/*
* Copyright (c) 2006, 2008 Reinoud Zandijk
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Generic parts are derived from software contributed to The NetBSD Foundation
* by Julio M. Merino Vidal, developed as part of Google's Summer of Code
* 2005 program.
*
*/
if ((refcnt == 0) && (vp->v_vflag & VV_SYSTEM)) {
DPRINTF(VOLUMES, ("UDF_INACTIVE deleting VV_SYSTEM\n"));
/* system nodes are not written out on inactive, so flush */
udf_node->i_flags = 0;
}
/*
* If the file has not been referenced anymore in a directory
* we ought to free up the resources on disc if applicable.
*/
if (udf_node->fe) {
refcnt = udf_rw16(udf_node->fe->link_cnt);
} else {
assert(udf_node->efe);
refcnt = udf_rw16(udf_node->efe->link_cnt);
}
/* async check to see if all node descriptors are written out */
mutex_enter(&udf_node->node_mutex);
while ((volatile int) udf_node->outstanding_nodedscr > 0) {
vprint("udf_reclaim(): waiting for writeout\n", vp);
cv_timedwait(&udf_node->node_lock, &udf_node->node_mutex, hz/8);
}
mutex_exit(&udf_node->node_mutex);
/* dispose all node knowledge */
udf_dispose_node(udf_node);
/*
* XXX reading from extended attributes not yet implemented. FreeBSD
* has it in mind to forward the IO_EXT read call to the
* VOP_READEXTATTR().
*/
DPRINTF(READ, ("udf_read called\n"));
/* can this happen? some filingsystems have this check */
if (uio->uio_offset < 0)
return EINVAL;
if (uio->uio_resid == 0)
return 0;
/* protect against rogue programs reading raw directories and links */
if ((ioflag & IO_ALTSEMANTICS) == 0) {
if (vp->v_type == VDIR)
return EISDIR;
/* all but regular files just give EINVAL */
if (vp->v_type != VREG)
return EINVAL;
}
/* get file/directory filesize */
if (udf_node->fe) {
fe = udf_node->fe;
file_size = udf_rw64(fe->inf_len);
} else {
assert(udf_node->efe);
efe = udf_node->efe;
file_size = udf_rw64(efe->inf_len);
}
/* read contents using buffercache */
uobj = &vp->v_uobj;
error = 0;
while (uio->uio_resid > 0) {
/* reached end? */
if (file_size <= uio->uio_offset)
break;
/* maximise length to file extremity */
len = MIN(file_size - uio->uio_offset, uio->uio_resid);
if (len == 0)
break;
/* ubc, here we come, prepare to trap */
error = ubc_uiomove(uobj, uio, len, advice,
UBC_READ | UBC_PARTIALOK | UBC_VNODE_FLAGS(vp));
if (error)
break;
}
/* note access time unless not requested */
if (!(vp->v_mount->mnt_flag & MNT_NOATIME)) {
udf_node->i_flags |= IN_ACCESS;
if ((ioflag & IO_SYNC) == IO_SYNC) {
int uerror;
/*
* XXX writing to extended attributes not yet implemented. FreeBSD has
* it in mind to forward the IO_EXT read call to the
* VOP_READEXTATTR().
*/
DPRINTF(WRITE, ("udf_write called\n"));
/* can this happen? some filingsystems have this check */
if (uio->uio_offset < 0)
return EINVAL;
if (uio->uio_resid == 0)
return 0;
/* protect against rogue programs writing raw directories or links */
if ((ioflag & IO_ALTSEMANTICS) == 0) {
if (vp->v_type == VDIR)
return EISDIR;
/* all but regular files just give EINVAL for now */
if (vp->v_type != VREG)
return EINVAL;
}
/*
* `Special' bmap functionality that translates all incoming requests to
* translate to vop_strategy() calls with the same blocknumbers effectively
* not translating at all.
