X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/9f7857db2a95d07dfda6ef655e42d72cfd4e740c..8583490d0022d6efbaf5c6bf8abc3a426861e69b:/usr/src/sys/miscfs/union/union_vfsops.c?ds=inline diff --git a/usr/src/sys/miscfs/union/union_vfsops.c b/usr/src/sys/miscfs/union/union_vfsops.c index 9346c2391c..8bb8cb0017 100644 --- a/usr/src/sys/miscfs/union/union_vfsops.c +++ b/usr/src/sys/miscfs/union/union_vfsops.c @@ -8,7 +8,7 @@ * * %sccs.include.redist.c% * - * @(#)union_vfsops.c 8.6 (Berkeley) %G% + * @(#)union_vfsops.c 8.14 (Berkeley) %G% */ /* @@ -43,7 +43,7 @@ union_mount(mp, path, data, ndp, p) struct union_args args; struct vnode *lowerrootvp = NULLVP; struct vnode *upperrootvp = NULLVP; - struct union_mount *um; + struct union_mount *um = 0; struct ucred *cred = 0; struct ucred *scred; struct vattr va; @@ -68,34 +68,6 @@ union_mount(mp, path, data, ndp, p) goto bad; } - /* - * Take a copy of the process's credentials. This isn't - * quite right since the euid will always be zero and we - * want to get the "real" users credentials. So fix up - * the uid field after taking the copy. - */ - cred = crdup(p->p_ucred); - cred->cr_uid = p->p_cred->p_ruid; - - /* - * Ensure the *real* user has write permission on the - * mounted-on directory. This allows the mount_union - * command to be made setuid root so allowing anyone - * to do union mounts onto any directory on which they - * have write permission and which they also own. - */ - error = VOP_GETATTR(mp->mnt_vnodecovered, &va, cred, p); - if (error) - goto bad; - if ((va.va_uid != cred->cr_uid) && - (cred->cr_uid != 0)) { - error = EACCES; - goto bad; - } - error = VOP_ACCESS(mp->mnt_vnodecovered, VWRITE, cred, p); - if (error) - goto bad; - /* * Get argument */ @@ -106,18 +78,10 @@ union_mount(mp, path, data, ndp, p) VREF(lowerrootvp); /* - * Find upper node. Use the real process credentials, - * not the effective ones since this will have come - * through a setuid process (mount_union). All this - * messing around with permissions is entirely bogus - * and should be removed by allowing any user straight - * past the mount system call. + * Find upper node. */ - scred = p->p_ucred; - p->p_ucred = cred; NDINIT(ndp, LOOKUP, FOLLOW|WANTPARENT, UIO_USERSPACE, args.target, p); - p->p_ucred = scred; if (error = namei(ndp)) goto bad; @@ -167,7 +131,18 @@ union_mount(mp, path, data, ndp, p) goto bad; } - um->um_cred = cred; + /* + * Unless the mount is readonly, ensure that the top layer + * supports whiteout operations + */ + if ((mp->mnt_flag & MNT_RDONLY) == 0) { + error = VOP_WHITEOUT(um->um_uppervp, (struct componentname *) 0, LOOKUP); + if (error) + goto bad; + } + + um->um_cred = p->p_ucred; + crhold(um->um_cred); um->um_cmode = UN_DIRMODE &~ p->p_fd->fd_cmask; /* @@ -195,12 +170,6 @@ union_mount(mp, path, data, ndp, p) */ mp->mnt_flag |= (um->um_uppervp->v_mount->mnt_flag & MNT_RDONLY); - /* - * This is a user mount. Privilege check for unmount - * will be done in union_unmount. - */ - mp->mnt_flag |= MNT_USER; - mp->mnt_data = (qaddr_t) um; getnewfsid(mp, MOUNT_UNION); @@ -209,13 +178,13 @@ union_mount(mp, path, data, ndp, p) switch (um->um_op) { case UNMNT_ABOVE: - cp = "un-above:"; + cp = ":"; break; case UNMNT_BELOW: - cp = "un-below:"; + cp = ":"; break; case UNMNT_REPLACE: - cp = "replace:"; + cp = ""; break; } len = strlen(cp); @@ -234,6 +203,8 @@ union_mount(mp, path, data, ndp, p) return (0); bad: + if (um) + free(um, M_UFSMNT); if (cred) crfree(cred); if (upperrootvp) @@ -270,6 +241,7 @@ union_unmount(mp, mntflags, p) struct union_mount *um = MOUNTTOUNIONMOUNT(mp); struct vnode *um_rootvp; int error; + int freeing; int flags = 0; extern int doforce; @@ -277,11 +249,6 @@ union_unmount(mp, mntflags, p) printf("union_unmount(mp = %x)\n", mp); #endif - /* only the mounter, or superuser can unmount */ - if ((p->p_cred->p_ruid != um->um_cred->cr_uid) && - (error = suser(p->p_ucred, &p->p_acflag))) - return (error); - if (mntflags & MNT_FORCE) { /* union can never be rootfs so don't check for it */ if (!doforce) @@ -291,17 +258,42 @@ union_unmount(mp, mntflags, p) if (error = union_root(mp, &um_rootvp)) return (error); + + /* + * Keep flushing vnodes from the mount list. + * This is needed because of the un_pvp held + * reference to the parent vnode. + * If more vnodes have been freed on a given pass, + * the try again. The loop will iterate at most + * (d) times, where (d) is the maximum tree depth + * in the filesystem. + */ + for (freeing = 0; vflush(mp, um_rootvp, flags) != 0;) { + struct vnode *vp; + int n; + + /* count #vnodes held on mount list */ + for (n = 0, vp = mp->mnt_vnodelist.lh_first; + vp != NULLVP; + vp = vp->v_mntvnodes.le_next) + n++; + + /* if this is unchanged then stop */ + if (n == freeing) + break; + + /* otherwise try once more time */ + freeing = n; + } + + /* At this point the root vnode should have a single reference */ if (um_rootvp->v_usecount > 1) { vput(um_rootvp); return (EBUSY); } - if (error = vflush(mp, um_rootvp, flags)) { - vput(um_rootvp); - return (error); - } #ifdef UNION_DIAGNOSTIC - vprint("alias root of lower", um_rootvp); + vprint("union root", um_rootvp); #endif /* * Discard references to upper and lower target vnodes. @@ -335,12 +327,6 @@ union_root(mp, vpp) int error; int loselock; -#ifdef UNION_DIAGNOSTIC - printf("union_root(mp = %x, lvp = %x, uvp = %x)\n", mp, - um->um_lowervp, - um->um_uppervp); -#endif - /* * Return locked reference to root. */ @@ -359,7 +345,8 @@ union_root(mp, vpp) (struct vnode *) 0, (struct componentname *) 0, um->um_uppervp, - um->um_lowervp); + um->um_lowervp, + 1); if (error) { if (!loselock) @@ -368,7 +355,6 @@ union_root(mp, vpp) if (um->um_lowervp) vrele(um->um_lowervp); } else { - (*vpp)->v_flag |= VROOT; if (loselock) VTOUNION(*vpp)->un_flags &= ~UN_ULOCK; } @@ -442,16 +428,20 @@ union_statfs(mp, sbp, p) * kind of sense. none of this makes sense though. */ - if (mstat.f_bsize != lbsize) { + if (mstat.f_bsize != lbsize) sbp->f_blocks = sbp->f_blocks * lbsize / mstat.f_bsize; - sbp->f_bfree = sbp->f_bfree * lbsize / mstat.f_bsize; - sbp->f_bavail = sbp->f_bavail * lbsize / mstat.f_bsize; - } + + /* + * The "total" fields count total resources in all layers, + * the "free" fields count only those resources which are + * free in the upper layer (since only the upper layer + * is writeable). + */ sbp->f_blocks += mstat.f_blocks; - sbp->f_bfree += mstat.f_bfree; - sbp->f_bavail += mstat.f_bavail; + sbp->f_bfree = mstat.f_bfree; + sbp->f_bavail = mstat.f_bavail; sbp->f_files += mstat.f_files; - sbp->f_ffree += mstat.f_ffree; + sbp->f_ffree = mstat.f_ffree; if (sbp != &mp->mnt_stat) { bcopy(&mp->mnt_stat.f_fsid, &sbp->f_fsid, sizeof(sbp->f_fsid));