]> git.saurik.com Git - apple/hfs.git/blob - core/hfs_cnode.c
projects / apple / hfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hfs-556.100.11.tar.gz
[apple/hfs.git] / core / hfs_cnode.c
1 /*
2 * Copyright (c) 2002-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 #include <sys/param.h>
29 #include <sys/systm.h>
30 #include <sys/proc.h>
31 #include <sys/vnode.h>
32 #include <sys/mount.h>
33 #include <sys/kernel.h>
34 #include <sys/malloc.h>
35 #include <sys/time.h>
36 #include <sys/ubc.h>
37 #include <sys/quota.h>
38 #include <sys/kdebug.h>
39 #include <libkern/OSByteOrder.h>
40 #include <sys/namei.h>
41
42 #include <kern/locks.h>
43
44 #include <miscfs/specfs/specdev.h>
45 #include <miscfs/fifofs/fifo.h>
46
47 #include "hfs.h"
48 #include "hfs_catalog.h"
49 #include "hfs_cnode.h"
50 #include "hfs_quota.h"
51 #include "hfs_format.h"
52 #include "hfs_kdebug.h"
53 #include "hfs_cprotect.h"
54
55 extern int prtactive;
56
57 extern lck_attr_t * hfs_lock_attr;
58 extern lck_grp_t * hfs_mutex_group;
59 extern lck_grp_t * hfs_rwlock_group;
60
61 static void hfs_reclaim_cnode(hfsmount_t *hfsmp, struct cnode *);
62 static int hfs_cnode_teardown (struct vnode *vp, vfs_context_t ctx, int reclaim);
63 static int hfs_isordered(struct cnode *, struct cnode *);
64
65 extern int hfs_removefile_callback(struct buf *bp, void *hfsmp);
66
67 uint32_t _hfs_max_origins = MAX_CACHED_ORIGINS_DEFAULT;
68 uint32_t _hfs_max_file_origins = MAX_CACHED_FILE_ORIGINS_DEFAULT;
69
70 __inline__ int hfs_checkdeleted (struct cnode *cp) {
71 return ((cp->c_flag & (C_DELETED | C_NOEXISTS)) ? ENOENT : 0);
72 }
73
74 /*
75 * Function used by a special fcntl() that decorates a cnode/vnode that
76 * indicates it is backing another filesystem, like a disk image.
77 *
78 * the argument 'val' indicates whether or not to set the bit in the cnode flags
79 *
80 * Returns non-zero on failure. 0 on success
81 */
82 int hfs_set_backingstore (struct vnode *vp, int val) {
83 struct cnode *cp = NULL;
84 int err = 0;
85
86 cp = VTOC(vp);
87 if (!vnode_isreg(vp) && !vnode_isdir(vp)) {
88 return EINVAL;
89 }
90
91 /* lock the cnode */
92 err = hfs_lock (cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT);
93 if (err) {
94 return err;
95 }
96
97 if (val) {
98 cp->c_flag |= C_BACKINGSTORE;
99 }
100 else {
101 cp->c_flag &= ~C_BACKINGSTORE;
102 }
103
104 /* unlock everything */
105 hfs_unlock (cp);
106
107 return err;
108 }
109
110 /*
111 * Function used by a special fcntl() that check to see if a cnode/vnode
112 * indicates it is backing another filesystem, like a disk image.
113 *
114 * the argument 'val' is an output argument for whether or not the bit is set
115 *
116 * Returns non-zero on failure. 0 on success
117 */
118
119 int hfs_is_backingstore (struct vnode *vp, int *val) {
120 struct cnode *cp = NULL;
121 int err = 0;
122
123 if (!vnode_isreg(vp) && !vnode_isdir(vp)) {
124 *val = 0;
125 return 0;
126 }
127
128 cp = VTOC(vp);
129
130 /* lock the cnode */
131 err = hfs_lock (cp, HFS_SHARED_LOCK, HFS_LOCK_DEFAULT);
132 if (err) {
133 return err;
134 }
135
136 if (cp->c_flag & C_BACKINGSTORE) {
137 *val = 1;
138 }
139 else {
140 *val = 0;
141 }
142
143 /* unlock everything */
144 hfs_unlock (cp);
145
146 return err;
147 }
148
149
150 /*
151 * hfs_cnode_teardown
152 *
153 * This is an internal function that is invoked from both hfs_vnop_inactive
154 * and hfs_vnop_reclaim. As VNOP_INACTIVE is not necessarily called from vnodes
155 * being recycled and reclaimed, it is important that we do any post-processing
156 * necessary for the cnode in both places. Important tasks include things such as
157 * releasing the blocks from an open-unlinked file when all references to it have dropped,
158 * and handling resource forks separately from data forks.