*/
/*
* Add `.' pseudo entry if at offset zero since its not in the fid
* stream
*/
if (uio->uio_offset == 0) {
DPRINTF(READDIR, ("\t'.' inserted\n"));
strcpy(dirent->d_name, ".");
dirent->d_fileno = udf_get_node_id(&udf_node->loc);
dirent->d_type = DT_DIR;
dirent->d_namlen = strlen(dirent->d_name);
dirent->d_reclen = _DIRENT_SIZE(dirent);
uiomove(dirent, _DIRENT_SIZE(dirent), uio);
/* mark with magic value that we have done the dummy */
uio->uio_offset = UDF_DIRCOOKIE_DOT;
}
/* we are called just as long as we keep on pushing data in */
error = 0;
if (uio->uio_offset < file_size) {
/* allocate temporary space for fid */
lb_size = udf_rw32(udf_node->ump->logical_vol->lb_size);
fid = malloc(lb_size, M_UDFTEMP, M_WAITOK);
if (uio->uio_offset == UDF_DIRCOOKIE_DOT)
uio->uio_offset = 0;
diroffset = uio->uio_offset;
transoffset = diroffset;
while (diroffset < file_size) {
DPRINTF(READDIR, ("\tread in fid stream\n"));
/* transfer a new fid/dirent */
error = udf_read_fid_stream(vp, &diroffset, fid, dirent);
DPRINTFIF(READDIR, error, ("read error in read fid "
"stream : %d\n", error));
if (error)
break;
/*
* If there isn't enough space in the uio to return a
* whole dirent, break off read
*/
if (uio->uio_resid < _DIRENT_SIZE(dirent))
break;
/* remember the last entry we transferred */
transoffset = diroffset;
/* skip deleted entries */
if (fid->file_char & UDF_FILE_CHAR_DEL)
continue;
/* skip not visible files */
if (fid->file_char & UDF_FILE_CHAR_VIS)
continue;
/* copy dirent to the caller */
DPRINTF(READDIR, ("\tread dirent `%s', type %d\n",
dirent->d_name, dirent->d_type));
uiomove(dirent, _DIRENT_SIZE(dirent), uio);
}
/* pass on last transferred offset */
uio->uio_offset = transoffset;
free(fid, M_UDFTEMP);
}
if (ap->a_eofflag)
*ap->a_eofflag = (uio->uio_offset >= file_size);
#ifdef DEBUG
if (udf_verbose & UDF_DEBUG_READDIR) {
printf("returning offset %d\n", (uint32_t) uio->uio_offset);
if (ap->a_eofflag)
printf("returning EOF ? %d\n", *ap->a_eofflag);
if (error)
printf("readdir returning error %d\n", error);
}
#endif
/* check exec/dirread permissions first */
error = VOP_ACCESS(dvp, VEXEC, cnp->cn_cred);
if (error)
return error;
DPRINTF(LOOKUP, ("\taccess ok\n"));
/*
* If requesting a modify on the last path element on a read-only
* filingsystem, reject lookup; XXX why is this repeated in every FS ?
*/
if (islastcn && mounted_ro && (nameiop == DELETE || nameiop == RENAME))
return EROFS;
DPRINTF(LOOKUP, ("\tlooking up cnp->cn_nameptr '%s'\n",
cnp->cn_nameptr));
/* look in the namecache */
if (cache_lookup(dvp, cnp->cn_nameptr, cnp->cn_namelen,
cnp->cn_nameiop, cnp->cn_flags, NULL, vpp)) {
return *vpp == NULLVP ? ENOENT : 0;
}
DPRINTF(LOOKUP, ("\tNOT found in cache\n"));
/*
* Obviously, the file is not (anymore) in the namecache, we have to
* search for it. There are three basic cases: '.', '..' and others.
*
* Following the guidelines of VOP_LOOKUP manpage and tmpfs.
