]> git.saurik.com Git - apple/hfs.git/blob - core/hfs_cnode.c
12b126cd45809363bc02862bde7b7437873b2a70
[apple/hfs.git] / core / hfs_cnode.c
1 /*
2 * Copyright (c) 2002-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 #include <sys/param.h>
29 #include <sys/systm.h>
30 #include <sys/proc.h>
31 #include <sys/vnode.h>
32 #include <sys/mount.h>
33 #include <sys/kernel.h>
34 #include <sys/malloc.h>
35 #include <sys/time.h>
36 #include <sys/ubc.h>
37 #include <sys/quota.h>
38 #include <sys/kdebug.h>
39 #include <libkern/OSByteOrder.h>
40 #include <sys/namei.h>
41
42 #include <kern/locks.h>
43
44 #include <miscfs/specfs/specdev.h>
45 #include <miscfs/fifofs/fifo.h>
46
47 #include "hfs.h"
48 #include "hfs_catalog.h"
49 #include "hfs_cnode.h"
50 #include "hfs_quota.h"
51 #include "hfs_format.h"
52 #include "hfs_kdebug.h"
53 #include "hfs_cprotect.h"
54
55 extern int prtactive;
56
57 extern lck_attr_t * hfs_lock_attr;
58 extern lck_grp_t * hfs_mutex_group;
59 extern lck_grp_t * hfs_rwlock_group;
60
61 static void hfs_reclaim_cnode(hfsmount_t *hfsmp, struct cnode *);
62 static int hfs_cnode_teardown (struct vnode *vp, vfs_context_t ctx, int reclaim);
63 static int hfs_isordered(struct cnode *, struct cnode *);
64
65 extern int hfs_removefile_callback(struct buf *bp, void *hfsmp);
66
67
68 __inline__ int hfs_checkdeleted (struct cnode *cp) {
69 return ((cp->c_flag & (C_DELETED | C_NOEXISTS)) ? ENOENT : 0);
70 }
71
72 /*
73 * Function used by a special fcntl() that decorates a cnode/vnode that
74 * indicates it is backing another filesystem, like a disk image.
75 *
76 * the argument 'val' indicates whether or not to set the bit in the cnode flags
77 *
78 * Returns non-zero on failure. 0 on success
79 */
80 int hfs_set_backingstore (struct vnode *vp, int val) {
81 struct cnode *cp = NULL;
82 int err = 0;
83
84 cp = VTOC(vp);
85 if (!vnode_isreg(vp) && !vnode_isdir(vp)) {
86 return EINVAL;
87 }
88
89 /* lock the cnode */
90 err = hfs_lock (cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT);
91 if (err) {
92 return err;
93 }
94
95 if (val) {
96 cp->c_flag |= C_BACKINGSTORE;
97 }
98 else {
99 cp->c_flag &= ~C_BACKINGSTORE;
100 }
101
102 /* unlock everything */
103 hfs_unlock (cp);
104
105 return err;
106 }
107
108 /*
109 * Function used by a special fcntl() that check to see if a cnode/vnode
110 * indicates it is backing another filesystem, like a disk image.
111 *
112 * the argument 'val' is an output argument for whether or not the bit is set
113 *
114 * Returns non-zero on failure. 0 on success
115 */
116
117 int hfs_is_backingstore (struct vnode *vp, int *val) {
118 struct cnode *cp = NULL;
119 int err = 0;
120
121 if (!vnode_isreg(vp) && !vnode_isdir(vp)) {
122 *val = 0;
123 return 0;
124 }
125
126 cp = VTOC(vp);
127
128 /* lock the cnode */
129 err = hfs_lock (cp, HFS_SHARED_LOCK, HFS_LOCK_DEFAULT);
130 if (err) {
131 return err;
132 }
133
134 if (cp->c_flag & C_BACKINGSTORE) {
135 *val = 1;
136 }
137 else {
138 *val = 0;
139 }
140
141 /* unlock everything */
142 hfs_unlock (cp);
143
144 return err;
145 }
146
147
148 /*
149 * hfs_cnode_teardown
150 *
151 * This is an internal function that is invoked from both hfs_vnop_inactive
152 * and hfs_vnop_reclaim. As VNOP_INACTIVE is not necessarily called from vnodes
153 * being recycled and reclaimed, it is important that we do any post-processing
154 * necessary for the cnode in both places. Important tasks include things such as
155 * releasing the blocks from an open-unlinked file when all references to it have dropped,
156 * and handling resource forks separately from data forks.
157 *
158 * Note that we take only the vnode as an argument here (rather than the cnode).
159 * Recall that each cnode supports two forks (rsrc/data), and we can always get the right
160 * cnode from either of the vnodes, but the reverse is not true -- we can't determine which
161 * vnode we need to reclaim if only the cnode is supplied.
162 *
163 * This function is idempotent and safe to call from both hfs_vnop_inactive and hfs_vnop_reclaim
164 * if both are invoked right after the other. In the second call, most of this function's if()
165 * conditions will fail, since they apply generally to cnodes still marked with C_DELETED.
166 * As a quick check to see if this function is necessary, determine if the cnode is already
167 * marked C_NOEXISTS. If it is, then it is safe to skip this function. The only tasks that
168 * remain for cnodes marked in such a fashion is to teardown their fork references and
169 * release all directory hints and hardlink origins. However, both of those are done
170 * in hfs_vnop_reclaim. hfs_update, by definition, is not necessary if the cnode's catalog
171 * entry is no longer there.
172 *
173 * 'reclaim' argument specifies whether or not we were called from hfs_vnop_reclaim. If we are
174 * invoked from hfs_vnop_reclaim, we can not call functions that cluster_push since the UBC info
175 * is totally gone by that point.
176 *
177 * Assumes that both truncate and cnode locks for 'cp' are held.
178 */
179 static
180 int hfs_cnode_teardown (struct vnode *vp, vfs_context_t ctx, int reclaim)
181 {
182 int forkcount = 0;
183 enum vtype v_type;
184 struct cnode *cp;
185 int error = 0;
186 bool started_tr = false;
187 struct hfsmount *hfsmp = VTOHFS(vp);
188 struct proc *p = vfs_context_proc(ctx);
189 int truncated = 0;
190 cat_cookie_t cookie;
191 int cat_reserve = 0;
192 int lockflags;
193 int ea_error = 0;
194
195 v_type = vnode_vtype(vp);
196 cp = VTOC(vp);
197
198 if (cp->c_datafork) {
199 ++forkcount;
200 }
201 if (cp->c_rsrcfork) {
202 ++forkcount;
203 }
204
205 /*
206 * Push file data out for normal files that haven't been evicted from
207 * the namespace. We only do this if this function was not called from reclaim,
208 * because by that point the UBC information has been totally torn down.
209 *
210 * There should also be no way that a normal file that has NOT been deleted from
211 * the namespace to skip INACTIVE and go straight to RECLAIM. That race only happens
212 * when the file becomes open-unlinked.
213 */
214 if ((v_type == VREG) &&
215 (!ISSET(cp->c_flag, C_DELETED)) &&
216 (!ISSET(cp->c_flag, C_NOEXISTS)) &&
217 (VTOF(vp)->ff_blocks) &&
218 (reclaim == 0)) {
219 /*
220 * If we're called from hfs_vnop_inactive, all this means is at the time
221 * the logic for deciding to call this function, there were not any lingering
222 * mmap/fd references for this file. However, there is nothing preventing the system
223 * from creating a new reference in between the time that logic was checked
224 * and we entered hfs_vnop_inactive. As a result, the only time we can guarantee
225 * that there aren't any references is during vnop_reclaim.
226 */
227 hfs_filedone(vp, ctx, 0);
228 }
229
230 /*
231 * Remove any directory hints or cached origins
232 */
233 if (v_type == VDIR) {
234 hfs_reldirhints(cp, 0);
235 }
236 if (cp->c_flag & C_HARDLINK) {
237 hfs_relorigins(cp);
238 }
239
240 /*
241 * -- Handle open unlinked files --
242 *
243 * If the vnode is in use, it means a force unmount is in progress
244 * in which case we defer cleaning up until either we come back
245 * through here via hfs_vnop_reclaim, at which point the UBC
246 * information will have been torn down and the vnode might no
247 * longer be in use, or if it's still in use, it will get cleaned
248 * up when next remounted.
249 */
250 if (ISSET(cp->c_flag, C_DELETED) && !vnode_isinuse(vp, 0)) {
251 /*
252 * This check is slightly complicated. We should only truncate data
253 * in very specific cases for open-unlinked files. This is because
254 * we want to ensure that the resource fork continues to be available
255 * if the caller has the data fork open. However, this is not symmetric;
256 * someone who has the resource fork open need not be able to access the data
257 * fork once the data fork has gone inactive.
258 *
259 * If we're the last fork, then we have cleaning up to do.
260 *
261 * A) last fork, and vp == c_vp
262 * Truncate away own fork data. If rsrc fork is not in core, truncate it too.
263 *
264 * B) last fork, and vp == c_rsrc_vp
265 * Truncate ourselves, assume data fork has been cleaned due to C).
266 *
267 * If we're not the last fork, then things are a little different:
268 *
269 * C) not the last fork, vp == c_vp
270 * Truncate ourselves. Once the file has gone out of the namespace,
271 * it cannot be further opened. Further access to the rsrc fork may
272 * continue, however.
273 *
274 * D) not the last fork, vp == c_rsrc_vp
275 * Don't enter the block below, just clean up vnode and push it out of core.
276 */
277
278 if ((v_type == VREG || v_type == VLNK) &&
279 ((forkcount == 1) || (!VNODE_IS_RSRC(vp)))) {
280
281 /* Truncate away our own fork data. (Case A, B, C above) */
282 if (VTOF(vp)->ff_blocks != 0) {
283 /*
284 * SYMLINKS only:
285 *
286 * Encapsulate the entire change (including truncating the link) in
287 * nested transactions if we are modifying a symlink, because we know that its
288 * file length will be at most 4k, and we can fit both the truncation and
289 * any relevant bitmap changes into a single journal transaction. We also want
290 * the kill_block code to execute in the same transaction so that any dirty symlink
291 * blocks will not be written. Otherwise, rely on
292 * hfs_truncate doing its own transactions to ensure that we don't blow up
293 * the journal.
294 */
295 if (!started_tr && (v_type == VLNK)) {
296 if (hfs_start_transaction(hfsmp) != 0) {
297 error = EINVAL;
298 goto out;
299 }
300 else {
301 started_tr = true;
302 }
303 }
304
305 /*
306 * At this point, we have decided that this cnode is
307 * suitable for full removal. We are about to deallocate
308 * its blocks and remove its entry from the catalog.
309 * If it was a symlink, then it's possible that the operation
310 * which created it is still in the current transaction group
311 * due to coalescing. Take action here to kill the data blocks
312 * of the symlink out of the journal before moving to
313 * deallocate the blocks. We need to be in the middle of
314 * a transaction before calling buf_iterate like this.
315 *
316 * Note: we have to kill any potential symlink buffers out of
317 * the journal prior to deallocating their blocks. This is so
318 * that we don't race with another thread that may be doing an
319 * an allocation concurrently and pick up these blocks. It could
320 * generate I/O against them which could go out ahead of our journal
321 * transaction.
322 */
323
324 if (hfsmp->jnl && vnode_islnk(vp)) {
325 buf_iterate(vp, hfs_removefile_callback, BUF_SKIP_NONLOCKED, (void *)hfsmp);
326 }
327
328
329 /*
330 * This truncate call (and the one below) is fine from VNOP_RECLAIM's
331 * context because we're only removing blocks, not zero-filling new
332 * ones. The C_DELETED check above makes things much simpler.
333 */
334 error = hfs_truncate(vp, (off_t)0, IO_NDELAY, 0, ctx);
335 if (error) {
336 goto out;
337 }
338 truncated = 1;
339
340 /* (SYMLINKS ONLY): Close/End our transaction after truncating the file record */
341 if (started_tr) {
342 hfs_end_transaction(hfsmp);
343 started_tr = false;
344 }
345
346 }
347
348 /*
349 * Truncate away the resource fork, if we represent the data fork and
350 * it is the last fork. That means, by definition, the rsrc fork is not in
351 * core. To avoid bringing a vnode into core for the sole purpose of deleting the
352 * data in the resource fork, we call cat_lookup directly, then hfs_release_storage
353 * to get rid of the resource fork's data. Note that because we are holding the
354 * cnode lock, it is impossible for a competing thread to create the resource fork
355 * vnode from underneath us while we do this.
356 *
357 * This is invoked via case A above only.
