1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
24 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
25 */
26
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29
30 /*
31 * University Copyright- Copyright (c) 1982, 1986, 1988
32 * The Regents of the University of California
33 * All Rights Reserved
34 *
35 * University Acknowledgment- Portions of this document are derived from
36 * software developed by the University of California, Berkeley, and its
37 * contributors.
38 */
39
40 #include <sys/types.h>
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/cpuvar.h>
44 #include <sys/errno.h>
45 #include <sys/cred.h>
46 #include <sys/user.h>
47 #include <sys/uio.h>
48 #include <sys/vfs.h>
49 #include <sys/vnode.h>
50 #include <sys/pathname.h>
51 #include <sys/proc.h>
52 #include <sys/vtrace.h>
53 #include <sys/sysmacros.h>
54 #include <sys/debug.h>
55 #include <sys/dirent.h>
56 #include <c2/audit.h>
57 #include <sys/zone.h>
58 #include <sys/dnlc.h>
59 #include <sys/fs/snode.h>
60
61 /* Controls whether paths are stored with vnodes. */
62 int vfs_vnode_path = 1;
63
64 int
65 lookupname(
66 char *fnamep,
67 enum uio_seg seg,
68 int followlink,
69 vnode_t **dirvpp,
70 vnode_t **compvpp)
71 {
72 return (lookupnameatcred(fnamep, seg, followlink, dirvpp, compvpp, NULL,
73 CRED()));
74 }
75
76 /*
77 * Lookup the user file name,
78 * Handle allocation and freeing of pathname buffer, return error.
79 */
80 int
81 lookupnameatcred(
82 char *fnamep, /* user pathname */
83 enum uio_seg seg, /* addr space that name is in */
84 int followlink, /* follow sym links */
85 vnode_t **dirvpp, /* ret for ptr to parent dir vnode */
86 vnode_t **compvpp, /* ret for ptr to component vnode */
87 vnode_t *startvp, /* start path search from vp */
88 cred_t *cr) /* credential */
89 {
90 char namebuf[TYPICALMAXPATHLEN];
91 struct pathname lookpn;
92 int error;
93
94 error = pn_get_buf(fnamep, seg, &lookpn, namebuf, sizeof (namebuf));
95 if (error == 0) {
96 error = lookuppnatcred(&lookpn, NULL, followlink,
97 dirvpp, compvpp, startvp, cr);
98 }
99 if (error == ENAMETOOLONG) {
100 /*
101 * This thread used a pathname > TYPICALMAXPATHLEN bytes long.
102 */
103 if (error = pn_get(fnamep, seg, &lookpn))
104 return (error);
105 error = lookuppnatcred(&lookpn, NULL, followlink,
106 dirvpp, compvpp, startvp, cr);
107 pn_free(&lookpn);
108 }
109
110 return (error);
111 }
112
113 int
114 lookupnameat(char *fnamep, enum uio_seg seg, int followlink,
115 vnode_t **dirvpp, vnode_t **compvpp, vnode_t *startvp)
116 {
117 return (lookupnameatcred(fnamep, seg, followlink, dirvpp, compvpp,
118 startvp, CRED()));
119 }
120
121 int
122 lookuppn(
123 struct pathname *pnp,
124 struct pathname *rpnp,
125 int followlink,
126 vnode_t **dirvpp,
127 vnode_t **compvpp)
128 {
129 return (lookuppnatcred(pnp, rpnp, followlink, dirvpp, compvpp, NULL,
130 CRED()));
131 }
132
133 /*
134 * Lookup the user file name from a given vp, using a specific credential.
135 */
136 int
137 lookuppnatcred(
138 struct pathname *pnp, /* pathname to lookup */
139 struct pathname *rpnp, /* if non-NULL, return resolved path */
140 int followlink, /* (don't) follow sym links */
141 vnode_t **dirvpp, /* ptr for parent vnode */
142 vnode_t **compvpp, /* ptr for entry vnode */
143 vnode_t *startvp, /* start search from this vp */
144 cred_t *cr) /* user credential */
145 {
146 vnode_t *vp; /* current directory vp */
147 vnode_t *rootvp;
148 proc_t *p = curproc;
149
150 if (pnp->pn_pathlen == 0)
151 return (ENOENT);
152
153 mutex_enter(&p->p_lock); /* for u_rdir and u_cdir */
154 if ((rootvp = PTOU(p)->u_rdir) == NULL)
155 rootvp = rootdir;
156 else if (rootvp != rootdir) /* no need to VN_HOLD rootdir */
157 VN_HOLD(rootvp);
158
159 if (pnp->pn_path[0] == '/') {
160 vp = rootvp;
161 } else {
162 vp = (startvp == NULL) ? PTOU(p)->u_cdir : startvp;
163 }
164 VN_HOLD(vp);
165 mutex_exit(&p->p_lock);
166
167 /*
168 * Skip over leading slashes
169 */
170 if (pnp->pn_path[0] == '/') {
171 do {
172 pnp->pn_path++;
173 pnp->pn_pathlen--;
174 } while (pnp->pn_path[0] == '/');
175 }
176
177 return (lookuppnvp(pnp, rpnp, followlink, dirvpp,
178 compvpp, rootvp, vp, cr));
179 }
180
181 int
182 lookuppnat(struct pathname *pnp, struct pathname *rpnp,
183 int followlink, vnode_t **dirvpp, vnode_t **compvpp,
184 vnode_t *startvp)
185 {
186 return (lookuppnatcred(pnp, rpnp, followlink, dirvpp, compvpp, startvp,
187 CRED()));
188 }
189
190 /* Private flag to do our getcwd() dirty work */
191 #define LOOKUP_CHECKREAD 0x10
192 #define LOOKUP_MASK (~LOOKUP_CHECKREAD)
193
194 /*
195 * Starting at current directory, translate pathname pnp to end.
196 * Leave pathname of final component in pnp, return the vnode
197 * for the final component in *compvpp, and return the vnode
198 * for the parent of the final component in dirvpp.
199 *
200 * This is the central routine in pathname translation and handles
201 * multiple components in pathnames, separating them at /'s. It also
202 * implements mounted file systems and processes symbolic links.
203 *
204 * vp is the vnode where the directory search should start.
205 *
206 * Reference counts: vp must be held prior to calling this function. rootvp
207 * should only be held if rootvp != rootdir.
