/*
* Copyright (c) 1994
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Jan-Simon Pendry.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)union_subr.c 8.20 (Berkeley) 5/20/95
*/
/*
* Copyright (c) 1994 Jan-Simon Pendry
*
* This code is derived from software contributed to Berkeley by
* Jan-Simon Pendry.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)union_subr.c 8.20 (Berkeley) 5/20/95
*/
/*
* We have to transfer the vnode lock from the union vnode to
* the upper vnode. Lock the upper vnode first. We cannot use
* VOP_LOCK() here as it would break the fstrans state.
*/
lock_ap.a_desc = VDESC(vop_lock);
lock_ap.a_vp = uppervp;
lock_ap.a_flags = LK_EXCLUSIVE;
error = VCALL(lock_ap.a_vp, VOFFSET(vop_lock), &lock_ap);
KASSERT(error == 0);
mutex_enter(&uhash_lock);
if (ohash != nhash && (un->un_cflags & UN_CACHED)) {
un->un_cflags &= ~UN_CACHED;
LIST_REMOVE(un, un_cache);
}
mutex_enter(&un->un_lock);
un->un_uppervp = uppervp;
un->un_uppersz = VNOVAL;
/*
* With the upper vnode in place unlock the union vnode to
* finalize the lock transfer.
*/
unlock_ap.a_desc = VDESC(vop_unlock);
unlock_ap.a_vp = UNIONTOV(un);
genfs_unlock(&unlock_ap);
/* Update union vnode interlock, vmobjlock, & klist. */
vshareilock(UNIONTOV(un), uppervp);
rw_obj_hold(uppervp->v_uobj.vmobjlock);
uvm_obj_setlock(&UNIONTOV(un)->v_uobj, uppervp->v_uobj.vmobjlock);
vshareklist(UNIONTOV(un), uppervp);
mutex_exit(&un->un_lock);
if (ohash != nhash) {
LIST_INSERT_HEAD(&uhashtbl[nhash], un, un_cache);
un->un_cflags |= UN_CACHED;
}
mutex_exit(&uhash_lock);
}
/*
* Keep track of size changes in the underlying vnodes.
* If the size changes, then callback to the vm layer
* giving priority to the upper layer size.
*
* Mutex un_lock hold on entry and released on return.
*/
void
union_newsize(struct vnode *vp, off_t uppersz, off_t lowersz)
{
struct union_node *un = VTOUNION(vp);
off_t sz;
KASSERT(mutex_owned(&un->un_lock));
/* only interested in regular files */
if (vp->v_type != VREG) {
mutex_exit(&un->un_lock);
uvm_vnp_setsize(vp, 0);
return;
}
sz = VNOVAL;
if ((uppersz != VNOVAL) && (un->un_uppersz != uppersz)) {
un->un_uppersz = uppersz;
if (sz == VNOVAL)
sz = un->un_uppersz;
}
if (un->un_pvp != NULLVP)
vrele(un->un_pvp);
if (un->un_uppervp != NULLVP)
vrele(un->un_uppervp);
if (un->un_lowervp != NULLVP)
vrele(un->un_lowervp);
if (un->un_dirvp != NULLVP)
vrele(un->un_dirvp);
if (un->un_path)
free(un->un_path, M_TEMP);
mutex_destroy(&un->un_lock);
free(un, M_TEMP);
}
/*
* allocate a union_node/vnode pair. the vnode is
* referenced and unlocked. the new vnode is returned
* via (vpp). (mp) is the mountpoint of the union filesystem,
* (dvp) is the parent directory where the upper layer object
* should exist (but doesn't) and (cnp) is the componentname
* information which is partially copied to allow the upper
* layer object to be created at a later time. (uppervp)
* and (lowervp) reference the upper and lower layer objects
* being mapped. either, but not both, can be nil.
* both, if supplied, are unlocked.
* the reference is either maintained in the new union_node
* object which is allocated, or they are vrele'd.
*
* all union_nodes are maintained on a hash
* list. new nodes are only allocated when they cannot
* be found on this list. entries on the list are
* removed when the vfs reclaim entry is called.
*
* the vnode gets attached or referenced with vcache_get().
*/
int
union_allocvp(
struct vnode **vpp,
struct mount *mp,
struct vnode *undvp, /* parent union vnode */
struct vnode *dvp, /* may be null */
struct componentname *cnp, /* may be null */
struct vnode *uppervp, /* may be null */
struct vnode *lowervp, /* may be null */
int docache)
{
int error;
struct union_node *un = NULL, *un1;
struct vnode *vp, *xlowervp = NULLVP;
u_long hash[3];
int try;
bool is_dotdot;
/*
* If both uppervp and lowervp are not NULL we have to
* search union nodes with one vnode as NULL too.
