[unix-history] / usr / src / sys / miscfs / union / union_subr.c

/*
 * Copyright (c) 1994 Jan-Simon Pendry
 * Copyright (c) 1994
 *	The Regents of the University of California.  All rights reserved.
 *
 * This code is derived from software contributed to Berkeley by
 * Jan-Simon Pendry.
 *
 * %sccs.include.redist.c%
 *
 *	@(#)union_subr.c	2.1 (Berkeley) %G%
 */

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <sys/file.h>
#include <sys/filedesc.h>
#include "union.h" /*<miscfs/union/union.h>*/

#ifdef DIAGNOSTIC
#include <sys/proc.h>
#endif

static struct union_node *unhead;
static int unvplock;

int
union_init()
{

	unhead = 0;
	unvplock = 0;
}

static void
union_remlist(un)
	struct union_node *un;
{
	struct union_node **unpp;

	for (unpp = &unhead; *unpp != 0; unpp = &(*unpp)->un_next) {
		if (*unpp == un) {
			*unpp = un->un_next;
			break;
		}
	}
}

/*
 * allocate a union_node/vnode pair.  the vnode is
 * referenced and locked.  the new vnode is returned
 * via (vpp).  (mp) is the mountpoint of the union filesystem,
 * (dvp) is the parent directory where the upper layer object
 * should exist (but doesn't) and (cnp) is the componentname
 * information which is partially copied to allow the upper
 * layer object to be created at a later time.  (uppervp)
 * and (lowervp) reference the upper and lower layer objects
 * being mapped.  either, but not both, can be nil.
 * if supplied, (uppervp) is locked.
 * the reference is either maintained in the new union_node
 * object which is allocated, or they are vrele'd.
 *
 * all union_nodes are maintained on a singly-linked
 * list.  new nodes are only allocated when they cannot
 * be found on this list.  entries on the list are
 * removed when the vfs reclaim entry is called.
 *
 * a single lock is kept for the entire list.  this is
 * needed because the getnewvnode() function can block
 * waiting for a vnode to become free, in which case there
 * may be more than one process trying to get the same
 * vnode.  this lock is only taken if we are going to
 * call getnewvnode, since the kernel itself is single-threaded.
 *
 * if an entry is found on the list, then call vget() to
 * take a reference.  this is done because there may be
 * zero references to it and so it needs to removed from
 * the vnode free list.
 */
int
union_allocvp(vpp, mp, undvp, dvp, cnp, uppervp, lowervp)
	struct vnode **vpp;
	struct mount *mp;
	struct vnode *undvp;
	struct vnode *dvp;		/* may be null */
	struct componentname *cnp;	/* may be null */
	struct vnode *uppervp;		/* may be null */
	struct vnode *lowervp;		/* may be null */
{
	int error;
	struct union_node *un;
	struct union_node **pp;
	struct vnode *xlowervp = 0;

	if (uppervp == 0 && lowervp == 0)
		panic("union: unidentifiable allocation");

	if (uppervp && lowervp && (uppervp->v_type != lowervp->v_type)) {
		xlowervp = lowervp;
		lowervp = 0;
	}

loop:
	for (un = unhead; un != 0; un = un->un_next) {
		if ((un->un_lowervp == lowervp ||
		     un->un_lowervp == 0) &&
		    (un->un_uppervp == uppervp ||
		     un->un_uppervp == 0) &&
		    (UNIONTOV(un)->v_mount == mp)) {
			if (vget(UNIONTOV(un), 0))
				goto loop;
			break;
		}
	}

	if (un) {
		/*
		 * Obtain a lock on the union_node.
		 * uppervp is locked, though un->un_uppervp
		 * may not be.  this doesn't break the locking
		 * hierarchy since in the case that un->un_uppervp
		 * is not yet locked it will be vrele'd and replaced
		 * with uppervp.
		 */

		if ((dvp != NULLVP) && (uppervp == dvp)) {
			/*
			 * Access ``.'', so (un) will already
			 * be locked.  Since this process has
			 * the lock on (uppervp) no other
			 * process can hold the lock on (un).
			 */
#ifdef DIAGNOSTIC
			if ((un->un_flags & UN_LOCKED) == 0)
				panic("union: . not locked");
			else if (curproc && un->un_pid != curproc->p_pid &&
				    un->un_pid > -1 && curproc->p_pid > -1)
				panic("union: allocvp not lock owner");
#endif
		} else {
			if (un->un_flags & UN_LOCKED) {
				vrele(UNIONTOV(un));
				un->un_flags |= UN_WANT;
				sleep((caddr_t) &un->un_flags, PINOD);
				goto loop;
			}
			un->un_flags |= UN_LOCKED;

#ifdef DIAGNOSTIC
			if (curproc)
				un->un_pid = curproc->p_pid;
			else
				un->un_pid = -1;
#endif
		}

		/*
		 * At this point, the union_node is locked,
		 * un->un_uppervp may not be locked, and uppervp
		 * is locked or nil.
		 */

		/*
		 * Save information about the upper layer.
		 */
		if (uppervp != un->un_uppervp) {
			if (un->un_uppervp)
				vrele(un->un_uppervp);
			un->un_uppervp = uppervp;
		} else if (uppervp) {
			vrele(uppervp);
		}

		if (un->un_uppervp) {
			un->un_flags |= UN_ULOCK;
			un->un_flags &= ~UN_KLOCK;
		}