159 *
160 * Note that we take only the vnode as an argument here (rather than the cnode).
161 * Recall that each cnode supports two forks (rsrc/data), and we can always get the right
162 * cnode from either of the vnodes, but the reverse is not true -- we can't determine which
163 * vnode we need to reclaim if only the cnode is supplied.
164 *
165 * This function is idempotent and safe to call from both hfs_vnop_inactive and hfs_vnop_reclaim
166 * if both are invoked right after the other. In the second call, most of this function's if()
167 * conditions will fail, since they apply generally to cnodes still marked with C_DELETED.
168 * As a quick check to see if this function is necessary, determine if the cnode is already
169 * marked C_NOEXISTS. If it is, then it is safe to skip this function. The only tasks that
170 * remain for cnodes marked in such a fashion is to teardown their fork references and
171 * release all directory hints and hardlink origins. However, both of those are done
172 * in hfs_vnop_reclaim. hfs_update, by definition, is not necessary if the cnode's catalog
173 * entry is no longer there.
174 *
175 * 'reclaim' argument specifies whether or not we were called from hfs_vnop_reclaim. If we are
176 * invoked from hfs_vnop_reclaim, we can not call functions that cluster_push since the UBC info
177 * is totally gone by that point.
178 *
179 * Assumes that both truncate and cnode locks for 'cp' are held.
180 */
181 static
182 int hfs_cnode_teardown (struct vnode *vp, vfs_context_t ctx, int reclaim)
183 {
184 int forkcount = 0;
185 enum vtype v_type;
186 struct cnode *cp;
187 int error = 0;
188 bool started_tr = false;
189 struct hfsmount *hfsmp = VTOHFS(vp);
190 struct proc *p = vfs_context_proc(ctx);
191 int truncated = 0;
192 cat_cookie_t cookie;
193 int cat_reserve = 0;
194 int lockflags;
195 int ea_error = 0;
196
197 v_type = vnode_vtype(vp);
198 cp = VTOC(vp);
199
200 if (cp->c_datafork) {
201 ++forkcount;
202 }
203 if (cp->c_rsrcfork) {
204 ++forkcount;
205 }
206
207 /*
208 * Push file data out for normal files that haven't been evicted from
209 * the namespace. We only do this if this function was not called from reclaim,
210 * because by that point the UBC information has been totally torn down.
211 *
212 * There should also be no way that a normal file that has NOT been deleted from
213 * the namespace to skip INACTIVE and go straight to RECLAIM. That race only happens
214 * when the file becomes open-unlinked.
215 */
216 if ((v_type == VREG) &&
217 (!ISSET(cp->c_flag, C_DELETED)) &&
218 (!ISSET(cp->c_flag, C_NOEXISTS)) &&
219 (VTOF(vp)->ff_blocks) &&
220 (reclaim == 0)) {
221 /*
222 * If we're called from hfs_vnop_inactive, all this means is at the time
223 * the logic for deciding to call this function, there were not any lingering
224 * mmap/fd references for this file. However, there is nothing preventing the system
225 * from creating a new reference in between the time that logic was checked
226 * and we entered hfs_vnop_inactive. As a result, the only time we can guarantee
227 * that there aren't any references is during vnop_reclaim.
228 */
229 hfs_filedone(vp, ctx, 0);
230 }
231
232 /*
233 * Remove any directory hints or cached origins
234 */
235 if (v_type == VDIR) {
236 hfs_reldirhints(cp, 0);
237 }
238 if (cp->c_flag & C_HARDLINK) {
239 hfs_relorigins(cp);
240 }
241
242 /*
243 * -- Handle open unlinked files --
244 *
245 * If the vnode is in use, it means a force unmount is in progress
246 * in which case we defer cleaning up until either we come back
247 * through here via hfs_vnop_reclaim, at which point the UBC
248 * information will have been torn down and the vnode might no
249 * longer be in use, or if it's still in use, it will get cleaned
250 * up when next remounted.
