/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Taylor R Campbell.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* ext2fs_gro_directory_empty_p: Return true if the directory vp is
* empty. dvp is its parent.
*
* vp and dvp must be locked and referenced.
*/
static bool
ext2fs_gro_directory_empty_p(struct mount *mp, kauth_cred_t cred,
struct vnode *vp, struct vnode *dvp)
{
/*
* ext2fs_gro_remove_check_possible: Check whether a remove is possible
* independent of credentials.
*/
static int
ext2fs_gro_remove_check_possible(struct mount *mp,
struct vnode *dvp, struct vnode *vp)
{
/*
* We shall need to temporarily bump the link count, so make
* sure there is room to do so.
*/
if ((nlink_t)VTOI(fvp)->i_e2fs_nlink >= EXT2FS_LINK_MAX)
return EMLINK;
/*
* 1) Bump link count while we're moving stuff
* around. If we crash somewhere before
* completing our work, the link count
* may be wrong, but correctable.
*/
/*
* 2) If target doesn't exist, link the target
* to the source and unlink the source.
* Otherwise, rewrite the target directory
* entry to reference the source inode and
* expunge the original entry's existence.
*/
if (tvp == NULL) {
/*
* Account for ".." in new directory.
* When source and destination have the same
* parent we don't fool with the link count.
*/
if (directory_p && reparent_p) {
if ((nlink_t)VTOI(tdvp)->i_e2fs_nlink >= EXT2FS_LINK_MAX) {
error = EMLINK;
goto whymustithurtsomuch;
}
KASSERT((nlink_t)VTOI(tdvp)->i_e2fs_nlink < EXT2FS_LINK_MAX);
VTOI(tdvp)->i_e2fs_nlink++;
VTOI(tdvp)->i_flag |= IN_CHANGE;
error = ext2fs_update(tdvp, NULL, NULL, UPDATE_WAIT);
if (error) {
/*
* Link count update didn't take --
* back out the in-memory link count.
*/
KASSERT(0 < VTOI(tdvp)->i_e2fs_nlink);
VTOI(tdvp)->i_e2fs_nlink--;
VTOI(tdvp)->i_flag |= IN_CHANGE;
goto whymustithurtsomuch;
}
}
error = ext2fs_direnter(VTOI(fvp), tdvp, tulr, tcnp);
if (error) {
if (directory_p && reparent_p) {
/*
* Directory update didn't take, but
* the link count update did -- back
* out the in-memory link count and the
* on-disk link count.
*/
KASSERT(0 < VTOI(tdvp)->i_e2fs_nlink);
VTOI(tdvp)->i_e2fs_nlink--;
VTOI(tdvp)->i_flag |= IN_CHANGE;
(void)ext2fs_update(tdvp, NULL, NULL,
UPDATE_WAIT);
}
goto whymustithurtsomuch;
}
} else {
if (directory_p)
/* XXX WTF? Why purge here? Why not purge others? */
cache_purge(tdvp);
/*
* Make the target directory's entry for tcnp point at
* the source node.
*/
error = ext2fs_dirrewrite(VTOI(tdvp), tulr, VTOI(fvp), tcnp);
if (error)
goto whymustithurtsomuch;
/*
* If the source and target are directories, and the
* target is in the same directory as the source,
* decrement the link count of the common parent
* directory, since we are removing the target from
* that directory.
*/
if (directory_p && !reparent_p) {
KASSERT(fdvp == tdvp);
/* XXX check, don't kassert */
KASSERT(0 < VTOI(tdvp)->i_e2fs_nlink);
VTOI(tdvp)->i_e2fs_nlink--;
VTOI(tdvp)->i_flag |= IN_CHANGE;
}
/*
* Adjust the link count of the target to
* reflect the dirrewrite above. If this is
* a directory it is empty and there are
* no links to it, so we can squash the inode and
* any space associated with it. We disallowed
* renaming over top of a directory with links to
* it above, as the remaining link would point to
* a directory without "." or ".." entries.
*/
/* XXX check, don't kassert */
KASSERT(0 < VTOI(tvp)->i_e2fs_nlink);
VTOI(tvp)->i_e2fs_nlink--;
if (directory_p) {
/*
* XXX The ext2fs_dirempty call earlier does
* not guarantee anything about nlink.