		/*
		 * Save information about the lower layer.
		 * This needs to keep track of pathname
		 * and directory information which union_vn_create
		 * might need.
		 */
		if (lowervp != un->un_lowervp) {
			if (un->un_lowervp) {
				vrele(un->un_lowervp);
				free(un->un_path, M_TEMP);
				vrele(un->un_dirvp);
			}
			un->un_lowervp = lowervp;
			if (cnp && (lowervp != NULLVP) &&
			    (lowervp->v_type == VREG)) {
				un->un_hash = cnp->cn_hash;
				un->un_path = malloc(cnp->cn_namelen+1,
						M_TEMP, M_WAITOK);
				bcopy(cnp->cn_nameptr, un->un_path,
						cnp->cn_namelen);
				un->un_path[cnp->cn_namelen] = '\0';
				VREF(dvp);
				un->un_dirvp = dvp;
			}
		} else if (lowervp) {
			vrele(lowervp);
		}
		*vpp = UNIONTOV(un);
		return (0);
	}

	/*
	 * otherwise lock the vp list while we call getnewvnode
	 * since that can block.
	 */ 
	if (unvplock & UN_LOCKED) {
		unvplock |= UN_WANT;
		sleep((caddr_t) &unvplock, PINOD);
		goto loop;
	}
	unvplock |= UN_LOCKED;

	error = getnewvnode(VT_UNION, mp, union_vnodeop_p, vpp);
	if (error) {
		if (uppervp) {
			if (dvp == uppervp)
				vrele(uppervp);
			else
				vput(uppervp);
		}
		if (lowervp)
			vrele(lowervp);

		goto out;
	}

	MALLOC((*vpp)->v_data, void *, sizeof(struct union_node),
		M_TEMP, M_WAITOK);

	if (uppervp)
		(*vpp)->v_type = uppervp->v_type;
	else
		(*vpp)->v_type = lowervp->v_type;
	un = VTOUNION(*vpp);
	un->un_vnode = *vpp;
	un->un_next = 0;
	un->un_uppervp = uppervp;
	un->un_lowervp = lowervp;
	un->un_openl = 0;
	un->un_flags = UN_LOCKED;
	if (un->un_uppervp)
		un->un_flags |= UN_ULOCK;
#ifdef DIAGNOSTIC
	if (curproc)
		un->un_pid = curproc->p_pid;
	else
		un->un_pid = -1;
#endif
	if (cnp && (lowervp != NULLVP) && (lowervp->v_type == VREG)) {
		un->un_hash = cnp->cn_hash;
		un->un_path = malloc(cnp->cn_namelen+1, M_TEMP, M_WAITOK);
		bcopy(cnp->cn_nameptr, un->un_path, cnp->cn_namelen);
		un->un_path[cnp->cn_namelen] = '\0';
		VREF(dvp);
		un->un_dirvp = dvp;
	} else {
		un->un_hash = 0;
		un->un_path = 0;
		un->un_dirvp = 0;
	}

	/* add to union vnode list */
	for (pp = &unhead; *pp; pp = &(*pp)->un_next)
		continue;
	*pp = un;

	if (xlowervp)
		vrele(xlowervp);

out:
	unvplock &= ~UN_LOCKED;

	if (unvplock & UN_WANT) {
		unvplock &= ~UN_WANT;
		wakeup((caddr_t) &unvplock);
	}

	return (error);
}

int
union_freevp(vp)
	struct vnode *vp;
{
	struct union_node *un = VTOUNION(vp);

	union_remlist(un);

	FREE(vp->v_data, M_TEMP);
	vp->v_data = 0;
	return (0);
}

/*
 * copyfile.  copy the vnode (fvp) to the vnode (tvp)
 * using a sequence of reads and writes.  both (fvp)
 * and (tvp) are locked on entry and exit.
 */
int
union_copyfile(p, cred, fvp, tvp)
	struct proc *p;
	struct ucred *cred;
	struct vnode *fvp;
	struct vnode *tvp;
{
	char *buf;
	struct uio uio;
	struct iovec iov;
	int error = 0;

	/*
	 * strategy:
	 * allocate a buffer of size MAXBSIZE.
	 * loop doing reads and writes, keeping track
	 * of the current uio offset.
	 * give up at the first sign of trouble.
	 */

	uio.uio_procp = p;
	uio.uio_segflg = UIO_SYSSPACE;
	uio.uio_offset = 0;

	VOP_UNLOCK(fvp);				/* XXX */
	LEASE_CHECK(fvp, p, cred, LEASE_READ);
	VOP_LOCK(fvp);					/* XXX */
	VOP_UNLOCK(tvp);				/* XXX */
	LEASE_CHECK(tvp, p, cred, LEASE_WRITE);
	VOP_LOCK(tvp);					/* XXX */

	buf = malloc(MAXBSIZE, M_TEMP, M_WAITOK);

	/* ugly loop follows... */
	do {
		off_t offset = uio.uio_offset;

		uio.uio_iov = &iov;
		uio.uio_iovcnt = 1;
		iov.iov_base = buf;
		iov.iov_len = MAXBSIZE;
		uio.uio_resid = iov.iov_len;
		uio.uio_rw = UIO_READ;
		error = VOP_READ(fvp, &uio, 0, cred);

		if (error == 0) {
			uio.uio_iov = &iov;
			uio.uio_iovcnt = 1;
			iov.iov_base = buf;
			iov.iov_len = MAXBSIZE - uio.uio_resid;
			uio.uio_offset = offset;
			uio.uio_rw = UIO_WRITE;
			uio.uio_resid = iov.iov_len;

			if (uio.uio_resid == 0)
				break;

			do {
				error = VOP_WRITE(tvp, &uio, 0, cred);
			} while ((uio.uio_resid > 0) && (error == 0));
		}