*/
hash[0] = UNION_HASH(uppervp, lowervp);
if (uppervp == NULL || lowervp == NULL) {
hash[1] = hash[2] = NOHASH;
} else {
hash[1] = UNION_HASH(uppervp, NULLVP);
hash[2] = UNION_HASH(NULLVP, lowervp);
}
found:
if (un) {
if (uppervp != dvp) {
if (is_dotdot)
VOP_UNLOCK(dvp);
vn_lock(UNIONTOV(un), LK_EXCLUSIVE | LK_RETRY);
if (is_dotdot)
vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
}
/*
* Save information about the upper layer.
*/
if (uppervp != un->un_uppervp) {
union_newupper(un, uppervp);
} else if (uppervp) {
vrele(uppervp);
}
/*
* Save information about the lower layer.
* This needs to keep track of pathname
* and directory information which union_vn_create
* might need.
*/
if (lowervp != un->un_lowervp) {
union_newlower(un, lowervp);
if (cnp && (lowervp != NULLVP)) {
un->un_path = malloc(cnp->cn_namelen+1,
M_TEMP, M_WAITOK);
memcpy(un->un_path, cnp->cn_nameptr,
cnp->cn_namelen);
un->un_path[cnp->cn_namelen] = '\0';
vref(dvp);
un->un_dirvp = dvp;
}
} else if (lowervp) {
vrele(lowervp);
}
*vpp = UNIONTOV(un);
if (uppervp != dvp)
VOP_UNLOCK(*vpp);
error = 0;
goto out;
}
/*
* copyfile. copy the vnode (fvp) to the vnode (tvp)
* using a sequence of reads and writes. both (fvp)
* and (tvp) are locked on entry and exit.
*/
int
union_copyfile(struct vnode *fvp, struct vnode *tvp, kauth_cred_t cred,
struct lwp *l)
{
char *tbuf;
struct uio uio;
struct iovec iov;
int error = 0;
/*
* strategy:
* allocate a buffer of size MAXBSIZE.
* loop doing reads and writes, keeping track
* of the current uio offset.
* give up at the first sign of trouble.
*/
do {
error = VOP_WRITE(tvp, &uio, 0, cred);
} while ((uio.uio_resid > 0) && (error == 0));
}
} while (error == 0);
free(tbuf, M_TEMP);
return (error);
}
/*
* (un) is assumed to be locked on entry and remains
* locked on exit.
*/
int
union_copyup(struct union_node *un, int docopy, kauth_cred_t cred,
struct lwp *l)
{
int error;
struct vnode *lvp, *uvp;
struct vattr lvattr, uvattr;
error = union_vn_create(&uvp, un, l);
if (error)
return (error);
union_newupper(un, uvp);
lvp = un->un_lowervp;
if (docopy) {
/*
* XX - should not ignore errors
* from VOP_CLOSE
*/
vn_lock(lvp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_GETATTR(lvp, &lvattr, cred);
if (error == 0)
error = VOP_OPEN(lvp, FREAD, cred);
if (error == 0) {
error = union_copyfile(lvp, uvp, cred, l);
(void) VOP_CLOSE(lvp, FREAD, cred);
}
if (error == 0) {
/* Copy permissions up too */
vattr_null(&uvattr);
uvattr.va_mode = lvattr.va_mode;
uvattr.va_flags = lvattr.va_flags;
error = VOP_SETATTR(uvp, &uvattr, cred);
}
VOP_UNLOCK(lvp);
#ifdef UNION_DIAGNOSTIC
if (error == 0)
uprintf("union: copied up %s\n", un->un_path);
#endif
}
union_vn_close(uvp, FWRITE, cred, l);
/*
* Subsequent IOs will go to the top layer, so
* call close on the lower vnode and open on the
* upper vnode to ensure that the filesystem keeps
* its references counts right. This doesn't do
* the right thing with (cred) and (FREAD) though.
* Ignoring error returns is not right, either.
*/
if (error == 0) {
int i;
vn_lock(lvp, LK_EXCLUSIVE | LK_RETRY);
for (i = 0; i < un->un_openl; i++) {
(void) VOP_CLOSE(lvp, FREAD, cred);
(void) VOP_OPEN(uvp, FREAD, cred);
}
un->un_openl = 0;
VOP_UNLOCK(lvp);
}
return (error);
}
/*
* Prepare the creation of a new node in the upper layer.