208 */
209 int
210 lookuppnvp(
211 struct pathname *pnp, /* pathname to lookup */
212 struct pathname *rpnp, /* if non-NULL, return resolved path */
213 int flags, /* follow symlinks */
214 vnode_t **dirvpp, /* ptr for parent vnode */
215 vnode_t **compvpp, /* ptr for entry vnode */
216 vnode_t *rootvp, /* rootvp */
217 vnode_t *vp, /* directory to start search at */
218 cred_t *cr) /* user's credential */
219 {
220 vnode_t *cvp; /* current component vp */
221 char component[MAXNAMELEN]; /* buffer for component (incl null) */
222 int error;
223 int nlink;
224 int lookup_flags;
225 struct pathname presrvd; /* case preserved name */
226 struct pathname *pp = NULL;
227 vnode_t *startvp;
228 vnode_t *zonevp = curproc->p_zone->zone_rootvp; /* zone root */
229 int must_be_directory = 0;
230 boolean_t retry_with_kcred;
231 uint32_t auditing = AU_AUDITING();
232
233 CPU_STATS_ADDQ(CPU, sys, namei, 1);
234 nlink = 0;
235 cvp = NULL;
236 if (rpnp)
237 rpnp->pn_pathlen = 0;
238
239 lookup_flags = dirvpp ? LOOKUP_DIR : 0;
240 if (flags & FIGNORECASE) {
241 lookup_flags |= FIGNORECASE;
242 pn_alloc(&presrvd);
243 pp = &presrvd;
244 }
245
246 if (auditing)
247 audit_anchorpath(pnp, vp == rootvp);
248
249 /*
250 * Eliminate any trailing slashes in the pathname.
251 * If there are any, we must follow all symlinks.
252 * Also, we must guarantee that the last component is a directory.
253 */
254 if (pn_fixslash(pnp)) {
255 flags |= FOLLOW;
256 must_be_directory = 1;
257 }
258
259 startvp = vp;
260 next:
261 retry_with_kcred = B_FALSE;
262
263 /*
264 * Make sure we have a directory.
265 */
266 if (vp->v_type != VDIR) {
267 error = ENOTDIR;
268 goto bad;
269 }
270
271 if (rpnp && VN_CMP(vp, rootvp))
272 (void) pn_set(rpnp, "/");
273
274 /*
275 * Process the next component of the pathname.
276 */
277 if (error = pn_getcomponent(pnp, component)) {
278 goto bad;
279 }
280
281 /*
282 * Handle "..": two special cases.
283 * 1. If we're at the root directory (e.g. after chroot or
284 * zone_enter) then change ".." to "." so we can't get
285 * out of this subtree.
286 * 2. If this vnode is the root of a mounted file system,
287 * then replace it with the vnode that was mounted on
288 * so that we take the ".." in the other file system.
289 */
290 if (component[0] == '.' && component[1] == '.' && component[2] == 0) {
291 checkforroot:
292 if (VN_CMP(vp, rootvp) || VN_CMP(vp, zonevp)) {
293 component[1] = '\0';
294 } else if (vp->v_flag & VROOT) {
295 vfs_t *vfsp;
296 cvp = vp;
297
298 /*
299 * While we deal with the vfs pointer from the vnode
300 * the filesystem could have been forcefully unmounted
301 * and the vnode's v_vfsp could have been invalidated
302 * by VFS_UNMOUNT. Hence, we cache v_vfsp and use it
303 * with vfs_rlock_wait/vfs_unlock.
304 * It is safe to use the v_vfsp even it is freed by
305 * VFS_UNMOUNT because vfs_rlock_wait/vfs_unlock
306 * do not dereference v_vfsp. It is just used as a
307 * magic cookie.
308 * One more corner case here is the memory getting
309 * reused for another vfs structure. In this case
310 * lookuppnvp's vfs_rlock_wait will succeed, domount's
311 * vfs_lock will fail and domount will bail out with an
312 * error (EBUSY).
313 */
314 vfsp = cvp->v_vfsp;
315
316 /*
317 * This lock is used to synchronize
318 * mounts/unmounts and lookups.
319 * Threads doing mounts/unmounts hold the
320 * writers version vfs_lock_wait().
321 */
322
323 vfs_rlock_wait(vfsp);
324
325 /*
326 * If this vnode is on a file system that
327 * has been forcibly unmounted,
328 * we can't proceed. Cancel this operation
329 * and return EIO.
330 *
331 * vfs_vnodecovered is NULL if unmounted.
332 * Currently, nfs uses VFS_UNMOUNTED to
333 * check if it's a forced-umount. Keep the
334 * same checking here as well even though it
335 * may not be needed.
336 */
337 if (((vp = cvp->v_vfsp->vfs_vnodecovered) == NULL) ||
338 (cvp->v_vfsp->vfs_flag & VFS_UNMOUNTED)) {
339 vfs_unlock(vfsp);
340 VN_RELE(cvp);
341 if (pp)
342 pn_free(pp);
343 return (EIO);
344 }
345 VN_HOLD(vp);
346 vfs_unlock(vfsp);
347 VN_RELE(cvp);
348 cvp = NULL;
349 /*
350 * Crossing mount points. For eg: We are doing
351 * a lookup of ".." for file systems root vnode
352 * mounted here, and VOP_LOOKUP() (with covered vnode)
353 * will be on underlying file systems mount point
354 * vnode. Set retry_with_kcred flag as we might end
355 * up doing VOP_LOOKUP() with kcred if required.
356 */
357 retry_with_kcred = B_TRUE;
358 goto checkforroot;
359 }
360 }
361
362 /*
363 * LOOKUP_CHECKREAD is a private flag used by vnodetopath() to indicate
364 * that we need to have read permission on every directory in the entire
365 * path. This is used to ensure that a forward-lookup of a cached value
366 * has the same effect as a reverse-lookup when the cached value cannot
367 * be found.
368 */
369 if ((flags & LOOKUP_CHECKREAD) &&
370 (error = VOP_ACCESS(vp, VREAD, 0, cr, NULL)) != 0)
371 goto bad;
372
373 /*
374 * Perform a lookup in the current directory.
375 */
376 error = VOP_LOOKUP(vp, component, &cvp, pnp, lookup_flags,
377 rootvp, cr, NULL, NULL, pp);
378
379 /*
380 * Retry with kcred - If crossing mount points & error is EACCES.
381 *
382 * If we are crossing mount points here and doing ".." lookup,
383 * VOP_LOOKUP() might fail if the underlying file systems
384 * mount point has no execute permission. In cases like these,
385 * we retry VOP_LOOKUP() by giving as much privilage as possible
386 * by passing kcred credentials.
387 *
388 * In case of hierarchical file systems, passing kcred still may
389 * or may not work.
390 * For eg: UFS FS --> Mount NFS FS --> Again mount UFS on some
391 * directory inside NFS FS.