	} while (error == 0);

	free(buf, M_TEMP);
	return (error);
}

/*
 * Create a shadow directory in the upper layer.
 * The new vnode is returned locked.
 *
 * (um) points to the union mount structure for access to the
 * the mounting process's credentials.
 * (dvp) is the directory in which to create the shadow directory.
 * it is unlocked on entry and exit.
 * (cnp) is the componentname to be created.
 * (vpp) is the returned newly created shadow directory, which
 * is returned locked.
 */
int
union_mkshadow(um, dvp, cnp, vpp)
	struct union_mount *um;
	struct vnode *dvp;
	struct componentname *cnp;
	struct vnode **vpp;
{
	int error;
	struct vattr va;
	struct proc *p = cnp->cn_proc;
	struct componentname cn;

	/*
	 * policy: when creating the shadow directory in the
	 * upper layer, create it owned by the user who did
	 * the mount, group from parent directory, and mode
	 * 777 modified by umask (ie mostly identical to the
	 * mkdir syscall).  (jsp, kb)
	 */

	/*
	 * A new componentname structure must be faked up because
	 * there is no way to know where the upper level cnp came
	 * from or what it is being used for.  This must duplicate
	 * some of the work done by NDINIT, some of the work done
	 * by namei, some of the work done by lookup and some of
	 * the work done by VOP_LOOKUP when given a CREATE flag.
	 * Conclusion: Horrible.
	 *
	 * The pathname buffer will be FREEed by VOP_MKDIR.
	 */
	cn.cn_pnbuf = malloc(cnp->cn_namelen+1, M_NAMEI, M_WAITOK);
	bcopy(cnp->cn_nameptr, cn.cn_pnbuf, cnp->cn_namelen);
	cn.cn_pnbuf[cnp->cn_namelen] = '\0';

	cn.cn_nameiop = CREATE;
	cn.cn_flags = (LOCKPARENT|HASBUF|SAVENAME|ISLASTCN);
	cn.cn_proc = cnp->cn_proc;
	cn.cn_cred = um->um_cred;
	cn.cn_nameptr = cn.cn_pnbuf;
	cn.cn_namelen = cnp->cn_namelen;
	cn.cn_hash = cnp->cn_hash;
	cn.cn_consume = cnp->cn_consume;

	VREF(dvp);
	if (error = relookup(dvp, vpp, &cn))
		return (error);
	vrele(dvp);

	if (*vpp) {
		VOP_ABORTOP(dvp, &cn);
		VOP_UNLOCK(dvp);
		vrele(*vpp);
		*vpp = NULLVP;
		return (EEXIST);
	}

	VATTR_NULL(&va);
	va.va_type = VDIR;
	va.va_mode = um->um_cmode;

	/* LEASE_CHECK: dvp is locked */
	LEASE_CHECK(dvp, p, p->p_ucred, LEASE_WRITE);

	VREF(dvp);
	error = VOP_MKDIR(dvp, vpp, &cn, &va);
	return (error);
}

/*
 * union_vn_create: creates and opens a new shadow file
 * on the upper union layer.  this function is similar
 * in spirit to calling vn_open but it avoids calling namei().
 * the problem with calling namei is that a) it locks too many
 * things, and b) it doesn't start at the "right" directory,
 * whereas relookup is told where to start.
 */
int
union_vn_create(vpp, un, p)
	struct vnode **vpp;
	struct union_node *un;
	struct proc *p;
{
	struct vnode *vp;
	struct ucred *cred = p->p_ucred;
	struct vattr vat;
	struct vattr *vap = &vat;
	int fmode = FFLAGS(O_WRONLY|O_CREAT|O_TRUNC|O_EXCL);
	int error;
	int cmode = UN_FILEMODE & ~p->p_fd->fd_cmask;
	char *cp;
	struct componentname cn;

	*vpp = NULLVP;

	/*
	 * Build a new componentname structure (for the same
	 * reasons outlines in union_mkshadow).
	 * The difference here is that the file is owned by
	 * the current user, rather than by the person who
	 * did the mount, since the current user needs to be
	 * able to write the file (that's why it is being
	 * copied in the first place).
	 */
	cn.cn_namelen = strlen(un->un_path);
	cn.cn_pnbuf = (caddr_t) malloc(cn.cn_namelen, M_NAMEI, M_WAITOK);
	bcopy(un->un_path, cn.cn_pnbuf, cn.cn_namelen+1);
	cn.cn_nameiop = CREATE;
	cn.cn_flags = (LOCKLEAF|LOCKPARENT|HASBUF|SAVENAME|ISLASTCN);
	cn.cn_proc = p;
	cn.cn_cred = p->p_ucred;
	cn.cn_nameptr = cn.cn_pnbuf;
	cn.cn_hash = un->un_hash;
	cn.cn_consume = 0;

