1 /* Copyright © 2017-2018 Apple Inc. All rights reserved.
6 * Created by Or Haimovich on 20/3/18.
9 #include "lf_hfs_cnode.h"
11 #include "lf_hfs_vfsops.h"
12 #include "lf_hfs_chash.h"
13 #include "lf_hfs_vfsutils.h"
14 #include "lf_hfs_vnops.h"
15 #include "lf_hfs_logger.h"
16 #include "lf_hfs_utils.h"
17 #include "lf_hfs_btrees_internal.h"
18 #include "lf_hfs_readwrite_ops.h"
19 #include "lf_hfs_utils.h"
21 #include "lf_hfs_xattr.h"
22 #include "lf_hfs_link.h"
23 #include "lf_hfs_generic_buf.h"
26 hfs_reclaim_cnode(struct cnode
*cp
)
29 * If the descriptor has a name then release it
31 if ((cp
->c_desc
.cd_flags
& CD_HASBUF
) && (cp
->c_desc
.cd_nameptr
!= 0))
33 cp
->c_desc
.cd_flags
&= ~CD_HASBUF
;
34 cp
->c_desc
.cd_namelen
= 0;
35 hfs_free((void*)cp
->c_desc
.cd_nameptr
);
36 cp
->c_desc
.cd_nameptr
= NULL
;
40 * We only call this function if we are in hfs_vnop_reclaim and
41 * attempting to reclaim a cnode with only one live fork. Because the vnode
42 * went through reclaim, any future attempts to use this item will have to
43 * go through lookup again, which will need to create a new vnode. Thus,
44 * destroying the locks below is safe.
47 lf_lck_rw_destroy(&cp
->c_rwlock
);
48 lf_cond_destroy(&cp
->c_cacsh_cond
);
49 lf_lck_rw_destroy(&cp
->c_truncatelock
);
55 * hfs_getnewvnode - get new default vnode
57 * The vnode is returned with an iocount and the cnode locked.
58 * The cnode of the parent vnode 'dvp' may or may not be locked, depending on
59 * the circumstances. The cnode in question (if acquiring the resource fork),
60 * may also already be locked at the time we enter this function.
62 * Note that there are both input and output flag arguments to this function.
63 * If one of the input flags (specifically, GNV_USE_VP), is set, then
64 * hfs_getnewvnode will use the parameter *vpp, which is traditionally only
65 * an output parameter, as both an input and output parameter. It will use
66 * the vnode provided in the output, and pass it to vnode_create with the
67 * proper flavor so that a new vnode is _NOT_ created on our behalf when
68 * we dispatch to VFS. This may be important in various HFS vnode creation
69 * routines, such a create or get-resource-fork, because we risk deadlock if
72 * Deadlock potential exists if jetsam is synchronously invoked while we are waiting
73 * for a vnode to be recycled in order to give it the identity we want. If jetsam
74 * happens to target a process for termination that is blocked in-kernel, waiting to
75 * acquire the cnode lock on our parent 'dvp', while our current thread has it locked,
76 * neither side will make forward progress and the watchdog timer will eventually fire.
77 * To prevent this, a caller of hfs_getnewvnode may choose to proactively force
78 * any necessary vnode reclamation/recycling while it is not holding any locks and
79 * thus not prone to deadlock. If this is the case, GNV_USE_VP will be set and
80 * the parameter will be used as described above.
83 * In circumstances when GNV_USE_VP is set, this function _MUST_ clean up and either consume
84 * or dispose of the provided vnode. We funnel all errors to a single return value so that
85 * if provided_vp is still non-NULL, then we will dispose of the vnode. This will occur in
86 * all error cases of this function -- anywhere we zero/NULL out the *vpp parameter. It may
87 * also occur if the current thread raced with another to create the same vnode, and we
88 * find the entry already present in the cnode hash.
92 hfs_getnewvnode(struct hfsmount
*hfsmp
, struct vnode
*dvp
, struct componentname
*cnp
, struct cat_desc
*descp
, int flags
, struct cat_attr
*attrp
, struct cat_fork
*forkp
, struct vnode
**vpp
, int *out_flags
)
94 struct mount
*mp
= HFSTOVFS(hfsmp
);
95 struct vnode
*vp
= NULL
;
97 struct cnode
*cp
= NULL
;
98 struct filefork
*fp
= NULL
;
99 struct vnode
*provided_vp
= NULL
;
100 struct vnode_fsparam vfsp
= {0};
101 enum vtype vtype
= IFTOVT(attrp
->ca_mode
);
104 int issystemfile
= (descp
->cd_flags
& CD_ISMETA
) && (vtype
== VREG
);
105 int wantrsrc
= flags
& GNV_WANTRSRC
;;
106 int need_update_identity
= 0;
108 /* Zero out the out_flags */
111 if (flags
& GNV_USE_VP
)
113 /* Store the provided VP for later use */
117 /* Zero out the vpp regardless of provided input */
120 if (attrp
->ca_fileid
== 0)
127 if ( (vtype
== VBAD
) ||
128 ( (vtype
!= VDIR
&& forkp
&&
129 ( (attrp
->ca_blocks
< forkp
->cf_blocks
) || (howmany((uint64_t)forkp
->cf_size
, hfsmp
->blockSize
) > forkp
->cf_blocks
) ||
130 ( (vtype
== VLNK
) && ((uint64_t)forkp
->cf_size
> MAXPATHLEN
) ) ) ) ) )
132 /* Mark the FS as corrupt and bail out */
133 hfs_mark_inconsistent(hfsmp
, HFS_INCONSISTENCY_DETECTED
);
139 * Get a cnode (new or existing)
141 cp
= hfs_chash_getcnode(hfsmp
, attrp
->ca_fileid
, vpp
, wantrsrc
, (flags
& GNV_SKIPLOCK
), out_flags
, &hflags
);
144 * If the id is no longer valid for lookups we'll get back a NULL cp.
153 * We may have been provided a vnode via
154 * GNV_USE_VP. In this case, we have raced with
155 * a 2nd thread to create the target vnode. The provided
156 * vnode that was passed in will be dealt with at the
157 * end of the function, as we don't zero out the field
158 * until we're ready to pass responsibility to VFS.
163 * If we get a cnode/vnode pair out of hfs_chash_getcnode, then update the
164 * descriptor in the cnode as needed if the cnode represents a hardlink.
165 * We want the caller to get the most up-to-date copy of the descriptor
166 * as possible. However, we only do anything here if there was a valid vnode.
167 * If there isn't a vnode, then the cnode is brand new and needs to be initialized
168 * as it doesn't have a descriptor or cat_attr yet.
170 * If we are about to replace the descriptor with the user-supplied one, then validate
171 * that the descriptor correctly acknowledges this item is a hardlink. We could be
172 * subject to a race where the calling thread invoked cat_lookup, got a valid lookup
173 * result but the file was not yet a hardlink. With sufficient delay between there
174 * and here, we might accidentally copy in the raw inode ID into the descriptor in the
175 * call below. If the descriptor's CNID is the same as the fileID then it must
176 * not yet have been a hardlink when the lookup occurred.
179 if (!(cp
->c_flag
& (C_DELETED
| C_NOEXISTS
)))
182 // If the bytes of the filename in the descp do not match the bytes in the
183 // cnp (and we're not looking up the resource fork), then we want to update
184 // the vnode identity to contain the bytes that HFS stores so that when an
185 // fsevent gets generated, it has the correct filename. otherwise daemons
186 // that match filenames produced by fsevents with filenames they have stored
187 // elsewhere (e.g. bladerunner, backupd, mds), the filenames will not match.
188 // See: <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
191 if (*vpp
&& cnp
&& cnp
->cn_nameptr
&& descp
&& descp
->cd_nameptr
&& strncmp((const char *)cnp
->cn_nameptr
, (const char *)descp
->cd_nameptr
, descp
->cd_namelen
) != 0)
193 vnode_update_identity (*vpp
, dvp
, (const char *)descp
->cd_nameptr
, descp
->cd_namelen
, 0, VNODE_UPDATE_NAME
);
196 if ((cp
->c_flag
& C_HARDLINK
) && descp
->cd_nameptr
&& descp
->cd_namelen
> 0)
198 /* If cnode is uninitialized, its c_attr will be zeroed out; cnids wont match. */
199 if ((descp
->cd_cnid
== cp
->c_attr
.ca_fileid
) && (attrp
->ca_linkcount
!= cp
->c_attr
.ca_linkcount
))
202 if ((flags
& GNV_SKIPLOCK
) == 0)
205 * Then we took the lock. Drop it before calling
206 * vnode_put, which may invoke hfs_vnop_inactive and need to take
207 * the cnode lock again.