358 */
359 if ((cp->c_blocks > 0) && (forkcount == 1) && (vp != cp->c_rsrc_vp)) {
360 struct cat_lookup_buffer *lookup_rsrc = NULL;
361 struct cat_desc *desc_ptr = NULL;
362 lockflags = 0;
363
364 lookup_rsrc = hfs_mallocz(sizeof(*lookup_rsrc));
365
366 if (cp->c_desc.cd_namelen == 0) {
367 /* Initialize the rsrc descriptor for lookup if necessary*/
368 MAKE_DELETED_NAME (lookup_rsrc->lookup_name, HFS_TEMPLOOKUP_NAMELEN, cp->c_fileid);
369
370 lookup_rsrc->lookup_desc.cd_nameptr = (const uint8_t*) lookup_rsrc->lookup_name;
371 lookup_rsrc->lookup_desc.cd_namelen = strlen (lookup_rsrc->lookup_name);
372 lookup_rsrc->lookup_desc.cd_parentcnid = hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid;
373 lookup_rsrc->lookup_desc.cd_cnid = cp->c_cnid;
374
375 desc_ptr = &lookup_rsrc->lookup_desc;
376 }
377 else {
378 desc_ptr = &cp->c_desc;
379 }
380
381 lockflags = hfs_systemfile_lock (hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
382
383 error = cat_lookup (hfsmp, desc_ptr, 1, 0, (struct cat_desc *) NULL,
384 (struct cat_attr*) NULL, &lookup_rsrc->lookup_fork.ff_data, NULL);
385
386 hfs_systemfile_unlock (hfsmp, lockflags);
387
388 if (error) {
389 hfs_free(lookup_rsrc, sizeof(*lookup_rsrc));
390 goto out;
391 }
392
393 /*
394 * Make the filefork in our temporary struct look like a real
395 * filefork. Fill in the cp, sysfileinfo and rangelist fields..
396 */
397 rl_init (&lookup_rsrc->lookup_fork.ff_invalidranges);
398 lookup_rsrc->lookup_fork.ff_cp = cp;
399
400 /*
401 * If there were no errors, then we have the catalog's fork information
402 * for the resource fork in question. Go ahead and delete the data in it now.
403 */
404
405 error = hfs_release_storage (hfsmp, NULL, &lookup_rsrc->lookup_fork, cp->c_fileid);
406 hfs_free(lookup_rsrc, sizeof(*lookup_rsrc));
407
408 if (error) {
409 goto out;
410 }
411
412 /*
413 * This fileid's resource fork extents have now been fully deleted on-disk
414 * and this CNID is no longer valid. At this point, we should be able to
415 * zero out cp->c_blocks to indicate there is no data left in this file.
416 */
417 cp->c_blocks = 0;
418 }
419 }
420
421 /*
422 * If we represent the last fork (or none in the case of a dir),
423 * and the cnode has become open-unlinked...
424 *
425 * We check c_blocks here because it is possible in the force
426 * unmount case for the data fork to be in use but the resource
427 * fork to not be in use in which case we will truncate the
428 * resource fork, but not the data fork. It will get cleaned
429 * up upon next mount.
430 */
431 if (forkcount <= 1 && !cp->c_blocks) {
432 /*
433 * If it has EA's, then we need to get rid of them.
434 *
435 * Note that this must happen outside of any other transactions
436 * because it starts/ends its own transactions and grabs its
437 * own locks. This is to prevent a file with a lot of attributes
438 * from creating a transaction that is too large (which panics).
439 */
440 if (ISSET(cp->c_attr.ca_recflags, kHFSHasAttributesMask))
441 ea_error = hfs_removeallattr(hfsmp, cp->c_fileid, &started_tr);
442
443 /*
444 * Remove the cnode's catalog entry and release all blocks it
445 * may have been using.
446 */
447
448 /*
449 * Mark cnode in transit so that no one can get this
450 * cnode from cnode hash.
451 */
452 // hfs_chash_mark_in_transit(hfsmp, cp);
453 // XXXdbg - remove the cnode from the hash table since it's deleted
454 // otherwise someone could go to sleep on the cnode and not
455 // be woken up until this vnode gets recycled which could be
456 // a very long time...
457 hfs_chashremove(hfsmp, cp);
458
459 cp->c_flag |= C_NOEXISTS; // XXXdbg
460 cp->c_rdev = 0;
461
462 if (!started_tr) {
463 if (hfs_start_transaction(hfsmp) != 0) {
464 error = EINVAL;
465 goto out;
466 }
467 started_tr = true;
468 }
469
470 /*
471 * Reserve some space in the Catalog file.
472 */
473 if ((error = cat_preflight(hfsmp, CAT_DELETE, &cookie, p))) {
474 goto out;
475 }
476 cat_reserve = 1;
477
478 lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG | SFL_ATTRIBUTE, HFS_EXCLUSIVE_LOCK);
479
480 if (cp->c_blocks > 0) {
481 printf("hfs_inactive: deleting non-empty%sfile %d, "
482 "blks %d\n", VNODE_IS_RSRC(vp) ? " rsrc " : " ",
483 (int)cp->c_fileid, (int)cp->c_blocks);
484 }
485
486 //
487 // release the name pointer in the descriptor so that
488 // cat_delete() will use the file-id to do the deletion.
489 // in the case of hard links this is imperative (in the
490 // case of regular files the fileid and cnid are the
491 // same so it doesn't matter).
492 //
493 cat_releasedesc(&cp->c_desc);
494
495 /*
496 * The descriptor name may be zero,
497 * in which case the fileid is used.
498 */
499 error = cat_delete(hfsmp, &cp->c_desc, &cp->c_attr);
500
501 if (error && truncated && (error != ENXIO)) {
502 printf("hfs_inactive: couldn't delete a truncated file!");
503 }
504
505 /* Update HFS Private Data dir */
506 if (error == 0) {
507 hfsmp->hfs_private_attr[FILE_HARDLINKS].ca_entries--;
508 if (vnode_isdir(vp)) {
509 DEC_FOLDERCOUNT(hfsmp, hfsmp->hfs_private_attr[FILE_HARDLINKS]);
510 }
511 (void)cat_update(hfsmp, &hfsmp->hfs_private_desc[FILE_HARDLINKS],
512 &hfsmp->hfs_private_attr[FILE_HARDLINKS], NULL, NULL);
513 }
514
515 hfs_systemfile_unlock(hfsmp, lockflags);
516
517 if (error) {
518 goto out;
519 }
520
521 #if QUOTA
522 if (hfsmp->hfs_flags & HFS_QUOTAS)
523 (void)hfs_chkiq(cp, -1, NOCRED, 0);
524 #endif /* QUOTA */
525
526 /* Already set C_NOEXISTS at the beginning of this block */
527 cp->c_flag &= ~C_DELETED;
528 cp->c_touch_chgtime = TRUE;
529 cp->c_touch_modtime = TRUE;
530
531 if (error == 0)
532 hfs_volupdate(hfsmp, (v_type == VDIR) ? VOL_RMDIR : VOL_RMFILE, 0);
533 }
534 } // if <open unlinked>
535
536 hfs_update(vp, reclaim ? HFS_UPDATE_FORCE : 0);
537
538 /*
539 * Since we are about to finish what might be an inactive call, propagate
540 * any remaining modified or touch bits from the cnode to the vnode. This
541 * serves as a hint to vnode recycling that we shouldn't recycle this vnode
542 * synchronously.
543 *
544 * For now, if the node *only* has a dirty atime, we don't mark
545 * the vnode as dirty. VFS's asynchronous recycling can actually
546 * lead to worse performance than having it synchronous. When VFS
547 * is fixed to be more performant, we can be more honest about
548 * marking vnodes as dirty when it's only the atime that's dirty.
549 */
550 if (hfs_is_dirty(cp) == HFS_DIRTY || ISSET(cp->c_flag, C_DELETED)) {
551 vnode_setdirty(vp);
552 } else {
553 vnode_cleardirty(vp);
554 }
555
556 out:
557 if (cat_reserve)
558 cat_postflight(hfsmp, &cookie, p);
559
560 if (started_tr) {
561 hfs_end_transaction(hfsmp);
562 started_tr = false;
563 }
564
565 return error;
566 }
567
568
569 /*
570 * hfs_vnop_inactive
571 *
572 * The last usecount on the vnode has gone away, so we need to tear down
573 * any remaining data still residing in the cnode. If necessary, write out
574 * remaining blocks or delete the cnode's entry in the catalog.
575 */
576 int
577 hfs_vnop_inactive(struct vnop_inactive_args *ap)
578 {
579 struct vnode *vp = ap->a_vp;
580 struct cnode *cp;
581 struct hfsmount *hfsmp = VTOHFS(vp);
582 struct proc *p = vfs_context_proc(ap->a_context);
583 int error = 0;
584 int took_trunc_lock = 0;
585 enum vtype v_type;
586
587 v_type = vnode_vtype(vp);
588 cp = VTOC(vp);
589
590 if ((hfsmp->hfs_flags & HFS_READ_ONLY) || vnode_issystem(vp) ||
591 (hfsmp->hfs_freezing_proc == p)) {
592 error = 0;
593 goto inactive_done;
594 }
595
596 /*
597 * For safety, do NOT call vnode_recycle from inside this function. This can cause
598 * problems in the following scenario:
599 *
600 * vnode_create -> vnode_reclaim_internal -> vclean -> VNOP_INACTIVE
601 *
602 * If we're being invoked as a result of a reclaim that was already in-flight, then we
603 * cannot call vnode_recycle again. Being in reclaim means that there are no usecounts or
604 * iocounts by definition. As a result, if we were to call vnode_recycle, it would immediately
605 * try to re-enter reclaim again and panic.
606 *
607 * Currently, there are three things that can cause us (VNOP_INACTIVE) to get called.
608 * 1) last usecount goes away on the vnode (vnode_rele)
609 * 2) last iocount goes away on a vnode that previously had usecounts but didn't have
610 * vnode_recycle called (vnode_put)
611 * 3) vclean by way of reclaim
612 *
613 * In this function we would generally want to call vnode_recycle to speed things
614 * along to ensure that we don't leak blocks due to open-unlinked files. However, by
615 * virtue of being in this function already, we can call hfs_cnode_teardown, which
616 * will release blocks held by open-unlinked files, and mark them C_NOEXISTS so that
617 * there's no entry in the catalog and no backing store anymore. If that's the case,
618 * then we really don't care all that much when the vnode actually goes through reclaim.
619 * Further, the HFS VNOPs that manipulated the namespace in order to create the open-
620 * unlinked file in the first place should have already called vnode_recycle on the vnode
621 * to guarantee that it would go through reclaim in a speedy way.
622 */
623
624 if (cp->c_flag & C_NOEXISTS) {
625 /*
626 * If the cnode has already had its cat entry removed, then
627 * just skip to the end. We don't need to do anything here.
628 */
629 error = 0;
630 goto inactive_done;
631 }
632
633 if ((v_type == VREG || v_type == VLNK)) {
634 hfs_lock_truncate(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT);
635 took_trunc_lock = 1;
636 }
637
638 (void) hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
639
640 /*
641 * Call cnode_teardown to push out dirty blocks to disk, release open-unlinked
642 * files' blocks from being in use, and move the cnode from C_DELETED to C_NOEXISTS.
643 */
644 error = hfs_cnode_teardown (vp, ap->a_context, 0);
645
646 /*
647 * Drop the truncate lock before unlocking the cnode
648 * (which can potentially perform a vnode_put and
649 * recycle the vnode which in turn might require the
650 * truncate lock)
651 */
652 if (took_trunc_lock) {
653 hfs_unlock_truncate(cp, HFS_LOCK_DEFAULT);
654 }
655
656 hfs_unlock(cp);
657
658 inactive_done:
659
660 return error;
661 }
662
663
664 /*
665 * File clean-up (zero fill and shrink peof).
666 */
667
668 int
669 hfs_filedone(struct vnode *vp, vfs_context_t context,
670 hfs_file_done_opts_t opts)
671 {
672 struct cnode *cp;
673 struct filefork *fp;
674 struct hfsmount *hfsmp;
675 off_t leof;
676 u_int32_t blks, blocksize;
677
678 cp = VTOC(vp);
679 fp = VTOF(vp);
680 hfsmp = VTOHFS(vp);
681 leof = fp->ff_size;
682
683 if ((hfsmp->hfs_flags & HFS_READ_ONLY) || (fp->ff_blocks == 0))
684 return (0);
685
686 hfs_flush_invalid_ranges(vp);
687
688 blocksize = VTOVCB(vp)->blockSize;
689 blks = leof / blocksize;
690 if (((off_t)blks * (off_t)blocksize) != leof)
691 blks++;
692 /*
693 * Shrink the peof to the smallest size neccessary to contain the leof.
