller.
1629 */
1630 orig &= NDMODIFYINGFLAGS;
1631 used &= NDMODIFYINGFLAGS;
1632 if ((orig & (SAVENAME | SAVESTART)) != 0)
1633 orig |= HASBUF;
1634 if (orig != used) {
1635 goto out_mismatch;
1636 }
1637 break;
1638 case CREATE:
1639 case DELETE:
1640 case RENAME:
1641 /*
1642 * Some filesystems set SAVENAME to provoke HASBUF, accomodate
1643 * for it until it gets fixed.
1644 */
1645 orig &= NDMODIFYINGFLAGS;
1646 orig |= (SAVENAME | HASBUF);
1647 used &= NDMODIFYINGFLAGS;
1648 used |= (SAVENAME | HASBUF);
1649 if (orig != used) {
1650 goto out_mismatch;
1651 }
1652 break;
1653 }
1654 return;
1655out_mismatch:
1656 panic("%s: mismatched flags for op %d: added %" PRIx64 ", "
1657 "removed %" PRIx64" (%" PRIx64" != %" PRIx64"; stored %" PRIx64" != %" PRIx64")",
1658 __func__, cnp->cn_nameiop, used & ~orig, orig &~ used,
1659 orig, used, cnp->cn_origflags, cnp->cn_flags);
1660}
1661#endif
1662
1663/*
1664 * Determine if there is a suitable alternate filename under the specified
1665 * prefix for the specified path. If the create flag is set, then the
1666 * alternate prefix will be used so long as the parent directory exists.
1667 * This is used by the various compatibility ABIs so that Linux binaries prefer
1668 * files under /compat/linux for example. The chosen path (whether under
1669 * the prefix or under /) is returned in a kernel malloc'd buffer pointed
1670 * to by pathbuf. The caller is responsible for free'ing the buffer from
1671 * the M_TEMP bucket if one is returned.
1672 */
1673int
1674kern_alternate_path(const char *prefix, const char *path, enum uio_seg pathseg,
1675 char **pathbuf, int create, int dirfd)
1676{
1677 struct nameidata nd, ndroot;
1678 char *ptr, *buf, *cp;
1679 size_t len, sz;
1680 int error;
1681
1682 buf = (char *) malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
1683 *pathbuf = buf;
1684
1685 /* Copy the prefix into the new pathname as a starting point. */
1686 len = strlcpy(buf, prefix, MAXPATHLEN);
1687 if (len >= MAXPATHLEN) {
1688 *pathbuf = NULL;
1689 free(buf, M_TEMP);
1690 return (EINVAL);
1691 }
1692 sz = MAXPATHLEN - len;
1693 ptr = buf + len;
1694
1695 /* Append the filename to the prefix. */
1696 if (pathseg == UIO_SYSSPACE)
1697 error = copystr(path, ptr, sz, &len);
1698 else
1699 error = copyinstr(path, ptr, sz, &len);
1700
1701 if (error) {
1702 *pathbuf = NULL;
1703 free(buf, M_TEMP);
1704 return (error);
1705 }
1706
1707 /* Only use a prefix with absolute pathnames. */
1708 if (*ptr != '/') {
1709 error = EINVAL;
1710 goto keeporig;
1711 }
1712
1713 if (dirfd != AT_FDCWD) {
1714 /*
1715 * We want the original because the "prefix" is
1716 * included in the already opened dirfd.
1717 */
1718 bcopy(ptr, buf, len);
1719 return (0);
1720 }
1721
1722 /*
1723 * We know that there is a / somewhere in this pathname.
1724 * Search backwards for it, to find the file's parent dir
1725 * to see if it exists in the alternate tree. If it does,
1726 * and we want to create a file (cflag is set). We don't
1727 * need to worry about the root comparison in this case.
1728 */
1729
1730 if (create) {
1731 for (cp = &ptr[len] - 1; *cp != '/'; cp--);
1732 *cp = '\0';
1733
1734 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, buf);
1735 error = namei(&nd);
1736 *cp = '/';
1737 if (error != 0)
1738 goto keeporig;
1739 } else {
1740 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, buf);
1741
1742 error = namei(&nd);
1743 if (error != 0)
1744 goto keeporig;
1745
1746 /*
1747 * We now compare the vnode of the prefix to the one
1748 * vnode asked. If they resolve to be the same, then we
1749 * ignore the match so that the real root gets used.