213 * Emit ERECYCLE and GNV_CAT_ATTRCHANGED to
214 * force a re-drive in the lookup routine.
215 * Drop the iocount on the vnode obtained from
216 * chash_getcnode if needed.
225 * If we raced with VNOP_RECLAIM for this vnode, the hash code could
226 * have observed it after the c_vp or c_rsrc_vp fields had been torn down;
227 * the hash code peeks at those fields without holding the cnode lock because
228 * it needs to be fast. As a result, we may have set H_ATTACH in the chash
229 * call above. Since we're bailing out, unset whatever flags we just set, and
230 * wake up all waiters for this cnode.
234 hfs_chashwakeup(hfsmp
, cp
, hflags
);
237 *out_flags
= GNV_CAT_ATTRCHANGED
;
244 * Otherwise, CNID != fileid. Go ahead and copy in the new descriptor.
246 * Replacing the descriptor here is fine because we looked up the item without
247 * a vnode in hand before. If a vnode existed, its identity must be attached to this
248 * item. We are not susceptible to the lookup fastpath issue at this point.
250 replace_desc(cp
, descp
);
253 * This item was a hardlink, and its name needed to be updated. By replacing the
254 * descriptor above, we've now updated the cnode's internal representation of
255 * its link ID/CNID, parent ID, and its name. However, VFS must now be alerted
256 * to the fact that this vnode now has a new parent, since we cannot guarantee
257 * that the new link lived in the same directory as the alternative name for
260 if ((*vpp
!= NULL
) && (cnp
|| cp
->c_desc
.cd_nameptr
))
262 /* we could be requesting the rsrc of a hardlink file... */
263 if (cp
->c_desc
.cd_nameptr
)
265 // Update the identity with what we have stored on disk as the name of this file.
266 vnode_update_identity (*vpp
, dvp
, (const char *)cp
->c_desc
.cd_nameptr
, cp
->c_desc
.cd_namelen
, 0, (VNODE_UPDATE_PARENT
| VNODE_UPDATE_NAME
));
270 vnode_update_identity (*vpp
, dvp
, cnp
->cn_nameptr
, cnp
->cn_namelen
, cnp
->cn_hash
, (VNODE_UPDATE_PARENT
| VNODE_UPDATE_NAME
));
278 * At this point, we have performed hardlink and open-unlinked checks
279 * above. We have now validated the state of the vnode that was given back
280 * to us from the cnode hash code and find it safe to return.
289 * If this is a new cnode then initialize it.
291 if (ISSET(cp
->c_hflag
, H_ALLOC
))
293 lf_lck_rw_init(&cp
->c_truncatelock
);
295 /* Make sure its still valid (ie exists on disk). */
296 if (!(flags
& GNV_CREATE
))
299 if (!hfs_valid_cnode (hfsmp
, dvp
, (wantrsrc
? NULL
: cnp
), cp
->c_fileid
, attrp
, &error
))
301 hfs_chash_abort(hfsmp
, cp
);
302 if ((flags
& GNV_SKIPLOCK
) == 0)
307 hfs_reclaim_cnode(cp
);
310 * If we hit this case, that means that the entry was there in the catalog when
311 * we did a cat_lookup earlier. Think hfs_lookup. However, in between the time
312 * that we checked the catalog and the time we went to get a vnode/cnode for it,
313 * it had been removed from the namespace and the vnode totally reclaimed. As a result,
314 * it's not there in the catalog during the check in hfs_valid_cnode and we bubble out
315 * an ENOENT. To indicate to the caller that they should really double-check the
316 * entry (it could have been renamed over and gotten a new fileid), we mark a bit
317 * in the output flags.
321 *out_flags
= GNV_CAT_DELETED
;
327 * Also, we need to protect the cat_attr acquired during hfs_lookup and passed into
328 * this function as an argument because the catalog may have changed w.r.t hardlink
329 * link counts and the firstlink field. If that validation check fails, then let
330 * lookup re-drive itself to get valid/consistent data with the same failure condition below.
332 if (error
== ERECYCLE
)
334 *out_flags
= GNV_CAT_ATTRCHANGED
;
340 bcopy(attrp
, &cp
->c_attr
, sizeof(struct cat_attr
));
341 bcopy(descp
, &cp
->c_desc
, sizeof(struct cat_desc
));
343 /* The name was inherited so clear descriptor state... */
344 descp
->cd_nameptr
= NULL
;
345 descp
->cd_namelen
= 0;
346 descp
->cd_flags
&= ~CD_HASBUF
;
349 if ( (vtype
== VREG
|| vtype
== VDIR
|| vtype
== VSOCK
|| vtype
== VFIFO
) &&
350 (descp
->cd_cnid
!= attrp
->ca_fileid
|| ISSET(attrp
->ca_recflags
, kHFSHasLinkChainMask
) ) )
352 cp
->c_flag
|= C_HARDLINK
;
356 * Fix-up dir link counts.
358 * Earlier versions of Leopard used ca_linkcount for posix
359 * nlink support (effectively the sub-directory count + 2).
360 * That is now accomplished using the ca_dircount field with
361 * the corresponding kHFSHasFolderCountMask flag.
363 * For directories the ca_linkcount is the true link count,
364 * tracking the number of actual hardlinks to a directory.
366 * We only do this if the mount has HFS_FOLDERCOUNT set;
367 * at the moment, we only set that for HFSX volumes.
369 if ( (hfsmp
->hfs_flags
& HFS_FOLDERCOUNT
) && (vtype
== VDIR
) &&
370 (!(attrp
->ca_recflags
& kHFSHasFolderCountMask
)) && (cp
->c_attr
.ca_linkcount
> 1) )
372 if (cp
->c_attr
.ca_entries
== 0)
374 cp
->c_attr
.ca_dircount
= 0;
378 cp
->c_attr
.ca_dircount
= cp
->c_attr
.ca_linkcount
- 2;
381 cp
->c_attr
.ca_linkcount
= 1;
382 cp
->c_attr
.ca_recflags
|= kHFSHasFolderCountMask
;
383 if ( !(hfsmp
->hfs_flags
& HFS_READ_ONLY
) )
385 cp
->c_flag
|= C_MODIFIED
;
389 /* Mark the output flag that we're vending a new cnode */
390 *out_flags
|= GNV_NEW_CNODE
;
395 if (cp
->c_vp
!= NULL
)
397 LFHFS_LOG(LEVEL_ERROR
, "hfs_getnewvnode: orphaned vnode (data)");
405 * Allocate and initialize a file fork...