694 */
695 if (blks < fp->ff_blocks) {
696 (void) hfs_truncate(vp, leof, IO_NDELAY, HFS_TRUNCATE_SKIPTIMES, context);
697 }
698
699 if (!ISSET(opts, HFS_FILE_DONE_NO_SYNC)) {
700 hfs_unlock(cp);
701 cluster_push(vp, IO_CLOSE);
702 hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
703
704 /*
705 * If the hfs_truncate didn't happen to flush the vnode's
706 * information out to disk, force it to be updated now that
707 * all invalid ranges have been zero-filled and validated:
708 */
709 hfs_update(vp, 0);
710 }
711
712 return (0);
713 }
714
715
716 /*
717 * Reclaim a cnode so that it can be used for other purposes.
718 */
719 int
720 hfs_vnop_reclaim(struct vnop_reclaim_args *ap)
721 {
722 struct vnode *vp = ap->a_vp;
723 struct cnode *cp;
724 struct filefork *fp = NULL;
725 struct filefork *altfp = NULL;
726 struct hfsmount *hfsmp = VTOHFS(vp);
727 vfs_context_t ctx = ap->a_context;
728 int reclaim_cnode = 0;
729 int err = 0;
730 enum vtype v_type;
731
732 v_type = vnode_vtype(vp);
733 cp = VTOC(vp);
734
735 /*
736 * We don't take the truncate lock since by the time reclaim comes along,
737 * all dirty pages have been synced and nobody should be competing
738 * with us for this thread.
739 */
740 (void) hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
741
742 /*
743 * Sync to disk any remaining data in the cnode/vnode. This includes
744 * a call to hfs_update if the cnode has outbound data.
745 *
746 * If C_NOEXISTS is set on the cnode, then there's nothing teardown needs to do
747 * because the catalog entry for this cnode is already gone.
748 */
749 if (!ISSET(cp->c_flag, C_NOEXISTS)) {
750 err = hfs_cnode_teardown(vp, ctx, 1);
751 }
752
753 /*
754 * Keep track of an inactive hot file. Don't bother on ssd's since
755 * the tracking is done differently (it's done at read() time)
756 */
757 if (!vnode_isdir(vp) &&
758 !vnode_issystem(vp) &&
759 !(cp->c_flag & (C_DELETED | C_NOEXISTS)) &&
760 !(hfsmp->hfs_flags & HFS_CS_HOTFILE_PIN)) {
761 (void) hfs_addhotfile(vp);
762 }
763 vnode_removefsref(vp);
764
765 /*
766 * Find file fork for this vnode (if any)
767 * Also check if another fork is active
768 */
769 if (cp->c_vp == vp) {
770 fp = cp->c_datafork;
771 altfp = cp->c_rsrcfork;
772
773 cp->c_datafork = NULL;
774 cp->c_vp = NULL;
775 } else if (cp->c_rsrc_vp == vp) {
776 fp = cp->c_rsrcfork;
777 altfp = cp->c_datafork;
778
779 cp->c_rsrcfork = NULL;
780 cp->c_rsrc_vp = NULL;
781 } else {
782 panic("hfs_vnop_reclaim: vp points to wrong cnode (vp=%p cp->c_vp=%p cp->c_rsrc_vp=%p)\n", vp, cp->c_vp, cp->c_rsrc_vp);
783 }
784 /*
785 * On the last fork, remove the cnode from its hash chain.
786 */
787 if (altfp == NULL) {
788 /* If we can't remove it then the cnode must persist! */
789 if (hfs_chashremove(hfsmp, cp) == 0)
790 reclaim_cnode = 1;
791 /*
792 * Remove any directory hints
793 */
794 if (vnode_isdir(vp)) {
795 hfs_reldirhints(cp, 0);
796 }
797
798 if(cp->c_flag & C_HARDLINK) {
799 hfs_relorigins(cp);
800 }
801 }
802 /* Release the file fork and related data */
803 if (fp) {
804 /* Dump cached symlink data */
805 if (vnode_islnk(vp) && (fp->ff_symlinkptr != NULL)) {
806 hfs_free(fp->ff_symlinkptr, fp->ff_size);
807 }
808 rl_remove_all(&fp->ff_invalidranges);
809 hfs_zfree(fp, HFS_FILEFORK_ZONE);
810 }
811
812 /*
813 * If there was only one active fork then we can release the cnode.
814 */
815 if (reclaim_cnode) {
816 hfs_chashwakeup(hfsmp, cp, H_ALLOC | H_TRANSIT);
817 hfs_unlock(cp);
818 hfs_reclaim_cnode(hfsmp, cp);
819 }
820 else {
821 /*
822 * cnode in use. If it is a directory, it could have
823 * no live forks. Just release the lock.
824 */
825 hfs_unlock(cp);
826 }
827
828 vnode_clearfsnode(vp);
829 return (0);
830 }
831
832
833 extern int (**hfs_vnodeop_p) (void *);
834 #if FIFO
835 extern int (**hfs_fifoop_p) (void *);
836 #endif
837
838 #if CONFIG_HFS_STD
839 extern int (**hfs_std_vnodeop_p) (void *);
840 #endif
841
842 /*
843 * hfs_getnewvnode - get new default vnode
844 *
845 * The vnode is returned with an iocount and the cnode locked.
846 * The cnode of the parent vnode 'dvp' may or may not be locked, depending on
847 * the circumstances. The cnode in question (if acquiring the resource fork),
848 * may also already be locked at the time we enter this function.
849 *
850 * Note that there are both input and output flag arguments to this function.
851 * If one of the input flags (specifically, GNV_USE_VP), is set, then
852 * hfs_getnewvnode will use the parameter *vpp, which is traditionally only
853 * an output parameter, as both an input and output parameter. It will use
854 * the vnode provided in the output, and pass it to vnode_create with the
855 * proper flavor so that a new vnode is _NOT_ created on our behalf when
856 * we dispatch to VFS. This may be important in various HFS vnode creation
857 * routines, such a create or get-resource-fork, because we risk deadlock if
858 * jetsam is involved.
859 *
860 * Deadlock potential exists if jetsam is synchronously invoked while we are waiting
861 * for a vnode to be recycled in order to give it the identity we want. If jetsam
862 * happens to target a process for termination that is blocked in-kernel, waiting to
863 * acquire the cnode lock on our parent 'dvp', while our current thread has it locked,
864 * neither side will make forward progress and the watchdog timer will eventually fire.
865 * To prevent this, a caller of hfs_getnewvnode may choose to proactively force
866 * any necessary vnode reclamation/recycling while it is not holding any locks and
867 * thus not prone to deadlock. If this is the case, GNV_USE_VP will be set and
868 * the parameter will be used as described above.
869 *
870 * !!! <NOTE> !!!!
871 * In circumstances when GNV_USE_VP is set, this function _MUST_ clean up and either consume
872 * or dispose of the provided vnode. We funnel all errors to a single return value so that
873 * if provided_vp is still non-NULL, then we will dispose of the vnode. This will occur in
874 * all error cases of this function -- anywhere we zero/NULL out the *vpp parameter. It may
875 * also occur if the current thread raced with another to create the same vnode, and we
876 * find the entry already present in the cnode hash.
877 * !!! </NOTE> !!!
878 */
879 int
880 hfs_getnewvnode(
881 struct hfsmount *hfsmp,
882 struct vnode *dvp,
883 struct componentname *cnp,
884 struct cat_desc *descp,
885 int flags,
886 struct cat_attr *attrp,
887 struct cat_fork *forkp,
888 struct vnode **vpp,
889 int *out_flags)
890 {
891 struct mount *mp = HFSTOVFS(hfsmp);
892 struct vnode *vp = NULL;
893 struct vnode **cvpp;
894 struct vnode *tvp = NULLVP;
895 struct cnode *cp = NULL;
896 struct filefork *fp = NULL;
897 int hfs_standard = 0;
898 int retval = 0;
899 int issystemfile;
900 int wantrsrc;
901 int hflags = 0;
902 int need_update_identity = 0;
903 struct vnode_fsparam vfsp;
904 enum vtype vtype;
905
906 struct vnode *provided_vp = NULL;
907
908
909 #if QUOTA
910 int i;
911 #endif /* QUOTA */
912
913 hfs_standard = (hfsmp->hfs_flags & HFS_STANDARD);
914
915 if (flags & GNV_USE_VP) {
916 /* Store the provided VP for later use */
917 provided_vp = *vpp;
918 }
919
920 /* Zero out the vpp regardless of provided input */
921 *vpp = NULL;
922
923 /* Zero out the out_flags */
924 *out_flags = 0;
925
926 if (attrp->ca_fileid == 0) {
927 retval = ENOENT;
928 goto gnv_exit;
929 }
930
931 #if !FIFO
932 if (IFTOVT(attrp->ca_mode) == VFIFO) {
933 retval = ENOTSUP;
934 goto gnv_exit;
935 }
936 #endif /* !FIFO */
937 vtype = IFTOVT(attrp->ca_mode);
938 issystemfile = (descp->cd_flags & CD_ISMETA) && (vtype == VREG);
939 wantrsrc = flags & GNV_WANTRSRC;
940
941 /* Sanity checks: */
942 if (vtype == VBAD ||
943 (vtype != VDIR && forkp &&
944 (attrp->ca_blocks < forkp->cf_blocks ||
945 howmany((uint64_t)forkp->cf_size, hfsmp->blockSize) > forkp->cf_blocks ||
946 (vtype == VLNK && (uint64_t)forkp->cf_size > MAXPATHLEN)))) {
947 /* Mark the FS as corrupt and bail out */
948 hfs_mark_inconsistent(hfsmp, HFS_INCONSISTENCY_DETECTED);
949 retval = EINVAL;
950 goto gnv_exit;
951 }
952
953 #ifdef HFS_CHECK_LOCK_ORDER
954 /*
955 * The only case where it's permissible to hold the parent cnode
956 * lock is during a create operation (hfs_makenode) or when
957 * we don't need the cnode lock (GNV_SKIPLOCK).
958 */
959 if ((dvp != NULL) &&
960 (flags & (GNV_CREATE | GNV_SKIPLOCK)) == 0 &&
961 VTOC(dvp)->c_lockowner == current_thread()) {
962 panic("hfs_getnewvnode: unexpected hold of parent cnode %p", VTOC(dvp));
963 }
964 #endif /* HFS_CHECK_LOCK_ORDER */
965
966 /*
967 * Get a cnode (new or existing)
968 */
969 cp = hfs_chash_getcnode(hfsmp, attrp->ca_fileid, vpp, wantrsrc,
970 (flags & GNV_SKIPLOCK), out_flags, &hflags);
971
972 /*
973 * If the id is no longer valid for lookups we'll get back a NULL cp.
974 */
975 if (cp == NULL) {
976 retval = ENOENT;
977 goto gnv_exit;
978 }
979 /*
980 * We may have been provided a vnode via
981 * GNV_USE_VP. In this case, we have raced with
982 * a 2nd thread to create the target vnode. The provided
983 * vnode that was passed in will be dealt with at the
984 * end of the function, as we don't zero out the field
985 * until we're ready to pass responsibility to VFS.
986 */
987
988
989 /*
990 * If we get a cnode/vnode pair out of hfs_chash_getcnode, then update the
991 * descriptor in the cnode as needed if the cnode represents a hardlink.
992 * We want the caller to get the most up-to-date copy of the descriptor
993 * as possible. However, we only do anything here if there was a valid vnode.
994 * If there isn't a vnode, then the cnode is brand new and needs to be initialized
995 * as it doesn't have a descriptor or cat_attr yet.
996 *
997 * If we are about to replace the descriptor with the user-supplied one, then validate
998 * that the descriptor correctly acknowledges this item is a hardlink. We could be
999 * subject to a race where the calling thread invoked cat_lookup, got a valid lookup
1000 * result but the file was not yet a hardlink. With sufficient delay between there
1001 * and here, we might accidentally copy in the raw inode ID into the descriptor in the
1002 * call below. If the descriptor's CNID is the same as the fileID then it must
1003 * not yet have been a hardlink when the lookup occurred.
1004 */
1005
1006 if (!(hfs_checkdeleted(cp))) {
1007 //
1008 // If the bytes of the filename in the descp do not match the bytes in the
1009 // cnp (and we're not looking up the resource fork), then we want to update
1010 // the vnode identity to contain the bytes that HFS stores so that when an
1011 // fsevent gets generated, it has the correct filename. otherwise daemons
1012 // that match filenames produced by fsevents with filenames they have stored
1013 // elsewhere (e.g. bladerunner, backupd, mds), the filenames will not match.
1014 // See: <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1015 // for more details.