*/
if (VTOI(tvp)->i_e2fs_nlink != 1)
ufs_dirbad(VTOI(tvp), (doff_t)0,
"hard-linked directory");
VTOI(tvp)->i_e2fs_nlink = 0;
error = ext2fs_truncate(tvp, (off_t)0, IO_SYNC, cred);
#if 0 /* XXX This branch was not in ext2fs_rename! */
if (error)
goto whymustithurtsomuch;
#endif
}
*tvp_nlinkp = VTOI(tvp)->i_e2fs_nlink;
/*
* XXX Why is this here, and not above the preceding
* conditional?
*/
VTOI(tvp)->i_flag |= IN_CHANGE;
}
/*
* If the source is a directory with a new parent, the link
* count of the old parent directory must be decremented and
* ".." set to point to the new parent.
*/
if (directory_p && reparent_p) {
error = ext2fs_rename_replace_dotdot(fvp, fdvp, tdvp, cred);
if (error)
goto whymustithurtsomuch;
/*
* ext2fs_direnter may compact the directory in the process of
* inserting a new entry. That may invalidate fulr, which we
* need in order to remove the old entry. In that case, we
* need to recalculate what fulr should be.
*/
if (!reparent_p && (tvp == NULL) &&
ext2fs_rename_ulr_overlap_p(fulr, tulr)) {
error = ext2fs_rename_recalculate_fulr(fdvp, fulr, tulr, fcnp);
#if 0 /* XXX */
if (error) /* XXX Try to back out changes? */
goto whymustithurtsomuch;
#endif
}
error = ext2fs_dirremove(fdvp, fulr, fcnp);
if (error)
goto whymustithurtsomuch;
/*
* fulr is from a DELETE lookup, so fulr->ulr_count is the size
* of the preceding entry (d_reclen).
*/
from_prev_end = fulr->ulr_offset;
KASSERT(fulr->ulr_count <= from_prev_end);
from_prev_start = (from_prev_end - fulr->ulr_count);
/*
* tulr is from a RENAME lookup, so tulr->ulr_count is the size
* of the free space for an entry that we are about to fill.
*/
to_start = tulr->ulr_offset;
KASSERT(tulr->ulr_count < (EXT2FS_MAXDIRSIZE - to_start));
to_end = (to_start + tulr->ulr_count);
/*
* ext2fs_rename_recalculate_fulr: If we have just entered a directory
* into dvp at tulr, and we were about to remove one at fulr for an
* entry named fcnp, fulr may be invalid. So, if necessary,
* recalculate it.
*/
static int
ext2fs_rename_recalculate_fulr(struct vnode *dvp,
struct ufs_lookup_results *fulr, const struct ufs_lookup_results *tulr,
const struct componentname *fcnp)
{
struct mount *mp;
struct ufsmount *ump;
/* XXX int is a silly type for this; blame ufsmount::um_dirblksiz. */
int dirblksiz;
doff_t search_start, search_end;
doff_t offset; /* Offset of entry we're examining. */
struct buf *bp; /* I/O block we're examining. */
char *dirbuf; /* Pointer into directory at search_start. */
struct ext2fs_direct *ep; /* Pointer to the entry we're examining. */
/* XXX direct::d_reclen is 16-bit;
* ufs_lookup_results::ulr_reclen is 32-bit. Blah. */
uint32_t reclen; /* Length of the entry we're examining. */
uint32_t prev_reclen; /* Length of the preceding entry. */
int error;
/*
* Guarantee we sha'n't go past the end of the buffer we got.
* dirbuf is bp->b_data + (search_start & (iosize - 1)), and
* the valid range is [bp->b_data, bp->b_data + bp->b_bcount).
*/
KASSERT((search_end - search_start) <=
(bp->b_bcount - (search_start & (mp->mnt_stat.f_iosize - 1))));
/*
* Search from search_start to search_end for the entry matching
* fcnp, which must be there because we found it before and it
* should only at most have moved earlier.
*/
for (;;) {
KASSERT(search_start <= offset);
KASSERT(offset < search_end);
/*
* Examine the directory entry at offset.