*/
error = 0;
if ((cnp->cn_namelen == 1) && (cnp->cn_nameptr[0] == '.')) {
DPRINTF(LOOKUP, ("\tlookup '.'\n"));
/* special case 1 '.' */
if (islastcn && cnp->cn_nameiop == RENAME) {
error = EISDIR;
goto out;
}
vref(dvp);
*vpp = dvp;
/* done */
goto done;
} else if (cnp->cn_flags & ISDOTDOT) {
/* special case 2 '..' */
DPRINTF(LOOKUP, ("\tlookup '..'\n"));
/* all other files */
DPRINTF(LOOKUP, ("\tlookup file/dir in directory\n"));
/* lookup filename in the directory; location icb_loc */
name = cnp->cn_nameptr;
namelen = cnp->cn_namelen;
error = udf_lookup_name_in_dir(dvp, name, namelen,
&icb_loc, &found);
if (error)
goto out;
if (!found) {
DPRINTF(LOOKUP, ("\tNOT found\n"));
/*
* The entry was not found in the directory. This is
* valid if we are creating or renaming an entry and
* are working on the last component of the path name.
*/
if (islastcn && (cnp->cn_nameiop == CREATE ||
cnp->cn_nameiop == RENAME)) {
error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred);
if (error) {
goto out;
}
error = EJUSTRETURN;
} else {
error = ENOENT;
}
/* done */
goto done;
}
/*
* XXX NOTE tmpfs has a test here that tests that intermediate
* components i.e. not the last one ought to be either a directory or
* a link. It seems to function well without this code.
*/
/* try to create/reuse the node */
error = udf_get_node(ump, &icb_loc, &res_node, LK_EXCLUSIVE);
if (error)
goto out;
/*
* Check if the directory has its sticky bit set. If so, ask
* for clearance since only the owner of a file or directory
* can remove/rename from that directory.
*/
mode = udf_getaccessmode(dir_node);
if ((mode & S_ISTXT) != 0) {
udf_getownership(dir_node, &d_uid, &d_gid);
error = kauth_authorize_vnode(cnp->cn_cred,
KAUTH_VNODE_DELETE, res_node->vnode,
dir_node->vnode, genfs_can_sticky(dvp, cnp->cn_cred,
d_uid, d_uid));
if (error) {
error = EPERM;
vput(res_node->vnode);
goto out;
}
}
}
*vpp = res_node->vnode;
done:
/*
* Store result in the cache if requested. If we are creating a file,
* the file might not be found and thus putting it into the namecache
* might be seen as negative caching.
*/
if (nameiop != CREATE)
cache_enter(dvp, *vpp, cnp->cn_nameptr, cnp->cn_namelen,
cnp->cn_flags);
/* do the uid/gid translation game */
if (uid == (uid_t) -1)
uid = ump->mount_args.anon_uid;
if (gid == (gid_t) -1)
gid = ump->mount_args.anon_gid;
/* fill in struct vattr with values from the node */
vattr_null(vap);
vap->va_type = vp->v_type;
vap->va_mode = udf_getaccessmode(udf_node);
vap->va_nlink = nlink;
vap->va_uid = uid;
vap->va_gid = gid;
vap->va_fsid = vp->v_mount->mnt_stat.f_fsidx.__fsid_val[0];
vap->va_fileid = udf_get_node_id(&udf_node->loc); /* inode hash XXX */
vap->va_size = filesize;
vap->va_blocksize = udf_node->ump->discinfo.sector_size; /* wise? */
/*
* BUG-ALERT: UDF doesn't count '.' as an entry, so we'll have to add
* 1 to the link count if its a directory we're requested attributes
* of.
*/
if (vap->va_type == VDIR)
vap->va_nlink++;
/*
* BUG-ALERT: Posix requires the va_size to be pathlength for symbolic
* links.
