NetBSD/sys/fs/efs/efs_vfsops.c
elad 9670d2e41d Add genfs_can_mount() and use it to prevent some more code duplication of
the security checks when mounting a device (VOP_ACCESS() + kauth(9) call)).

Proposed with no objections on tech-kern@:

	http://mail-index.netbsd.org/tech-kern/2009/04/20/msg004859.html

The vnode is always expected to be locked, so no locking is done outside
the file-system code.
2009-04-25 18:53:43 +00:00

608 lines
13 KiB
C

/* $NetBSD: efs_vfsops.c,v 1.19 2009/04/25 18:53:44 elad Exp $ */
/*
* Copyright (c) 2006 Stephen M. Rumble <rumble@ephemeral.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.19 2009/04/25 18:53:44 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/fstypes.h>
#include <sys/vnode.h>
#include <sys/buf.h>
#include <sys/namei.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <sys/kauth.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <miscfs/genfs/genfs_node.h>
#include <miscfs/genfs/genfs.h>
#include <miscfs/specfs/specdev.h>
#include <fs/efs/efs.h>
#include <fs/efs/efs_sb.h>
#include <fs/efs/efs_dir.h>
#include <fs/efs/efs_genfs.h>
#include <fs/efs/efs_mount.h>
#include <fs/efs/efs_extent.h>
#include <fs/efs/efs_dinode.h>
#include <fs/efs/efs_inode.h>
#include <fs/efs/efs_subr.h>
#include <fs/efs/efs_ihash.h>
MODULE(MODULE_CLASS_VFS, efs, NULL);
MALLOC_JUSTDEFINE(M_EFSMNT, "efsmnt", "efs mount structure");
MALLOC_JUSTDEFINE(M_EFSINO, "efsino", "efs in-core inode structure");
MALLOC_JUSTDEFINE(M_EFSTMP, "efstmp", "efs temporary allocations");
extern int (**efs_vnodeop_p)(void *); /* for getnewvnode() */
extern int (**efs_specop_p)(void *); /* for getnewvnode() */
extern int (**efs_fifoop_p)(void *); /* for getnewvnode() */
static int efs_statvfs(struct mount *, struct statvfs *);
/*
* efs_mount and efs_mountroot common functions.
*/
static int
efs_mount_common(struct mount *mp, const char *path, struct vnode *devvp,
struct efs_args *args)
{
int err;
struct buf *bp;
const char *why;
struct efs_mount *emp;
struct lwp *l = curlwp;
emp = malloc(sizeof(*emp), M_EFSMNT, M_WAITOK);
emp->em_dev = devvp->v_rdev;
emp->em_devvp = devvp;
emp->em_mnt = mp;
/* read in the superblock */
err = efs_bread(emp, EFS_BB_SB, l, &bp);
if (err) {
EFS_DPRINTF(("superblock read failed\n"));
free(emp, M_EFSMNT);
brelse(bp, 0);
return (err);
}
memcpy(&emp->em_sb, bp->b_data, sizeof(emp->em_sb));
brelse(bp, 0);
/* validate the superblock */
if (efs_sb_validate(&emp->em_sb, &why)) {
printf("efs: invalid superblock: %s\n", why);
if (!(mp->mnt_flag & MNT_FORCE)) {
free(emp, M_EFSMNT);
return (EIO);
}
}
/* check that it's clean */
if (be16toh(emp->em_sb.sb_dirty) != EFS_SB_CLEAN) {
printf("efs: filesystem is dirty (sb_dirty = 0x%x); please "
"run fsck_efs(8)\n", be16toh(emp->em_sb.sb_dirty));
/* XXX - default to readonly unless forced?? */
}
/* if the superblock was replicated, verify that it is the same */
if (be32toh(emp->em_sb.sb_replsb) != 0) {
struct buf *rbp;
bool skip = false;
err = efs_bread(emp, be32toh(emp->em_sb.sb_replsb), l, &rbp);
if (err) {
printf("efs: read of superblock replicant failed; "
"please run fsck_efs(8)\n");
