sustaining/oi_151a/illumos-gate: comparison usr/src/uts/common/fs/dev/sdev

equal deleted inserted replaced

-:489a49e3fc33
+:c3f8a4690b1f
 * CDDL HEADER END
 */
 /*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
+* Copyright 2013 Joyent, Inc.  All rights reserved.
 */
 /* vnode ops for the /dev/zvol directory */
 #include <sys/types.h>
 static size_t devzvol_zclist_size;
 static ldi_ident_t devzvol_li;
 static ldi_handle_t devzvol_lh;
 static kmutex_t devzvol_mtx;
 static boolean_t devzvol_isopen;
+static major_t devzvol_major;
 /*
 * we need to use ddi_mod* since fs/dev gets loaded early on in
 * startup(), and linking fs/dev to fs/zfs would drag in a lot of
 * other stuff (like drv/random) before the rest of the system is
 int (*szn2m)(char *, minor_t *);
 int
 sdev_zvol_create_minor(char *dsname)
 {
+	if (szcm == NULL)
+		return (-1);
 	return ((*szcm)(dsname));
 }
 int
 sdev_zvol_name2minor(char *dsname, minor_t *minor)
 {
+	if (szn2m == NULL)
+		return (-1);
 	return ((*szn2m)(dsname, minor));
 }
 int
 devzvol_open_zfs()
 {
 	int rc;
+	dev_t dv;
 	devzvol_li = ldi_ident_from_anon();
 	if (ldi_open_by_name("/dev/zfs", FREAD | FWRITE, kcred,
 	    &devzvol_lh, devzvol_li))
 		return (-1);
 	if ((szn2m = (int(*)(char *, minor_t *))
 	    ddi_modsym(zfs_mod, "zvol_name2minor", &rc)) == NULL) {
 		cmn_err(CE_WARN, "couldn't resolve zvol_name2minor");
 		return (rc);
 	}
+	if (ldi_get_dev(devzvol_lh, &dv))
+		return (-1);
+	devzvol_major = getmajor(dv);
 	return (0);
 }
 void
 devzvol_close_zfs()
 		return (SDEV_VTOR_INVALID);
 	}
 	sdcmn_err13(("  v_type %d do_type %d",
 	    SDEVTOV(dv)->v_type, do_type));
 	if ((SDEVTOV(dv)->v_type == VLNK && do_type != DMU_OST_ZVOL) ||
+	    ((SDEVTOV(dv)->v_type == VBLK || SDEVTOV(dv)->v_type == VCHR) &&
+	    do_type != DMU_OST_ZVOL) ||
 	    (SDEVTOV(dv)->v_type == VDIR && do_type == DMU_OST_ZVOL)) {
 		kmem_free(dsname, strlen(dsname) + 1);
 		return (SDEV_VTOR_STALE);
 	}
 	if (SDEVTOV(dv)->v_type == VLNK) {
 			dv = SDEV_NEXT_ENTRY(ddv, dv);
 	}
 	rw_downgrade(&ddv->sdev_contents);
 }
+/*
+* This function is used to create a dir or dev inside a zone's /dev when the
+* zone has a zvol that is dynamically created within the zone (i.e. inside
+* of a delegated dataset.  Since there is no /devices tree within a zone,
+* we create the chr/blk devices directly inside the zone's /dev instead of
+* making symlinks.
+*/
+static int
+devzvol_mk_ngz_node(struct sdev_node *parent, char *nm)
+{
+	struct vattr vattr;
+	timestruc_t now;
+	enum vtype expected_type = VDIR;
+	dmu_objset_type_t do_type;
+	struct sdev_node *dv = NULL;
+	int res;
+	char *dsname;
+	bzero(&vattr, sizeof (vattr));
+	gethrestime(&now);
+	vattr.va_mask = AT_TYPE|AT_MODE|AT_UID|AT_GID;
+	vattr.va_uid = SDEV_UID_DEFAULT;
+	vattr.va_gid = SDEV_GID_DEFAULT;
+	vattr.va_type = VNON;
+	vattr.va_atime = now;
+	vattr.va_mtime = now;
+	vattr.va_ctime = now;
+	if ((dsname = devzvol_make_dsname(parent->sdev_path, nm)) == NULL)
+		return (ENOENT);
+	if (devzvol_objset_check(dsname, &do_type) != 0) {
+		kmem_free(dsname, strlen(dsname) + 1);
+		return (ENOENT);
+	}
+	if (do_type == DMU_OST_ZVOL)
+		expected_type = VBLK;
+	if (expected_type == VDIR) {
+		vattr.va_type = VDIR;
+		vattr.va_mode = SDEV_DIRMODE_DEFAULT;
+	} else {
+		minor_t minor;
+		dev_t devnum;
+		int rc;