251 */
252 if (ISSET(cp->c_flag, C_DELETED) && !vnode_isinuse(vp, 0)) {
253 /*
254 * This check is slightly complicated. We should only truncate data
255 * in very specific cases for open-unlinked files. This is because
256 * we want to ensure that the resource fork continues to be available
257 * if the caller has the data fork open. However, this is not symmetric;
258 * someone who has the resource fork open need not be able to access the data
259 * fork once the data fork has gone inactive.
260 *
261 * If we're the last fork, then we have cleaning up to do.
262 *
263 * A) last fork, and vp == c_vp
264 * Truncate away own fork data. If rsrc fork is not in core, truncate it too.
265 *
266 * B) last fork, and vp == c_rsrc_vp
267 * Truncate ourselves, assume data fork has been cleaned due to C).
268 *
269 * If we're not the last fork, then things are a little different:
270 *
271 * C) not the last fork, vp == c_vp
272 * Truncate ourselves. Once the file has gone out of the namespace,
273 * it cannot be further opened. Further access to the rsrc fork may
274 * continue, however.
275 *
276 * D) not the last fork, vp == c_rsrc_vp
277 * Don't enter the block below, just clean up vnode and push it out of core.
278 */
279
280 if ((v_type == VREG || v_type == VLNK) &&
281 ((forkcount == 1) || (!VNODE_IS_RSRC(vp)))) {
282
283 /* Truncate away our own fork data. (Case A, B, C above) */
284 if (VTOF(vp)->ff_blocks != 0) {
285 /*
286 * SYMLINKS only:
287 *
288 * Encapsulate the entire change (including truncating the link) in
289 * nested transactions if we are modifying a symlink, because we know that its
290 * file length will be at most 4k, and we can fit both the truncation and
291 * any relevant bitmap changes into a single journal transaction. We also want
292 * the kill_block code to execute in the same transaction so that any dirty symlink
293 * blocks will not be written. Otherwise, rely on
294 * hfs_truncate doing its own transactions to ensure that we don't blow up
295 * the journal.
296 */
297 if (!started_tr && (v_type == VLNK)) {
298 if (hfs_start_transaction(hfsmp) != 0) {
299 error = EINVAL;
300 goto out;
301 }
302 else {
303 started_tr = true;
304 }
305 }
306
307 /*
308 * At this point, we have decided that this cnode is
309 * suitable for full removal. We are about to deallocate
310 * its blocks and remove its entry from the catalog.
311 * If it was a symlink, then it's possible that the operation
312 * which created it is still in the current transaction group
313 * due to coalescing. Take action here to kill the data blocks
314 * of the symlink out of the journal before moving to
315 * deallocate the blocks. We need to be in the middle of
316 * a transaction before calling buf_iterate like this.
317 *
318 * Note: we have to kill any potential symlink buffers out of
319 * the journal prior to deallocating their blocks. This is so
320 * that we don't race with another thread that may be doing an
321 * an allocation concurrently and pick up these blocks. It could
322 * generate I/O against them which could go out ahead of our journal
323 * transaction.
324 */
325
326 if (hfsmp->jnl && vnode_islnk(vp)) {
327 buf_iterate(vp, hfs_removefile_callback, BUF_SKIP_NONLOCKED, (void *)hfsmp);
328 }
329
330
331 /*
332 * This truncate call (and the one below) is fine from VNOP_RECLAIM's
333 * context because we're only removing blocks, not zero-filling new
334 * ones. The C_DELETED check above makes things much simpler.