if (mp->mnt_flag & MNT_FORCE) {
skip = true;
} else {
free(emp, M_EFSMNT);
brelse(rbp, 0);
return (err);
}
}
if (!skip) {
if (memcmp(rbp->b_data, &emp->em_sb,
sizeof(emp->em_sb))) {
printf("efs: superblock differs from "
"replicant; please run fsck_efs(8)\n");
if (!(mp->mnt_flag & MNT_FORCE)) {
brelse(rbp, 0);
free(emp, M_EFSMNT);
return (EIO);
}
}
}
brelse(rbp, 0);
}
/* ensure we can read last block */
err = efs_bread(emp, be32toh(emp->em_sb.sb_size) - 1, l, &bp);
if (err) {
printf("efs: cannot access all filesystem blocks; please run "
"fsck_efs(8)\n");
if (!(mp->mnt_flag & MNT_FORCE)) {
free(emp, M_EFSMNT);
brelse(bp, 0);
return (err);
}
}
brelse(bp, 0);
mp->mnt_data = emp;
mp->mnt_flag |= MNT_LOCAL;
mp->mnt_fs_bshift = EFS_BB_SHFT;
mp->mnt_dev_bshift = DEV_BSHIFT;
vfs_getnewfsid(mp);
efs_statvfs(mp, &mp->mnt_stat);
err = set_statvfs_info(path, UIO_USERSPACE, args->fspec,
UIO_USERSPACE, mp->mnt_op->vfs_name, mp, l);
if (err)
free(emp, M_EFSMNT);
return (err);
}
/*
* mount syscall vfsop.
*
* Returns 0 on success.
*/
static int
efs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
{
struct lwp *l = curlwp;
struct efs_args *args = data;
struct nameidata devndp;
struct efs_mount *emp;
struct vnode *devvp;
int err, mode;
if (*data_len < sizeof *args)
return EINVAL;
if (mp->mnt_flag & MNT_GETARGS) {
if ((emp = VFSTOEFS(mp)) == NULL)
return (EIO);
args->fspec = NULL;
args->version = EFS_MNT_VERSION;
*data_len = sizeof *args;
return 0;
}
if (mp->mnt_flag & MNT_UPDATE)
return (EOPNOTSUPP); /* XXX read-only */
/* look up our device's vnode. it is returned locked */
NDINIT(&devndp, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, args->fspec);
if ((err = namei(&devndp)))
return (err);
devvp = devndp.ni_vp;
if (devvp->v_type != VBLK) {
vput(devvp);
return (ENOTBLK);
}
/* XXX - rdonly */
mode = FREAD;
/*
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
err = genfs_can_mount(devvp, VREAD, l->l_cred);
if (err) {
vput(devvp);
return (err);
}
if ((err = VOP_OPEN(devvp, mode, l->l_cred))) {
vput(devvp);
return (err);
}
err = efs_mount_common(mp, path, devvp, args);
if (err) {
VOP_CLOSE(devvp, mode, l->l_cred);
vput(devvp);
return (err);
}
VOP_UNLOCK(devvp, 0);
return (0);
}
/*
* Initialisation routine.
*
* Returns 0 on success.
*/
static int
efs_start(struct mount *mp, int flags)
{
return (0);
}
/*
* unmount syscall vfsop.
*
* Returns 0 on success.
*/
static int
efs_unmount(struct mount *mp, int mntflags)
{
struct efs_mount *emp;
struct lwp *l = curlwp;
int err;
emp = VFSTOEFS(mp);
err = vflush(mp, NULL, (mntflags & MNT_FORCE) ? FORCECLOSE : 0);
if (err)
return (err);
cache_purgevfs(mp);
vn_lock(emp->em_devvp, LK_EXCLUSIVE | LK_RETRY);
err = VOP_CLOSE(emp->em_devvp, FREAD, l->l_cred);
vput(emp->em_devvp);
free(mp->mnt_data, M_EFSMNT);
mp->mnt_data = NULL;
mp->mnt_flag &= ~MNT_LOCAL;
return (err);
}
/*
* Return the root vnode.
*
* Returns 0 on success.
*/
static int
efs_root(struct mount *mp, struct vnode **vpp)
{
int err;
struct vnode *vp;
if ((err = VFS_VGET(mp, EFS_ROOTINO, &vp)))
return (err);
*vpp = vp;
return (0);
}
/*
* statvfs syscall vfsop.
*
* Returns 0 on success.