392 */
393 if ((error == EACCES) && retry_with_kcred)
394 error = VOP_LOOKUP(vp, component, &cvp, pnp, lookup_flags,
395 rootvp, zone_kcred(), NULL, NULL, pp);
396
397 if (error) {
398 cvp = NULL;
399 /*
400 * On error, return hard error if
401 * (a) we're not at the end of the pathname yet, or
402 * (b) the caller didn't want the parent directory, or
403 * (c) we failed for some reason other than a missing entry.
404 */
405 if (pn_pathleft(pnp) || dirvpp == NULL || error != ENOENT)
406 goto bad;
407 if (auditing) { /* directory access */
408 if (error = audit_savepath(pnp, vp, vp, error, cr))
409 goto bad_noaudit;
410 }
411
412 pn_setlast(pnp);
413 /*
414 * We inform the caller that the desired entry must be
415 * a directory by adding a '/' to the component name.
416 */
417 if (must_be_directory && (error = pn_addslash(pnp)) != 0)
418 goto bad;
419 *dirvpp = vp;
420 if (compvpp != NULL)
421 *compvpp = NULL;
422 if (rootvp != rootdir)
423 VN_RELE(rootvp);
424 if (pp)
425 pn_free(pp);
426 return (0);
427 }
428
429 /*
430 * Traverse mount points.
431 * XXX why don't we need to hold a read lock here (call vn_vfsrlock)?
432 * What prevents a concurrent update to v_vfsmountedhere?
433 * Possible answer: if mounting, we might not see the mount
434 * if it is concurrently coming into existence, but that's
435 * really not much different from the thread running a bit slower.
436 * If unmounting, we may get into traverse() when we shouldn't,
437 * but traverse() will catch this case for us.
438 * (For this to work, fetching v_vfsmountedhere had better
439 * be atomic!)
440 */
441 if (vn_mountedvfs(cvp) != NULL) {
442 if ((error = traverse(&cvp)) != 0)
443 goto bad;
444 }
445
446 /*
447 * If we hit a symbolic link and there is more path to be
448 * translated or this operation does not wish to apply
449 * to a link, then place the contents of the link at the
450 * front of the remaining pathname.
451 */
452 if (cvp->v_type == VLNK && ((flags & FOLLOW) || pn_pathleft(pnp))) {
453 struct pathname linkpath;
454
455 if (++nlink > MAXSYMLINKS) {
456 error = ELOOP;
457 goto bad;
458 }
459 pn_alloc(&linkpath);
460 if (error = pn_getsymlink(cvp, &linkpath, cr)) {
461 pn_free(&linkpath);
462 goto bad;
463 }
464
465 if (auditing)
466 audit_symlink(pnp, &linkpath);
467
468 if (pn_pathleft(&linkpath) == 0)
469 (void) pn_set(&linkpath, ".");
470 error = pn_insert(pnp, &linkpath, strlen(component));
471 pn_free(&linkpath);
472 if (error)
473 goto bad;
474 VN_RELE(cvp);
475 cvp = NULL;
476 if (pnp->pn_pathlen == 0) {
477 error = ENOENT;
478 goto bad;
479 }
480 if (pnp->pn_path[0] == '/') {
481 do {
482 pnp->pn_path++;
483 pnp->pn_pathlen--;
484 } while (pnp->pn_path[0] == '/');
485 VN_RELE(vp);
486 vp = rootvp;
487 VN_HOLD(vp);
488 }
489 if (auditing)
490 audit_anchorpath(pnp, vp == rootvp);
491 if (pn_fixslash(pnp)) {
492 flags |= FOLLOW;
493 must_be_directory = 1;
494 }
495 goto next;
496 }
497
498 /*
499 * If rpnp is non-NULL, remember the resolved path name therein.
500 * Do not include "." components. Collapse occurrences of
501 * "previous/..", so long as "previous" is not itself "..".
502 * Exhausting rpnp results in error ENAMETOOLONG.
503 */
504 if (rpnp && strcmp(component, ".") != 0) {
505 size_t len;
506
507 if (strcmp(component, "..") == 0 &&
508 rpnp->pn_pathlen != 0 &&
509 !((rpnp->pn_pathlen > 2 &&
510 strncmp(rpnp->pn_path+rpnp->pn_pathlen-3, "/..", 3) == 0) ||
511 (rpnp->pn_pathlen == 2 &&
512 strncmp(rpnp->pn_path, "..", 2) == 0))) {
513 while (rpnp->pn_pathlen &&
514 rpnp->pn_path[rpnp->pn_pathlen-1] != '/')
515 rpnp->pn_pathlen--;
516 if (rpnp->pn_pathlen > 1)
517 rpnp->pn_pathlen--;
518 rpnp->pn_path[rpnp->pn_pathlen] = '\0';
519 } else {
520 if (rpnp->pn_pathlen != 0 &&
521 rpnp->pn_path[rpnp->pn_pathlen-1] != '/')
522 rpnp->pn_path[rpnp->pn_pathlen++] = '/';
523 if (flags & FIGNORECASE) {
524 /*
525 * Return the case-preserved name
526 * within the resolved path.
527 */
528 error = copystr(pp->pn_buf,
529 rpnp->pn_path + rpnp->pn_pathlen,
530 rpnp->pn_bufsize - rpnp->pn_pathlen, &len);
531 } else {
532 error = copystr(component,
533 rpnp->pn_path + rpnp->pn_pathlen,
534 rpnp->pn_bufsize - rpnp->pn_pathlen, &len);
535 }
536 if (error) /* copystr() returns ENAMETOOLONG */
537 goto bad;
538 rpnp->pn_pathlen += (len - 1);
539 ASSERT(rpnp->pn_bufsize > rpnp->pn_pathlen);
540 }
541 }
542
543 /*
544 * If no more components, return last directory (if wanted) and
545 * last component (if wanted).
546 */
547 if (pn_pathleft(pnp) == 0) {
548 /*
549 * If there was a trailing slash in the pathname,
550 * make sure the last component is a directory.
551 */
552 if (must_be_directory && cvp->v_type != VDIR) {
553 error = ENOTDIR;
554 goto bad;
555 }
556 if (dirvpp != NULL) {
557 /*
558 * Check that we have the real parent and not
559 * an alias of the last component.