	VREF(un->un_dirvp);
	if (error = relookup(un->un_dirvp, &vp, &cn))
		return (error);
	vrele(un->un_dirvp);

	if (vp == NULLVP) {
		/*
		 * Good - there was no race to create the file
		 * so go ahead and create it.  The permissions
		 * on the file will be 0666 modified by the
		 * current user's umask.  Access to the file, while
		 * it is unioned, will require access to the top *and*
		 * bottom files.  Access when not unioned will simply
		 * require access to the top-level file.
		 * TODO: confirm choice of access permissions.
		 */
		VATTR_NULL(vap);
		vap->va_type = VREG;
		vap->va_mode = cmode;
		LEASE_CHECK(un->un_dirvp, p, cred, LEASE_WRITE);
		if (error = VOP_CREATE(un->un_dirvp, &vp,
		    &cn, vap))
			return (error);
	} else {
		VOP_ABORTOP(un->un_dirvp, &cn);
		if (un->un_dirvp == vp)
			vrele(un->un_dirvp);
		else
			vput(vp);
		error = EEXIST;
		goto bad;
	}

	if (vp->v_type != VREG) {
		error = EOPNOTSUPP;
		goto bad;
	}

	VOP_UNLOCK(vp);				/* XXX */
	LEASE_CHECK(vp, p, cred, LEASE_WRITE);
	VOP_LOCK(vp);				/* XXX */
	VATTR_NULL(vap);
	vap->va_size = 0;
	if (error = VOP_SETATTR(vp, vap, cred, p))
		goto bad;

	if (error = VOP_OPEN(vp, fmode, cred, p))
		goto bad;

	vp->v_writecount++;
	*vpp = vp;
	return (0);
bad:
	vput(vp);
	return (error);
}

int
union_vn_close(vp, fmode, cred, p)
	struct vnode *vp;
	int fmode;
	struct ucred *cred;
	struct proc *p;
{
	if (fmode & FWRITE)
		--vp->v_writecount;
	return (VOP_CLOSE(vp, fmode));
}

void
union_removed_upper(un)
	struct union_node *un;
{
	if (un->un_flags & UN_ULOCK) {
		un->un_flags &= ~UN_ULOCK;
		vput(un->un_uppervp);
	} else {
		vrele(un->un_uppervp);
	}
	un->un_uppervp = NULLVP;
}

struct vnode *
union_lowervp(vp)
	struct vnode *vp;
{
	struct union_node *un = VTOUNION(vp);

	if (un->un_lowervp && (vp->v_type == un->un_lowervp->v_type)) {
		if (vget(un->un_lowervp, 0))
			return (NULLVP);
	}