335 */
336 error = hfs_truncate(vp, (off_t)0, IO_NDELAY, 0, ctx);
337 if (error) {
338 goto out;
339 }
340 truncated = 1;
341
342 /* (SYMLINKS ONLY): Close/End our transaction after truncating the file record */
343 if (started_tr) {
344 hfs_end_transaction(hfsmp);
345 started_tr = false;
346 }
347
348 }
349
350 /*
351 * Truncate away the resource fork, if we represent the data fork and
352 * it is the last fork. That means, by definition, the rsrc fork is not in
353 * core. To avoid bringing a vnode into core for the sole purpose of deleting the
354 * data in the resource fork, we call cat_lookup directly, then hfs_release_storage
355 * to get rid of the resource fork's data. Note that because we are holding the
356 * cnode lock, it is impossible for a competing thread to create the resource fork
357 * vnode from underneath us while we do this.
358 *
359 * This is invoked via case A above only.
360 */
361 if ((cp->c_blocks > 0) && (forkcount == 1) && (vp != cp->c_rsrc_vp)) {
362 struct cat_lookup_buffer *lookup_rsrc = NULL;
363 struct cat_desc *desc_ptr = NULL;
364 lockflags = 0;
365
366 lookup_rsrc = hfs_mallocz(sizeof(*lookup_rsrc));
367
368 if (cp->c_desc.cd_namelen == 0) {
369 /* Initialize the rsrc descriptor for lookup if necessary*/
370 MAKE_DELETED_NAME (lookup_rsrc->lookup_name, HFS_TEMPLOOKUP_NAMELEN, cp->c_fileid);
371
372 lookup_rsrc->lookup_desc.cd_nameptr = (const uint8_t*) lookup_rsrc->lookup_name;
373 lookup_rsrc->lookup_desc.cd_namelen = strlen (lookup_rsrc->lookup_name);
374 lookup_rsrc->lookup_desc.cd_parentcnid = hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid;
375 lookup_rsrc->lookup_desc.cd_cnid = cp->c_cnid;
376
377 desc_ptr = &lookup_rsrc->lookup_desc;
378 }
379 else {
380 desc_ptr = &cp->c_desc;
381 }
382
383 lockflags = hfs_systemfile_lock (hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
384
385 error = cat_lookup (hfsmp, desc_ptr, 1, 0, (struct cat_desc *) NULL,
386 (struct cat_attr*) NULL, &lookup_rsrc->lookup_fork.ff_data, NULL);
387
388 hfs_systemfile_unlock (hfsmp, lockflags);
389
390 if (error) {
391 hfs_free(lookup_rsrc, sizeof(*lookup_rsrc));
392 goto out;
393 }
394
395 /*
396 * Make the filefork in our temporary struct look like a real
397 * filefork. Fill in the cp, sysfileinfo and rangelist fields..
398 */
399 rl_init (&lookup_rsrc->lookup_fork.ff_invalidranges);
400 lookup_rsrc->lookup_fork.ff_cp = cp;
401
402 /*
403 * If there were no errors, then we have the catalog's fork information
404 * for the resource fork in question. Go ahead and delete the data in it now.
405 */
406
407 error = hfs_release_storage (hfsmp, NULL, &lookup_rsrc->lookup_fork, cp->c_fileid);
408 hfs_free(lookup_rsrc, sizeof(*lookup_rsrc));
409
410 if (error) {
411 goto out;
412 }
413
414 /*
415 * This fileid's resource fork extents have now been fully deleted on-disk
416 * and this CNID is no longer valid. At this point, we should be able to
417 * zero out cp->c_blocks to indicate there is no data left in this file.
418 */
419 cp->c_blocks = 0;
420 }
421 }
422
423 /*
424 * If we represent the last fork (or none in the case of a dir),
425 * and the cnode has become open-unlinked...
426 *
427 * We check c_blocks here because it is possible in the force
428 * unmount case for the data fork to be in use but the resource
429 * fork to not be in use in which case we will truncate the
430 * resource fork, but not the data fork. It will get cleaned
431 * up upon next mount.
432 */
433 if (forkcount <= 1 && !cp->c_blocks) {
434 /*
435 * If it has EA's, then we need to get rid of them.
436 *
437 * Note that this must happen outside of any other transactions
438 * because it starts/ends its own transactions and grabs its
439 * own locks. This is to prevent a file with a lot of attributes
440 * from creating a transaction that is too large (which panics).