407 fp
= hfs_malloc(sizeof(struct filefork
));
413 memset(fp
,0,sizeof(struct filefork
));
418 bcopy(forkp
, &fp
->ff_data
, sizeof(struct cat_fork
));
422 bzero(&fp
->ff_data
, sizeof(struct cat_fork
));
424 rl_init(&fp
->ff_invalidranges
);
425 fp
->ff_sysfileinfo
= 0;
429 if (cp
->c_rsrcfork
!= NULL
)
431 LFHFS_LOG(LEVEL_ERROR
, "hfs_getnewvnode: orphaned rsrc fork");
434 if (cp
->c_rsrc_vp
!= NULL
)
436 LFHFS_LOG(LEVEL_ERROR
, "hfs_getnewvnode: orphaned vnode (rsrc)");
440 cvpp
= &cp
->c_rsrc_vp
;
441 if (cp
->c_vp
!= NULL
)
443 cp
->c_flag
|= C_NEED_DVNODE_PUT
;
448 if (cp
->c_datafork
!= NULL
)
450 LFHFS_LOG(LEVEL_ERROR
, "hfs_getnewvnode: orphaned data fork");
453 if (cp
->c_vp
!= NULL
)
455 LFHFS_LOG(LEVEL_ERROR
, "hfs_getnewvnode: orphaned vnode (data)");
461 if (cp
->c_rsrc_vp
!= NULL
)
463 cp
->c_flag
|= C_NEED_RVNODE_PUT
;
469 vfsp
.vnfs_vtype
= vtype
;
470 vfsp
.vnfs_str
= "hfs";
471 if ((cp
->c_flag
& C_HARDLINK
) && (vtype
== VDIR
))
473 vfsp
.vnfs_dvp
= NULL
; /* no parent for me! */
474 vfsp
.vnfs_cnp
= NULL
; /* no name for me! */
481 vfsp
.vnfs_cnp
= hfs_malloc(sizeof(struct componentname
));
482 if (vfsp
.vnfs_cnp
== NULL
)
491 bzero(vfsp
.vnfs_cnp
, sizeof(struct componentname
));
492 memcpy((void*) vfsp
.vnfs_cnp
, (void*)cnp
, sizeof(struct componentname
));
493 vfsp
.vnfs_cnp
->cn_nameptr
= lf_hfs_utils_allocate_and_copy_string( (char*) cnp
->cn_nameptr
, cnp
->cn_namelen
);
496 // Incase of ScanID of hardlinks, take the filename from the cnode
497 if (cp
&& cp
->c_desc
.cd_nameptr
) {
498 vfsp
.vnfs_cnp
= hfs_malloc(sizeof(struct componentname
));
499 if (vfsp
.vnfs_cnp
== NULL
) {
500 if (fp
) hfs_free(fp
);
504 bzero(vfsp
.vnfs_cnp
, sizeof(struct componentname
));
505 vfsp
.vnfs_cnp
->cn_nameptr
= lf_hfs_utils_allocate_and_copy_string( (char*) cp
->c_desc
.cd_nameptr
, cp
->c_desc
.cd_namelen
);
506 vfsp
.vnfs_cnp
->cn_namelen
= cp
->c_desc
.cd_namelen
;
511 vfsp
.vnfs_fsnode
= cp
;
516 vfsp
.vnfs_filesize
= forkp
->cf_size
;
520 vfsp
.vnfs_filesize
= 0;
523 if (cnp
&& cnp
->cn_nameptr
&& cp
->c_desc
.cd_nameptr
&& strncmp((const char *)cnp
->cn_nameptr
, (const char *)cp
->c_desc
.cd_nameptr
, cp
->c_desc
.cd_namelen
) != 0)
526 // We don't want VFS to add an entry for this vnode because the name in the
527 // cnp does not match the bytes stored on disk for this file. Instead we'll
528 // update the identity later after the vnode is created and we'll do so with
529 // the correct bytes for this filename. For more details, see:
530 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
532 need_update_identity
= 1;
536 /* Tag system files */
537 vfsp
.vnfs_marksystem
= issystemfile
;
539 /* Tag root directory */
540 if (descp
->cd_cnid
== kHFSRootFolderID
)
542 vfsp
.vnfs_markroot
= 1;
546 vfsp
.vnfs_markroot
= 0;
550 * If provided_vp was non-NULL, then it is an already-allocated (but not
551 * initialized) vnode. We simply need to initialize it to this identity.
552 * If it was NULL, then assume that we need to call vnode_create with the
553 * normal arguments/types.
559 * After we assign the value of provided_vp into 'vp' (so that it can be
560 * mutated safely by vnode_initialize), we can NULL it out. At this point, the disposal
561 * and handling of the provided vnode will be the responsibility of VFS, which will
562 * clean it up and vnode_put it properly if vnode_initialize fails.
565 retval
= vnode_initialize (sizeof(struct vnode_fsparam
), &vfsp
, &vp
);
566 /* See error handling below for resolving provided_vp */
570 /* Do a standard vnode_create */
571 retval
= vnode_create (sizeof(struct vnode_fsparam
), &vfsp
, &vp
);
575 * We used a local variable to hold the result of vnode_create/vnode_initialize so that
576 * on error cases in vnode_create we won't accidentally harm the cnode's fields
581 /* Clean up if we encountered an error */
583 if (fp
== cp
->c_datafork
)
584 cp
->c_datafork
= NULL
;
586 cp
->c_rsrcfork
= NULL
;
591 * If this is a newly created cnode or a vnode reclaim
592 * occurred during the attachment, then cleanup the cnode.
594 if ((cp
->c_vp
== NULL
) && (cp
->c_rsrc_vp
== NULL
))
596 hfs_chash_abort(hfsmp
, cp
);
598 if ((flags
& GNV_SKIPLOCK
) == 0)
602 hfs_reclaim_cnode(cp
);
606 hfs_chashwakeup(hfsmp
, cp
, H_ALLOC
| H_ATTACH
);
607 if ((flags
& GNV_SKIPLOCK
) == 0)
616 /* If no error, then assign the value into the cnode's fields */
619 if (cp
->c_flag
& C_HARDLINK
)
621 //TBD - this set is for vfs -> since we have the C_HARDLINK
622 // currently disable this set.
623 //vnode_setmultipath(vp);
626 if (vp
&& need_update_identity
)
629 // As above, update the name of the vnode if the bytes stored in hfs do not match
630 // the bytes in the cnp. See this radar:
631 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
634 vnode_update_identity (vp
, dvp
, (const char *)cp
->c_desc
.cd_nameptr
, cp
->c_desc
.cd_namelen
, 0, VNODE_UPDATE_NAME
);
637 * Tag resource fork vnodes as needing an VNOP_INACTIVE
638 * so that any deferred removes (open unlinked files)
639 * have the chance to process the resource fork.
641 if (vp
&& VNODE_IS_RSRC(vp
))
645 hfs_chashwakeup(hfsmp
, cp
, H_ALLOC
| H_ATTACH
);
647 SET_NODE_AS_VALID(vp
);
654 /* Release our empty vnode if it was not used */
655 vnode_rele (provided_vp
);
661 * Check ordering of two cnodes. Return true if they are are in-order.
664 hfs_isordered(struct cnode
*cp1
, struct cnode
*cp2
)
668 if (cp1
== NULL
|| cp2
== (struct cnode
*)0xffffffff)
670 if (cp2
== NULL
|| cp1
== (struct cnode
*)0xffffffff)
673 * Locking order is cnode address order.
679 * Acquire 4 cnode locks.
680 * - locked in cnode address order (lesser address first).
681 * - all or none of the locks are taken
682 * - only one lock taken per cnode (dup cnodes are skipped)
683 * - some of the cnode pointers may be null
686 hfs_lockfour(struct cnode
*cp1
, struct cnode
*cp2
, struct cnode
*cp3
,
687 struct cnode
*cp4
, enum hfs_locktype locktype
, struct cnode
**error_cnode
)
691 struct cnode
* list
[4];
699 if (hfs_isordered(cp1
, cp2
))
701 a
[0] = cp1
; a
[1] = cp2
;
704 a
[0] = cp2
; a
[1] = cp1
;
706 if (hfs_isordered(cp3
, cp4
)) {
707 b
[0] = cp3
; b
[1] = cp4
;
709 b
[0] = cp4
; b
[1] = cp3
;
711 a
[2] = (struct cnode
*)0xffffffff; /* sentinel value */
712 b
[2] = (struct cnode
*)0xffffffff; /* sentinel value */
715 * Build the lock list, skipping over duplicates
717 for (i
= 0, j
= 0, k
= 0; (i
< 2 || j
< 2); ) {
718 tmp
= hfs_isordered(a
[i
], b
[j
]) ? a
[i
++] : b
[j
++];
719 if (k
== 0 || tmp
!= list
[k
-1])
724 * Now we can lock using list[0 - k].
725 * Skip over NULL entries.
727 for (i
= 0; i
< k
; ++i
) {
729 if ((error
= hfs_lock(list
[i
], locktype
, HFS_LOCK_DEFAULT
))) {
730 /* Only stuff error_cnode if requested */
732 *error_cnode
= list
[i
];
734 /* Drop any locks we acquired. */
746 * Unlock a group of cnodes.
749 hfs_unlockfour(struct cnode
*cp1
, struct cnode
*cp2
, struct cnode
*cp3
, struct cnode
*cp4
)
751 struct cnode
* list
[4];
759 for (i
= 0; i
< k
; ++i
) {
768 for (i
= 0; i
< k
; ++i
) {
777 for (i
= 0; i
< k
; ++i
) {
787 * N.B. If you add any failure cases, *make* sure hfs_lock_always works
790 hfs_lock(struct cnode
*cp
, enum hfs_locktype locktype
, enum hfs_lockflags flags
)
792 pthread_t thread
= pthread_self();
794 if (cp
->c_lockowner
== thread
)
797 * Only the extents and bitmap files support lock recursion
798 * here. The other system files support lock recursion in
799 * hfs_systemfile_lock. Eventually, we should change to
800 * handle recursion solely in hfs_systemfile_lock.