*/
static int
efs_statvfs(struct mount *mp, struct statvfs *sbp)
{
struct efs_mount *emp;
emp = VFSTOEFS(mp);
sbp->f_bsize = EFS_BB_SIZE;
sbp->f_frsize = EFS_BB_SIZE;
sbp->f_iosize = EFS_BB_SIZE;
sbp->f_blocks = be32toh(emp->em_sb.sb_size);
sbp->f_bfree = be32toh(emp->em_sb.sb_tfree);
sbp->f_bavail = sbp->f_bfree; // XXX same??
sbp->f_bresvd = 0;
sbp->f_files = be32toh(emp->em_sb.sb_tinode);
sbp->f_ffree = be16toh(emp->em_sb.sb_cgisize) *
be16toh(emp->em_sb.sb_ncg) *
EFS_DINODES_PER_BB;
sbp->f_favail = sbp->f_ffree; // XXX same??
sbp->f_fresvd = 0;
sbp->f_namemax = EFS_DIRENT_NAMELEN_MAX;
copy_statvfs_info(sbp, mp);
return (0);
}
/*
* Obtain a locked vnode for the given on-disk inode number.
*
* We currently allocate a new vnode from getnewnode(), tack it with
* our in-core inode structure (efs_inode), and read in the inode from
* disk. The returned inode must be locked.
*
* Returns 0 on success.
*/
static int
efs_vget(struct mount *mp, ino_t ino, struct vnode **vpp)
{
int err;
struct vnode *vp;
struct efs_inode *eip;
struct efs_mount *emp;
emp = VFSTOEFS(mp);
while (true) {
*vpp = efs_ihashget(emp->em_dev, ino, LK_EXCLUSIVE);
if (*vpp != NULL)
return (0);
err = getnewvnode(VT_EFS, mp, efs_vnodeop_p, &vp);
if (err)
return (err);
eip = pool_get(&efs_inode_pool, PR_WAITOK);
/*
* See if anybody has raced us here. If not, continue
* setting up the new inode, otherwise start over.
*/
efs_ihashlock();
if (efs_ihashget(emp->em_dev, ino, 0) == NULL)
break;
efs_ihashunlock();
ungetnewvnode(vp);
pool_put(&efs_inode_pool, eip);
}
vp->v_vflag |= VV_LOCKSWORK;
eip->ei_mode = 0;
eip->ei_lockf = NULL;
eip->ei_number = ino;
eip->ei_dev = emp->em_dev;
eip->ei_vp = vp;
vp->v_data = eip;
/*
* Place the vnode on the hash chain. Doing so will lock the
* vnode, so it's okay to drop the global lock and read in
* the inode from disk.
*/
efs_ihashins(eip);
efs_ihashunlock();
/*
* Init genfs early, otherwise we'll trip up on genfs_node_destroy
* in efs_reclaim when vput()ing in an error branch here.
*/
genfs_node_init(vp, &efs_genfsops);
err = efs_read_inode(emp, ino, NULL, &eip->ei_di);
if (err) {
vput(vp);
*vpp = NULL;
return (err);
}
efs_sync_dinode_to_inode(eip);
if (ino == EFS_ROOTINO && !S_ISDIR(eip->ei_mode)) {
printf("efs: root inode (%lu) is not a directory!\n",
(ulong)EFS_ROOTINO);
vput(vp);
*vpp = NULL;
return (EIO);
}
switch (eip->ei_mode & S_IFMT) {
case S_IFIFO:
vp->v_type = VFIFO;
vp->v_op = efs_fifoop_p;
break;
case S_IFCHR:
vp->v_type = VCHR;
vp->v_op = efs_specop_p;
spec_node_init(vp, eip->ei_dev);
break;
case S_IFDIR:
vp->v_type = VDIR;
if (ino == EFS_ROOTINO)
vp->v_vflag |= VV_ROOT;
break;
case S_IFBLK:
vp->v_type = VBLK;
vp->v_op = efs_specop_p;
spec_node_init(vp, eip->ei_dev);
break;
case S_IFREG:
vp->v_type = VREG;
break;
case S_IFLNK:
vp->v_type = VLNK;
break;
case S_IFSOCK:
vp->v_type = VSOCK;
break;
default:
printf("efs: invalid mode 0x%x in inode %lu on mount %s\n",
eip->ei_mode, (ulong)ino, mp->mnt_stat.f_mntonname);
vput(vp);
*vpp = NULL;
return (EIO);
}
uvm_vnp_setsize(vp, eip->ei_size);
*vpp = vp;
KASSERT(VOP_ISLOCKED(vp));
return (0);
}
/*
* Convert the provided opaque, unique file handle into a vnode.