560 */
561 if (vn_compare(vp, cvp)) {
562 if (auditing)
563 (void) audit_savepath(pnp, cvp, vp,
564 EINVAL, cr);
565 pn_setlast(pnp);
566 VN_RELE(vp);
567 VN_RELE(cvp);
568 if (rootvp != rootdir)
569 VN_RELE(rootvp);
570 if (pp)
571 pn_free(pp);
572 return (EINVAL);
573 }
574 *dirvpp = vp;
575 } else
576 VN_RELE(vp);
577 if (auditing)
578 (void) audit_savepath(pnp, cvp, vp, 0, cr);
579 if (pnp->pn_path == pnp->pn_buf)
580 (void) pn_set(pnp, ".");
581 else
582 pn_setlast(pnp);
583 if (rpnp) {
584 if (VN_CMP(cvp, rootvp))
585 (void) pn_set(rpnp, "/");
586 else if (rpnp->pn_pathlen == 0)
587 (void) pn_set(rpnp, ".");
588 }
589
590 if (compvpp != NULL)
591 *compvpp = cvp;
592 else
593 VN_RELE(cvp);
594 if (rootvp != rootdir)
595 VN_RELE(rootvp);
596 if (pp)
597 pn_free(pp);
598 return (0);
599 }
600
601 /*
602 * Skip over slashes from end of last component.
603 */
604 while (pnp->pn_path[0] == '/') {
605 pnp->pn_path++;
606 pnp->pn_pathlen--;
607 }
608
609 /*
610 * Searched through another level of directory:
611 * release previous directory handle and save new (result
612 * of lookup) as current directory.
613 */
614 VN_RELE(vp);
615 vp = cvp;
616 cvp = NULL;
617 goto next;
618
619 bad:
620 if (auditing) /* reached end of path */
621 (void) audit_savepath(pnp, cvp, vp, error, cr);
622 bad_noaudit:
623 /*
624 * Error. Release vnodes and return.
625 */
626 if (cvp)
627 VN_RELE(cvp);
628 /*
629 * If the error was ESTALE and the current directory to look in
630 * was the root for this lookup, the root for a mounted file
631 * system, or the starting directory for lookups, then
632 * return ENOENT instead of ESTALE. In this case, no recovery
633 * is possible by the higher level. If ESTALE was returned for
634 * some intermediate directory along the path, then recovery
635 * is potentially possible and retrying from the higher level
636 * will either correct the situation by purging stale cache
637 * entries or eventually get back to the point where no recovery
638 * is possible.
639 */
640 if (error == ESTALE &&
641 (VN_CMP(vp, rootvp) || (vp->v_flag & VROOT) || vp == startvp))
642 error = ENOENT;
643 VN_RELE(vp);
644 if (rootvp != rootdir)
645 VN_RELE(rootvp);
646 if (pp)
647 pn_free(pp);
648 return (error);
649 }
650
651 /*
652 * Traverse a mount point. Routine accepts a vnode pointer as a reference
653 * parameter and performs the indirection, releasing the original vnode.
654 */
655 int
656 traverse(vnode_t **cvpp)
657 {
658 int error = 0;
659 vnode_t *cvp;
660 vnode_t *tvp;
661 vfs_t *vfsp;
662
663 cvp = *cvpp;
664
665 /*
666 * If this vnode is mounted on, then we transparently indirect
667 * to the vnode which is the root of the mounted file system.
668 * Before we do this we must check that an unmount is not in
669 * progress on this vnode.
670 */
671
672 for (;;) {
673 /*
674 * Try to read lock the vnode. If this fails because
675 * the vnode is already write locked, then check to
676 * see whether it is the current thread which locked
677 * the vnode. If it is not, then read lock the vnode
678 * by waiting to acquire the lock.
679 *
680 * The code path in domount() is an example of support
681 * which needs to look up two pathnames and locks one
682 * of them in between the two lookups.
683 */
684 error = vn_vfsrlock(cvp);
685 if (error) {
686 if (!vn_vfswlock_held(cvp))
687 error = vn_vfsrlock_wait(cvp);
688 if (error != 0) {
689 /*
690 * lookuppn() expects a held vnode to be
691 * returned because it promptly calls
692 * VN_RELE after the error return
693 */
694 *cvpp = cvp;
695 return (error);
696 }
697 }
698
699 /*
700 * Reached the end of the mount chain?
701 */
702 vfsp = vn_mountedvfs(cvp);
703 if (vfsp == NULL) {
704 vn_vfsunlock(cvp);
705 break;
706 }
707
708 /*
709 * The read lock must be held across the call to VFS_ROOT() to
710 * prevent a concurrent unmount from destroying the vfs.
711 */
712 error = VFS_ROOT(vfsp, &tvp);
713 vn_vfsunlock(cvp);
714
715 if (error)
716 break;
717
718 VN_RELE(cvp);
719
720 cvp = tvp;
721 }
722
723 *cvpp = cvp;
724 return (error);
725 }
726
727 /*
728 * Return the lowermost vnode if this is a mountpoint.
729 */
730 static vnode_t *
731 vn_under(vnode_t *vp)
732 {
733 vnode_t *uvp;
734 vfs_t *vfsp;
735
736 while (vp->v_flag & VROOT) {
737
738 vfsp = vp->v_vfsp;
739 vfs_rlock_wait(vfsp);
740 if ((uvp = vfsp->vfs_vnodecovered) == NULL ||
741 (vfsp->vfs_flag & VFS_UNMOUNTED)) {
742 vfs_unlock(vfsp);
743 break;
744 }
745 VN_HOLD(uvp);
746 vfs_unlock(vfsp);
747 VN_RELE(vp);
748 vp = uvp;
749 }
750
751 return (vp);
752 }
753
754 static int
755 vnode_match(vnode_t *v1, vnode_t *v2, cred_t *cr)
756 {
757 vattr_t v1attr, v2attr;
758
759 /*
760 * If we have a device file, check to see if is a cloned open of the
761 * same device. For self-cloning devices, the major numbers will match.
762 * For devices cloned through the 'clone' driver, the minor number of
763 * the source device will be the same as the major number of the cloned
764 * device.
765 */
766 if ((v1->v_type == VCHR || v1->v_type == VBLK) &&
767 v1->v_type == v2->v_type) {
768 if ((spec_is_selfclone(v1) || spec_is_selfclone(v2)) &&
769 getmajor(v1->v_rdev) == getmajor(v2->v_rdev))
770 return (1);
771
772 if (spec_is_clone(v1) &&
773 getmajor(v1->v_rdev) == getminor(v2->v_rdev))
774 return (1);
775
776 if (spec_is_clone(v2) &&
777 getmajor(v2->v_rdev) == getminor(v1->v_rdev))
778 return (1);
779 }
780
781 v1attr.va_mask = v2attr.va_mask = AT_TYPE;
782
783 /*
784 * This check for symbolic links handles the pseudo-symlinks in procfs.
785 * These particular links have v_type of VDIR, but the attributes have a
786 * type of VLNK. We need to avoid these links because otherwise if we
787 * are currently in '/proc/self/fd', then '/proc/self/cwd' will compare
788 * as the same vnode.