802 if ((cp
->c_fileid
== kHFSExtentsFileID
) || (cp
->c_fileid
== kHFSAllocationFileID
))
804 cp
->c_syslockcount
++;
808 LFHFS_LOG(LEVEL_ERROR
, "hfs_lock: locking against myself!");
812 else if (locktype
== HFS_SHARED_LOCK
)
814 lf_lck_rw_lock_shared(&cp
->c_rwlock
);
815 cp
->c_lockowner
= HFS_SHARED_OWNER
;
817 else if (locktype
== HFS_TRY_EXCLUSIVE_LOCK
)
819 if (!lf_lck_rw_try_lock(&cp
->c_rwlock
, LCK_RW_TYPE_EXCLUSIVE
))
821 cp
->c_lockowner
= thread
;
823 /* Only the extents and bitmap files support lock recursion. */
824 if ((cp
->c_fileid
== kHFSExtentsFileID
) || (cp
->c_fileid
== kHFSAllocationFileID
))
826 cp
->c_syslockcount
= 1;
835 { /* HFS_EXCLUSIVE_LOCK */
836 lf_lck_rw_lock_exclusive(&cp
->c_rwlock
);
837 cp
->c_lockowner
= thread
;
838 /* Only the extents and bitmap files support lock recursion. */
839 if ((cp
->c_fileid
== kHFSExtentsFileID
) || (cp
->c_fileid
== kHFSAllocationFileID
))
841 cp
->c_syslockcount
= 1;
846 * Skip cnodes for regular files that no longer exist
847 * (marked deleted, catalog entry gone).
849 if (((flags
& HFS_LOCK_ALLOW_NOEXISTS
) == 0) && ((cp
->c_desc
.cd_flags
& CD_ISMETA
) == 0) && (cp
->c_flag
& C_NOEXISTS
))
861 hfs_unlock(struct cnode
*cp
)
863 u_int32_t c_flag
= 0;
866 * Only the extents and bitmap file's support lock recursion.
868 if ((cp
->c_fileid
== kHFSExtentsFileID
) || (cp
->c_fileid
== kHFSAllocationFileID
))
870 if (--cp
->c_syslockcount
> 0)
876 pthread_t thread
= pthread_self();
878 if (cp
->c_lockowner
== thread
)
882 // If we have the truncate lock, we must defer the puts
883 if (cp
->c_truncatelockowner
== thread
)
885 if (ISSET(c_flag
, C_NEED_DVNODE_PUT
)
886 && !cp
->c_need_dvnode_put_after_truncate_unlock
)
888 CLR(c_flag
, C_NEED_DVNODE_PUT
);
889 cp
->c_need_dvnode_put_after_truncate_unlock
= true;
891 if (ISSET(c_flag
, C_NEED_RVNODE_PUT
)
892 && !cp
->c_need_rvnode_put_after_truncate_unlock
)
894 CLR(c_flag
, C_NEED_RVNODE_PUT
);
895 cp
->c_need_rvnode_put_after_truncate_unlock
= true;
899 CLR(cp
->c_flag
, (C_NEED_DATA_SETSIZE
| C_NEED_RSRC_SETSIZE
| C_NEED_DVNODE_PUT
| C_NEED_RVNODE_PUT
));
901 cp
->c_lockowner
= NULL
;
902 lf_lck_rw_unlock_exclusive(&cp
->c_rwlock
);
906 cp
->c_lockowner
= NULL
;
907 lf_lck_rw_unlock_shared(&cp
->c_rwlock
);
914 * This function is used to validate data that is stored in-core against what is contained
915 * in the catalog. Common uses include validating that the parent-child relationship still exist
916 * for a specific directory entry (guaranteeing it has not been renamed into a different spot) at
917 * the point of the check.
920 hfs_valid_cnode(struct hfsmount
*hfsmp
, struct vnode
*dvp
, struct componentname
*cnp
, cnid_t cnid
, struct cat_attr
*cattr
, int *error
)
922 struct cat_attr attr
;
923 struct cat_desc cndesc
;
926 /* System files are always valid */
927 if (cnid
< kHFSFirstUserCatalogNodeID
)
933 /* XXX optimization: check write count in dvp */
934 int lockflags
= hfs_systemfile_lock(hfsmp
, SFL_CATALOG
, HFS_SHARED_LOCK
);
939 struct cat_fork fork
;
940 bzero(&cndesc
, sizeof(cndesc
));
941 cndesc
.cd_nameptr
= (const u_int8_t
*)cnp
->cn_nameptr
;
942 cndesc
.cd_namelen
= cnp
->cn_namelen
;
943 cndesc
.cd_parentcnid
= VTOC(dvp
)->c_fileid
;
944 cndesc
.cd_hint
= VTOC(dvp
)->c_childhint
;
947 * We have to be careful when calling cat_lookup. The result argument
948 * 'attr' may get different results based on whether or not you ask
949 * for the filefork to be supplied as output. This is because cat_lookupbykey
950 * will attempt to do basic validation/smoke tests against the resident
951 * extents if there are no overflow extent records, but it needs someplace
952 * in memory to store the on-disk fork structures.
954 * Since hfs_lookup calls cat_lookup with a filefork argument, we should
955 * do the same here, to verify that block count differences are not
956 * due to calling the function with different styles. cat_lookupbykey
957 * will request the volume be fsck'd if there is true on-disk corruption
958 * where the number of blocks does not match the number generated by
959 * summing the number of blocks in the resident extents.
961 lookup
= cat_lookup (hfsmp
, &cndesc
, 0, NULL
, &attr
, &fork
, NULL
);
963 if ((lookup
== 0) && (cnid
== attr
.ca_fileid
))
973 * In hfs_getnewvnode, we may encounter a time-of-check vs. time-of-vnode creation
974 * race. Specifically, if there is no vnode/cnode pair for the directory entry
975 * being looked up, we have to go to the catalog. But since we don't hold any locks (aside
976 * from the dvp in 'shared' mode) there is nothing to protect us against the catalog record
977 * changing in between the time we do the cat_lookup there and the time we re-grab the
978 * catalog lock above to do another cat_lookup.
980 * However, we need to check more than just the CNID and parent-child name relationships above.
981 * Hardlinks can suffer the same race in the following scenario: Suppose we do a
982 * cat_lookup, and find a leaf record and a raw inode for a hardlink. Now, we have
983 * the cat_attr in hand (passed in above). But in between then and now, the vnode was
984 * created by a competing hfs_getnewvnode call, and is manipulated and reclaimed before we get
985 * a chance to do anything. This is possible if there are a lot of threads thrashing around
986 * with the cnode hash. In this case, if we don't check/validate the cat_attr in-hand, we will
987 * blindly stuff it into the cnode, which will make the in-core data inconsistent with what is
988 * on disk. So validate the cat_attr below, if required. This race cannot happen if the cnode/vnode
989 * already exists, as it does in the case of rename and delete.
991 if (stillvalid
&& cattr
!= NULL
)
993 if (cattr
->ca_linkcount
!= attr
.ca_linkcount
)
1000 if (cattr
->ca_union1
.cau_linkref
!= attr
.ca_union1
.cau_linkref
)
1007 if (cattr
->ca_union3
.cau_firstlink
!= attr
.ca_union3
.cau_firstlink
)
1013 if (cattr
->ca_union2
.cau_blocks
!= attr
.ca_union2
.cau_blocks
)
1023 if (cat_idlookup(hfsmp
, cnid
, 0, 0, NULL
, NULL
, NULL
) == 0)
1035 hfs_systemfile_unlock(hfsmp
, lockflags
);
1037 return (stillvalid
);
1041 * Protect a cnode against a truncation.
1043 * Used mainly by read/write since they don't hold the
1044 * cnode lock across calls to the cluster layer.
1046 * The process doing a truncation must take the lock
1047 * exclusive. The read/write processes can take it
1048 * shared. The locktype argument is the same as supplied to
1052 hfs_lock_truncate(struct cnode
*cp
, enum hfs_locktype locktype
, enum hfs_lockflags flags
)
1054 pthread_t thread
= pthread_self();
1056 if (cp
->c_truncatelockowner
== thread
) {
1058 * Ignore grabbing the lock if it the current thread already
1059 * holds exclusive lock.