1016 //
1017 #ifdef CN_WANTSRSRCFORK
1018 if (*vpp && cnp && cnp->cn_nameptr && !(cnp->cn_flags & CN_WANTSRSRCFORK) && descp && descp->cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)descp->cd_nameptr, descp->cd_namelen) != 0) {
1019 #else
1020 if (*vpp && cnp && cnp->cn_nameptr && descp && descp->cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)descp->cd_nameptr, descp->cd_namelen) != 0) {
1021 #endif
1022 vnode_update_identity (*vpp, dvp, (const char *)descp->cd_nameptr, descp->cd_namelen, 0, VNODE_UPDATE_NAME);
1023 }
1024 if ((cp->c_flag & C_HARDLINK) && descp->cd_nameptr && descp->cd_namelen > 0) {
1025 /* If cnode is uninitialized, its c_attr will be zeroed out; cnids wont match. */
1026 if ((descp->cd_cnid == cp->c_attr.ca_fileid) &&
1027 (attrp->ca_linkcount != cp->c_attr.ca_linkcount)){
1028
1029 if ((flags & GNV_SKIPLOCK) == 0) {
1030 /*
1031 * Then we took the lock. Drop it before calling
1032 * vnode_put, which may invoke hfs_vnop_inactive and need to take
1033 * the cnode lock again.
1034 */
1035 hfs_unlock(cp);
1036 }
1037
1038 /*
1039 * Emit ERECYCLE and GNV_CAT_ATTRCHANGED to
1040 * force a re-drive in the lookup routine.
1041 * Drop the iocount on the vnode obtained from
1042 * chash_getcnode if needed.
1043 */
1044 if (*vpp != NULL) {
1045 vnode_put (*vpp);
1046 *vpp = NULL;
1047 }
1048
1049 /*
1050 * If we raced with VNOP_RECLAIM for this vnode, the hash code could
1051 * have observed it after the c_vp or c_rsrc_vp fields had been torn down;
1052 * the hash code peeks at those fields without holding the cnode lock because
1053 * it needs to be fast. As a result, we may have set H_ATTACH in the chash
1054 * call above. Since we're bailing out, unset whatever flags we just set, and
1055 * wake up all waiters for this cnode.
1056 */
1057 if (hflags) {
1058 hfs_chashwakeup(hfsmp, cp, hflags);
1059 }
1060
1061 *out_flags = GNV_CAT_ATTRCHANGED;
1062 retval = ERECYCLE;
1063 goto gnv_exit;
1064 }
1065 else {
1066 /*
1067 * Otherwise, CNID != fileid. Go ahead and copy in the new descriptor.
1068 *
1069 * Replacing the descriptor here is fine because we looked up the item without
1070 * a vnode in hand before. If a vnode existed, its identity must be attached to this
1071 * item. We are not susceptible to the lookup fastpath issue at this point.
1072 */
1073 replace_desc(cp, descp);
1074
1075 /*
1076 * This item was a hardlink, and its name needed to be updated. By replacing the
1077 * descriptor above, we've now updated the cnode's internal representation of
1078 * its link ID/CNID, parent ID, and its name. However, VFS must now be alerted
1079 * to the fact that this vnode now has a new parent, since we cannot guarantee
1080 * that the new link lived in the same directory as the alternative name for
1081 * this item.
1082 */
1083 if ((*vpp != NULL) && (cnp || cp->c_desc.cd_nameptr)) {
1084 /* we could be requesting the rsrc of a hardlink file... */
1085 #ifdef CN_WANTSRSRCFORK
1086 if (cp->c_desc.cd_nameptr && (cnp == NULL || !(cnp->cn_flags & CN_WANTSRSRCFORK))) {
1087 #else
1088 if (cp->c_desc.cd_nameptr) {
1089 #endif
1090 //
1091 // Update the identity with what we have stored on disk as
1092 // the name of this file. This is related to:
1093 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1094 //
1095 vnode_update_identity (*vpp, dvp, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen, 0,
1096 (VNODE_UPDATE_PARENT | VNODE_UPDATE_NAME));
1097 } else if (cnp) {
1098 vnode_update_identity (*vpp, dvp, cnp->cn_nameptr, cnp->cn_namelen, cnp->cn_hash,
1099 (VNODE_UPDATE_PARENT | VNODE_UPDATE_NAME));
1100 }
1101 }
1102 }
1103 }
1104 }
1105
1106 /*
1107 * At this point, we have performed hardlink and open-unlinked checks
1108 * above. We have now validated the state of the vnode that was given back
1109 * to us from the cnode hash code and find it safe to return.
1110 */
1111 if (*vpp != NULL) {
1112 retval = 0;
1113 goto gnv_exit;
1114 }
1115
1116 /*
1117 * If this is a new cnode then initialize it.
1118 */
1119 if (ISSET(cp->c_hflag, H_ALLOC)) {
1120 lck_rw_init(&cp->c_truncatelock, hfs_rwlock_group, hfs_lock_attr);
1121 #if HFS_COMPRESSION
1122 cp->c_decmp = NULL;
1123 #endif
1124
1125 /* Make sure its still valid (ie exists on disk). */
1126 if (!(flags & GNV_CREATE)) {
1127 int error = 0;
1128 if (!hfs_valid_cnode (hfsmp, dvp, (wantrsrc ? NULL : cnp), cp->c_fileid, attrp, &error)) {
1129 hfs_chash_abort(hfsmp, cp);
1130 if ((flags & GNV_SKIPLOCK) == 0) {
1131 hfs_unlock(cp);
1132 }
1133 hfs_reclaim_cnode(hfsmp, cp);
1134 *vpp = NULL;
1135 /*
1136 * If we hit this case, that means that the entry was there in the catalog when
1137 * we did a cat_lookup earlier. Think hfs_lookup. However, in between the time
1138 * that we checked the catalog and the time we went to get a vnode/cnode for it,
1139 * it had been removed from the namespace and the vnode totally reclaimed. As a result,
1140 * it's not there in the catalog during the check in hfs_valid_cnode and we bubble out
1141 * an ENOENT. To indicate to the caller that they should really double-check the
1142 * entry (it could have been renamed over and gotten a new fileid), we mark a bit
1143 * in the output flags.
1144 */
1145 if (error == ENOENT) {
1146 *out_flags = GNV_CAT_DELETED;
1147 retval = ENOENT;
1148 goto gnv_exit;
1149 }
1150
1151 /*
1152 * Also, we need to protect the cat_attr acquired during hfs_lookup and passed into
1153 * this function as an argument because the catalog may have changed w.r.t hardlink
1154 * link counts and the firstlink field. If that validation check fails, then let
1155 * lookup re-drive itself to get valid/consistent data with the same failure condition below.
1156 */
1157 if (error == ERECYCLE) {
1158 *out_flags = GNV_CAT_ATTRCHANGED;
1159 retval = ERECYCLE;
1160 goto gnv_exit;
1161 }
1162 }
1163 }
1164 bcopy(attrp, &cp->c_attr, sizeof(struct cat_attr));
1165 bcopy(descp, &cp->c_desc, sizeof(struct cat_desc));
1166
1167 /* The name was inherited so clear descriptor state... */
1168 descp->cd_namelen = 0;
1169 descp->cd_nameptr = NULL;
1170 descp->cd_flags &= ~CD_HASBUF;
1171
1172 /* Tag hardlinks */
1173 if ((vtype == VREG || vtype == VDIR
1174 || vtype == VSOCK || vtype == VFIFO)
1175 && (descp->cd_cnid != attrp->ca_fileid
1176 || ISSET(attrp->ca_recflags, kHFSHasLinkChainMask))) {
1177 cp->c_flag |= C_HARDLINK;
1178 }
1179 /*
1180 * Fix-up dir link counts.
1181 *
1182 * Earlier versions of Leopard used ca_linkcount for posix
1183 * nlink support (effectively the sub-directory count + 2).
1184 * That is now accomplished using the ca_dircount field with
1185 * the corresponding kHFSHasFolderCountMask flag.
1186 *
1187 * For directories the ca_linkcount is the true link count,
1188 * tracking the number of actual hardlinks to a directory.
1189 *
1190 * We only do this if the mount has HFS_FOLDERCOUNT set;
1191 * at the moment, we only set that for HFSX volumes.
1192 */
1193 if ((hfsmp->hfs_flags & HFS_FOLDERCOUNT) &&
1194 (vtype == VDIR) &&
1195 !(attrp->ca_recflags & kHFSHasFolderCountMask) &&
1196 (cp->c_attr.ca_linkcount > 1)) {
1197 if (cp->c_attr.ca_entries == 0)
1198 cp->c_attr.ca_dircount = 0;
1199 else
1200 cp->c_attr.ca_dircount = cp->c_attr.ca_linkcount - 2;
1201
1202 cp->c_attr.ca_linkcount = 1;
1203 cp->c_attr.ca_recflags |= kHFSHasFolderCountMask;
1204 if ( !(hfsmp->hfs_flags & HFS_READ_ONLY) )
1205 cp->c_flag |= C_MODIFIED;
1206 }
1207 #if QUOTA
1208 if (hfsmp->hfs_flags & HFS_QUOTAS) {
1209 for (i = 0; i < MAXQUOTAS; i++)
1210 cp->c_dquot[i] = NODQUOT;
1211 }
1212 #endif /* QUOTA */
1213 /* Mark the output flag that we're vending a new cnode */
1214 *out_flags |= GNV_NEW_CNODE;
1215 }
1216
1217 if (vtype == VDIR) {
1218 if (cp->c_vp != NULL)
1219 panic("hfs_getnewvnode: orphaned vnode (data)");
1220 cvpp = &cp->c_vp;
1221 } else {
1222 /*
1223 * Allocate and initialize a file fork...
1224 */
1225 fp = hfs_zalloc(HFS_FILEFORK_ZONE);
1226 fp->ff_cp = cp;
1227 if (forkp)
1228 bcopy(forkp, &fp->ff_data, sizeof(struct cat_fork));
1229 else
1230 bzero(&fp->ff_data, sizeof(struct cat_fork));
1231 rl_init(&fp->ff_invalidranges);
1232 fp->ff_sysfileinfo = 0;
1233
1234 if (wantrsrc) {
1235 if (cp->c_rsrcfork != NULL)
1236 panic("hfs_getnewvnode: orphaned rsrc fork");
1237 if (cp->c_rsrc_vp != NULL)
1238 panic("hfs_getnewvnode: orphaned vnode (rsrc)");
1239 cp->c_rsrcfork = fp;
1240 cvpp = &cp->c_rsrc_vp;
1241 if ( (tvp = cp->c_vp) != NULLVP )
1242 cp->c_flag |= C_NEED_DVNODE_PUT;
1243 } else {
1244 if (cp->c_datafork != NULL)
1245 panic("hfs_getnewvnode: orphaned data fork");
1246 if (cp->c_vp != NULL)
1247 panic("hfs_getnewvnode: orphaned vnode (data)");
1248 cp->c_datafork = fp;
1249 cvpp = &cp->c_vp;
1250 if ( (tvp = cp->c_rsrc_vp) != NULLVP)
1251 cp->c_flag |= C_NEED_RVNODE_PUT;
1252 }
1253 }
1254 if (tvp != NULLVP) {
1255 /*
1256 * grab an iocount on the vnode we weren't
1257 * interested in (i.e. we want the resource fork
1258 * but the cnode already has the data fork)
1259 * to prevent it from being
1260 * recycled by us when we call vnode_create
1261 * which will result in a deadlock when we
1262 * try to take the cnode lock in hfs_vnop_fsync or
1263 * hfs_vnop_reclaim... vnode_get can be called here
1264 * because we already hold the cnode lock which will
1265 * prevent the vnode from changing identity until
1266 * we drop it.. vnode_get will not block waiting for
1267 * a change of state... however, it will return an
1268 * error if the current iocount == 0 and we've already
1269 * started to terminate the vnode... we don't need/want to
1270 * grab an iocount in the case since we can't cause
1271 * the fileystem to be re-entered on this thread for this vp
1272 *
1273 * the matching vnode_put will happen in hfs_unlock
1274 * after we've dropped the cnode lock
1275 */
1276 if ( vnode_get(tvp) != 0)
1277 cp->c_flag &= ~(C_NEED_RVNODE_PUT | C_NEED_DVNODE_PUT);
1278 }
1279 vfsp.vnfs_mp = mp;
1280 vfsp.vnfs_vtype = vtype;
1281 vfsp.vnfs_str = "hfs";
1282 if ((cp->c_flag & C_HARDLINK) && (vtype == VDIR)) {
1283 vfsp.vnfs_dvp = NULL; /* no parent for me! */
1284 vfsp.vnfs_cnp = NULL; /* no name for me! */
1285 } else {
1286 vfsp.vnfs_dvp = dvp;
1287 vfsp.vnfs_cnp = cnp;
1288 }
1289
1290 vfsp.vnfs_fsnode = cp;
1291
1292 /*
1293 * Special Case HFS Standard VNOPs from HFS+, since
1294 * HFS standard is readonly/deprecated as of 10.6
1295 */
1296
1297 #if FIFO
1298 if (vtype == VFIFO )
1299 vfsp.vnfs_vops = hfs_fifoop_p;
1300 else
1301 #endif
1302 if (vtype == VBLK || vtype == VCHR)
1303 vfsp.vnfs_vops = hfs_specop_p;
1304 #if CONFIG_HFS_STD
1305 else if (hfs_standard)
1306 vfsp.vnfs_vops = hfs_std_vnodeop_p;
1307 #endif
1308 else
1309 vfsp.vnfs_vops = hfs_vnodeop_p;
1310
1311 if (vtype == VBLK || vtype == VCHR)
1312 vfsp.vnfs_rdev = attrp->ca_rdev;
1313 else
1314 vfsp.vnfs_rdev = 0;
1315
1316 if (forkp)
1317 vfsp.vnfs_filesize = forkp->cf_size;
1318 else
1319 vfsp.vnfs_filesize = 0;
1320
1321 vfsp.vnfs_flags = VNFS_ADDFSREF;
1322 #ifdef CN_WANTSRSRCFORK
1323 if (cnp && cnp->cn_nameptr && !(cnp->cn_flags & CN_WANTSRSRCFORK) && cp->c_desc.cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0) {
1324 #else
1325 if (cnp && cnp->cn_nameptr && cp->c_desc.cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0) {
1326 #endif
1327 //
1328 // We don't want VFS to add an entry for this vnode because the name in the
1329 // cnp does not match the bytes stored on disk for this file. Instead we'll
1330 // update the identity later after the vnode is created and we'll do so with
1331 // the correct bytes for this filename. For more details, see:
1332 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1333 //
1334 vfsp.vnfs_flags |= VNFS_NOCACHE;
1335 need_update_identity = 1;
1336 } else if (dvp == NULLVP || cnp == NULL || !(cnp->cn_flags & MAKEENTRY) || (flags & GNV_NOCACHE)) {
1337 vfsp.vnfs_flags |= VNFS_NOCACHE;
1338 }
1339
1340 /* Tag system files */
1341 vfsp.vnfs_marksystem = issystemfile;
1342
1343 /* Tag root directory */
1344 if (descp->cd_cnid == kHFSRootFolderID)
1345 vfsp.vnfs_markroot = 1;
1346 else
1347 vfsp.vnfs_markroot = 0;
1348
1349 /*
1350 * If provided_vp was non-NULL, then it is an already-allocated (but not
1351 * initialized) vnode. We simply need to initialize it to this identity.