	return (un->un_lowervp);
}
Commit	Line	Data
b991bc2d JSP	1	/*
	2	* Copyright (c) 1994 Jan-Simon Pendry
	3	* Copyright (c) 1994
	4	* The Regents of the University of California. All rights reserved.
	5	*
	6	* This code is derived from software contributed to Berkeley by
	7	* Jan-Simon Pendry.
	8	*
	9	* %sccs.include.redist.c%
	10	*
e2a2f3a7	11	* @(#)union_subr.c 2.1 (Berkeley) %G%
b991bc2d JSP	12	*/
	13
	14	#include <sys/param.h>
	15	#include <sys/systm.h>
	16	#include <sys/time.h>
	17	#include <sys/kernel.h>
	18	#include <sys/vnode.h>
	19	#include <sys/namei.h>
	20	#include <sys/malloc.h>
81be6ee0	21	#include <sys/file.h>
3b293975	22	#include <sys/filedesc.h>
b991bc2d JSP	23	#include "union.h" /<miscfs/union/union.h>/
b991bc2d JSP	24
79f80c71 JSP	25	#ifdef DIAGNOSTIC
	26	#include <sys/proc.h>
	27	#endif
	28
b991bc2d JSP	29	static struct union_node *unhead;
	30	static int unvplock;
	31
	32	int
	33	union_init()
	34	{
	35
	36	unhead = 0;
	37	unvplock = 0;
	38	}
	39
e2a2f3a7 JSP	40	static void
	41	union_remlist(un)
	42	struct union_node *un;
	43	{
	44	struct union_node **unpp;
	45
	46	for (unpp = &unhead; unpp != 0; unpp = &(unpp)->un_next) {
	47	if (*unpp == un) {
	48	*unpp = un->un_next;
	49	break;
	50	}
	51	}
	52	}
	53
b991bc2d JSP	54	/*
b991bc2d JSP	55	* allocate a union_node/vnode pair. the vnode is
01dac67e JSP	56	* referenced and locked. the new vnode is returned
	57	* via (vpp). (mp) is the mountpoint of the union filesystem,
	58	* (dvp) is the parent directory where the upper layer object
	59	* should exist (but doesn't) and (cnp) is the componentname
	60	* information which is partially copied to allow the upper
	61	* layer object to be created at a later time. (uppervp)
	62	* and (lowervp) reference the upper and lower layer objects
	63	* being mapped. either, but not both, can be nil.
e2a2f3a7	64	* if supplied, (uppervp) is locked.
3b293975 JSP	65	* the reference is either maintained in the new union_node
3b293975 JSP	66	* object which is allocated, or they are vrele'd.
b991bc2d JSP	67	*
	68	* all union_nodes are maintained on a singly-linked
	69	* list. new nodes are only allocated when they cannot
	70	* be found on this list. entries on the list are
	71	* removed when the vfs reclaim entry is called.
	72	*
	73	* a single lock is kept for the entire list. this is
	74	* needed because the getnewvnode() function can block
	75	* waiting for a vnode to become free, in which case there
	76	* may be more than one process trying to get the same
	77	* vnode. this lock is only taken if we are going to
	78	* call getnewvnode, since the kernel itself is single-threaded.
	79	*
	80	* if an entry is found on the list, then call vget() to
	81	* take a reference. this is done because there may be
	82	* zero references to it and so it needs to removed from
	83	* the vnode free list.
	84	*/
	85	int
79f80c71	86	union_allocvp(vpp, mp, undvp, dvp, cnp, uppervp, lowervp)
b991bc2d JSP	87	struct vnode **vpp;
b991bc2d JSP	88	struct mount *mp;
79f80c71	89	struct vnode *undvp;
b991bc2d JSP	90	struct vnode dvp; / may be null */
	91	struct componentname cnp; / may be null */
	92	struct vnode uppervp; / may be null */
	93	struct vnode lowervp; / may be null */
	94	{
	95	int error;
	96	struct union_node *un;
	97	struct union_node **pp;
01dac67e JSP	98	struct vnode *xlowervp = 0;
	99
	100	if (uppervp == 0 && lowervp == 0)
	101	panic("union: unidentifiable allocation");
	102
	103	if (uppervp && lowervp && (uppervp->v_type != lowervp->v_type)) {
	104	xlowervp = lowervp;
	105	lowervp = 0;
	106	}
b991bc2d JSP	107
	108	loop:
	109	for (un = unhead; un != 0; un = un->un_next) {
	110	if ((un->un_lowervp == lowervp \|\|
	111	un->un_lowervp == 0) &&
	112	(un->un_uppervp == uppervp \|\|
	113	un->un_uppervp == 0) &&
	114	(UNIONTOV(un)->v_mount == mp)) {
79f80c71	115	if (vget(UNIONTOV(un), 0))
b991bc2d	116	goto loop;
e2a2f3a7 JSP	117	break;
	118	}
	119	}
ed5969c8	120
e2a2f3a7 JSP	121	if (un) {
	122	/*
	123	* Obtain a lock on the union_node.
	124	* uppervp is locked, though un->un_uppervp
	125	* may not be. this doesn't break the locking
	126	* hierarchy since in the case that un->un_uppervp
	127	* is not yet locked it will be vrele'd and replaced
	128	* with uppervp.
	129	*/
	130
	131	if ((dvp != NULLVP) && (uppervp == dvp)) {
ed5969c8	132	/*
e2a2f3a7 JSP	133	* Access ``.'', so (un) will already
	134	* be locked. Since this process has