789 */
790 if (VOP_GETATTR(v1, &v1attr, 0, cr, NULL) != 0 ||
791 VOP_GETATTR(v2, &v2attr, 0, cr, NULL) != 0 ||
792 v1attr.va_type == VLNK || v2attr.va_type == VLNK)
793 return (0);
794
795 v1attr.va_mask = v2attr.va_mask = AT_TYPE | AT_FSID | AT_NODEID;
796
797 if (VOP_GETATTR(v1, &v1attr, ATTR_REAL, cr, NULL) != 0 ||
798 VOP_GETATTR(v2, &v2attr, ATTR_REAL, cr, NULL) != 0)
799 return (0);
800
801 return (v1attr.va_fsid == v2attr.va_fsid &&
802 v1attr.va_nodeid == v2attr.va_nodeid);
803 }
804
805
806 /*
807 * Find the entry in the directory corresponding to the target vnode.
808 */
809 int
810 dirfindvp(vnode_t *vrootp, vnode_t *dvp, vnode_t *tvp, cred_t *cr, char *dbuf,
811 size_t dlen, dirent64_t **rdp)
812 {
813 size_t dbuflen;
814 struct iovec iov;
815 struct uio uio;
816 int error;
817 int eof;
818 vnode_t *cmpvp;
819 struct dirent64 *dp;
820 pathname_t pnp;
821
822 ASSERT(dvp->v_type == VDIR);
823
824 /*
825 * This is necessary because of the strange semantics of VOP_LOOKUP().
826 */
827 bzero(&pnp, sizeof (pnp));
828
829 eof = 0;
830
831 uio.uio_iov = &iov;
832 uio.uio_iovcnt = 1;
833 uio.uio_segflg = UIO_SYSSPACE;
834 uio.uio_fmode = 0;
835 uio.uio_extflg = UIO_COPY_CACHED;
836 uio.uio_loffset = 0;
837
838 if ((error = VOP_ACCESS(dvp, VREAD, 0, cr, NULL)) != 0)
839 return (error);
840
841 while (!eof) {
842 uio.uio_resid = dlen;
843 iov.iov_base = dbuf;
844 iov.iov_len = dlen;
845
846 (void) VOP_RWLOCK(dvp, V_WRITELOCK_FALSE, NULL);
847 error = VOP_READDIR(dvp, &uio, cr, &eof, NULL, 0);
848 VOP_RWUNLOCK(dvp, V_WRITELOCK_FALSE, NULL);
849
850 dbuflen = dlen - uio.uio_resid;
851
852 if (error || dbuflen == 0)
853 break;
854
855 dp = (dirent64_t *)dbuf;
856 while ((intptr_t)dp < (intptr_t)dbuf + dbuflen) {
857 /*
858 * Ignore '.' and '..' entries
859 */
860 if (strcmp(dp->d_name, ".") == 0 ||
861 strcmp(dp->d_name, "..") == 0) {
862 dp = (dirent64_t *)((intptr_t)dp +
863 dp->d_reclen);
864 continue;
865 }
866
867 error = VOP_LOOKUP(dvp, dp->d_name, &cmpvp, &pnp, 0,
868 vrootp, cr, NULL, NULL, NULL);
869
870 /*
871 * We only want to bail out if there was an error other
872 * than ENOENT. Otherwise, it could be that someone
873 * just removed an entry since the readdir() call, and
874 * the entry we want is further on in the directory.
875 */
876 if (error == 0) {
877 if (vnode_match(tvp, cmpvp, cr)) {
878 VN_RELE(cmpvp);
879 *rdp = dp;
880 return (0);
881 }
882
883 VN_RELE(cmpvp);
884 } else if (error != ENOENT) {
885 return (error);
886 }
887
888 dp = (dirent64_t *)((intptr_t)dp + dp->d_reclen);
889 }
890 }
891
892 /*
893 * Something strange has happened, this directory does not contain the
894 * specified vnode. This should never happen in the normal case, since
895 * we ensured that dvp is the parent of vp. This is possible in some
896 * rare conditions (races and the special .zfs directory).
897 */
898 if (error == 0) {
899 error = VOP_LOOKUP(dvp, ".zfs", &cmpvp, &pnp, 0, vrootp, cr,
900 NULL, NULL, NULL);
901 if (error == 0) {
902 if (vnode_match(tvp, cmpvp, cr)) {
903 (void) strcpy(dp->d_name, ".zfs");
904 dp->d_reclen = strlen(".zfs");
905 dp->d_off = 2;
906 dp->d_ino = 1;
907 *rdp = dp;
908 } else {
909 error = ENOENT;
910 }
911 VN_RELE(cmpvp);
912 }
913 }
914
915 return (error);
916 }
917
918 /*
919 * Given a global path (from rootdir), and a vnode that is the current root,
920 * return the portion of the path that is beneath the current root or NULL on
921 * failure. The path MUST be a resolved path (no '..' entries or symlinks),
922 * otherwise this function will fail.
923 */
924 static char *
925 localpath(char *path, struct vnode *vrootp, cred_t *cr)
926 {
927 vnode_t *vp;
928 vnode_t *cvp;
929 char component[MAXNAMELEN];
930 char *ret = NULL;
931 pathname_t pn;
932
933 /*
934 * We use vn_compare() instead of VN_CMP() in order to detect lofs
935 * mounts and stacked vnodes.
936 */
937 if (vn_compare(vrootp, rootdir))
938 return (path);
939
940 if (pn_get(path, UIO_SYSSPACE, &pn) != 0)
941 return (NULL);
942
943 vp = rootdir;
944 VN_HOLD(vp);
945
946 if (vn_ismntpt(vp) && traverse(&vp) != 0) {
947 VN_RELE(vp);
948 pn_free(&pn);
949 return (NULL);
950 }
951
952 while (pn_pathleft(&pn)) {
953 pn_skipslash(&pn);
954
955 if (pn_getcomponent(&pn, component) != 0)
956 break;
957
958 if (VOP_LOOKUP(vp, component, &cvp, &pn, 0, rootdir, cr,
959 NULL, NULL, NULL) != 0)
960 break;
961 VN_RELE(vp);
962 vp = cvp;
963
964 if (vn_ismntpt(vp) && traverse(&vp) != 0)
965 break;
966
967 if (vn_compare(vp, vrootp)) {
968 ret = path + (pn.pn_path - pn.pn_buf);
969 break;
970 }
971 }
972
973 VN_RELE(vp);
974 pn_free(&pn);
975
976 return (ret);
977 }
978
979 /*
980 * Given a directory, return the full, resolved path. This looks up "..",
981 * searches for the given vnode in the parent, appends the component, etc. It
982 * is used to implement vnodetopath() and getcwd() when the cached path fails.