1352 * If it was NULL, then assume that we need to call vnode_create with the
1353 * normal arguments/types.
1354 */
1355 if (provided_vp) {
1356 vp = provided_vp;
1357 /*
1358 * After we assign the value of provided_vp into 'vp' (so that it can be
1359 * mutated safely by vnode_initialize), we can NULL it out. At this point, the disposal
1360 * and handling of the provided vnode will be the responsibility of VFS, which will
1361 * clean it up and vnode_put it properly if vnode_initialize fails.
1362 */
1363 provided_vp = NULL;
1364
1365 retval = vnode_initialize (VNCREATE_FLAVOR, VCREATESIZE, &vfsp, &vp);
1366 /* See error handling below for resolving provided_vp */
1367 }
1368 else {
1369 /* Do a standard vnode_create */
1370 retval = vnode_create (VNCREATE_FLAVOR, VCREATESIZE, &vfsp, &vp);
1371 }
1372
1373 /*
1374 * We used a local variable to hold the result of vnode_create/vnode_initialize so that
1375 * on error cases in vnode_create we won't accidentally harm the cnode's fields
1376 */
1377
1378 if (retval) {
1379 /* Clean up if we encountered an error */
1380 if (fp) {
1381 if (fp == cp->c_datafork)
1382 cp->c_datafork = NULL;
1383 else
1384 cp->c_rsrcfork = NULL;
1385
1386 hfs_zfree(fp, HFS_FILEFORK_ZONE);
1387 }
1388 /*
1389 * If this is a newly created cnode or a vnode reclaim
1390 * occurred during the attachment, then cleanup the cnode.
1391 */
1392 if ((cp->c_vp == NULL) && (cp->c_rsrc_vp == NULL)) {
1393 hfs_chash_abort(hfsmp, cp);
1394 hfs_reclaim_cnode(hfsmp, cp);
1395 }
1396 else {
1397 hfs_chashwakeup(hfsmp, cp, H_ALLOC | H_ATTACH);
1398 if ((flags & GNV_SKIPLOCK) == 0){
1399 hfs_unlock(cp);
1400 }
1401 }
1402 *vpp = NULL;
1403 goto gnv_exit;
1404 }
1405
1406 /* If no error, then assign the value into the cnode's fields */
1407 *cvpp = vp;
1408
1409 vnode_settag(vp, VT_HFS);
1410 if (cp->c_flag & C_HARDLINK) {
1411 vnode_setmultipath(vp);
1412 }
1413
1414 if (cp->c_attr.ca_recflags & kHFSFastDevCandidateMask) {
1415 vnode_setfastdevicecandidate(vp);
1416 }
1417
1418 if (cp->c_attr.ca_recflags & kHFSAutoCandidateMask) {
1419 vnode_setautocandidate(vp);
1420 }
1421
1422
1423
1424
1425 if (vp && need_update_identity) {
1426 //
1427 // As above, update the name of the vnode if the bytes stored in hfs do not match
1428 // the bytes in the cnp. See this radar:
1429 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1430 // for more details.
1431 //
1432 vnode_update_identity (vp, dvp, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen, 0, VNODE_UPDATE_NAME);
1433 }
1434
1435 /*
1436 * Tag resource fork vnodes as needing an VNOP_INACTIVE
1437 * so that any deferred removes (open unlinked files)
1438 * have the chance to process the resource fork.
1439 */
1440 if (VNODE_IS_RSRC(vp)) {
1441 int err;
1442
1443 KDBG(HFSDBG_GETNEWVNODE, kdebug_vnode(cp->c_vp), kdebug_vnode(cp->c_rsrc_vp));
1444
1445 /* Force VL_NEEDINACTIVE on this vnode */
1446 err = vnode_ref(vp);
1447 if (err == 0) {
1448 vnode_rele(vp);
1449 }
1450 }
1451 hfs_chashwakeup(hfsmp, cp, H_ALLOC | H_ATTACH);
1452
1453 /*
1454 * Stop tracking an active hot file.
1455 */
1456 if (!(flags & GNV_CREATE) && (vtype != VDIR) && !issystemfile && !(hfsmp->hfs_flags & HFS_CS_HOTFILE_PIN)) {
1457 (void) hfs_removehotfile(vp);
1458 }
1459
1460 #if CONFIG_PROTECT
1461 /* Initialize the cp data structures. The key should be in place now. */
1462 if (!issystemfile && (*out_flags & GNV_NEW_CNODE)) {
1463 cp_entry_init(cp, mp);
1464 }
1465 #endif
1466
1467 *vpp = vp;
1468 retval = 0;
1469
1470 gnv_exit:
1471 if (provided_vp) {
1472 /* Release our empty vnode if it was not used */
1473 vnode_put (provided_vp);
1474 }
1475 return retval;
1476 }
1477
1478
1479 static void
1480 hfs_reclaim_cnode(hfsmount_t *hfsmp, struct cnode *cp)
1481 {
1482 #if QUOTA
1483 int i;
1484
1485 for (i = 0; i < MAXQUOTAS; i++) {
1486 if (cp->c_dquot[i] != NODQUOT) {
1487 dqreclaim(cp->c_dquot[i]);
1488 cp->c_dquot[i] = NODQUOT;
1489 }
1490 }
1491 #endif /* QUOTA */
1492
1493 /*
1494 * If the descriptor has a name then release it
1495 */
1496 if ((cp->c_desc.cd_flags & CD_HASBUF) && (cp->c_desc.cd_nameptr != 0)) {
1497 const char *nameptr;
1498
1499 nameptr = (const char *) cp->c_desc.cd_nameptr;
1500 cp->c_desc.cd_nameptr = 0;
1501 cp->c_desc.cd_flags &= ~CD_HASBUF;
1502 cp->c_desc.cd_namelen = 0;
1503 vfs_removename(nameptr);
1504 }
1505
1506 /*
1507 * We only call this function if we are in hfs_vnop_reclaim and
1508 * attempting to reclaim a cnode with only one live fork. Because the vnode
1509 * went through reclaim, any future attempts to use this item will have to
1510 * go through lookup again, which will need to create a new vnode. Thus,
1511 * destroying the locks below is safe.
1512 */
1513
1514 lck_rw_destroy(&cp->c_rwlock, hfs_rwlock_group);
1515 lck_rw_destroy(&cp->c_truncatelock, hfs_rwlock_group);
1516 #if HFS_COMPRESSION
1517 if (cp->c_decmp) {
1518 decmpfs_cnode_destroy(cp->c_decmp);
1519 decmpfs_cnode_free(cp->c_decmp);
1520 }
1521 #endif
1522 #if CONFIG_PROTECT
1523 cp_entry_destroy(hfsmp, cp->c_cpentry);
1524 cp->c_cpentry = NULL;
1525 #else
1526 (void)hfsmp; // Prevent compiler warning
1527 #endif
1528
1529 hfs_zfree(cp, HFS_CNODE_ZONE);
1530 }
1531
1532
1533 /*
1534 * hfs_valid_cnode
1535 *
1536 * This function is used to validate data that is stored in-core against what is contained
1537 * in the catalog. Common uses include validating that the parent-child relationship still exist
1538 * for a specific directory entry (guaranteeing it has not been renamed into a different spot) at
1539 * the point of the check.
1540 */
1541 int
1542 hfs_valid_cnode(struct hfsmount *hfsmp, struct vnode *dvp, struct componentname *cnp,
1543 cnid_t cnid, struct cat_attr *cattr, int *error)
1544 {
1545 struct cat_attr attr;
1546 struct cat_desc cndesc;
1547 int stillvalid = 0;
1548 int lockflags;
1549
1550 /* System files are always valid */
1551 if (cnid < kHFSFirstUserCatalogNodeID) {
1552 *error = 0;
1553 return (1);
1554 }
1555
1556 /* XXX optimization: check write count in dvp */
1557
1558 lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
1559
1560 if (dvp && cnp) {
1561 int lookup = 0;
1562 struct cat_fork fork;
1563 bzero(&cndesc, sizeof(cndesc));
1564 cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
1565 cndesc.cd_namelen = cnp->cn_namelen;
1566 cndesc.cd_parentcnid = VTOC(dvp)->c_fileid;
1567 cndesc.cd_hint = VTOC(dvp)->c_childhint;
1568
1569 /*
1570 * We have to be careful when calling cat_lookup. The result argument
1571 * 'attr' may get different results based on whether or not you ask
1572 * for the filefork to be supplied as output. This is because cat_lookupbykey
1573 * will attempt to do basic validation/smoke tests against the resident
1574 * extents if there are no overflow extent records, but it needs someplace
1575 * in memory to store the on-disk fork structures.
1576 *
1577 * Since hfs_lookup calls cat_lookup with a filefork argument, we should
1578 * do the same here, to verify that block count differences are not
1579 * due to calling the function with different styles. cat_lookupbykey
1580 * will request the volume be fsck'd if there is true on-disk corruption
1581 * where the number of blocks does not match the number generated by
1582 * summing the number of blocks in the resident extents.
1583 */
1584
1585 lookup = cat_lookup (hfsmp, &cndesc, 0, 0, NULL, &attr, &fork, NULL);
1586
1587 if ((lookup == 0) && (cnid == attr.ca_fileid)) {
1588 stillvalid = 1;
1589 *error = 0;
1590 }
1591 else {
1592 *error = ENOENT;
1593 }
1594
1595 /*
1596 * In hfs_getnewvnode, we may encounter a time-of-check vs. time-of-vnode creation
1597 * race. Specifically, if there is no vnode/cnode pair for the directory entry
1598 * being looked up, we have to go to the catalog. But since we don't hold any locks (aside
1599 * from the dvp in 'shared' mode) there is nothing to protect us against the catalog record
1600 * changing in between the time we do the cat_lookup there and the time we re-grab the
1601 * catalog lock above to do another cat_lookup.
1602 *
1603 * However, we need to check more than just the CNID and parent-child name relationships above.
1604 * Hardlinks can suffer the same race in the following scenario: Suppose we do a
1605 * cat_lookup, and find a leaf record and a raw inode for a hardlink. Now, we have
1606 * the cat_attr in hand (passed in above). But in between then and now, the vnode was
1607 * created by a competing hfs_getnewvnode call, and is manipulated and reclaimed before we get
1608 * a chance to do anything. This is possible if there are a lot of threads thrashing around
1609 * with the cnode hash. In this case, if we don't check/validate the cat_attr in-hand, we will
1610 * blindly stuff it into the cnode, which will make the in-core data inconsistent with what is
1611 * on disk. So validate the cat_attr below, if required. This race cannot happen if the cnode/vnode
1612 * already exists, as it does in the case of rename and delete.