	135	* the lock on (uppervp) no other
	136	* process can hold the lock on (un).
ed5969c8	137	*/
e2a2f3a7 JSP	138	#ifdef DIAGNOSTIC
	139	if ((un->un_flags & UN_LOCKED) == 0)
	140	panic("union: . not locked");
	141	else if (curproc && un->un_pid != curproc->p_pid &&
	142	un->un_pid > -1 && curproc->p_pid > -1)
	143	panic("union: allocvp not lock owner");
	144	#endif
	145	} else {
	146	if (un->un_flags & UN_LOCKED) {
	147	vrele(UNIONTOV(un));
	148	un->un_flags \|= UN_WANT;
	149	sleep((caddr_t) &un->un_flags, PINOD);
	150	goto loop;
79f80c71	151	}
e2a2f3a7	152	un->un_flags \|= UN_LOCKED;
ed5969c8	153
e2a2f3a7 JSP	154	#ifdef DIAGNOSTIC
	155	if (curproc)
	156	un->un_pid = curproc->p_pid;
	157	else
	158	un->un_pid = -1;
	159	#endif
	160	}
	161
	162	/*
	163	* At this point, the union_node is locked,
	164	* un->un_uppervp may not be locked, and uppervp
	165	* is locked or nil.
	166	*/
	167
	168	/*
	169	* Save information about the upper layer.
	170	*/
	171	if (uppervp != un->un_uppervp) {
	172	if (un->un_uppervp)
	173	vrele(un->un_uppervp);
	174	un->un_uppervp = uppervp;
	175	} else if (uppervp) {
	176	vrele(uppervp);
	177	}
	178
	179	if (un->un_uppervp) {
	180	un->un_flags \|= UN_ULOCK;
	181	un->un_flags &= ~UN_KLOCK;
	182	}
	183
	184	/*
	185	* Save information about the lower layer.
	186	* This needs to keep track of pathname
	187	* and directory information which union_vn_create
	188	* might need.
	189	*/
	190	if (lowervp != un->un_lowervp) {
	191	if (un->un_lowervp) {
	192	vrele(un->un_lowervp);
	193	free(un->un_path, M_TEMP);
	194	vrele(un->un_dirvp);
	195	}
	196	un->un_lowervp = lowervp;
	197	if (cnp && (lowervp != NULLVP) &&
	198	(lowervp->v_type == VREG)) {
	199	un->un_hash = cnp->cn_hash;
	200	un->un_path = malloc(cnp->cn_namelen+1,
	201	M_TEMP, M_WAITOK);
	202	bcopy(cnp->cn_nameptr, un->un_path,
	203	cnp->cn_namelen);
	204	un->un_path[cnp->cn_namelen] = '\0';
	205	VREF(dvp);
	206	un->un_dirvp = dvp;
79f80c71	207	}
e2a2f3a7 JSP	208	} else if (lowervp) {
e2a2f3a7 JSP	209	vrele(lowervp);
b991bc2d	210	}
e2a2f3a7 JSP	211	*vpp = UNIONTOV(un);
e2a2f3a7 JSP	212	return (0);
b991bc2d JSP	213	}
	214
	215	/*
	216	* otherwise lock the vp list while we call getnewvnode
	217	* since that can block.
	218	*/
	219	if (unvplock & UN_LOCKED) {
	220	unvplock \|= UN_WANT;
	221	sleep((caddr_t) &unvplock, PINOD);
	222	goto loop;
	223	}
	224	unvplock \|= UN_LOCKED;
	225
	226	error = getnewvnode(VT_UNION, mp, union_vnodeop_p, vpp);
e2a2f3a7 JSP	227	if (error) {
	228	if (uppervp) {
	229	if (dvp == uppervp)
	230	vrele(uppervp);
	231	else
	232	vput(uppervp);
	233	}
	234	if (lowervp)
	235	vrele(lowervp);
	236
b991bc2d	237	goto out;
e2a2f3a7	238	}
b991bc2d JSP	239
	240	MALLOC((vpp)->v_data, void , sizeof(struct union_node),
	241	M_TEMP, M_WAITOK);
	242
01dac67e JSP	243	if (uppervp)
	244	(*vpp)->v_type = uppervp->v_type;
	245	else
	246	(*vpp)->v_type = lowervp->v_type;
b991bc2d	247	un = VTOUNION(*vpp);
79f80c71	248	un->un_vnode = *vpp;
b991bc2d	249	un->un_next = 0;
b991bc2d JSP	250	un->un_uppervp = uppervp;
b991bc2d JSP	251	un->un_lowervp = lowervp;
15a86f7e	252	un->un_openl = 0;
e2a2f3a7 JSP	253	un->un_flags = UN_LOCKED;
	254	if (un->un_uppervp)
	255	un->un_flags \|= UN_ULOCK;
	256	#ifdef DIAGNOSTIC
	257	if (curproc)
	258	un->un_pid = curproc->p_pid;
	259	else
	260	un->un_pid = -1;
	261	#endif
ed5969c8 JSP	262	if (cnp && (lowervp != NULLVP) && (lowervp->v_type == VREG)) {
ed5969c8 JSP	263	un->un_hash = cnp->cn_hash;
b991bc2d JSP	264	un->un_path = malloc(cnp->cn_namelen+1, M_TEMP, M_WAITOK);
	265	bcopy(cnp->cn_nameptr, un->un_path, cnp->cn_namelen);
	266	un->un_path[cnp->cn_namelen] = '\0';
01dac67e JSP	267	VREF(dvp);
01dac67e JSP	268	un->un_dirvp = dvp;
b991bc2d	269	} else {
ed5969c8	270	un->un_hash = 0;
b991bc2d	271	un->un_path = 0;
01dac67e	272	un->un_dirvp = 0;
b991bc2d JSP	273	}
b991bc2d JSP	274
b991bc2d JSP	275	/* add to union vnode list */
	276	for (pp = &unhead; pp; pp = &(pp)->un_next)
	277	continue;
	278	*pp = un;
	279
01dac67e JSP	280	if (xlowervp)
	281	vrele(xlowervp);
	282
b991bc2d JSP	283	out:
	284	unvplock &= ~UN_LOCKED;
	285
	286	if (unvplock & UN_WANT) {
	287	unvplock &= ~UN_WANT;
	288	wakeup((caddr_t) &unvplock);
	289	}
	290
b991bc2d JSP	291	return (error);
	292	}
	293
	294	int
	295	union_freevp(vp)
	296	struct vnode *vp;
	297	{
b991bc2d JSP	298	struct union_node *un = VTOUNION(vp);
b991bc2d JSP	299
e2a2f3a7	300	union_remlist(un);