*
* Returns 0 on success.
*/
static int
efs_fhtovp(struct mount *mp, struct fid *fhp, struct vnode **vpp)
{
int err;
struct vnode *vp;
struct efs_fid *efp;
struct efs_inode *eip;
if (fhp->fid_len != sizeof(struct efs_fid))
return (EINVAL);
efp = (struct efs_fid *)fhp;
if ((err = VFS_VGET(mp, efp->ef_ino, &vp))) {
*vpp = NULL;
return (err);
}
eip = EFS_VTOI(vp);
if (eip->ei_mode == 0 || eip->ei_gen != efp->ef_gen) {
vput(vp);
*vpp = NULL;
return (ESTALE);
}
*vpp = vp;
return (0);
}
/*
* Convert the provided vnode into an opaque, unique file handle.
*
* Returns 0 on success.
*/
static int
efs_vptofh(struct vnode *vp, struct fid *fhp, size_t *fh_size)
{
struct efs_fid *efp;
struct efs_inode *eip;
if (*fh_size < sizeof(struct efs_fid)) {
*fh_size = sizeof(struct efs_fid);
return (E2BIG);
}
*fh_size = sizeof(struct efs_fid);
eip = EFS_VTOI(vp);
efp = (struct efs_fid *)fhp;
fhp->fid_len = sizeof(struct efs_fid);
efp->ef_ino = eip->ei_number;
efp->ef_gen = eip->ei_gen;
return (0);
}
/*
* Globally initialise the filesystem.
*/
static void
efs_init(void)
{
malloc_type_attach(M_EFSMNT);
malloc_type_attach(M_EFSINO);
malloc_type_attach(M_EFSTMP);
efs_ihashinit();
pool_init(&efs_inode_pool, sizeof(struct efs_inode), 0, 0, 0,
"efsinopl", &pool_allocator_nointr, IPL_NONE);
}
/*
* Globally reinitialise the filesystem.
*/
static void
efs_reinit(void)
{
efs_ihashreinit();
}
/*
* Globally clean up the filesystem.
*/
static void
efs_done(void)
{
pool_destroy(&efs_inode_pool);
efs_ihashdone();
malloc_type_detach(M_EFSMNT);
malloc_type_detach(M_EFSINO);
malloc_type_detach(M_EFSTMP);
}
extern const struct vnodeopv_desc efs_vnodeop_opv_desc;
extern const struct vnodeopv_desc efs_specop_opv_desc;
extern const struct vnodeopv_desc efs_fifoop_opv_desc;
const struct vnodeopv_desc * const efs_vnodeopv_descs[] = {
&efs_vnodeop_opv_desc,
&efs_specop_opv_desc,
&efs_fifoop_opv_desc,
NULL
};
struct vfsops efs_vfsops = {
.vfs_name = MOUNT_EFS,
.vfs_min_mount_data = sizeof (struct efs_args),
.vfs_mount = efs_mount,
.vfs_start = efs_start,
.vfs_unmount = efs_unmount,
.vfs_root = efs_root,
.vfs_quotactl = (void *)eopnotsupp,
.vfs_statvfs = efs_statvfs,
.vfs_sync = (void *)nullop,
.vfs_vget = efs_vget,
.vfs_fhtovp = efs_fhtovp,
.vfs_vptofh = efs_vptofh,
.vfs_init = efs_init,
.vfs_reinit = efs_reinit,
.vfs_done = efs_done,
.vfs_mountroot = (void *)eopnotsupp,
.vfs_snapshot = (void *)eopnotsupp,
.vfs_extattrctl = vfs_stdextattrctl,
.vfs_suspendctl = (void *)eopnotsupp,
.vfs_opv_descs = efs_vnodeopv_descs
/* .vfs_refcount */
/* .vfs_list */
};
static int
efs_modcmd(modcmd_t cmd, void *arg)
{
switch (cmd) {
case MODULE_CMD_INIT:
return vfs_attach(&efs_vfsops);
case MODULE_CMD_FINI:
return vfs_detach(&efs_vfsops);
default:
return ENOTTY;
}
}