*
* (dvp) is the directory in which to create the new node.
* it is locked on entry and exit.
* (cnp) is the componentname to be created.
* (cred, path, hash) are credentials, path and its hash to fill (cnp).
*/
static int
union_do_lookup(struct vnode *dvp, struct componentname *cnp, kauth_cred_t cred,
const char *path)
{
int error;
struct vnode *vp;
/*
* Create a shadow directory in the upper layer.
* The new vnode is returned locked.
*
* (um) points to the union mount structure for access to the
* the mounting process's credentials.
* (dvp) is the directory in which to create the shadow directory.
* it is unlocked on entry and exit.
* (cnp) is the componentname to be created.
* (vpp) is the returned newly created shadow directory, which
* is returned locked.
*
* N.B. We still attempt to create shadow directories even if the union
* is mounted read-only, which is a little nonintuitive.
*/
int
union_mkshadow(struct union_mount *um, struct vnode *dvp,
struct componentname *cnp, struct vnode **vpp)
{
int error;
struct vattr va;
struct componentname cn;
char *pnbuf;
/*
* policy: when creating the shadow directory in the
* upper layer, create it owned by the user who did
* the mount, group from parent directory, and mode
* 777 modified by umask (ie mostly identical to the
* mkdir syscall). (jsp, kb)
*/
/*
* Create a whiteout entry in the upper layer.
*
* (um) points to the union mount structure for access to the
* the mounting process's credentials.
* (dvp) is the directory in which to create the whiteout.
* it is locked on entry and exit.
* (cnp) is the componentname to be created.
* (un) holds the path and its hash to be created.
*/
int
union_mkwhiteout(struct union_mount *um, struct vnode *dvp,
struct componentname *cnp, struct union_node *un)
{
int error;
struct componentname cn;
/*
* union_vn_create: creates and opens a new shadow file
* on the upper union layer. this function is similar
* in spirit to calling vn_open but it avoids calling namei().
* the problem with calling namei is that a) it locks too many
* things, and b) it doesn't start at the "right" directory,
* whereas union_do_lookup is told where to start.
*/
int
union_vn_create(struct vnode **vpp, struct union_node *un, struct lwp *l)
{
struct vnode *vp;
kauth_cred_t cred = l->l_cred;
struct vattr vat;
struct vattr *vap = &vat;
int fmode = FFLAGS(O_WRONLY|O_CREAT|O_TRUNC|O_EXCL);
int error;
int cmode = UN_FILEMODE & ~l->l_proc->p_cwdi->cwdi_cmask;
struct componentname cn;
/*
* Good - there was no race to create the file
* so go ahead and create it. The permissions
* on the file will be 0666 modified by the
* current user's umask. Access to the file, while
* it is unioned, will require access to the top *and*
* bottom files. Access when not unioned will simply
* require access to the top-level file.
* TODO: confirm choice of access permissions.
*/
vattr_null(vap);
vap->va_type = VREG;
vap->va_mode = cmode;
vp = NULL;
error = VOP_CREATE(un->un_dirvp, &vp, &cn, vap);
if (error) {
VOP_UNLOCK(un->un_dirvp);
return error;
}
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
#if 1
/*
* We do not set the uppervp to NULLVP here, because lowervp
* may also be NULLVP, so this routine would end up creating
* a bogus union node with no upper or lower VP (that causes
* pain in many places that assume at least one VP exists).
* Since we've removed this node from the cache hash chains,
* it won't be found again. When all current holders
* release it, union_inactive() will vgone() it.
*/
union_diruncache(un);
#else
union_newupper(un, NULLVP);
#endif
/*
* determine whether a whiteout is needed
* during a remove/rmdir operation.
*/
int
union_dowhiteout(struct union_node *un, kauth_cred_t cred)
{
struct vattr va;
/*
* This hook is called from vn_readdir() to switch to lower directory
* entry after the upper directory is read.
*/
int
union_readdirhook(struct vnode **vpp, struct file *fp, struct lwp *l)
{
struct vnode *vp = *vpp, *lvp;
struct vattr va;
int error;
if (vp->v_op != union_vnodeop_p)
return (0);
/*
* If the directory is opaque,
* then don't show lower entries
*/
vn_lock(vp, LK_SHARED | LK_RETRY);
error = VOP_GETATTR(vp, &va, fp->f_cred);
VOP_UNLOCK(vp);
if (error || (va.va_flags & OPAQUE))
return error;
if ((lvp = union_dircache(vp, l)) == NULLVP)
return (0);