*/
ep = (struct ext2fs_direct *)
(dirbuf + (offset - search_start));
reclen = fs2h16(ep->e2d_reclen);
if (ep->e2d_ino == 0)
goto next; /* Entry is unused. */
if (fs2h32(ep->e2d_ino) == UFS_WINO)
goto next; /* Entry is whiteout. */
if (fcnp->cn_namelen != ep->e2d_namlen)
goto next; /* Wrong name length. */
if (memcmp(ep->e2d_name, fcnp->cn_nameptr, fcnp->cn_namelen))
goto next; /* Wrong name. */
/* We may not move past the search end. */
KASSERT(reclen < search_end);
KASSERT(offset < (search_end - reclen));
/*
* We may not move across a directory block boundary;
* see (*) above.
*/
KASSERT((offset &~ (dirblksiz - 1)) ==
((offset + reclen) &~ (dirblksiz - 1)));
prev_reclen = reclen;
offset += reclen;
}
/*
* Found the entry. Record where.
*/
fulr->ulr_offset = offset;
fulr->ulr_reclen = reclen;
/*
* Record the preceding record length, but not if we're at the
* start of a directory block.
*/
fulr->ulr_count = ((offset & (dirblksiz - 1))? prev_reclen : 0);
brelse(bp, 0);
return 0;
}
/*
* ext2fs_gro_remove: Rename an object over another link to itself,
* effectively removing just the original link.
*/
static int
ext2fs_gro_remove(struct mount *mp, kauth_cred_t cred,
struct vnode *dvp, struct componentname *cnp, void *de, struct vnode *vp,
nlink_t *tvp_nlinkp)
{
struct ufs_lookup_results *ulr = de;
int error;
/*
* ext2fs_rmdired_p: Check whether the directory vp has been rmdired.
*
* vp must be locked and referenced.
*/
static bool
ext2fs_rmdired_p(struct vnode *vp)
{
/*
* We need to provisionally lock tdvp to keep rmdir from
* deleting it -- or any ancestor -- at an inopportune moment.
*/
error = ext2fs_gro_lock_directory(mp, tdvp);
if (error)
return error;
/* Did we find that fdvp is an ancestor of tdvp? */
if (VTOI(fdvp)->i_number == dotdot_ino) {
/* Unlock vp, but keep it referenced. */
VOP_UNLOCK(vp);
*intermediate_node_ret = vp;
return 0;
}
/* Neither -- keep ascending the family tree. */
error = vcache_get(mp, &dotdot_ino, sizeof(dotdot_ino), &dvp);
vput(vp);
if (error)
return error;
error = vn_lock(dvp, LK_EXCLUSIVE);
if (error) {
vrele(dvp);
return error;
}
if (vp->v_type != VDIR) {
/*
* XXX Panic? Print a warning? Can this
* happen if we lose the race I suspect to
* exist above, and the `..' inode number has
* been recycled?
*/
vput(vp);
return ENOTDIR;
}
if (ext2fs_rmdired_p(vp)) {
vput(vp);
return ENOENT;
}
}
}
/*
* ext2fs_read_dotdot: Store in *ino_ret the inode number of the parent
* of the directory vp.
*/
static int
ext2fs_read_dotdot(struct vnode *vp, kauth_cred_t cred, ino_t *ino_ret)
{
struct ext2fs_dirtemplate dirbuf;
int error;
/*
* ext2fs_rename_replace_dotdot: Change the target of the `..' entry of
* the directory vp from fdvp to tdvp.
*/
static int
ext2fs_rename_replace_dotdot(struct vnode *vp,
struct vnode *fdvp, struct vnode *tdvp,
kauth_cred_t cred)
{
struct ext2fs_dirtemplate dirbuf;
int error;
/* XXX Does it make sense to do this before the sanity checks below? */
KASSERT(0 < VTOI(fdvp)->i_e2fs_nlink);
VTOI(fdvp)->i_e2fs_nlink--;
VTOI(fdvp)->i_flag |= IN_CHANGE;
/*
* ext2fs_gro_lock_directory: Lock the directory vp, but fail if it has
* been rmdir'd.
*/
static int
ext2fs_gro_lock_directory(struct mount *mp, struct vnode *vp)
{