b991bc2d	301
b991bc2d JSP	302	FREE(vp->v_data, M_TEMP);
	303	vp->v_data = 0;
	304	return (0);
	305	}
81be6ee0 JSP	306
	307	/*
	308	* copyfile. copy the vnode (fvp) to the vnode (tvp)
	309	* using a sequence of reads and writes. both (fvp)
	310	* and (tvp) are locked on entry and exit.
	311	*/
	312	int
	313	union_copyfile(p, cred, fvp, tvp)
	314	struct proc *p;
	315	struct ucred *cred;
	316	struct vnode *fvp;
	317	struct vnode *tvp;
	318	{
	319	char *buf;
	320	struct uio uio;
	321	struct iovec iov;
	322	int error = 0;
	323
	324	/*
	325	* strategy:
	326	* allocate a buffer of size MAXBSIZE.
	327	* loop doing reads and writes, keeping track
	328	* of the current uio offset.
	329	* give up at the first sign of trouble.
	330	*/
	331
	332	uio.uio_procp = p;
	333	uio.uio_segflg = UIO_SYSSPACE;
	334	uio.uio_offset = 0;
	335
	336	VOP_UNLOCK(fvp); /* XXX */
	337	LEASE_CHECK(fvp, p, cred, LEASE_READ);
	338	VOP_LOCK(fvp); /* XXX */
	339	VOP_UNLOCK(tvp); /* XXX */
	340	LEASE_CHECK(tvp, p, cred, LEASE_WRITE);
	341	VOP_LOCK(tvp); /* XXX */
	342
	343	buf = malloc(MAXBSIZE, M_TEMP, M_WAITOK);
	344
	345	/* ugly loop follows... */
	346	do {
	347	off_t offset = uio.uio_offset;
	348
	349	uio.uio_iov = &iov;
	350	uio.uio_iovcnt = 1;
	351	iov.iov_base = buf;
	352	iov.iov_len = MAXBSIZE;
	353	uio.uio_resid = iov.iov_len;
	354	uio.uio_rw = UIO_READ;
	355	error = VOP_READ(fvp, &uio, 0, cred);
	356
	357	if (error == 0) {
	358	uio.uio_iov = &iov;
	359	uio.uio_iovcnt = 1;
	360	iov.iov_base = buf;
	361	iov.iov_len = MAXBSIZE - uio.uio_resid;
	362	uio.uio_offset = offset;
	363	uio.uio_rw = UIO_WRITE;
	364	uio.uio_resid = iov.iov_len;
	365
	366	if (uio.uio_resid == 0)
	367	break;
	368
	369	do {
370	error = VOP_WRITE(tvp, &uio, 0, cred);
371	} while ((uio.uio_resid > 0) && (error == 0));
372	}
373
374	} while (error == 0);
375
376	free(buf, M_TEMP);
377	return (error);
378	}
379
3b293975 JSP	380	/*
	381	* Create a shadow directory in the upper layer.
	382	* The new vnode is returned locked.
	383	*
	384	* (um) points to the union mount structure for access to the
	385	* the mounting process's credentials.
	386	* (dvp) is the directory in which to create the shadow directory.
	387	* it is unlocked on entry and exit.
	388	* (cnp) is the componentname to be created.
	389	* (vpp) is the returned newly created shadow directory, which
	390	* is returned locked.
	391	*/
	392	int
	393	union_mkshadow(um, dvp, cnp, vpp)
	394	struct union_mount *um;
	395	struct vnode *dvp;
	396	struct componentname *cnp;
	397	struct vnode **vpp;
	398	{
	399	int error;
	400	struct vattr va;
	401	struct proc *p = cnp->cn_proc;
	402	struct componentname cn;
	403
	404	/*
	405	* policy: when creating the shadow directory in the
692a90df JSP	406	* upper layer, create it owned by the user who did
	407	* the mount, group from parent directory, and mode
	408	* 777 modified by umask (ie mostly identical to the
	409	* mkdir syscall). (jsp, kb)
3b293975 JSP	410	*/
	411
	412	/*
	413	* A new componentname structure must be faked up because
	414	* there is no way to know where the upper level cnp came
	415	* from or what it is being used for. This must duplicate
	416	* some of the work done by NDINIT, some of the work done
	417	* by namei, some of the work done by lookup and some of
	418	* the work done by VOP_LOOKUP when given a CREATE flag.
	419	* Conclusion: Horrible.
	420	*
	421	* The pathname buffer will be FREEed by VOP_MKDIR.
	422	*/
	423	cn.cn_pnbuf = malloc(cnp->cn_namelen+1, M_NAMEI, M_WAITOK);
ed5969c8 JSP	424	bcopy(cnp->cn_nameptr, cn.cn_pnbuf, cnp->cn_namelen);
ed5969c8 JSP	425	cn.cn_pnbuf[cnp->cn_namelen] = '\0';
3b293975 JSP	426
	427	cn.cn_nameiop = CREATE;
	428	cn.cn_flags = (LOCKPARENT\|HASBUF\|SAVENAME\|ISLASTCN);
	429	cn.cn_proc = cnp->cn_proc;
692a90df	430	cn.cn_cred = um->um_cred;
3b293975 JSP	431	cn.cn_nameptr = cn.cn_pnbuf;
	432	cn.cn_namelen = cnp->cn_namelen;
	433	cn.cn_hash = cnp->cn_hash;
	434	cn.cn_consume = cnp->cn_consume;
	435
ed5969c8	436	VREF(dvp);
3b293975 JSP	437	if (error = relookup(dvp, vpp, &cn))
3b293975 JSP	438	return (error);
ed5969c8	439	vrele(dvp);
3b293975 JSP	440
	441	if (*vpp) {
	442	VOP_ABORTOP(dvp, &cn);
	443	VOP_UNLOCK(dvp);
	444	vrele(*vpp);
	445	*vpp = NULLVP;
	446	return (EEXIST);
	447	}
	448
	449	VATTR_NULL(&va);
	450	va.va_type = VDIR;
692a90df	451	va.va_mode = um->um_cmode;
3b293975 JSP	452
	453	/* LEASE_CHECK: dvp is locked */