983 */
984 static int
985 dirtopath(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen, int flags,
986 cred_t *cr)
987 {
988 pathname_t pn, rpn, emptypn;
989 vnode_t *cmpvp, *pvp = NULL;
990 vnode_t *startvp = vp;
991 int err = 0, vprivs;
992 size_t complen;
993 char *dbuf;
994 dirent64_t *dp;
995 char *bufloc;
996 size_t dlen = DIRENT64_RECLEN(MAXPATHLEN);
997 refstr_t *mntpt;
998
999 /* Operation only allowed on directories */
1000 ASSERT(vp->v_type == VDIR);
1001
1002 /* We must have at least enough space for "/" */
1003 if (buflen < 2)
1004 return (ENAMETOOLONG);
1005
1006 /* Start at end of string with terminating null */
1007 bufloc = &buf[buflen - 1];
1008 *bufloc = '\0';
1009
1010 pn_alloc(&pn);
1011 pn_alloc(&rpn);
1012 dbuf = kmem_alloc(dlen, KM_SLEEP);
1013 bzero(&emptypn, sizeof (emptypn));
1014
1015 /*
1016 * Begin with an additional reference on vp. This will be decremented
1017 * during the loop.
1018 */
1019 VN_HOLD(vp);
1020
1021 for (;;) {
1022 /*
1023 * Return if we've reached the root. If the buffer is empty,
1024 * return '/'. We explicitly don't use vn_compare(), since it
1025 * compares the real vnodes. A lofs mount of '/' would produce
1026 * incorrect results otherwise.
1027 */
1028 if (VN_CMP(vrootp, vp)) {
1029 if (*bufloc == '\0')
1030 *--bufloc = '/';
1031 break;
1032 }
1033
1034 /*
1035 * If we've reached the VFS root, something has gone wrong. We
1036 * should have reached the root in the above check. The only
1037 * explantation is that 'vp' is not contained withing the given
1038 * root, in which case we return EPERM.
1039 */
1040 if (VN_CMP(rootdir, vp)) {
1041 err = EPERM;
1042 goto out;
1043 }
1044
1045 /*
1046 * Shortcut: see if this vnode is a mountpoint. If so,
1047 * grab the path information from the vfs_t.
1048 */
1049 if (vp->v_flag & VROOT) {
1050
1051 mntpt = vfs_getmntpoint(vp->v_vfsp);
1052 if ((err = pn_set(&pn, (char *)refstr_value(mntpt)))
1053 == 0) {
1054 refstr_rele(mntpt);
1055 rpn.pn_path = rpn.pn_buf;
1056
1057 /*
1058 * Ensure the mountpoint still exists.
1059 */
1060 VN_HOLD(vrootp);
1061 if (vrootp != rootdir)
1062 VN_HOLD(vrootp);
1063 if (lookuppnvp(&pn, &rpn, flags, NULL,
1064 &cmpvp, vrootp, vrootp, cr) == 0) {
1065
1066 if (VN_CMP(vp, cmpvp)) {
1067 VN_RELE(cmpvp);
1068
1069 complen = strlen(rpn.pn_path);
1070 bufloc -= complen;
1071 if (bufloc < buf) {
1072 err = ERANGE;
1073 goto out;
1074 }
1075 bcopy(rpn.pn_path, bufloc,
1076 complen);
1077 break;
1078 } else {
1079 VN_RELE(cmpvp);
1080 }
1081 }
1082 } else {
1083 refstr_rele(mntpt);
1084 }
1085 }
1086
1087 /*
1088 * Shortcut: see if this vnode has correct v_path. If so,
1089 * we have the work done.
1090 */
1091 mutex_enter(&vp->v_lock);
1092 if (vp->v_path != NULL) {
1093
1094 if ((err = pn_set(&pn, vp->v_path)) == 0) {
1095 mutex_exit(&vp->v_lock);
1096 rpn.pn_path = rpn.pn_buf;
1097
1098 /*
1099 * Ensure the v_path pointing to correct vnode
1100 */
1101 VN_HOLD(vrootp);
1102 if (vrootp != rootdir)
1103 VN_HOLD(vrootp);
1104 if (lookuppnvp(&pn, &rpn, flags, NULL,
1105 &cmpvp, vrootp, vrootp, cr) == 0) {
1106
1107 if (VN_CMP(vp, cmpvp)) {
1108 VN_RELE(cmpvp);
1109
1110 complen = strlen(rpn.pn_path);
1111 bufloc -= complen;
1112 if (bufloc < buf) {
1113 err = ERANGE;
1114 goto out;
1115 }
1116 bcopy(rpn.pn_path, bufloc,
1117 complen);
1118 break;
1119 } else {
1120 VN_RELE(cmpvp);
1121 }
1122 }
1123 } else {
1124 mutex_exit(&vp->v_lock);
1125 }
1126 } else {
1127 mutex_exit(&vp->v_lock);
1128 }
1129
1130 /*
1131 * Shortcuts failed, search for this vnode in its parent. If
1132 * this is a mountpoint, then get the vnode underneath.
1133 */
1134 if (vp->v_flag & VROOT)
1135 vp = vn_under(vp);
1136 if ((err = VOP_LOOKUP(vp, "..", &pvp, &emptypn, 0, vrootp, cr,
1137 NULL, NULL, NULL)) != 0)
1138 goto out;
1139
1140 /*
1141 * With extended attributes, it's possible for a directory to
1142 * have a parent that is a regular file. Check for that here.
1143 */
1144 if (pvp->v_type != VDIR) {
1145 err = ENOTDIR;
1146 goto out;
1147 }
1148
1149 /*
1150 * If this is true, something strange has happened. This is
1151 * only true if we are the root of a filesystem, which should
1152 * have been caught by the check above.
1153 */
1154 if (VN_CMP(pvp, vp)) {
1155 err = ENOENT;
1156 goto out;
1157 }
1158
1159 /*
1160 * Check if we have read and search privilege so, that
1161 * we can lookup the path in the directory
1162 */
1163 vprivs = (flags & LOOKUP_CHECKREAD) ? VREAD | VEXEC : VEXEC;
1164 if ((err = VOP_ACCESS(pvp, vprivs, 0, cr, NULL)) != 0) {
1165 goto out;
1166 }
1167
1168 /*
1169 * Try to obtain the path component from dnlc cache
1170 * before searching through the directory.
1171 */
1172 if ((cmpvp = dnlc_reverse_lookup(vp, dbuf, dlen)) != NULL) {
1173 /*
1174 * If we got parent vnode as a result,
1175 * then the answered path is correct.