1061 * This is needed on the hfs_vnop_pagein path where we need to ensure
1062 * the file does not change sizes while we are paging in. However,
1063 * we may already hold the lock exclusive due to another
1064 * VNOP from earlier in the call stack. So if we already hold
1065 * the truncate lock exclusive, allow it to proceed, but ONLY if
1066 * it's in the recursive case.
1068 if ((flags
& HFS_LOCK_SKIP_IF_EXCLUSIVE
) == 0)
1070 LFHFS_LOG(LEVEL_ERROR
, "hfs_lock_truncate: cnode %p locked!", cp
);
1073 } else if (locktype
== HFS_SHARED_LOCK
) {
1074 lf_lck_rw_lock_shared(&cp
->c_truncatelock
);
1075 cp
->c_truncatelockowner
= HFS_SHARED_OWNER
;
1076 } else { /* HFS_EXCLUSIVE_LOCK */
1077 lf_lck_rw_lock_exclusive(&cp
->c_truncatelock
);
1078 cp
->c_truncatelockowner
= thread
;
1083 * Unlock the truncate lock, which protects against size changes.
1085 * If HFS_LOCK_SKIP_IF_EXCLUSIVE flag was set, it means that a previous
1086 * hfs_lock_truncate() might have skipped grabbing a lock because
1087 * the current thread was already holding the lock exclusive and
1088 * we may need to return from this function without actually unlocking
1089 * the truncate lock.
1092 hfs_unlock_truncate(struct cnode
*cp
, enum hfs_lockflags flags
)
1094 pthread_t thread
= pthread_self();
1097 * If HFS_LOCK_SKIP_IF_EXCLUSIVE is set in the flags AND the current
1098 * lock owner of the truncate lock is our current thread, then
1099 * we must have skipped taking the lock earlier by in
1100 * hfs_lock_truncate() by setting HFS_LOCK_SKIP_IF_EXCLUSIVE in the
1101 * flags (as the current thread was current lock owner).
1103 * If HFS_LOCK_SKIP_IF_EXCLUSIVE is not set (most of the time) then
1104 * we check the lockowner field to infer whether the lock was taken
1105 * exclusively or shared in order to know what underlying lock
1108 if (flags
& HFS_LOCK_SKIP_IF_EXCLUSIVE
) {
1109 if (cp
->c_truncatelockowner
== thread
) {
1114 /* HFS_LOCK_EXCLUSIVE */
1115 if (thread
== cp
->c_truncatelockowner
) {
1116 // vnode_t vp = NULL, rvp = NULL;
1119 * If there are pending set sizes, the cnode lock should be dropped
1122 hfs_assert(!(cp
->c_lockowner
== thread
1123 && ISSET(cp
->c_flag
, C_NEED_DATA_SETSIZE
| C_NEED_RSRC_SETSIZE
)));
1125 // if (cp->c_need_dvnode_put_after_truncate_unlock) {
1127 // cp->c_need_dvnode_put_after_truncate_unlock = false;
1129 // if (cp->c_need_rvnode_put_after_truncate_unlock) {
1130 // rvp = cp->c_rsrc_vp;
1131 // cp->c_need_rvnode_put_after_truncate_unlock = false;
1134 cp
->c_truncatelockowner
= NULL
;
1135 lf_lck_rw_unlock_exclusive(&cp
->c_truncatelock
);
1137 // // Do the puts now
1143 { /* HFS_LOCK_SHARED */
1144 lf_lck_rw_unlock_shared(&cp
->c_truncatelock
);
1149 * Lock a pair of cnodes.
1152 hfs_lockpair(struct cnode
*cp1
, struct cnode
*cp2
, enum hfs_locktype locktype
)
1154 struct cnode
*first
, *last
;
1158 * If cnodes match then just lock one.
1162 return hfs_lock(cp1
, locktype
, HFS_LOCK_DEFAULT
);
1166 * Lock in cnode address order.
1179 if ( (error
= hfs_lock(first
, locktype
, HFS_LOCK_DEFAULT
)))
1183 if ( (error
= hfs_lock(last
, locktype
, HFS_LOCK_DEFAULT
)))
1192 * Unlock a pair of cnodes.
1195 hfs_unlockpair(struct cnode
*cp1
, struct cnode
*cp2
)
1203 * Increase the gen count by 1; if it wraps around to 0, increment by
1204 * two. The cnode *must* be locked exclusively by the caller.
1206 * You may think holding the lock is unnecessary because we only need
1207 * to change the counter, but consider this sequence of events: thread
1208 * A calls hfs_incr_gencount and the generation counter is 2 upon
1209 * entry. A context switch occurs and thread B increments the counter
1210 * to 3, thread C now gets the generation counter (for whatever
1211 * purpose), and then another thread makes another change and the
1212 * generation counter is incremented again---it's now 4. Now thread A
1213 * continues and it sets the generation counter back to 3. So you can
1214 * see, thread C would miss the change that caused the generation
1215 * counter to increment to 4 and for this reason the cnode *must*
1216 * always be locked exclusively.
1218 uint32_t hfs_incr_gencount (struct cnode
*cp
)
1220 u_int8_t
*finfo
= NULL
;
1221 u_int32_t gcount
= 0;
1223 /* overlay the FinderInfo to the correct pointer, and advance */
1224 finfo
= (u_int8_t
*)cp
->c_finderinfo
;
1228 * FinderInfo is written out in big endian... make sure to convert it to host
1229 * native before we use it.
1231 * NOTE: the write_gen_counter is stored in the same location in both the
1232 * FndrExtendedFileInfo and FndrExtendedDirInfo structs (it's the
1233 * last 32-bit word) so it is safe to have one code path here.
1235 if (S_ISDIR(cp
->c_attr
.ca_mode
) || S_ISREG(cp
->c_attr
.ca_mode
))
1237 struct FndrExtendedFileInfo
*extinfo
= (struct FndrExtendedFileInfo
*)finfo
;
1238 gcount
= extinfo
->write_gen_counter
;
1240 /* Was it zero to begin with (file originated in 10.8 or earlier?) */
1249 /* Did it wrap around ? */
1254 extinfo
->write_gen_counter
= OSSwapHostToBigInt32 (gcount
);
1256 SET(cp
->c_flag
, C_MINOR_MOD
);
1266 void hfs_write_gencount (struct cat_attr
*attrp
, uint32_t gencount
)
1268 u_int8_t
*finfo
= NULL
;
1270 /* overlay the FinderInfo to the correct pointer, and advance */
1271 finfo
= (u_int8_t
*)attrp
->ca_finderinfo
;
1275 * Make sure to write it out as big endian, since that's how
1276 * finder info is defined.
1278 * Generation count is only supported for files.
1280 if (S_ISREG(attrp
->ca_mode
)) {
1281 struct FndrExtendedFileInfo
*extinfo
= (struct FndrExtendedFileInfo
*)finfo
;
1282 extinfo
->write_gen_counter
= OSSwapHostToBigInt32(gencount
);
1285 /* If it were neither directory/file, then we'd bail out */
1289 void hfs_clear_might_be_dirty_flag(cnode_t
*cp
)
1292 * If we're about to touch both mtime and ctime, we can clear the
1293 * C_MIGHT_BE_DIRTY_FROM_MAPPING since we can guarantee that
1294 * subsequent page-outs can only be for data made dirty before
1297 CLR(cp
->c_flag
, C_MIGHT_BE_DIRTY_FROM_MAPPING
);
1301 * Touch cnode times based on c_touch_xxx flags
1303 * cnode must be locked exclusive
1305 * This will also update the volume modify time
1308 hfs_touchtimes(struct hfsmount
*hfsmp
, struct cnode
* cp
)
1311 if (ISSET(hfsmp
->hfs_flags
, HFS_READ_ONLY
) || ISSET(cp
->c_flag
, C_NOEXISTS
)) {
1312 cp
->c_touch_acctime
= FALSE
;
1313 cp
->c_touch_chgtime
= FALSE
;
1314 cp
->c_touch_modtime
= FALSE
;
1315 CLR(cp
->c_flag
, C_NEEDS_DATEADDED
);
1319 if (cp
->c_touch_acctime
|| cp
->c_touch_chgtime
||
1320 cp
->c_touch_modtime
|| (cp
->c_flag
& C_NEEDS_DATEADDED
)) {
1324 if (cp
->c_touch_modtime
&& cp
->c_touch_chgtime
)
1325 hfs_clear_might_be_dirty_flag(cp
);
1329 if (cp
->c_touch_acctime
) {
1331 * When the access time is the only thing changing, we
1332 * won't necessarily write it to disk immediately. We
1333 * only do the atime update at vnode recycle time, when
1334 * fsync is called or when there's another reason to write
1337 cp
->c_atime
= tv
.tv_sec
;
1338 cp
->c_touch_acctime
= FALSE
;
1340 if (cp
->c_touch_modtime
) {
1341 cp
->c_touch_modtime
= FALSE
;
1342 time_t new_time
= tv
.tv_sec
;
1343 if (cp
->c_mtime
!= new_time
) {
1344 cp
->c_mtime
= new_time
;
1345 cp
->c_flag
|= C_MINOR_MOD
;
1349 if (cp
->c_touch_chgtime
) {
1350 cp
->c_touch_chgtime
= FALSE
;
1351 if (cp
->c_ctime
!= tv
.tv_sec
) {
1352 cp
->c_ctime
= tv
.tv_sec
;
1353 cp
->c_flag
|= C_MINOR_MOD
;
1358 if (cp
->c_flag
& C_NEEDS_DATEADDED
) {
1359 hfs_write_dateadded (&(cp
->c_attr
), tv
.tv_sec
);
1360 cp
->c_flag
|= C_MINOR_MOD
;
1361 /* untwiddle the bit */
1362 cp
->c_flag
&= ~C_NEEDS_DATEADDED
;
1366 /* Touch the volume modtime if needed */
1368 hfs_note_header_minor_change(hfsmp
);
1369 HFSTOVCB(hfsmp
)->vcbLsMod
= tv
.tv_sec
;
1375 * Per HI and Finder requirements, HFS should add in the
1376 * date/time that a particular directory entry was added
1377 * to the containing directory.