+		rc = sdev_zvol_create_minor(dsname);
+		if ((rc != 0 && rc != EEXIST && rc != EBUSY) ||
+		    sdev_zvol_name2minor(dsname, &minor)) {
+			kmem_free(dsname, strlen(dsname) + 1);
+			return (ENOENT);
+		}
+		devnum = makedevice(devzvol_major, minor);
+		vattr.va_rdev = devnum;
+		if (strstr(parent->sdev_path, "/rdsk/") != NULL)
+			vattr.va_type = VCHR;
+		else
+			vattr.va_type = VBLK;
+		vattr.va_mode = SDEV_DEVMODE_DEFAULT;
+	}
+	kmem_free(dsname, strlen(dsname) + 1);
+	rw_enter(&parent->sdev_contents, RW_WRITER);
+	res = sdev_mknode(parent, nm, &dv, &vattr,
+	    NULL, NULL, kcred, SDEV_READY);
+	rw_exit(&parent->sdev_contents);
+	if (res != 0)
+		return (ENOENT);
+	SDEV_RELE(dv);
+	return (0);
+}
 /*ARGSUSED*/
 static int
 devzvol_lookup(struct vnode *dvp, char *nm, struct vnode **vpp,
 struct pathname *pnp, int flags, struct vnode *rdir, struct cred *cred,
 caller_context_t *ct, int *direntflags, pathname_t *realpnp)
 	/* execute access is required to search the directory */
 	if ((error = VOP_ACCESS(dvp, VEXEC, 0, cred, ct)) != 0)
 		return (error);
 	rw_enter(&parent->sdev_contents, RW_READER);
-	if (!SDEV_IS_GLOBAL(parent)) {
+	if (SDEV_IS_GLOBAL(parent)) {
+		/*
+		 * During iter_datasets, don't create GZ dev when running in
+		 * NGZ.  We can't return ENOENT here since that could
+		 * incorrectly trigger the creation of the dev from the
+		 * recursive call through prof_filldir during iter_datasets.
+		 */
+		if (getzoneid() != GLOBAL_ZONEID) {
+			rw_exit(&parent->sdev_contents);
+			return (EPERM);
+		}
+	} else {
+		int res;
 		rw_exit(&parent->sdev_contents);
-		return (prof_lookup(dvp, nm, vpp, cred));
+		/*
+		 * If we're in the global zone and reach down into a non-global
+		 * zone's /dev/zvol then this action could trigger the creation
+		 * of all of the zvol devices for every zone into the non-global
+		 * zone's /dev tree. This could be a big security hole. To
+		 * prevent this, disallow the global zone from looking inside
+		 * a non-global zones /dev/zvol. This behavior is similar to
+		 * delegated datasets, which cannot be used by the global zone.
+		 */
+		if (getzoneid() == GLOBAL_ZONEID)
+			return (EPERM);
+		res = prof_lookup(dvp, nm, vpp, cred);
+		/*
+		 * We won't find a zvol that was dynamically created inside
+		 * a NGZ, within a delegated dataset, in the zone's dev profile
+		 * but prof_lookup will also find it via sdev_cache_lookup.
+		 */
+		if (res == ENOENT) {
+			/*
+			 * We have to create the sdev node for the dymamically
+			 * created zvol.
+			 */
+			if (devzvol_mk_ngz_node(parent, nm) != 0)
+				return (ENOENT);
+			res = prof_lookup(dvp, nm, vpp, cred);
+		}
+		return (res);
 	}
 	dsname = devzvol_make_dsname(parent->sdev_path, nm);
 	rw_exit(&parent->sdev_contents);
 	sdcmn_err13(("rvp dsname %s", dsname ? dsname : "(null)"));
 		if (rc == 0) {
 			VN_RELE(vpp);
 		} else if (rc == ENOENT) {
 			goto skip;
 		} else {
-			/* EBUSY == problem with zvols's dmu holds? */
+			/*
-			ASSERT(0);
+			 * EBUSY == problem with zvols's dmu holds?
+			 * EPERM when in a NGZ and traversing up and out.
+			 */
 			goto skip;
 		}
 		if (arg == ZFS_IOC_DATASET_LIST_NEXT &&
 		    zc->zc_objset_stats.dds_type != DMU_OST_ZFS)
 			sdev_iter_snapshots(dvp, zc->zc_name);

changeset 14222	c3f8a4690b1f
parent 10763	f1a11aaa04fc
child 14223	1652c59077c6