1750 * This avoids the problem of traversing "../.." to find the
1751 * root directory and never finding it, because "/" resolves
1752 * to the emulation root directory. This is expensive :-(
1753 */
1754 NDINIT(&ndroot, LOOKUP, FOLLOW, UIO_SYSSPACE, prefix);
1755
1756 /* We shouldn't ever get an error from this namei(). */
1757 error = namei(&ndroot);
1758 if (error == 0) {
1759 if (nd.ni_vp == ndroot.ni_vp)
1760 error = ENOENT;
1761
1762 NDFREE(&ndroot, NDF_ONLY_PNBUF);
1763 vrele(ndroot.ni_vp);
1764 }
1765 }
1766
1767 NDFREE(&nd, NDF_ONLY_PNBUF);
1768 vrele(nd.ni_vp);
1769
1770keeporig:
1771 /* If there was an error, use the original path name. */
1772 if (error)
1773 bcopy(ptr, buf, len);
1774 return (error);
1775}
pwd_hold
struct pwd * pwd_hold(struct thread *td)
Definition: kern_descrip.c:3790
pwd_drop
void pwd_drop(struct pwd *pwd)
Definition: kern_descrip.c:3843
fget_cap
int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp, struct file **fpp, struct filecaps *havecapsp)
Definition: kern_descrip.c:2935
badfileops
struct fileops badfileops
Definition: kern_descrip.c:5036
malloc
void *() malloc(size_t size, struct malloc_type *mtp, int flags)
Definition: kern_malloc.c:632
free
void free(void *addr, struct malloc_type *mtp)
Definition: kern_malloc.c:907
pr
static struct pollrec pr[POLL_LIST_LEN]
Definition: kern_poll.c:261
panic
void panic(const char *fmt,...)
Definition: kern_shutdown.c:884
nameicap_tracker
Definition: vfs_lookup.c:148
nameicap_tracker::dp
struct vnode * dp
Definition: vfs_lookup.c:149
printf
int printf(const char *fmt,...)
Definition: subr_prf.c:397
flags
uint16_t flags
Definition: subr_stats.c:2
dummy
static int dummy
Definition: uipc_sockbuf.c:1785
cache_fplookup
int cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status, struct pwd **pwdp)
Definition: vfs_cache.c:6053
default_vnodeops
struct vop_vector default_vnodeops
Definition: vfs_default.c:109
path
const char * path
Definition: vfs_extattr.c:715
nameicap_tracker_add
static void nameicap_tracker_add(struct nameidata *ndp, struct vnode *dp)
Definition: vfs_lookup.c:178
SDT_PROVIDER_DEFINE
SDT_PROVIDER_DEFINE(vfs)
namei_emptypath
static int namei_emptypath(struct nameidata *ndp)
Definition: vfs_lookup.c:471
MALLOC_DEFINE
MALLOC_DEFINE(M_NAMEITRACKER, "namei_tracker", "namei tracking for dotdot")
kern_alternate_path
int kern_alternate_path(const char *prefix, const char *path, enum uio_seg pathseg, char **pathbuf, int create, int dirfd)
Definition: vfs_lookup.c:1674
namei_setup
static int namei_setup(struct nameidata *ndp, struct vnode **dpp, struct pwd **pwdp)
Definition: vfs_lookup.c:286
NDFREE_PNBUF
void NDFREE_PNBUF(struct nameidata *ndp)
Definition: vfs_lookup.c:1517
crossmp_vnodeops
static struct vop_vector crossmp_vnodeops
Definition: vfs_lookup.c:137
namei_zone
uma_zone_t namei_zone
Definition: vfs_lookup.c:84
nameicap_cleanup
static void nameicap_cleanup(struct nameidata *ndp)
Definition: vfs_lookup.c:207
SDT_PROBE_DEFINE4
SDT_PROBE_DEFINE4(vfs, namei, lookup, entry, "struct vnode *", "char *", "unsigned long", "bool")
SYSINIT
SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nameiinit, NULL)
crossmp_vop_unlock
static int crossmp_vop_unlock(struct vop_unlock_args *ap)
Definition: vfs_lookup.c:123
vfs_relookup
int vfs_relookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp)
Definition: vfs_lookup.c:1389
nameicap_check_dotdot
static int nameicap_check_dotdot(struct nameidata *ndp, struct vnode *dp)
Definition: vfs_lookup.c:226
nameiinit
static void nameiinit(void *dummy __unused)
Definition: vfs_lookup.c:157
__FBSDID
__FBSDID("$FreeBSD$")
namei_cleanup_cnp
static void namei_cleanup_cnp(struct componentname *cnp)
Definition: vfs_lookup.c:253
namei_handle_root
static int namei_handle_root(struct nameidata *ndp, struct vnode **dpp)
Definition: vfs_lookup.c:264
NDFREE
void() NDFREE(struct nameidata *ndp, const u_int flags)
Definition: vfs_lookup.c:1555
needs_exclusive_leaf
static __inline int needs_exclusive_leaf(struct mount *mp, int flags)
Definition: vfs_lookup.c:768
lookup_cap_dotdot
static int lookup_cap_dotdot
Definition: vfs_lookup.c:167
crossmp_vop_islocked
static int crossmp_vop_islocked(struct vop_islocked_args *ap)
Definition: vfs_lookup.c:90
lookup_cap_dotdot_nonlocal
static int lookup_cap_dotdot_nonlocal
Definition: vfs_lookup.c:171
vfs_lookup
int vfs_lookup(struct nameidata *ndp)
Definition: vfs_lookup.c:844
_Static_assert
_Static_assert(MAXNAMLEN==NAME_MAX, "MAXNAMLEN and NAME_MAX have different values")
crossmp_vop_lock1
static int crossmp_vop_lock1(struct vop_lock1_args *ap)
Definition: vfs_lookup.c:97
nameicap_cleanup_from
static void nameicap_cleanup_from(struct nameidata *ndp, struct nameicap_tracker *first)
Definition: vfs_lookup.c:194
namei_getpath
static int namei_getpath(struct nameidata *ndp)
Definition: vfs_lookup.c:443
compute_cn_lkflags
static int compute_cn_lkflags(struct mount *mp, int lkflags, int cnflags)
Definition: vfs_lookup.c:755
vp_crossmp
static struct vnode * vp_crossmp
Definition: vfs_lookup.c:87
SYSCTL_INT
SYSCTL_INT(_vfs, OID_AUTO, lookup_cap_dotdot, CTLFLAG_RWTUN, &lookup_cap_dotdot, 0, "enables \"..\" components in path lookup in capability mode")
namei
int namei(struct nameidata *ndp)
Definition: vfs_lookup.c:535
rootvnode
struct vnode * rootvnode
Definition: vfs_mountroot.c:102
vhold
void vhold(struct vnode *vp)
Definition: vfs_subr.c:3376
getnewvnode
int getnewvnode(const char *tag, struct mount *mp, struct vop_vector *vops, struct vnode **vpp)
Definition: vfs_subr.c:1770
vref
void vref(struct vnode *vp)
Definition: vfs_subr.c:3065
vn_printf
void vn_printf(struct vnode *vp, const char *fmt,...)
Definition: vfs_subr.c:4134
vfs_unbusy
void vfs_unbusy(struct mount *mp)
Definition: vfs_subr.c:850
vrefact
void vrefact(struct vnode *vp)
Definition: vfs_subr.c:3075
vrele
void vrele(struct vnode *vp)
Definition: vfs_subr.c:3334
vput
void vput(struct vnode *vp)
Definition: vfs_subr.c:3348
vfs_busy
int vfs_busy(struct mount *mp, int flags)
Definition: vfs_subr.c:786
vdrop
void vdrop(struct vnode *vp)
Definition: vfs_subr.c:3619
dirfd
int dirfd
Definition: vfs_syscalls.c:2113
buf
struct stat * buf
Definition: vfs_syscalls.c:2423