1378 * This is stored in the extended Finder Info for the
1381 * Note that this field is also set explicitly in the hfs_vnop_setxattr code.
1382 * We must ignore user attempts to set this part of the finderinfo, and
1383 * so we need to save a local copy of the date added, write in the user
1384 * finderinfo, then stuff the value back in.
1386 void hfs_write_dateadded (struct cat_attr
*attrp
, uint64_t dateadded
)
1388 u_int8_t
*finfo
= NULL
;
1390 /* overlay the FinderInfo to the correct pointer, and advance */
1391 finfo
= (u_int8_t
*)attrp
->ca_finderinfo
;
1395 * Make sure to write it out as big endian, since that's how
1396 * finder info is defined.
1398 * NOTE: This is a Unix-epoch timestamp, not a HFS/Traditional Mac timestamp.
1400 if (S_ISREG(attrp
->ca_mode
)) {
1401 struct FndrExtendedFileInfo
*extinfo
= (struct FndrExtendedFileInfo
*)finfo
;
1402 extinfo
->date_added
= OSSwapHostToBigInt32(dateadded
);
1403 attrp
->ca_recflags
|= kHFSHasDateAddedMask
;
1405 else if (S_ISDIR(attrp
->ca_mode
)) {
1406 struct FndrExtendedDirInfo
*extinfo
= (struct FndrExtendedDirInfo
*)finfo
;
1407 extinfo
->date_added
= OSSwapHostToBigInt32(dateadded
);
1408 attrp
->ca_recflags
|= kHFSHasDateAddedMask
;
1410 /* If it were neither directory/file, then we'd bail out */
1415 hfs_get_dateadded_internal(const uint8_t *finderinfo
, mode_t mode
)
1417 const uint8_t *finfo
= NULL
;
1418 u_int32_t dateadded
= 0;
1420 /* overlay the FinderInfo to the correct pointer, and advance */
1421 finfo
= finderinfo
+ 16;
1424 * FinderInfo is written out in big endian... make sure to convert it to host
1425 * native before we use it.
1427 if (S_ISREG(mode
)) {
1428 const struct FndrExtendedFileInfo
*extinfo
= (const struct FndrExtendedFileInfo
*)finfo
;
1429 dateadded
= OSSwapBigToHostInt32 (extinfo
->date_added
);
1431 else if (S_ISDIR(mode
)) {
1432 const struct FndrExtendedDirInfo
*extinfo
= (const struct FndrExtendedDirInfo
*)finfo
;
1433 dateadded
= OSSwapBigToHostInt32 (extinfo
->date_added
);
1440 hfs_get_dateadded(struct cnode
*cp
)
1442 if ((cp
->c_attr
.ca_recflags
& kHFSHasDateAddedMask
) == 0) {
1443 /* Date added was never set. Return 0. */
1447 return (hfs_get_dateadded_internal((u_int8_t
*)cp
->c_finderinfo
,
1448 cp
->c_attr
.ca_mode
));
1452 hfs_cnode_isinuse(struct cnode
*cp
, uint32_t uRefCount
)
1454 return (cp
->uOpenLookupRefCount
> uRefCount
);
1458 * hfs_cnode_teardown
1460 * This is an internal function that is invoked from both hfs_vnop_inactive
1461 * and hfs_vnop_reclaim. As VNOP_INACTIVE is not necessarily called from vnodes
1462 * being recycled and reclaimed, it is important that we do any post-processing
1463 * necessary for the cnode in both places. Important tasks include things such as
1464 * releasing the blocks from an open-unlinked file when all references to it have dropped,
1465 * and handling resource forks separately from data forks.
1467 * Note that we take only the vnode as an argument here (rather than the cnode).
1468 * Recall that each cnode supports two forks (rsrc/data), and we can always get the right
1469 * cnode from either of the vnodes, but the reverse is not true -- we can't determine which
1470 * vnode we need to reclaim if only the cnode is supplied.
1472 * This function is idempotent and safe to call from both hfs_vnop_inactive and hfs_vnop_reclaim
1473 * if both are invoked right after the other. In the second call, most of this function's if()
1474 * conditions will fail, since they apply generally to cnodes still marked with C_DELETED.
1475 * As a quick check to see if this function is necessary, determine if the cnode is already
1476 * marked C_NOEXISTS. If it is, then it is safe to skip this function. The only tasks that
1477 * remain for cnodes marked in such a fashion is to teardown their fork references and
1478 * release all directory hints and hardlink origins. However, both of those are done
1479 * in hfs_vnop_reclaim. hfs_update, by definition, is not necessary if the cnode's catalog
1480 * entry is no longer there.
1482 * 'reclaim' argument specifies whether or not we were called from hfs_vnop_reclaim. If we are
1483 * invoked from hfs_vnop_reclaim, we can not call functions that cluster_push since the UBC info
1484 * is totally gone by that point.
1486 * Assumes that both truncate and cnode locks for 'cp' are held.
1489 hfs_cnode_teardown (struct vnode
*vp
, int reclaim
)
1492 enum vtype v_type
= vp
->sFSParams
.vnfs_vtype
;
1493 struct cnode
* cp
= VTOC(vp
);
1495 bool started_tr
= false;
1496 struct hfsmount
*hfsmp
= VTOHFS(vp
);
1498 cat_cookie_t cookie
;
1499 int cat_reserve
= 0;
1503 if (cp
->c_datafork
) {
1506 if (cp
->c_rsrcfork
) {
1511 * Remove any directory hints or cached origins
1513 if (v_type
== VDIR
) {
1514 hfs_reldirhints(cp
, 0);
1516 if (cp
->c_flag
& C_HARDLINK
) {
1520 * -- Handle open unlinked files --
1522 * If the vnode is in use, it means a force unmount is in progress
1523 * in which case we defer cleaning up until either we come back
1524 * through here via hfs_vnop_reclaim, at which point the UBC
1525 * information will have been torn down and the vnode might no
1526 * longer be in use, or if it's still in use, it will get cleaned
1527 * up when next remounted.
1529 if (ISSET(cp
->c_flag
, C_DELETED
) && !hfs_cnode_isinuse(cp
, 0)) {
1531 * This check is slightly complicated. We should only truncate data
1532 * in very specific cases for open-unlinked files. This is because
1533 * we want to ensure that the resource fork continues to be available
1534 * if the caller has the data fork open. However, this is not symmetric;
1535 * someone who has the resource fork open need not be able to access the data
1536 * fork once the data fork has gone inactive.
1538 * If we're the last fork, then we have cleaning up to do.
1540 * A) last fork, and vp == c_vp
1541 * Truncate away own fork data. If rsrc fork is not in core, truncate it too.