*/
if (vap->va_type == VLNK) {
/* claim temporary buffers for translation */
targetbuf = malloc(PATH_MAX+1, M_UDFTEMP, M_WAITOK);
error = udf_do_readlink(udf_node, filesize, targetbuf, &length);
if (!error) {
vap->va_size = length;
KASSERT(length == strlen(targetbuf));
}
free(targetbuf, M_UDFTEMP);
/* XXX return error? */
}
#ifdef notyet
/* TODO get vaflags from the extended attributes? */
/* Immutable or append-only files cannot be modified, either. */
if (udf_node->flags & (IMMUTABLE | APPEND))
return EPERM;
#endif
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
/* retrieve old values */
udf_getownership(udf_node, &uid, &gid);
/* only one could be specified */
if (new_uid == VNOVAL)
new_uid = uid;
if (new_gid == VNOVAL)
new_gid = gid;
/* check if we can fit it in an 32 bits */
if ((uid_t) ((uint32_t) new_uid) != new_uid)
return EINVAL;
if ((gid_t) ((uint32_t) new_gid) != new_gid)
return EINVAL;
#ifdef notyet
/* TODO get vaflags from the extended attributes? */
/* Immutable or append-only files cannot be modified, either. */
if (udf_node->flags & (IMMUTABLE | APPEND))
return EPERM;
#endif
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
/* mark node changed */
udf_node->i_flags |= IN_CHANGE;
return 0;
}
/* exported */
int
udf_chsize(struct vnode *vp, u_quad_t newsize, kauth_cred_t cred)
{
struct udf_node *udf_node = VTOI(vp);
int error, extended;
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
/* Decide whether this is a valid operation based on the file type. */
switch (vp->v_type) {
case VDIR:
return EISDIR;
case VREG:
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
break;
case VBLK:
/* FALLTHROUGH */
case VCHR:
/* FALLTHROUGH */
case VFIFO:
/* Allow modifications of special files even if in the file
* system is mounted read-only (we are not modifying the
* files themselves, but the objects they represent). */
return 0;
default:
/* Anything else is unsupported. */
return EOPNOTSUPP;
}
#if notyet
/* TODO get vaflags from the extended attributes? */
/* Immutable or append-only files cannot be modified, either. */
if (node->flags & (IMMUTABLE | APPEND))
return EPERM;
#endif
/* resize file to the requested size */
error = udf_resize_node(udf_node, newsize, &extended);
if (error == 0) {
/* mark change */
udf_node->i_flags |= IN_CHANGE | IN_MODIFY;
if (vp->v_mount->mnt_flag & MNT_RELATIME)
udf_node->i_flags |= IN_ACCESS;
udf_update(vp, NULL, NULL, NULL, 0);
}
return error;
}
static int
udf_chflags(struct vnode *vp, mode_t mode, kauth_cred_t cred)
{
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
/*
* XXX we can't do this yet, as its not described in the standard yet
*/
return EOPNOTSUPP;
}
static int
udf_chtimes(struct vnode *vp,
struct timespec *atime, struct timespec *mtime,
struct timespec *birthtime, int setattrflags,
kauth_cred_t cred)
{
struct udf_node *udf_node = VTOI(vp);
uid_t uid;
gid_t gid;
int error;
#ifdef notyet
/* TODO get vaflags from the extended attributes? */
/* Immutable or append-only files cannot be modified, either. */
if (udf_node->flags & (IMMUTABLE | APPEND))
return EPERM;
#endif
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
static int
udf_check_possible(struct vnode *vp, struct vattr *vap, mode_t mode)
{
int flags;
/* check if we are allowed to write */
switch (vap->va_type) {
case VDIR:
case VLNK:
case VREG:
/*
* normal nodes: check if we're on a read-only mounted
* filingsystem and bomb out if we're trying to write.
*/
if ((mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY))
return EROFS;
break;
case VBLK:
case VCHR:
case VSOCK:
case VFIFO:
/*
* special nodes: even on read-only mounted filingsystems
* these are allowed to be written to if permissions allow.