1613 */
1614 if (stillvalid && cattr != NULL) {
1615 if (cattr->ca_linkcount != attr.ca_linkcount) {
1616 stillvalid = 0;
1617 *error = ERECYCLE;
1618 goto notvalid;
1619 }
1620
1621 if (cattr->ca_union1.cau_linkref != attr.ca_union1.cau_linkref) {
1622 stillvalid = 0;
1623 *error = ERECYCLE;
1624 goto notvalid;
1625 }
1626
1627 if (cattr->ca_union3.cau_firstlink != attr.ca_union3.cau_firstlink) {
1628 stillvalid = 0;
1629 *error = ERECYCLE;
1630 goto notvalid;
1631 }
1632
1633 if (cattr->ca_union2.cau_blocks != attr.ca_union2.cau_blocks) {
1634 stillvalid = 0;
1635 *error = ERECYCLE;
1636 goto notvalid;
1637 }
1638 }
1639 } else {
1640 if (cat_idlookup(hfsmp, cnid, 0, 0, NULL, NULL, NULL) == 0) {
1641 stillvalid = 1;
1642 *error = 0;
1643 }
1644 else {
1645 *error = ENOENT;
1646 }
1647 }
1648 notvalid:
1649 hfs_systemfile_unlock(hfsmp, lockflags);
1650
1651 return (stillvalid);
1652 }
1653
1654
1655 /*
1656 * Per HI and Finder requirements, HFS should add in the
1657 * date/time that a particular directory entry was added
1658 * to the containing directory.
1659 * This is stored in the extended Finder Info for the
1660 * item in question.
1661 *
1662 * Note that this field is also set explicitly in the hfs_vnop_setxattr code.
1663 * We must ignore user attempts to set this part of the finderinfo, and
1664 * so we need to save a local copy of the date added, write in the user
1665 * finderinfo, then stuff the value back in.
1666 */
1667 void hfs_write_dateadded (struct cat_attr *attrp, u_int32_t dateadded) {
1668 u_int8_t *finfo = NULL;
1669
1670 /* overlay the FinderInfo to the correct pointer, and advance */
1671 finfo = (u_int8_t*)attrp->ca_finderinfo;
1672 finfo = finfo + 16;
1673
1674 /*
1675 * Make sure to write it out as big endian, since that's how
1676 * finder info is defined.
1677 *
1678 * NOTE: This is a Unix-epoch timestamp, not a HFS/Traditional Mac timestamp.
1679 */
1680 if (S_ISREG(attrp->ca_mode)) {
1681 struct FndrExtendedFileInfo *extinfo = (struct FndrExtendedFileInfo *)finfo;
1682 extinfo->date_added = OSSwapHostToBigInt32(dateadded);
1683 attrp->ca_recflags |= kHFSHasDateAddedMask;
1684 }
1685 else if (S_ISDIR(attrp->ca_mode)) {
1686 struct FndrExtendedDirInfo *extinfo = (struct FndrExtendedDirInfo *)finfo;
1687 extinfo->date_added = OSSwapHostToBigInt32(dateadded);
1688 attrp->ca_recflags |= kHFSHasDateAddedMask;
1689 }
1690 /* If it were neither directory/file, then we'd bail out */
1691 return;
1692 }
1693
1694 static u_int32_t
1695 hfs_get_dateadded_internal(const uint8_t *finderinfo, mode_t mode)
1696 {
1697 const uint8_t *finfo = NULL;
1698 u_int32_t dateadded = 0;
1699
1700
1701
1702 /* overlay the FinderInfo to the correct pointer, and advance */
1703 finfo = finderinfo + 16;
1704
1705 /*
1706 * FinderInfo is written out in big endian... make sure to convert it to host
1707 * native before we use it.
1708 */
1709 if (S_ISREG(mode)) {
1710 const struct FndrExtendedFileInfo *extinfo = (const struct FndrExtendedFileInfo *)finfo;
1711 dateadded = OSSwapBigToHostInt32 (extinfo->date_added);
1712 }
1713 else if (S_ISDIR(mode)) {
1714 const struct FndrExtendedDirInfo *extinfo = (const struct FndrExtendedDirInfo *)finfo;
1715 dateadded = OSSwapBigToHostInt32 (extinfo->date_added);
1716 }
1717
1718 return dateadded;
1719 }
1720
1721 u_int32_t
1722 hfs_get_dateadded(struct cnode *cp)
1723 {
1724 if ((cp->c_attr.ca_recflags & kHFSHasDateAddedMask) == 0) {
1725 /* Date added was never set. Return 0. */
1726 return (0);
1727 }
1728
1729 return (hfs_get_dateadded_internal((u_int8_t*)cp->c_finderinfo,
1730 cp->c_attr.ca_mode));
1731 }
1732
1733 u_int32_t
1734 hfs_get_dateadded_from_blob(const uint8_t *finderinfo, mode_t mode)
1735 {
1736 return (hfs_get_dateadded_internal(finderinfo, mode));
1737 }
1738
1739 /*
1740 * Per HI and Finder requirements, HFS maintains a "write/generation
1741 * count" for each file that is incremented on any write & pageout.
1742 * It should start at 1 to reserve "0" as a special value. If it
1743 * should ever wrap around, it will skip using 0.
1744 *
1745 * Note that finderinfo is manipulated in hfs_vnop_setxattr and care
1746 * is and should be taken to ignore user attempts to set the part of
1747 * the finderinfo that records the generation counter.
1748 *
1749 * Any change to the generation counter *must* not be visible before
1750 * the change that caused it (for obvious reasons), and given the
1751 * limitations of our current architecture, the change to the
1752 * generation counter may occur some time afterwards (particularly in
1753 * the case where a file is mapped writable---more on that below).
1754 *
1755 * We make no guarantees about the consistency of a file. In other
1756 * words, a reader that is operating concurrently with a writer might
1757 * see some, but not all of writer's changes, and the generation
1758 * counter will *not* necessarily tell you this has happened. To
1759 * enforce consistency, clients must make their own arrangements
1760 * e.g. use file locking.
1761 *
1762 * We treat files that are mapped writable as a special case: when
1763 * that happens, clients requesting the generation count will be told
1764 * it has a generation count of zero and they use that knowledge as a
1765 * hint that the file is changing and it therefore might be prudent to
1766 * wait until it is no longer mapped writable. Clients should *not*
1767 * rely on this behaviour however; we might decide that it's better
1768 * for us to publish the fact that a file is mapped writable via
1769 * alternate means and return the generation counter when it is mapped
1770 * writable as it still has some, albeit limited, use. We reserve the
1771 * right to make this change.
1772 *
1773 * Lastly, it's important to realise that because data and metadata
1774 * take different paths through the system, it's possible upon crash
1775 * or sudden power loss and after a restart, that a change may be
1776 * visible to the rest of the system without a corresponding change to
1777 * the generation counter. The reverse may also be true, but for all
1778 * practical applications this shouldn't be an issue.
1779 */
1780 void hfs_write_gencount (struct cat_attr *attrp, uint32_t gencount) {
1781 u_int8_t *finfo = NULL;
1782
1783 /* overlay the FinderInfo to the correct pointer, and advance */
1784 finfo = (u_int8_t*)attrp->ca_finderinfo;
1785 finfo = finfo + 16;
1786
1787 /*
1788 * Make sure to write it out as big endian, since that's how
1789 * finder info is defined.
1790 *
1791 * Generation count is only supported for files.
1792 */
1793 if (S_ISREG(attrp->ca_mode)) {
1794 struct FndrExtendedFileInfo *extinfo = (struct FndrExtendedFileInfo *)finfo;
1795 extinfo->write_gen_counter = OSSwapHostToBigInt32(gencount);
1796 }
1797
1798 /* If it were neither directory/file, then we'd bail out */
1799 return;
1800 }
1801
1802 /*
1803 * Increase the gen count by 1; if it wraps around to 0, increment by
1804 * two. The cnode *must* be locked exclusively by the caller.
1805 *
1806 * You may think holding the lock is unnecessary because we only need
1807 * to change the counter, but consider this sequence of events: thread
1808 * A calls hfs_incr_gencount and the generation counter is 2 upon
1809 * entry. A context switch occurs and thread B increments the counter
1810 * to 3, thread C now gets the generation counter (for whatever
1811 * purpose), and then another thread makes another change and the
1812 * generation counter is incremented again---it's now 4. Now thread A
1813 * continues and it sets the generation counter back to 3. So you can
1814 * see, thread C would miss the change that caused the generation
1815 * counter to increment to 4 and for this reason the cnode *must*
1816 * always be locked exclusively.
1817 */
1818 uint32_t hfs_incr_gencount (struct cnode *cp) {
1819 u_int8_t *finfo = NULL;
1820 u_int32_t gcount = 0;
1821
1822 /* overlay the FinderInfo to the correct pointer, and advance */
1823 finfo = (u_int8_t*)cp->c_finderinfo;
1824 finfo = finfo + 16;
1825
1826 /*
1827 * FinderInfo is written out in big endian... make sure to convert it to host
1828 * native before we use it.
1829 *
1830 * NOTE: the write_gen_counter is stored in the same location in both the
1831 * FndrExtendedFileInfo and FndrExtendedDirInfo structs (it's the
1832 * last 32-bit word) so it is safe to have one code path here.
1833 */
1834 if (S_ISDIR(cp->c_attr.ca_mode) || S_ISREG(cp->c_attr.ca_mode)) {
1835 struct FndrExtendedFileInfo *extinfo = (struct FndrExtendedFileInfo *)finfo;
1836 gcount = OSSwapBigToHostInt32 (extinfo->write_gen_counter);
1837
1838 /* Was it zero to begin with (file originated in 10.8 or earlier?) */
1839 if (gcount == 0) {
1840 gcount++;
1841 }
1842
1843 /* now bump it */
1844 gcount++;
1845
1846 /* Did it wrap around ? */
1847 if (gcount == 0) {
1848 gcount++;
1849 }
1850 extinfo->write_gen_counter = OSSwapHostToBigInt32 (gcount);
1851
1852 SET(cp->c_flag, C_MINOR_MOD);
1853 }
1854 else {
1855 gcount = 0;
1856 }
1857
1858 return gcount;
1859 }
1860
1861 /*
1862 * There is no need for any locks here (other than an iocount on an
1863 * associated vnode) because reading and writing an aligned 32 bit
1864 * integer should be atomic on all platforms we support.
1865 */
1866 static u_int32_t
1867 hfs_get_gencount_internal(const uint8_t *finderinfo, mode_t mode)
1868 {
1869 const uint8_t *finfo = NULL;
1870 u_int32_t gcount = 0;
1871
1872 /* overlay the FinderInfo to the correct pointer, and advance */
1873 finfo = finderinfo;
1874 finfo = finfo + 16;
1875
1876 /*
1877 * FinderInfo is written out in big endian... make sure to convert it to host
1878 * native before we use it.
1879 *
1880 * NOTE: the write_gen_counter is stored in the same location in both the
1881 * FndrExtendedFileInfo and FndrExtendedDirInfo structs (it's the
1882 * last 32-bit word) so it is safe to have one code path here.
1883 */
1884 if (S_ISDIR(mode) || S_ISREG(mode)) {
1885 const struct FndrExtendedFileInfo *extinfo = (const struct FndrExtendedFileInfo *)finfo;
1886 gcount = OSSwapBigToHostInt32 (extinfo->write_gen_counter);
1887
1888 /*
1889 * Is it zero? File might originate in 10.8 or earlier. We lie and bump it to 1,
1890 * since the incrementer code is able to handle this case and will double-increment
1891 * for us.
1892 */
1893 if (gcount == 0) {
1894 gcount++;
1895 }
1896 }
1897
1898 return gcount;
1899 }
1900
1901 /* Getter for the gen count */
1902 u_int32_t hfs_get_gencount (struct cnode *cp) {
1903 return hfs_get_gencount_internal(cp->c_finderinfo, cp->c_attr.ca_mode);
1904 }
1905
1906 /* Getter for the gen count from a buffer (currently pointer to finderinfo)*/
1907 u_int32_t hfs_get_gencount_from_blob (const uint8_t *finfoblob, mode_t mode) {
1908 return hfs_get_gencount_internal(finfoblob, mode);
1909 }
1910
1911 void hfs_clear_might_be_dirty_flag(cnode_t *cp)
1912 {
1913 /*
1914 * If we're about to touch both mtime and ctime, we can clear the
1915 * C_MIGHT_BE_DIRTY_FROM_MAPPING since we can guarantee that
1916 * subsequent page-outs can only be for data made dirty before
1917 * now.