1543 * B) last fork, and vp == c_rsrc_vp
1544 * Truncate ourselves, assume data fork has been cleaned due to C).
1546 * If we're not the last fork, then things are a little different:
1548 * C) not the last fork, vp == c_vp
1549 * Truncate ourselves. Once the file has gone out of the namespace,
1550 * it cannot be further opened. Further access to the rsrc fork may
1551 * continue, however.
1553 * D) not the last fork, vp == c_rsrc_vp
1554 * Don't enter the block below, just clean up vnode and push it out of core.
1557 if ((v_type
== VREG
|| v_type
== VLNK
) &&
1558 ((forkcount
== 1) || (!VNODE_IS_RSRC(vp
)))) {
1560 /* Truncate away our own fork data. (Case A, B, C above) */
1561 if (VTOF(vp
) && VTOF(vp
)->ff_blocks
!= 0) {
1565 * Encapsulate the entire change (including truncating the link) in
1566 * nested transactions if we are modifying a symlink, because we know that its
1567 * file length will be at most 4k, and we can fit both the truncation and
1568 * any relevant bitmap changes into a single journal transaction. We also want
1569 * the kill_block code to execute in the same transaction so that any dirty symlink
1570 * blocks will not be written. Otherwise, rely on
1571 * hfs_truncate doing its own transactions to ensure that we don't blow up
1574 if (!started_tr
&& (v_type
== VLNK
)) {
1575 if (hfs_start_transaction(hfsmp
) != 0) {
1585 * At this point, we have decided that this cnode is
1586 * suitable for full removal. We are about to deallocate
1587 * its blocks and remove its entry from the catalog.
1588 * If it was a symlink, then it's possible that the operation
1589 * which created it is still in the current transaction group
1590 * due to coalescing. Take action here to kill the data blocks
1591 * of the symlink out of the journal before moving to
1592 * deallocate the blocks. We need to be in the middle of
1593 * a transaction before calling buf_iterate like this.
1595 * Note: we have to kill any potential symlink buffers out of
1596 * the journal prior to deallocating their blocks. This is so
1597 * that we don't race with another thread that may be doing an
1598 * an allocation concurrently and pick up these blocks. It could
1599 * generate I/O against them which could go out ahead of our journal
1603 if (hfsmp
->jnl
&& vnode_islnk(vp
)) {
1604 lf_hfs_generic_buf_write_iterate(vp
, hfs_removefile_callback
, BUF_SKIP_NONLOCKED
, (void *)hfsmp
);
1608 * This truncate call (and the one below) is fine from VNOP_RECLAIM's
1609 * context because we're only removing blocks, not zero-filling new
1610 * ones. The C_DELETED check above makes things much simpler.
1612 error
= hfs_truncate(vp
, (off_t
)0, IO_NDELAY
, 0);
1618 /* (SYMLINKS ONLY): Close/End our transaction after truncating the file record */
1620 hfs_end_transaction(hfsmp
);
1627 * Truncate away the resource fork, if we represent the data fork and
1628 * it is the last fork. That means, by definition, the rsrc fork is not in
1629 * core. To avoid bringing a vnode into core for the sole purpose of deleting the
1630 * data in the resource fork, we call cat_lookup directly, then hfs_release_storage
1631 * to get rid of the resource fork's data. Note that because we are holding the
1632 * cnode lock, it is impossible for a competing thread to create the resource fork
1633 * vnode from underneath us while we do this.
1635 * This is invoked via case A above only.
1637 if ((cp
->c_blocks
> 0) && (forkcount
== 1) && (vp
!= cp
->c_rsrc_vp
)) {
1638 struct cat_lookup_buffer
*lookup_rsrc
= NULL
;
1639 struct cat_desc
*desc_ptr
= NULL
;
1641 lookup_rsrc
= hfs_mallocz(sizeof(struct cat_lookup_buffer
));
1643 if (cp
->c_desc
.cd_namelen
== 0) {
1644 /* Initialize the rsrc descriptor for lookup if necessary*/
1645 MAKE_DELETED_NAME (lookup_rsrc
->lookup_name
, HFS_TEMPLOOKUP_NAMELEN
, cp
->c_fileid
);
1647 lookup_rsrc
->lookup_desc
.cd_nameptr
= (const uint8_t*) lookup_rsrc
->lookup_name
;
1648 lookup_rsrc
->lookup_desc
.cd_namelen
= strlen (lookup_rsrc
->lookup_name
);
1649 lookup_rsrc
->lookup_desc
.cd_parentcnid
= hfsmp
->hfs_private_desc
[FILE_HARDLINKS
].cd_cnid
;
1650 lookup_rsrc
->lookup_desc
.cd_cnid
= cp
->c_cnid
;
1652 desc_ptr
= &lookup_rsrc
->lookup_desc
;
1655 desc_ptr
= &cp
->c_desc
;
1658 lockflags
= hfs_systemfile_lock (hfsmp
, SFL_CATALOG
, HFS_SHARED_LOCK
);
1660 error
= cat_lookup (hfsmp
, desc_ptr
, 1, (struct cat_desc
*) NULL
, (struct cat_attr
*) NULL
, &lookup_rsrc
->lookup_fork
.ff_data
, NULL
);
1662 hfs_systemfile_unlock (hfsmp
, lockflags
);
1665 hfs_free(lookup_rsrc
);
1670 * Make the filefork in our temporary struct look like a real
1671 * filefork. Fill in the cp, sysfileinfo and rangelist fields..
1673 rl_init (&lookup_rsrc
->lookup_fork
.ff_invalidranges
);
1674 lookup_rsrc
->lookup_fork
.ff_cp
= cp
;
1677 * If there were no errors, then we have the catalog's fork information
1678 * for the resource fork in question. Go ahead and delete the data in it now.
1681 error
= hfs_release_storage (hfsmp
, NULL
, &lookup_rsrc
->lookup_fork
, cp
->c_fileid
);
1682 hfs_free(lookup_rsrc
);
1689 * This fileid's resource fork extents have now been fully deleted on-disk
1690 * and this CNID is no longer valid. At this point, we should be able to
1691 * zero out cp->c_blocks to indicate there is no data left in this file.
1698 * If we represent the last fork (or none in the case of a dir),
1699 * and the cnode has become open-unlinked...
1701 * We check c_blocks here because it is possible in the force
1702 * unmount case for the data fork to be in use but the resource
1703 * fork to not be in use in which case we will truncate the
1704 * resource fork, but not the data fork. It will get cleaned
1705 * up upon next mount.
1707 if (forkcount
<= 1 && !cp
->c_blocks
) {
1709 * If it has EA's, then we need to get rid of them.
1711 * Note that this must happen outside of any other transactions
1712 * because it starts/ends its own transactions and grabs its
1713 * own locks. This is to prevent a file with a lot of attributes
1714 * from creating a transaction that is too large (which panics).
1716 if (ISSET(cp
->c_attr
.ca_recflags
, kHFSHasAttributesMask
))
1718 ea_error
= hfs_removeallattr(hfsmp
, cp
->c_fileid
, &started_tr
);
1724 * Remove the cnode's catalog entry and release all blocks it
1725 * may have been using.
1729 * Mark cnode in transit so that no one can get this
1730 * cnode from cnode hash.
1732 // hfs_chash_mark_in_transit(hfsmp, cp);
1733 // XXXdbg - remove the cnode from the hash table since it's deleted
1734 // otherwise someone could go to sleep on the cnode and not
1735 // be woken up until this vnode gets recycled which could be
1736 // a very long time...
1737 hfs_chashremove(hfsmp
, cp
);
1739 cp
->c_flag
|= C_NOEXISTS
; // XXXdbg
1743 if (hfs_start_transaction(hfsmp
) != 0) {
1751 * Reserve some space in the Catalog file.
1753 if ((error
= cat_preflight(hfsmp
, CAT_DELETE
, &cookie
))) {
1758 lockflags
= hfs_systemfile_lock(hfsmp
, SFL_CATALOG
| SFL_ATTRIBUTE
, HFS_EXCLUSIVE_LOCK
);
1760 if (cp
->c_blocks
> 0) {
1761 LFHFS_LOG(LEVEL_ERROR
, "hfs_inactive: deleting non-empty%sfile %d, "
1762 "blks %d\n", VNODE_IS_RSRC(vp
) ? " rsrc " : " ",
1763 (int)cp
->c_fileid
, (int)cp
->c_blocks
);
1767 // release the name pointer in the descriptor so that
1768 // cat_delete() will use the file-id to do the deletion.