441 */
442 if (ISSET(cp->c_attr.ca_recflags, kHFSHasAttributesMask))
443 ea_error = hfs_removeallattr(hfsmp, cp->c_fileid, &started_tr);
444
445 /*
446 * Remove the cnode's catalog entry and release all blocks it
447 * may have been using.
448 */
449
450 /*
451 * Mark cnode in transit so that no one can get this
452 * cnode from cnode hash.
453 */
454 // hfs_chash_mark_in_transit(hfsmp, cp);
455 // XXXdbg - remove the cnode from the hash table since it's deleted
456 // otherwise someone could go to sleep on the cnode and not
457 // be woken up until this vnode gets recycled which could be
458 // a very long time...
459 hfs_chashremove(hfsmp, cp);
460
461 cp->c_flag |= C_NOEXISTS; // XXXdbg
462 cp->c_rdev = 0;
463
464 if (!started_tr) {
465 if (hfs_start_transaction(hfsmp) != 0) {
466 error = EINVAL;
467 goto out;
468 }
469 started_tr = true;
470 }
471
472 /*
473 * Reserve some space in the Catalog file.
474 */
475 if ((error = cat_preflight(hfsmp, CAT_DELETE, &cookie, p))) {
476 goto out;
477 }
478 cat_reserve = 1;
479
480 lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG | SFL_ATTRIBUTE, HFS_EXCLUSIVE_LOCK);
481
482 if (cp->c_blocks > 0) {
483 printf("hfs_inactive: deleting non-empty%sfile %d, "
484 "blks %d\n", VNODE_IS_RSRC(vp) ? " rsrc " : " ",
485 (int)cp->c_fileid, (int)cp->c_blocks);
486 }
487
488 //
489 // release the name pointer in the descriptor so that
490 // cat_delete() will use the file-id to do the deletion.
491 // in the case of hard links this is imperative (in the
492 // case of regular files the fileid and cnid are the
493 // same so it doesn't matter).
494 //
495 cat_releasedesc(&cp->c_desc);
496
497 /*
498 * The descriptor name may be zero,
499 * in which case the fileid is used.
500 */
501 error = cat_delete(hfsmp, &cp->c_desc, &cp->c_attr);
502
503 if (error && truncated && (error != ENXIO)) {
504 printf("hfs_inactive: couldn't delete a truncated file!");
505 }
506
507 /* Update HFS Private Data dir */
508 if (error == 0) {
509 hfsmp->hfs_private_attr[FILE_HARDLINKS].ca_entries--;
510 if (vnode_isdir(vp)) {
511 DEC_FOLDERCOUNT(hfsmp, hfsmp->hfs_private_attr[FILE_HARDLINKS]);
512 }
513 (void)cat_update(hfsmp, &hfsmp->hfs_private_desc[FILE_HARDLINKS],
514 &hfsmp->hfs_private_attr[FILE_HARDLINKS], NULL, NULL);
515 }
516
517 hfs_systemfile_unlock(hfsmp, lockflags);
518
519 if (error) {
520 goto out;
521 }
522
523 #if QUOTA
524 if (hfsmp->hfs_flags & HFS_QUOTAS)
525 (void)hfs_chkiq(cp, -1, NOCRED, 0);
526 #endif /* QUOTA */
527
528 /* Already set C_NOEXISTS at the beginning of this block */
529 cp->c_flag &= ~C_DELETED;
530 cp->c_touch_chgtime = TRUE;
531 cp->c_touch_modtime = TRUE;
532
533 if (error == 0)
534 hfs_volupdate(hfsmp, (v_type == VDIR) ? VOL_RMDIR : VOL_RMFILE, 0);
535 }
536 } // if <open unlinked>
537
538 hfs_update(vp, reclaim ? HFS_UPDATE_FORCE : 0);
539
540 /*
541 * Since we are about to finish what might be an inactive call, propagate
542 * any remaining modified or touch bits from the cnode to the vnode. This
543 * serves as a hint to vnode recycling that we shouldn't recycle this vnode
544 * synchronously.
545 *
546 * For now, if the node *only* has a dirty atime, we don't mark
547 * the vnode as dirty. VFS's asynchronous recycling can actually
548 * lead to worse performance than having it synchronous. When VFS
549 * is fixed to be more performant, we can be more honest about
550 * marking vnodes as dirty when it's only the atime that's dirty.