1918 */
1919 CLR(cp->c_flag, C_MIGHT_BE_DIRTY_FROM_MAPPING);
1920 }
1921
1922 /*
1923 * Touch cnode times based on c_touch_xxx flags
1924 *
1925 * cnode must be locked exclusive
1926 *
1927 * This will also update the volume modify time
1928 */
1929 void
1930 hfs_touchtimes(struct hfsmount *hfsmp, struct cnode* cp)
1931 {
1932 vfs_context_t ctx;
1933
1934 if (ISSET(hfsmp->hfs_flags, HFS_READ_ONLY) || ISSET(cp->c_flag, C_NOEXISTS)) {
1935 cp->c_touch_acctime = FALSE;
1936 cp->c_touch_chgtime = FALSE;
1937 cp->c_touch_modtime = FALSE;
1938 CLR(cp->c_flag, C_NEEDS_DATEADDED);
1939 return;
1940 }
1941 #if CONFIG_HFS_STD
1942 else if (hfsmp->hfs_flags & HFS_STANDARD) {
1943 /* HFS Standard doesn't support access times */
1944 cp->c_touch_acctime = FALSE;
1945 }
1946 #endif
1947
1948 ctx = vfs_context_current();
1949 /*
1950 * Skip access time updates if:
1951 * . MNT_NOATIME is set
1952 * . a file system freeze is in progress
1953 * . a file system resize is in progress
1954 * . the vnode associated with this cnode is marked for rapid aging
1955 */
1956 if (cp->c_touch_acctime) {
1957 if ((vfs_flags(hfsmp->hfs_mp) & MNT_NOATIME) ||
1958 hfsmp->hfs_freeze_state != HFS_THAWED ||
1959 (hfsmp->hfs_flags & HFS_RESIZE_IN_PROGRESS) ||
1960 (cp->c_vp && ((vnode_israge(cp->c_vp) || (vfs_ctx_skipatime(ctx)))))) {
1961
1962 cp->c_touch_acctime = FALSE;
1963 }
1964 }
1965 if (cp->c_touch_acctime || cp->c_touch_chgtime ||
1966 cp->c_touch_modtime || (cp->c_flag & C_NEEDS_DATEADDED)) {
1967 struct timeval tv;
1968 int touchvol = 0;
1969
1970 if (cp->c_touch_modtime && cp->c_touch_chgtime)
1971 hfs_clear_might_be_dirty_flag(cp);
1972
1973 microtime(&tv);
1974
1975 if (cp->c_touch_acctime) {
1976 /*
1977 * When the access time is the only thing changing, we
1978 * won't necessarily write it to disk immediately. We
1979 * only do the atime update at vnode recycle time, when
1980 * fsync is called or when there's another reason to write
1981 * to the metadata.
1982 */
1983 cp->c_atime = tv.tv_sec;
1984 cp->c_touch_acctime = FALSE;
1985 }
1986 if (cp->c_touch_modtime) {
1987 cp->c_touch_modtime = FALSE;
1988 time_t new_time = tv.tv_sec;
1989 #if CONFIG_HFS_STD
1990 /*
1991 * HFS dates that WE set must be adjusted for DST
1992 */
1993 if ((hfsmp->hfs_flags & HFS_STANDARD) && gTimeZone.tz_dsttime) {
1994 new_time += 3600;
1995 }
1996 #endif
1997 if (cp->c_mtime != new_time) {
1998 cp->c_mtime = new_time;
1999 cp->c_flag |= C_MINOR_MOD;
2000 touchvol = 1;
2001 }
2002 }
2003 if (cp->c_touch_chgtime) {
2004 cp->c_touch_chgtime = FALSE;
2005 if (cp->c_ctime != tv.tv_sec) {
2006 cp->c_ctime = tv.tv_sec;
2007 cp->c_flag |= C_MINOR_MOD;
2008 touchvol = 1;
2009 }
2010 }
2011
2012 if (cp->c_flag & C_NEEDS_DATEADDED) {
2013 hfs_write_dateadded (&(cp->c_attr), tv.tv_sec);
2014 cp->c_flag |= C_MINOR_MOD;
2015 /* untwiddle the bit */
2016 cp->c_flag &= ~C_NEEDS_DATEADDED;
2017 touchvol = 1;
2018 }
2019
2020 /* Touch the volume modtime if needed */
2021 if (touchvol) {
2022 hfs_note_header_minor_change(hfsmp);
2023 HFSTOVCB(hfsmp)->vcbLsMod = tv.tv_sec;
2024 }
2025 }
2026 }
2027
2028 // Use this if you don't want to check the return code
2029 void hfs_lock_always(cnode_t *cp, enum hfs_locktype locktype)
2030 {
2031 hfs_lock(cp, locktype, HFS_LOCK_ALWAYS);
2032 }
2033
2034 /*
2035 * Lock a cnode.
2036 * N.B. If you add any failure cases, *make* sure hfs_lock_always works
2037 */
2038 int
2039 hfs_lock(struct cnode *cp, enum hfs_locktype locktype, enum hfs_lockflags flags)
2040 {
2041 thread_t thread = current_thread();
2042
2043 if (cp->c_lockowner == thread) {
2044 /*
2045 * Only the extents and bitmap files support lock recursion
2046 * here. The other system files support lock recursion in
2047 * hfs_systemfile_lock. Eventually, we should change to
2048 * handle recursion solely in hfs_systemfile_lock.
2049 */
2050 if ((cp->c_fileid == kHFSExtentsFileID) ||
2051 (cp->c_fileid == kHFSAllocationFileID)) {
2052 cp->c_syslockcount++;
2053 } else {
2054 panic("hfs_lock: locking against myself!");
2055 }
2056 } else if (locktype == HFS_SHARED_LOCK) {
2057 lck_rw_lock_shared(&cp->c_rwlock);
2058 cp->c_lockowner = HFS_SHARED_OWNER;
2059 } else { /* HFS_EXCLUSIVE_LOCK */
2060 lck_rw_lock_exclusive(&cp->c_rwlock);
2061 cp->c_lockowner = thread;
2062
2063 /* Only the extents and bitmap files support lock recursion. */
2064 if ((cp->c_fileid == kHFSExtentsFileID) ||
2065 (cp->c_fileid == kHFSAllocationFileID)) {
2066 cp->c_syslockcount = 1;
2067 }
2068 }
2069
2070 #ifdef HFS_CHECK_LOCK_ORDER
2071 /*
2072 * Regular cnodes (non-system files) cannot be locked
2073 * while holding the journal lock or a system file lock.
2074 */
2075 if (!(cp->c_desc.cd_flags & CD_ISMETA) &&
2076 ((cp->c_fileid > kHFSFirstUserCatalogNodeID) || (cp->c_fileid == kHFSRootFolderID))) {
2077 vnode_t vp = NULLVP;
2078
2079 /* Find corresponding vnode. */
2080 if (cp->c_vp != NULLVP && VTOC(cp->c_vp) == cp) {
2081 vp = cp->c_vp;
2082 } else if (cp->c_rsrc_vp != NULLVP && VTOC(cp->c_rsrc_vp) == cp) {
2083 vp = cp->c_rsrc_vp;
2084 }
2085 if (vp != NULLVP) {
2086 struct hfsmount *hfsmp = VTOHFS(vp);
2087
2088 if (hfsmp->jnl && (journal_owner(hfsmp->jnl) == thread)) {
2089 /* This will eventually be a panic here, but we need
2090 to fix where we create the hot files BTree
2091 first. */
2092 printf("hfs_lock: bad lock order (cnode after journal)\n");
2093 }
2094 if (hfsmp->hfs_catalog_cp && hfsmp->hfs_catalog_cp->c_lockowner == thread) {
2095 panic("hfs_lock: bad lock order (cnode after catalog)");
2096 }
2097 if (hfsmp->hfs_attribute_cp && hfsmp->hfs_attribute_cp->c_lockowner == thread) {
2098 panic("hfs_lock: bad lock order (cnode after attribute)");
2099 }
2100 if (hfsmp->hfs_extents_cp && hfsmp->hfs_extents_cp->c_lockowner == thread) {
2101 panic("hfs_lock: bad lock order (cnode after extents)");
2102 }
2103 }
2104 }
2105 #endif /* HFS_CHECK_LOCK_ORDER */
2106
2107 /*
2108 * Skip cnodes for regular files that no longer exist
2109 * (marked deleted, catalog entry gone).
2110 */
2111 if (((flags & HFS_LOCK_ALLOW_NOEXISTS) == 0) &&
2112 ((cp->c_desc.cd_flags & CD_ISMETA) == 0) &&
2113 (cp->c_flag & C_NOEXISTS)) {
2114 hfs_unlock(cp);
2115 return (ENOENT);
2116 }
2117 return (0);
2118 }
2119
2120 bool hfs_lock_upgrade(cnode_t *cp)
2121 {
2122 if (lck_rw_lock_shared_to_exclusive(&cp->c_rwlock)) {
2123 cp->c_lockowner = current_thread();
2124 return true;
2125 } else
2126 return false;
2127 }
2128
2129 /*
2130 * Lock a pair of cnodes.
2131 */
2132 int
2133 hfs_lockpair(struct cnode *cp1, struct cnode *cp2, enum hfs_locktype locktype)
2134 {
2135 struct cnode *first, *last;
2136 int error;
2137
2138 /*
2139 * If cnodes match then just lock one.
2140 */
2141 if (cp1 == cp2) {
2142 return hfs_lock(cp1, locktype, HFS_LOCK_DEFAULT);
2143 }
2144
2145 /*
2146 * Lock in cnode address order.
2147 */
2148 if (cp1 < cp2) {
2149 first = cp1;
2150 last = cp2;
2151 } else {
2152 first = cp2;
2153 last = cp1;
2154 }
2155
2156 if ( (error = hfs_lock(first, locktype, HFS_LOCK_DEFAULT))) {
2157 return (error);
2158 }
2159 if ( (error = hfs_lock(last, locktype, HFS_LOCK_DEFAULT))) {
2160 hfs_unlock(first);
2161 return (error);
2162 }
2163 return (0);
2164 }
2165
2166 /*
2167 * Check ordering of two cnodes. Return true if they are are in-order.
2168 */
2169 static int
2170 hfs_isordered(struct cnode *cp1, struct cnode *cp2)
2171 {
2172 if (cp1 == cp2)
2173 return (0);
2174 if (cp1 == NULL || cp2 == (struct cnode *)0xffffffff)
2175 return (1);
2176 if (cp2 == NULL || cp1 == (struct cnode *)0xffffffff)
2177 return (0);
2178 /*
2179 * Locking order is cnode address order.
2180 */
2181 return (cp1 < cp2);
2182 }
2183
2184 /*
2185 * Acquire 4 cnode locks.
2186 * - locked in cnode address order (lesser address first).
2187 * - all or none of the locks are taken
2188 * - only one lock taken per cnode (dup cnodes are skipped)
2189 * - some of the cnode pointers may be null
2190 */
2191 int
2192 hfs_lockfour(struct cnode *cp1, struct cnode *cp2, struct cnode *cp3,
2193 struct cnode *cp4, enum hfs_locktype locktype, struct cnode **error_cnode)
2194 {
2195 struct cnode * a[3];
2196 struct cnode * b[3];
2197 struct cnode * list[4];
2198 struct cnode * tmp;
2199 int i, j, k;
2200 int error;
2201 if (error_cnode) {
2202 *error_cnode = NULL;
2203 }
2204
2205 if (hfs_isordered(cp1, cp2)) {
2206 a[0] = cp1; a[1] = cp2;
2207 } else {
2208 a[0] = cp2; a[1] = cp1;
2209 }
2210 if (hfs_isordered(cp3, cp4)) {
2211 b[0] = cp3; b[1] = cp4;
2212 } else {
2213 b[0] = cp4; b[1] = cp3;
2214 }
2215 a[2] = (struct cnode *)0xffffffff; /* sentinel value */
2216 b[2] = (struct cnode *)0xffffffff; /* sentinel value */
2217
2218 /*
2219 * Build the lock list, skipping over duplicates
2220 */
2221 for (i = 0, j = 0, k = 0; (i < 2 || j < 2); ) {
2222 tmp = hfs_isordered(a[i], b[j]) ? a[i++] : b[j++];
2223 if (k == 0 || tmp != list[k-1])
2224 list[k++] = tmp;
2225 }
2226
2227 /*
2228 * Now we can lock using list[0 - k].
2229 * Skip over NULL entries.
2230 */
2231 for (i = 0; i < k; ++i) {
2232 if (list[i])
2233 if ((error = hfs_lock(list[i], locktype, HFS_LOCK_DEFAULT))) {
2234 /* Only stuff error_cnode if requested */
2235 if (error_cnode) {
2236 *error_cnode = list[i];
2237 }
2238 /* Drop any locks we acquired. */
2239 while (--i >= 0) {
2240 if (list[i])
2241 hfs_unlock(list[i]);
2242 }
2243 return (error);
2244 }
2245 }
2246 return (0);
2247 }
2248
2249
2250 /*
2251 * Unlock a cnode.