1176 */
1177 if (VN_CMP(cmpvp, pvp)) {
1178 VN_RELE(cmpvp);
1179 complen = strlen(dbuf);
1180 bufloc -= complen;
1181 if (bufloc <= buf) {
1182 err = ENAMETOOLONG;
1183 goto out;
1184 }
1185 bcopy(dbuf, bufloc, complen);
1186
1187 /* Prepend a slash to the current path */
1188 *--bufloc = '/';
1189
1190 /* And continue with the next component */
1191 VN_RELE(vp);
1192 vp = pvp;
1193 pvp = NULL;
1194 continue;
1195 } else {
1196 VN_RELE(cmpvp);
1197 }
1198 }
1199
1200 /*
1201 * Search the parent directory for the entry corresponding to
1202 * this vnode.
1203 */
1204 if ((err = dirfindvp(vrootp, pvp, vp, cr, dbuf, dlen, &dp))
1205 != 0)
1206 goto out;
1207 complen = strlen(dp->d_name);
1208 bufloc -= complen;
1209 if (bufloc <= buf) {
1210 err = ENAMETOOLONG;
1211 goto out;
1212 }
1213 bcopy(dp->d_name, bufloc, complen);
1214
1215 /* Prepend a slash to the current path. */
1216 *--bufloc = '/';
1217
1218 /* And continue with the next component */
1219 VN_RELE(vp);
1220 vp = pvp;
1221 pvp = NULL;
1222 }
1223
1224 /*
1225 * Place the path at the beginning of the buffer.
1226 */
1227 if (bufloc != buf)
1228 ovbcopy(bufloc, buf, buflen - (bufloc - buf));
1229
1230 out:
1231 /*
1232 * If the error was ESTALE and the current directory to look in
1233 * was the root for this lookup, the root for a mounted file
1234 * system, or the starting directory for lookups, then
1235 * return ENOENT instead of ESTALE. In this case, no recovery
1236 * is possible by the higher level. If ESTALE was returned for
1237 * some intermediate directory along the path, then recovery
1238 * is potentially possible and retrying from the higher level
1239 * will either correct the situation by purging stale cache
1240 * entries or eventually get back to the point where no recovery
1241 * is possible.
1242 */
1243 if (err == ESTALE &&
1244 (VN_CMP(vp, vrootp) || (vp->v_flag & VROOT) || vp == startvp))
1245 err = ENOENT;
1246
1247 kmem_free(dbuf, dlen);
1248 VN_RELE(vp);
1249 if (pvp)
1250 VN_RELE(pvp);
1251 pn_free(&pn);
1252 pn_free(&rpn);
1253
1254 return (err);
1255 }
1256
1257 /*
1258 * The additional flag, LOOKUP_CHECKREAD, is used to enforce artificial
1259 * constraints in order to be standards compliant. For example, if we have
1260 * the cached path of '/foo/bar', and '/foo' has permissions 100 (execute
1261 * only), then we can legitimately look up the path to the current working
1262 * directory without needing read permission. Existing standards tests,
1263 * however, assume that we are determining the path by repeatedly looking up
1264 * "..". We need to keep this behavior in order to maintain backwards
1265 * compatibility.
1266 */
1267 static int
1268 vnodetopath_common(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen,
1269 cred_t *cr, int flags)
1270 {
1271 pathname_t pn, rpn;
1272 int ret, len;
1273 vnode_t *compvp, *pvp, *realvp;
1274 proc_t *p = curproc;
1275 char path[MAXNAMELEN];
1276 int doclose = 0;
1277
1278 /*
1279 * If vrootp is NULL, get the root for curproc. Callers with any other
1280 * requirements should pass in a different vrootp.
1281 */
1282 if (vrootp == NULL) {
1283 mutex_enter(&p->p_lock);
1284 if ((vrootp = PTOU(p)->u_rdir) == NULL)
1285 vrootp = rootdir;
1286 VN_HOLD(vrootp);
1287 mutex_exit(&p->p_lock);
1288 } else {
1289 VN_HOLD(vrootp);
1290 }
1291
1292 /*
1293 * This is to get around an annoying artifact of the /proc filesystem,
1294 * which is the behavior of {cwd/root}. Trying to resolve this path
1295 * will result in /proc/pid/cwd instead of whatever the real working
1296 * directory is. We can't rely on VOP_REALVP(), since that will break
1297 * lofs. The only difference between procfs and lofs is that opening
1298 * the file will return the underling vnode in the case of procfs.
1299 */
1300 if (vp->v_type == VDIR && VOP_REALVP(vp, &realvp, NULL) == 0 &&
1301 realvp != vp) {
1302 VN_HOLD(vp);
1303 if (VOP_OPEN(&vp, FREAD, cr, NULL) == 0)
1304 doclose = 1;
1305 else
1306 VN_RELE(vp);
1307 }
1308
1309 pn_alloc(&pn);
1310
1311 /*
1312 * Check to see if we have a cached path in the vnode.
1313 */
1314 mutex_enter(&vp->v_lock);
1315 if (vp->v_path != NULL) {
1316 (void) pn_set(&pn, vp->v_path);
1317 mutex_exit(&vp->v_lock);
1318
1319 pn_alloc(&rpn);
1320
1321 /* We should only cache absolute paths */
1322 ASSERT(pn.pn_buf[0] == '/');
1323
1324 /*
1325 * If we are in a zone or a chroot environment, then we have to
1326 * take additional steps, since the path to the root might not
1327 * be readable with the current credentials, even though the
1328 * process can legitmately access the file. In this case, we
1329 * do the following:
1330 *
1331 * lookuppnvp() with all privileges to get the resolved path.
1332 * call localpath() to get the local portion of the path, and
1333 * continue as normal.
1334 *
1335 * If the the conversion to a local path fails, then we continue
1336 * as normal. This is a heuristic to make process object file
1337 * paths available from within a zone. Because lofs doesn't
1338 * support page operations, the vnode stored in the seg_t is
1339 * actually the underlying real vnode, not the lofs node itself.
1340 * Most of the time, the lofs path is the same as the underlying
1341 * vnode (for example, /usr/lib/libc.so.1).
1342 */
1343 if (vrootp != rootdir) {
1344 char *local = NULL;
1345 VN_HOLD(rootdir);
1346 if (lookuppnvp(&pn, &rpn, FOLLOW,
1347 NULL, &compvp, rootdir, rootdir, kcred) == 0) {
1348 local = localpath(rpn.pn_path, vrootp,
1349 kcred);
1350 VN_RELE(compvp);
1351 }
1352
1353 /*
1354 * The original pn was changed through lookuppnvp().