*/
break;
default:
/* no idea what this is */
return EINVAL;
}
/* noone may write immutable files */
/* TODO: get chflags(2) flags from extended attribute. */
flags = 0;
if ((mode & VWRITE) && (flags & IMMUTABLE))
return EPERM;
return 0;
}
static int
udf_check_permitted(struct vnode *vp, struct vattr *vap, accmode_t accmode,
kauth_cred_t cred)
{
/* ask the generic genfs_can_access to advice on security */
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, vap->va_mode), vp, NULL, genfs_can_access(vp, cred,
vap->va_uid, vap->va_gid, vap->va_mode, NULL, accmode));
}
/* just trunc if too long ?? (security issue) */
if (compnamelen >= 127) {
error = ENAMETOOLONG;
break;
}
/* convert unix name to UDF name */
len = sizeof(struct pathcomp);
memset(&pathcomp, 0, len);
pathcomp.type = UDF_PATH_COMP_NAME;
len = UDF_PATH_COMP_SIZE;
/* don't allow '.' to be deleted */
if (dir_node == udf_node) {
vrele(vp);
return EINVAL;
}
/* make sure our `leaf' node's hash is populated */
dirhash_get(&udf_node->dir_hash);
error = udf_dirhash_fill(udf_node);
if (error) {
dirhash_put(udf_node->dir_hash);
return error;
}
/* check to see if the directory is empty */
isempty = dirhash_dir_isempty(udf_node->dir_hash);
dirhash_put(udf_node->dir_hash);
if (!isempty) {
vput(vp);
return ENOTEMPTY;
}
/* detach the node from the directory, udf_node is an empty dir here */
error = udf_dir_detach(ump, dir_node, udf_node, cnp);
if (error == 0) {
cache_purge(vp);
// cache_purge(dvp); /* XXX from msdosfs, why? */
/*
* Bug alert: we need to remove '..' from the detaching
* udf_node so further lookups of this are not possible. This
* prevents a process in a deleted directory from going to its
* deleted parent. Since `udf_node' is guaranteed to be empty
* here, trunc it so no fids are there.
*/
dirhash_purge(&udf_node->dir_hash);
udf_shrink_node(udf_node, 0);
}
DPRINTFIF(NODE, error, ("\tgot error removing dir\n"));
DPRINTF(SYNC, ("udf_fsync called on %p : %s, %s\n",
udf_node,
(ap->a_flags & FSYNC_WAIT) ? "wait":"no wait",
(ap->a_flags & FSYNC_DATAONLY) ? "data_only":"complete"));
/* flush data and wait for it when requested */
wait = (ap->a_flags & FSYNC_WAIT) ? UPDATE_WAIT : 0;
error = vflushbuf(vp, ap->a_flags);
if (error)
return error;
if (udf_node == NULL) {
printf("udf_fsync() called on NULL udf_node!\n");
return 0;
}
if (vp->v_tag != VT_UDF) {
printf("udf_fsync() called on node not tagged as UDF node!\n");
return 0;
}
/* set our times */
udf_itimes(udf_node, NULL, NULL, NULL);
/* if called when mounted readonly, never write back */
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return 0;
/* if only data is requested, return */
if (ap->a_flags & FSYNC_DATAONLY)
return 0;
/* check if the node is dirty 'enough'*/
flags = udf_node->i_flags & (IN_MODIFIED | IN_ACCESSED);
if (flags == 0)
return 0;
/* if we don't have to wait, check for IO pending */
if (!wait) {
if (vp->v_numoutput > 0) {
DPRINTF(SYNC, ("udf_fsync %p, rejecting on v_numoutput\n", udf_node));
return 0;
}
if (udf_node->outstanding_bufs > 0) {
DPRINTF(SYNC, ("udf_fsync %p, rejecting on outstanding_bufs\n", udf_node));
return 0;
}
if (udf_node->outstanding_nodedscr > 0) {
DPRINTF(SYNC, ("udf_fsync %p, rejecting on outstanding_nodedscr\n", udf_node));
return 0;
}
}
/* wait until vp->v_numoutput reaches zero i.e. is finished */
if (wait) {
DPRINTF(SYNC, ("udf_fsync %p, waiting\n", udf_node));
mutex_enter(vp->v_interlock);
while (vp->v_numoutput) {
DPRINTF(SYNC, ("udf_fsync %p, v_numoutput %d\n", udf_node, vp->v_numoutput));
cv_timedwait(&vp->v_cv, vp->v_interlock, hz/8);
}
mutex_exit(vp->v_interlock);
DPRINTF(SYNC, ("udf_fsync %p, fin wait\n", udf_node));
}
/* write out node and wait for it if requested */
DPRINTF(SYNC, ("udf_fsync %p, writeout node\n", udf_node));
error = udf_writeout_node(udf_node, wait);
if (error)
return error;
/* TODO/XXX if ap->a_flags & FSYNC_CACHE, we ought to do a disc sync */