1769 // in the case of hard links this is imperative (in the
1770 // case of regular files the fileid and cnid are the
1771 // same so it doesn't matter).
1773 cat_releasedesc(&cp
->c_desc
);
1776 * The descriptor name may be zero,
1777 * in which case the fileid is used.
1779 error
= cat_delete(hfsmp
, &cp
->c_desc
, &cp
->c_attr
);
1781 if (error
&& truncated
&& (error
!= ENXIO
)) {
1782 LFHFS_LOG(LEVEL_ERROR
, "hfs_inactive: couldn't delete a truncated file!");
1785 /* Update HFS Private Data dir */
1787 hfsmp
->hfs_private_attr
[FILE_HARDLINKS
].ca_entries
--;
1788 if (vnode_isdir(vp
)) {
1789 DEC_FOLDERCOUNT(hfsmp
, hfsmp
->hfs_private_attr
[FILE_HARDLINKS
]);
1791 (void)cat_update(hfsmp
, &hfsmp
->hfs_private_desc
[FILE_HARDLINKS
],
1792 &hfsmp
->hfs_private_attr
[FILE_HARDLINKS
], NULL
, NULL
);
1795 hfs_systemfile_unlock(hfsmp
, lockflags
);
1801 /* Already set C_NOEXISTS at the beginning of this block */
1802 cp
->c_flag
&= ~C_DELETED
;
1803 cp
->c_touch_chgtime
= TRUE
;
1804 cp
->c_touch_modtime
= TRUE
;
1807 hfs_volupdate(hfsmp
, (v_type
== VDIR
) ? VOL_RMDIR
: VOL_RMFILE
, 0);
1809 } // if <open unlinked>
1811 hfs_update(vp
, reclaim
? HFS_UPDATE_FORCE
: 0);
1814 * Since we are about to finish what might be an inactive call, propagate
1815 * any remaining modified or touch bits from the cnode to the vnode. This
1816 * serves as a hint to vnode recycling that we shouldn't recycle this vnode
1819 * For now, if the node *only* has a dirty atime, we don't mark
1820 * the vnode as dirty. VFS's asynchronous recycling can actually
1821 * lead to worse performance than having it synchronous. When VFS
1822 * is fixed to be more performant, we can be more honest about
1823 * marking vnodes as dirty when it's only the atime that's dirty.
1825 #if LF_HFS_FULL_VNODE_SUPPORT
1826 //TBD - need to decide how we mark a file as dirty
1827 if (hfs_is_dirty(cp
) == HFS_DIRTY
|| ISSET(cp
->c_flag
, C_DELETED
)) {
1830 vnode_cleardirty(vp
);
1836 cat_postflight(hfsmp
, &cookie
);
1839 hfs_end_transaction(hfsmp
);
1847 hfs_fork_release(struct cnode
* cp
, struct vnode
*vp
, bool bIsRsc
, int* piErr
)
1849 struct hfsmount
*hfsmp
= VTOHFS(vp
);
1850 struct filefork
*fp
= NULL
;
1851 struct filefork
*altfp
= NULL
;
1852 int reclaim_cnode
= 0;
1855 * Sync to disk any remaining data in the cnode/vnode. This includes
1856 * a call to hfs_update if the cnode has outbound data.
1858 * If C_NOEXISTS is set on the cnode, then there's nothing teardown needs to do
1859 * because the catalog entry for this cnode is already gone.
1861 INVALIDATE_NODE(vp
);
1863 if (!ISSET(cp
->c_flag
, C_NOEXISTS
)) {
1864 *piErr
= hfs_cnode_teardown(vp
, 1);
1871 if (vp
->sFSParams
.vnfs_cnp
)
1873 if (vp
->sFSParams
.vnfs_cnp
->cn_nameptr
) {
1874 hfs_free(vp
->sFSParams
.vnfs_cnp
->cn_nameptr
);
1875 vp
->sFSParams
.vnfs_cnp
->cn_nameptr
= NULL
;
1877 hfs_free(vp
->sFSParams
.vnfs_cnp
);
1878 vp
->sFSParams
.vnfs_cnp
= NULL
;
1883 fp
= cp
->c_datafork
;
1884 altfp
= cp
->c_rsrcfork
;
1886 cp
->c_datafork
= NULL
;
1889 fp
= cp
->c_rsrcfork
;
1890 altfp
= cp
->c_datafork
;
1892 cp
->c_rsrcfork
= NULL
;
1893 cp
->c_rsrc_vp
= NULL
;
1897 * On the last fork, remove the cnode from its hash chain.
1899 if (altfp
== NULL
) {
1900 /* If we can't remove it then the cnode must persist! */
1901 if (hfs_chashremove(hfsmp
, cp
) == 0)
1904 * Remove any directory hints
1906 if (vnode_isdir(vp
)) {
1907 hfs_reldirhints(cp
, 0);
1910 if(cp
->c_flag
& C_HARDLINK
) {
1915 /* Release the file fork and related data */
1918 /* Dump cached symlink data */
1919 if (vnode_islnk(vp
) && (fp
->ff_symlinkptr
!= NULL
)) {
1920 hfs_free(fp
->ff_symlinkptr
);
1922 rl_remove_all(&fp
->ff_invalidranges
);
1926 return reclaim_cnode
;
1931 * Reclaim a cnode so that it can be used for other purposes.
1934 hfs_vnop_reclaim(struct vnode
*vp
)
1936 if (!vp
) return EINVAL
;
1938 struct cnode
* cp
= VTOC(vp
);
1939 struct hfsmount
*hfsmp
= VTOHFS(vp
);
1940 struct vnode
*altvp
= NULL
;
1941 int reclaim_cnode
= 0;
1945 * We don't take the truncate lock since by the time reclaim comes along,
1946 * all dirty pages have been synced and nobody should be competing
1947 * with us for this thread.
1949 hfs_chash_mark_in_transit(hfsmp
, cp
);
1951 hfs_lock(cp
, HFS_EXCLUSIVE_LOCK
, HFS_LOCK_DEFAULT
);
1952 lf_hfs_generic_buf_cache_LockBufCache();
1954 //In case we have other open lookups
1955 //We need to decrease the counter and exit
1956 if (cp
->uOpenLookupRefCount
> 1)
1958 hfs_chash_lower_OpenLookupCounter(cp
);
1959 hfs_chashwakeup(hfsmp
, cp
, H_ALLOC
| H_TRANSIT
);
1960 lf_hfs_generic_buf_cache_UnLockBufCache();
1965 if (cp
->uOpenLookupRefCount
== 0) assert(0);
1967 hfs_chash_lower_OpenLookupCounter(cp
);
1968 lf_hfs_generic_buf_cache_remove_vnode(vp
);
1970 lf_hfs_generic_buf_cache_UnLockBufCache();
1973 * Find file fork for this vnode (if any)
1974 * Also check if another fork is active
1976 if (cp
->c_vp
== vp
) {
1978 reclaim_cnode
= hfs_fork_release(cp
, vp
, false, &err
);
1979 if (err
) return err
;
1981 if (!reclaim_cnode
&& cp
->c_rsrc_vp
!= NULL
)
1983 altvp
= cp
->c_rsrc_vp
;
1984 reclaim_cnode
= hfs_fork_release(cp
, altvp
, true, &err
);
1985 if (err
) return err
;
1987 } else if (cp
->c_rsrc_vp
== vp
) {
1988 reclaim_cnode
= hfs_fork_release(cp
, vp
, true, &err
);
1989 if (err
) return err
;
1991 if (!reclaim_cnode
&& cp
->c_vp
!= NULL
)
1994 reclaim_cnode
= hfs_fork_release(cp
, altvp
, false, &err
);
1995 if (err
) return err
;
1998 LFHFS_LOG(LEVEL_ERROR
, "hfs_vnop_reclaim: vp points to wrong cnode (vp=%p cp->c_vp=%p cp->c_rsrc_vp=%p)\n", vp
, cp
->c_vp
, cp
->c_rsrc_vp
);
2003 * If there was only one active fork then we can release the cnode.
2005 if (reclaim_cnode
) {
2007 hfs_chashwakeup(hfsmp
, cp
, H_ALLOC
);
2008 hfs_reclaim_cnode(cp
);
2013 * cnode in use. If it is a directory, it could have
2014 * no live forks. Just release the lock.