551 */
552 if (hfs_is_dirty(cp) == HFS_DIRTY || ISSET(cp->c_flag, C_DELETED)) {
553 vnode_setdirty(vp);
554 } else {
555 vnode_cleardirty(vp);
556 }
557
558 out:
559 if (cat_reserve)
560 cat_postflight(hfsmp, &cookie, p);
561
562 if (started_tr) {
563 hfs_end_transaction(hfsmp);
564 started_tr = false;
565 }
566
567 return error;
568 }
569
570
571 /*
572 * hfs_vnop_inactive
573 *
574 * The last usecount on the vnode has gone away, so we need to tear down
575 * any remaining data still residing in the cnode. If necessary, write out
576 * remaining blocks or delete the cnode's entry in the catalog.
577 */
578 int
579 hfs_vnop_inactive(struct vnop_inactive_args *ap)
580 {
581 struct vnode *vp = ap->a_vp;
582 struct cnode *cp;
583 struct hfsmount *hfsmp = VTOHFS(vp);
584 struct proc *p = vfs_context_proc(ap->a_context);
585 int error = 0;
586 int took_trunc_lock = 0;
587 enum vtype v_type;
588
589 v_type = vnode_vtype(vp);
590 cp = VTOC(vp);
591
592 if ((hfsmp->hfs_flags & HFS_READ_ONLY) || vnode_issystem(vp) ||
593 (hfsmp->hfs_freezing_proc == p)) {
594 error = 0;
595 goto inactive_done;
596 }
597
598 /*
599 * For safety, do NOT call vnode_recycle from inside this function. This can cause
600 * problems in the following scenario:
601 *
602 * vnode_create -> vnode_reclaim_internal -> vclean -> VNOP_INACTIVE
603 *
604 * If we're being invoked as a result of a reclaim that was already in-flight, then we
605 * cannot call vnode_recycle again. Being in reclaim means that there are no usecounts or
606 * iocounts by definition. As a result, if we were to call vnode_recycle, it would immediately
607 * try to re-enter reclaim again and panic.
608 *
609 * Currently, there are three things that can cause us (VNOP_INACTIVE) to get called.
610 * 1) last usecount goes away on the vnode (vnode_rele)
611 * 2) last iocount goes away on a vnode that previously had usecounts but didn't have
612 * vnode_recycle called (vnode_put)
613 * 3) vclean by way of reclaim
614 *
615 * In this function we would generally want to call vnode_recycle to speed things
616 * along to ensure that we don't leak blocks due to open-unlinked files. However, by
617 * virtue of being in this function already, we can call hfs_cnode_teardown, which
618 * will release blocks held by open-unlinked files, and mark them C_NOEXISTS so that
619 * there's no entry in the catalog and no backing store anymore. If that's the case,
620 * then we really don't care all that much when the vnode actually goes through reclaim.
621 * Further, the HFS VNOPs that manipulated the namespace in order to create the open-
622 * unlinked file in the first place should have already called vnode_recycle on the vnode
623 * to guarantee that it would go through reclaim in a speedy way.
624 */
625
626 if (cp->c_flag & C_NOEXISTS) {
627 /*
628 * If the cnode has already had its cat entry removed, then
629 * just skip to the end. We don't need to do anything here.
630 */
631 error = 0;
632 goto inactive_done;
633 }
634
635 if ((v_type == VREG || v_type == VLNK)) {
636 hfs_lock_truncate(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT);
637 took_trunc_lock = 1;
638 }
639
640 (void) hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
641
642 /*
643 * Call cnode_teardown to push out dirty blocks to disk, release open-unlinked
644 * files' blocks from being in use, and move the cnode from C_DELETED to C_NOEXISTS.
645 */
646 error = hfs_cnode_teardown (vp, ap->a_context, 0);
647
648 /*
649 * Drop the truncate lock before unlocking the cnode
650 * (which can potentially perform a vnode_put and
651 * recycle the vnode which in turn might require the
652 * truncate lock)
653 */
654 if (took_trunc_lock) {
655 hfs_unlock_truncate(cp, HFS_LOCK_DEFAULT);
656 }
657
658 hfs_unlock(cp);
659
660 inactive_done:
661
662 return error;
663 }
664
665
666 /*
667 * File clean-up (zero fill and shrink peof).