1355 * Set it to local for next validation attempt.
1356 */
1357 if (local) {
1358 (void) pn_set(&pn, local);
1359 } else {
1360 goto notcached;
1361 }
1362 }
1363
1364 /*
1365 * We should have a local path at this point, so start the
1366 * search from the root of the current process.
1367 */
1368 VN_HOLD(vrootp);
1369 if (vrootp != rootdir)
1370 VN_HOLD(vrootp);
1371 ret = lookuppnvp(&pn, &rpn, FOLLOW | flags, NULL,
1372 &compvp, vrootp, vrootp, cr);
1373 if (ret == 0) {
1374 /*
1375 * Check to see if the returned vnode is the same as
1376 * the one we expect. If not, give up.
1377 */
1378 if (!vn_compare(vp, compvp) &&
1379 !vnode_match(vp, compvp, cr)) {
1380 VN_RELE(compvp);
1381 goto notcached;
1382 }
1383
1384 VN_RELE(compvp);
1385
1386 /*
1387 * Return the result.
1388 */
1389 if (buflen <= rpn.pn_pathlen)
1390 goto notcached;
1391
1392 bcopy(rpn.pn_path, buf, rpn.pn_pathlen + 1);
1393 pn_free(&pn);
1394 pn_free(&rpn);
1395 VN_RELE(vrootp);
1396 if (doclose) {
1397 (void) VOP_CLOSE(vp, FREAD, 1, 0, cr, NULL);
1398 VN_RELE(vp);
1399 }
1400 return (0);
1401 }
1402
1403 notcached:
1404 pn_free(&rpn);
1405 } else {
1406 mutex_exit(&vp->v_lock);
1407 }
1408
1409 pn_free(&pn);
1410
1411 if (vp->v_type != VDIR) {
1412 /*
1413 * If we don't have a directory, try to find it in the dnlc via
1414 * reverse lookup. Once this is found, we can use the regular
1415 * directory search to find the full path.
1416 */
1417 if ((pvp = dnlc_reverse_lookup(vp, path, MAXNAMELEN)) != NULL) {
1418 /*
1419 * Check if we have read privilege so, that
1420 * we can lookup the path in the directory
1421 */
1422 ret = 0;
1423 if ((flags & LOOKUP_CHECKREAD)) {
1424 ret = VOP_ACCESS(pvp, VREAD, 0, cr, NULL);
1425 }
1426 if (ret == 0) {
1427 ret = dirtopath(vrootp, pvp, buf, buflen,
1428 flags, cr);
1429 }
1430 if (ret == 0) {
1431 len = strlen(buf);
1432 if (len + strlen(path) + 1 >= buflen) {
1433 ret = ENAMETOOLONG;
1434 } else {
1435 if (buf[len - 1] != '/')
1436 buf[len++] = '/';
1437 bcopy(path, buf + len,
1438 strlen(path) + 1);
1439 }
1440 }
1441
1442 VN_RELE(pvp);
1443 } else
1444 ret = ENOENT;
1445 } else
1446 ret = dirtopath(vrootp, vp, buf, buflen, flags, cr);
1447
1448 VN_RELE(vrootp);
1449 if (doclose) {
1450 (void) VOP_CLOSE(vp, FREAD, 1, 0, cr, NULL);
1451 VN_RELE(vp);
1452 }
1453
1454 return (ret);
1455 }
1456
1457 int
1458 vnodetopath(vnode_t *vrootp, vnode_t *vp, char *buf, size_t buflen, cred_t *cr)
1459 {
1460 return (vnodetopath_common(vrootp, vp, buf, buflen, cr, 0));
1461 }
1462
1463 int
1464 dogetcwd(char *buf, size_t buflen)
1465 {
1466 int ret;
1467 vnode_t *vp;
1468 vnode_t *compvp;
1469 refstr_t *cwd, *oldcwd;
1470 const char *value;
1471 pathname_t rpnp, pnp;
1472 proc_t *p = curproc;
1473
1474 /*
1475 * Check to see if there is a cached version of the cwd. If so, lookup
1476 * the cached value and make sure it is the same vnode.
1477 */
1478 mutex_enter(&p->p_lock);
1479 if ((cwd = PTOU(p)->u_cwd) != NULL)
1480 refstr_hold(cwd);
1481 vp = PTOU(p)->u_cdir;
1482 VN_HOLD(vp);
1483 mutex_exit(&p->p_lock);
1484
1485 /*
1486 * Make sure we have permission to access the current directory.
1487 */
1488 if ((ret = VOP_ACCESS(vp, VEXEC, 0, CRED(), NULL)) != 0) {
1489 if (cwd != NULL)
1490 refstr_rele(cwd);
1491 VN_RELE(vp);
1492 return (ret);
1493 }
1494
1495 if (cwd) {
1496 value = refstr_value(cwd);
1497 if ((ret = pn_get((char *)value, UIO_SYSSPACE, &pnp)) != 0) {
1498 refstr_rele(cwd);
1499 VN_RELE(vp);
1500 return (ret);
1501 }
1502
1503 pn_alloc(&rpnp);
1504
1505 if (lookuppn(&pnp, &rpnp, NO_FOLLOW, NULL, &compvp) == 0) {
1506
1507 if (VN_CMP(vp, compvp) &&
1508 strcmp(value, rpnp.pn_path) == 0) {
1509 VN_RELE(compvp);
1510 VN_RELE(vp);
1511 pn_free(&pnp);
1512 pn_free(&rpnp);
1513 if (strlen(value) + 1 > buflen) {
1514 refstr_rele(cwd);
1515 return (ENAMETOOLONG);
1516 }
1517 bcopy(value, buf, strlen(value) + 1);
1518 refstr_rele(cwd);
1519 return (0);
1520 }
1521
1522 VN_RELE(compvp);
1523 }
1524
1525 pn_free(&rpnp);
1526 pn_free(&pnp);
1527
1528 refstr_rele(cwd);
1529 }
1530
1531 ret = vnodetopath_common(NULL, vp, buf, buflen, CRED(),
1532 LOOKUP_CHECKREAD);
1533
1534 VN_RELE(vp);
1535
1536 /*
1537 * Store the new cwd and replace the existing cached copy.
1538 */
1539 if (ret == 0)
1540 cwd = refstr_alloc(buf);
1541 else
1542 cwd = NULL;
1543
1544 mutex_enter(&p->p_lock);
1545 oldcwd = PTOU(p)->u_cwd;
1546 PTOU(p)->u_cwd = cwd;
1547 mutex_exit(&p->p_lock);
1548
1549 if (oldcwd)
1550 refstr_rele(oldcwd);
1551
1552 return (ret);
1553 }