	454	LEASE_CHECK(dvp, p, p->p_ucred, LEASE_WRITE);
	455
	456	VREF(dvp);
	457	error = VOP_MKDIR(dvp, vpp, &cn, &va);
	458	return (error);
	459	}
	460
81be6ee0 JSP	461	/*
	462	* union_vn_create: creates and opens a new shadow file
	463	* on the upper union layer. this function is similar
	464	* in spirit to calling vn_open but it avoids calling namei().
	465	* the problem with calling namei is that a) it locks too many
	466	* things, and b) it doesn't start at the "right" directory,
	467	* whereas relookup is told where to start.
	468	*/
	469	int
3b293975	470	union_vn_create(vpp, un, p)
81be6ee0 JSP	471	struct vnode **vpp;
81be6ee0 JSP	472	struct union_node *un;
81be6ee0 JSP	473	struct proc *p;
	474	{
	475	struct vnode *vp;
	476	struct ucred *cred = p->p_ucred;
	477	struct vattr vat;
	478	struct vattr *vap = &vat;
	479	int fmode = FFLAGS(O_WRONLY\|O_CREAT\|O_TRUNC\|O_EXCL);
	480	int error;
ed5969c8	481	int cmode = UN_FILEMODE & ~p->p_fd->fd_cmask;
81be6ee0 JSP	482	char *cp;
	483	struct componentname cn;
	484
	485	*vpp = NULLVP;
	486
692a90df JSP	487	/*
	488	* Build a new componentname structure (for the same
	489	* reasons outlines in union_mkshadow).
	490	* The difference here is that the file is owned by
	491	* the current user, rather than by the person who
	492	* did the mount, since the current user needs to be
	493	* able to write the file (that's why it is being
	494	* copied in the first place).
	495	*/
81be6ee0 JSP	496	cn.cn_namelen = strlen(un->un_path);
	497	cn.cn_pnbuf = (caddr_t) malloc(cn.cn_namelen, M_NAMEI, M_WAITOK);
	498	bcopy(un->un_path, cn.cn_pnbuf, cn.cn_namelen+1);
	499	cn.cn_nameiop = CREATE;
	500	cn.cn_flags = (LOCKLEAF\|LOCKPARENT\|HASBUF\|SAVENAME\|ISLASTCN);
	501	cn.cn_proc = p;
	502	cn.cn_cred = p->p_ucred;
	503	cn.cn_nameptr = cn.cn_pnbuf;
ed5969c8	504	cn.cn_hash = un->un_hash;
81be6ee0 JSP	505	cn.cn_consume = 0;
81be6ee0 JSP	506
ed5969c8	507	VREF(un->un_dirvp);
81be6ee0 JSP	508	if (error = relookup(un->un_dirvp, &vp, &cn))
81be6ee0 JSP	509	return (error);
ed5969c8 JSP	510	vrele(un->un_dirvp);
ed5969c8 JSP	511
81be6ee0	512	if (vp == NULLVP) {
692a90df JSP	513	/*
	514	* Good - there was no race to create the file
	515	* so go ahead and create it. The permissions
	516	* on the file will be 0666 modified by the
	517	* current user's umask. Access to the file, while
	518	* it is unioned, will require access to the top and
	519	* bottom files. Access when not unioned will simply
	520	* require access to the top-level file.
	521	* TODO: confirm choice of access permissions.
	522	*/
81be6ee0 JSP	523	VATTR_NULL(vap);
	524	vap->va_type = VREG;
	525	vap->va_mode = cmode;
	526	LEASE_CHECK(un->un_dirvp, p, cred, LEASE_WRITE);
	527	if (error = VOP_CREATE(un->un_dirvp, &vp,
	528	&cn, vap))
	529	return (error);
	530	} else {
	531	VOP_ABORTOP(un->un_dirvp, &cn);
	532	if (un->un_dirvp == vp)
	533	vrele(un->un_dirvp);
	534	else
	535	vput(vp);
	536	error = EEXIST;
	537	goto bad;
	538	}
	539
	540	if (vp->v_type != VREG) {
	541	error = EOPNOTSUPP;
	542	goto bad;
	543	}
	544
	545	VOP_UNLOCK(vp); /* XXX */
	546	LEASE_CHECK(vp, p, cred, LEASE_WRITE);
	547	VOP_LOCK(vp); /* XXX */
	548	VATTR_NULL(vap);
	549	vap->va_size = 0;
	550	if (error = VOP_SETATTR(vp, vap, cred, p))
	551	goto bad;
	552
	553	if (error = VOP_OPEN(vp, fmode, cred, p))
	554	goto bad;
	555
	556	vp->v_writecount++;
	557	*vpp = vp;
	558	return (0);
	559	bad:
	560	vput(vp);
	561	return (error);
	562	}
ed5969c8 JSP	563
ed5969c8 JSP	564	int
15a86f7e	565	union_vn_close(vp, fmode, cred, p)
ed5969c8 JSP	566	struct vnode *vp;
ed5969c8 JSP	567	int fmode;
15a86f7e JSP	568	struct ucred *cred;
15a86f7e JSP	569	struct proc *p;
ed5969c8 JSP	570	{
	571	if (fmode & FWRITE)
	572	--vp->v_writecount;
	573	return (VOP_CLOSE(vp, fmode));
	574	}
	575
	576	void
	577	union_removed_upper(un)
	578	struct union_node *un;
	579	{
e2a2f3a7 JSP	580	if (un->un_flags & UN_ULOCK) {
	581	un->un_flags &= ~UN_ULOCK;
	582	vput(un->un_uppervp);
	583	} else {
	584	vrele(un->un_uppervp);
	585	}
ed5969c8 JSP	586	un->un_uppervp = NULLVP;
ed5969c8 JSP	587	}
15a86f7e JSP	588
	589	struct vnode *
	590	union_lowervp(vp)
	591	struct vnode *vp;
	592	{
	593	struct union_node *un = VTOUNION(vp);
	594
	595	if (un->un_lowervp && (vp->v_type == un->un_lowervp->v_type)) {
	596	if (vget(un->un_lowervp, 0))
	597	return (NULLVP);
	598	}
	599
	600	return (un->un_lowervp);
	601	}