668 */
669
670 int
671 hfs_filedone(struct vnode *vp, vfs_context_t context,
672 hfs_file_done_opts_t opts)
673 {
674 struct cnode *cp;
675 struct filefork *fp;
676 struct hfsmount *hfsmp;
677 off_t leof;
678 u_int32_t blks, blocksize;
679
680 cp = VTOC(vp);
681 fp = VTOF(vp);
682 hfsmp = VTOHFS(vp);
683 leof = fp->ff_size;
684
685 if ((hfsmp->hfs_flags & HFS_READ_ONLY) || (fp->ff_blocks == 0))
686 return (0);
687
688 hfs_flush_invalid_ranges(vp);
689
690 blocksize = VTOVCB(vp)->blockSize;
691 blks = leof / blocksize;
692 if (((off_t)blks * (off_t)blocksize) != leof)
693 blks++;
694 /*
695 * Shrink the peof to the smallest size neccessary to contain the leof.
696 */
697 if (blks < fp->ff_blocks) {
698 (void) hfs_truncate(vp, leof, IO_NDELAY, HFS_TRUNCATE_SKIPTIMES, context);
699 }
700
701 if (!ISSET(opts, HFS_FILE_DONE_NO_SYNC)) {
702 hfs_unlock(cp);
703 cluster_push(vp, IO_CLOSE);
704 hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
705
706 /*
707 * If the hfs_truncate didn't happen to flush the vnode's
708 * information out to disk, force it to be updated now that
709 * all invalid ranges have been zero-filled and validated:
710 */
711 hfs_update(vp, 0);
712 }
713
714 return (0);
715 }
716
717
718 /*
719 * Reclaim a cnode so that it can be used for other purposes.
720 */
721 int
722 hfs_vnop_reclaim(struct vnop_reclaim_args *ap)
723 {
724 struct vnode *vp = ap->a_vp;
725 struct cnode *cp;
726 struct filefork *fp = NULL;
727 struct filefork *altfp = NULL;
728 struct hfsmount *hfsmp = VTOHFS(vp);
729 vfs_context_t ctx = ap->a_context;
730 int reclaim_cnode = 0;
731 int err = 0;
732 enum vtype v_type;
733
734 v_type = vnode_vtype(vp);
735 cp = VTOC(vp);
736
737 /*
738 * We don't take the truncate lock since by the time reclaim comes along,
739 * all dirty pages have been synced and nobody should be competing
740 * with us for this thread.
741 */
742 (void) hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
743
744 /*
745 * Sync to disk any remaining data in the cnode/vnode. This includes
746 * a call to hfs_update if the cnode has outbound data.
747 *
748 * If C_NOEXISTS is set on the cnode, then there's nothing teardown needs to do
749 * because the catalog entry for this cnode is already gone.
750 */
751 if (!ISSET(cp->c_flag, C_NOEXISTS)) {
752 err = hfs_cnode_teardown(vp, ctx, 1);
753 }
754
755 /*
756 * Keep track of an inactive hot file. Don't bother on ssd's since
757 * the tracking is done differently (it's done at read() time)
758 */
759 if (!vnode_isdir(vp) &&
760 !vnode_issystem(vp) &&
761 !(cp->c_flag & (C_DELETED | C_NOEXISTS)) &&
762 !(hfsmp->hfs_flags & HFS_CS_HOTFILE_PIN)) {
763 (void) hfs_addhotfile(vp);
764 }
765 vnode_removefsref(vp);
766
767 /*
768 * Find file fork for this vnode (if any)
769 * Also check if another fork is active
770 */
771 if (cp->c_vp == vp) {
772 fp = cp->c_datafork;
773 altfp = cp->c_rsrcfork;
774
775 cp->c_datafork = NULL;
776 cp->c_vp = NULL;
777 } else if (cp->c_rsrc_vp == vp) {
778 fp = cp->c_rsrcfork;
779 altfp = cp->c_datafork;
780
781 cp->c_rsrcfork = NULL;
782 cp->c_rsrc_vp = NULL;
783 } else {
784 panic("hfs_vnop_reclaim: vp points to wrong cnode (vp=%p cp->c_vp=%p cp->c_rsrc_vp=%p)\n", vp, cp->c_vp, cp->c_rsrc_vp);
785 }
786 /*
787 * On the last fork, remove the cnode from its hash chain.