2252 */
2253 void
2254 hfs_unlock(struct cnode *cp)
2255 {
2256 vnode_t rvp = NULLVP;
2257 vnode_t vp = NULLVP;
2258 u_int32_t c_flag = 0;
2259
2260 /*
2261 * Only the extents and bitmap file's support lock recursion.
2262 */
2263 if ((cp->c_fileid == kHFSExtentsFileID) ||
2264 (cp->c_fileid == kHFSAllocationFileID)) {
2265 if (--cp->c_syslockcount > 0) {
2266 return;
2267 }
2268 }
2269
2270 const thread_t thread = current_thread();
2271
2272 if (cp->c_lockowner == thread) {
2273 c_flag = cp->c_flag;
2274
2275 // If we have the truncate lock, we must defer the puts
2276 if (cp->c_truncatelockowner == thread) {
2277 if (ISSET(c_flag, C_NEED_DVNODE_PUT)
2278 && !cp->c_need_dvnode_put_after_truncate_unlock) {
2279 CLR(c_flag, C_NEED_DVNODE_PUT);
2280 cp->c_need_dvnode_put_after_truncate_unlock = true;
2281 }
2282 if (ISSET(c_flag, C_NEED_RVNODE_PUT)
2283 && !cp->c_need_rvnode_put_after_truncate_unlock) {
2284 CLR(c_flag, C_NEED_RVNODE_PUT);
2285 cp->c_need_rvnode_put_after_truncate_unlock = true;
2286 }
2287 }
2288
2289 CLR(cp->c_flag, (C_NEED_DATA_SETSIZE | C_NEED_RSRC_SETSIZE
2290 | C_NEED_DVNODE_PUT | C_NEED_RVNODE_PUT));
2291
2292 if (c_flag & (C_NEED_DVNODE_PUT | C_NEED_DATA_SETSIZE)) {
2293 vp = cp->c_vp;
2294 }
2295 if (c_flag & (C_NEED_RVNODE_PUT | C_NEED_RSRC_SETSIZE)) {
2296 rvp = cp->c_rsrc_vp;
2297 }
2298
2299 cp->c_lockowner = NULL;
2300 lck_rw_unlock_exclusive(&cp->c_rwlock);
2301 } else {
2302 lck_rw_unlock_shared(&cp->c_rwlock);
2303 }
2304
2305 /* Perform any vnode post processing after cnode lock is dropped. */
2306 if (vp) {
2307 if (c_flag & C_NEED_DATA_SETSIZE) {
2308 ubc_setsize(vp, VTOF(vp)->ff_size);
2309 #if HFS_COMPRESSION
2310 /*
2311 * If this is a compressed file, we need to reset the
2312 * compression state. We will have set the size to zero
2313 * above and it will get fixed up later (in exactly the
2314 * same way that new vnodes are fixed up). Note that we
2315 * should only be able to get here if the truncate lock is
2316 * held exclusively and so we do the reset when that's
2317 * unlocked.
2318 */
2319 decmpfs_cnode *dp = VTOCMP(vp);
2320 if (dp && decmpfs_cnode_get_vnode_state(dp) != FILE_TYPE_UNKNOWN)
2321 cp->c_need_decmpfs_reset = true;
2322 #endif
2323 }
2324 if (c_flag & C_NEED_DVNODE_PUT)
2325 vnode_put(vp);
2326 }
2327 if (rvp) {
2328 if (c_flag & C_NEED_RSRC_SETSIZE)
2329 ubc_setsize(rvp, VTOF(rvp)->ff_size);
2330 if (c_flag & C_NEED_RVNODE_PUT)
2331 vnode_put(rvp);
2332 }
2333 }
2334
2335 /*
2336 * Unlock a pair of cnodes.
2337 */
2338 void
2339 hfs_unlockpair(struct cnode *cp1, struct cnode *cp2)
2340 {
2341 hfs_unlock(cp1);
2342 if (cp2 != cp1)
2343 hfs_unlock(cp2);
2344 }
2345
2346 /*
2347 * Unlock a group of cnodes.
2348 */
2349 void
2350 hfs_unlockfour(struct cnode *cp1, struct cnode *cp2, struct cnode *cp3, struct cnode *cp4)
2351 {
2352 struct cnode * list[4];
2353 int i, k = 0;
2354
2355 if (cp1) {
2356 hfs_unlock(cp1);
2357 list[k++] = cp1;
2358 }
2359 if (cp2) {
2360 for (i = 0; i < k; ++i) {
2361 if (list[i] == cp2)
2362 goto skip1;
2363 }
2364 hfs_unlock(cp2);
2365 list[k++] = cp2;
2366 }
2367 skip1:
2368 if (cp3) {
2369 for (i = 0; i < k; ++i) {
2370 if (list[i] == cp3)
2371 goto skip2;
2372 }
2373 hfs_unlock(cp3);
2374 list[k++] = cp3;
2375 }
2376 skip2:
2377 if (cp4) {
2378 for (i = 0; i < k; ++i) {
2379 if (list[i] == cp4)
2380 return;
2381 }
2382 hfs_unlock(cp4);
2383 }
2384 }
2385
2386
2387 /*
2388 * Protect a cnode against a truncation.
2389 *
2390 * Used mainly by read/write since they don't hold the
2391 * cnode lock across calls to the cluster layer.
2392 *
2393 * The process doing a truncation must take the lock
2394 * exclusive. The read/write processes can take it
2395 * shared. The locktype argument is the same as supplied to
2396 * hfs_lock.
2397 */
2398 void
2399 hfs_lock_truncate(struct cnode *cp, enum hfs_locktype locktype, enum hfs_lockflags flags)
2400 {
2401 thread_t thread = current_thread();
2402
2403 if (cp->c_truncatelockowner == thread) {
2404 /*
2405 * Ignore grabbing the lock if it the current thread already
2406 * holds exclusive lock.
2407 *
2408 * This is needed on the hfs_vnop_pagein path where we need to ensure
2409 * the file does not change sizes while we are paging in. However,
2410 * we may already hold the lock exclusive due to another
2411 * VNOP from earlier in the call stack. So if we already hold
2412 * the truncate lock exclusive, allow it to proceed, but ONLY if
2413 * it's in the recursive case.
2414 */
2415 if ((flags & HFS_LOCK_SKIP_IF_EXCLUSIVE) == 0) {
2416 panic("hfs_lock_truncate: cnode %p locked!", cp);
2417 }
2418 } else if (locktype == HFS_SHARED_LOCK) {
2419 lck_rw_lock_shared(&cp->c_truncatelock);
2420 cp->c_truncatelockowner = HFS_SHARED_OWNER;
2421 } else { /* HFS_EXCLUSIVE_LOCK */
2422 lck_rw_lock_exclusive(&cp->c_truncatelock);
2423 cp->c_truncatelockowner = thread;
2424 }
2425 }
2426
2427 bool hfs_truncate_lock_upgrade(struct cnode *cp)
2428 {
2429 hfs_assert(cp->c_truncatelockowner == HFS_SHARED_OWNER);
2430 if (!lck_rw_lock_shared_to_exclusive(&cp->c_truncatelock))
2431 return false;
2432 cp->c_truncatelockowner = current_thread();
2433 return true;
2434 }
2435
2436 void hfs_truncate_lock_downgrade(struct cnode *cp)
2437 {
2438 hfs_assert(cp->c_truncatelockowner == current_thread());
2439 lck_rw_lock_exclusive_to_shared(&cp->c_truncatelock);
2440 cp->c_truncatelockowner = HFS_SHARED_OWNER;
2441 }
2442
2443 /*
2444 * Attempt to get the truncate lock. If it cannot be acquired, error out.
2445 * This function is needed in the degenerate hfs_vnop_pagein during force unmount
2446 * case. To prevent deadlocks while a VM copy object is moving pages, HFS vnop pagein will
2447 * temporarily need to disable V2 semantics.
2448 */
2449 int hfs_try_trunclock (struct cnode *cp, enum hfs_locktype locktype, enum hfs_lockflags flags)
2450 {
2451 thread_t thread = current_thread();
2452 boolean_t didlock = false;
2453
2454 if (cp->c_truncatelockowner == thread) {
2455 /*
2456 * Ignore grabbing the lock if the current thread already
2457 * holds exclusive lock.
2458 *
2459 * This is needed on the hfs_vnop_pagein path where we need to ensure
2460 * the file does not change sizes while we are paging in. However,
2461 * we may already hold the lock exclusive due to another
2462 * VNOP from earlier in the call stack. So if we already hold
2463 * the truncate lock exclusive, allow it to proceed, but ONLY if
2464 * it's in the recursive case.
2465 */
2466 if ((flags & HFS_LOCK_SKIP_IF_EXCLUSIVE) == 0) {
2467 panic("hfs_lock_truncate: cnode %p locked!", cp);
2468 }
2469 } else if (locktype == HFS_SHARED_LOCK) {
2470 didlock = lck_rw_try_lock(&cp->c_truncatelock, LCK_RW_TYPE_SHARED);
2471 if (didlock) {
2472 cp->c_truncatelockowner = HFS_SHARED_OWNER;
2473 }
2474 } else { /* HFS_EXCLUSIVE_LOCK */
2475 didlock = lck_rw_try_lock (&cp->c_truncatelock, LCK_RW_TYPE_EXCLUSIVE);
2476 if (didlock) {
2477 cp->c_truncatelockowner = thread;
2478 }
2479 }
2480
2481 return didlock;
2482 }
2483
2484
2485 /*
2486 * Unlock the truncate lock, which protects against size changes.
2487 *
2488 * If HFS_LOCK_SKIP_IF_EXCLUSIVE flag was set, it means that a previous
2489 * hfs_lock_truncate() might have skipped grabbing a lock because
2490 * the current thread was already holding the lock exclusive and
2491 * we may need to return from this function without actually unlocking
2492 * the truncate lock.
2493 */
2494 void
2495 hfs_unlock_truncate(struct cnode *cp, enum hfs_lockflags flags)
2496 {
2497 thread_t thread = current_thread();
2498
2499 /*
2500 * If HFS_LOCK_SKIP_IF_EXCLUSIVE is set in the flags AND the current
2501 * lock owner of the truncate lock is our current thread, then
2502 * we must have skipped taking the lock earlier by in
2503 * hfs_lock_truncate() by setting HFS_LOCK_SKIP_IF_EXCLUSIVE in the
2504 * flags (as the current thread was current lock owner).
2505 *
2506 * If HFS_LOCK_SKIP_IF_EXCLUSIVE is not set (most of the time) then
2507 * we check the lockowner field to infer whether the lock was taken
2508 * exclusively or shared in order to know what underlying lock
2509 * routine to call.
2510 */
2511 if (flags & HFS_LOCK_SKIP_IF_EXCLUSIVE) {
2512 if (cp->c_truncatelockowner == thread) {
2513 return;
2514 }
2515 }
2516
2517 /* HFS_LOCK_EXCLUSIVE */
2518 if (thread == cp->c_truncatelockowner) {
2519 vnode_t vp = NULL, rvp = NULL;
2520
2521 /*
2522 * If there are pending set sizes, the cnode lock should be dropped
2523 * first.
2524 */
2525 hfs_assert(!(cp->c_lockowner == thread
2526 && ISSET(cp->c_flag, C_NEED_DATA_SETSIZE | C_NEED_RSRC_SETSIZE)));
2527
2528 if (cp->c_need_dvnode_put_after_truncate_unlock) {
2529 vp = cp->c_vp;
2530 cp->c_need_dvnode_put_after_truncate_unlock = false;
2531 }
2532 if (cp->c_need_rvnode_put_after_truncate_unlock) {
2533 rvp = cp->c_rsrc_vp;
2534 cp->c_need_rvnode_put_after_truncate_unlock = false;
2535 }
2536
2537 #if HFS_COMPRESSION
2538 bool reset_decmpfs = cp->c_need_decmpfs_reset;
2539 cp->c_need_decmpfs_reset = false;
2540 #endif
2541
2542 cp->c_truncatelockowner = NULL;
2543 lck_rw_unlock_exclusive(&cp->c_truncatelock);
2544
2545 #if HFS_COMPRESSION
2546 if (reset_decmpfs) {
2547 decmpfs_cnode *dp = cp->c_decmp;
2548 if (dp && decmpfs_cnode_get_vnode_state(dp) != FILE_TYPE_UNKNOWN)
2549 decmpfs_cnode_set_vnode_state(dp, FILE_TYPE_UNKNOWN, 0);
2550 }
2551 #endif
2552
2553 // Do the puts now
2554 if (vp)
2555 vnode_put(vp);
2556 if (rvp)
2557 vnode_put(rvp);
2558 } else { /* HFS_LOCK_SHARED */
2559 lck_rw_unlock_shared(&cp->c_truncatelock);
2560 }
2561 }