788 */
789 if (altfp == NULL) {
790 /* If we can't remove it then the cnode must persist! */
791 if (hfs_chashremove(hfsmp, cp) == 0)
792 reclaim_cnode = 1;
793 /*
794 * Remove any directory hints
795 */
796 if (vnode_isdir(vp)) {
797 hfs_reldirhints(cp, 0);
798 }
799
800 if(cp->c_flag & C_HARDLINK) {
801 hfs_relorigins(cp);
802 }
803 }
804 /* Release the file fork and related data */
805 if (fp) {
806 /* Dump cached symlink data */
807 if (vnode_islnk(vp) && (fp->ff_symlinkptr != NULL)) {
808 hfs_free(fp->ff_symlinkptr, fp->ff_size);
809 }
810 rl_remove_all(&fp->ff_invalidranges);
811 hfs_zfree(fp, HFS_FILEFORK_ZONE);
812 }
813
814 /*
815 * If there was only one active fork then we can release the cnode.
816 */
817 if (reclaim_cnode) {
818 hfs_chashwakeup(hfsmp, cp, H_ALLOC | H_TRANSIT);
819 hfs_unlock(cp);
820 hfs_reclaim_cnode(hfsmp, cp);
821 }
822 else {
823 /*
824 * cnode in use. If it is a directory, it could have
825 * no live forks. Just release the lock.
826 */
827 hfs_unlock(cp);
828 }
829
830 vnode_clearfsnode(vp);
831 return (0);
832 }
833
834
835 extern int (**hfs_vnodeop_p) (void *);
836 #if FIFO
837 extern int (**hfs_fifoop_p) (void *);
838 #endif
839
840 #if CONFIG_HFS_STD
841 extern int (**hfs_std_vnodeop_p) (void *);
842 #endif
843
844 /*
845 * hfs_getnewvnode - get new default vnode
846 *
847 * The vnode is returned with an iocount and the cnode locked.
848 * The cnode of the parent vnode 'dvp' may or may not be locked, depending on
849 * the circumstances. The cnode in question (if acquiring the resource fork),
850 * may also already be locked at the time we enter this function.
851 *
852 * Note that there are both input and output flag arguments to this function.
853 * If one of the input flags (specifically, GNV_USE_VP), is set, then
854 * hfs_getnewvnode will use the parameter *vpp, which is traditionally only
855 * an output parameter, as both an input and output parameter. It will use
856 * the vnode provided in the output, and pass it to vnode_create with the
857 * proper flavor so that a new vnode is _NOT_ created on our behalf when
858 * we dispatch to VFS. This may be important in various HFS vnode creation
859 * routines, such a create or get-resource-fork, because we risk deadlock if
860 * jetsam is involved.
861 *
862 * Deadlock potential exists if jetsam is synchronously invoked while we are waiting
863 * for a vnode to be recycled in order to give it the identity we want. If jetsam
864 * happens to target a process for termination that is blocked in-kernel, waiting to
865 * acquire the cnode lock on our parent 'dvp', while our current thread has it locked,
866 * neither side will make forward progress and the watchdog timer will eventually fire.
867 * To prevent this, a caller of hfs_getnewvnode may choose to proactively force
868 * any necessary vnode reclamation/recycling while it is not holding any locks and
869 * thus not prone to deadlock. If this is the case, GNV_USE_VP will be set and
870 * the parameter will be used as described above.
871 *
872 * !!! <NOTE> !!!!
873 * In circumstances when GNV_USE_VP is set, this function _MUST_ clean up and either consume
874 * or dispose of the provided vnode. We funnel all errors to a single return value so that
875 * if provided_vp is still non-NULL, then we will dispose of the vnode. This will occur in
876 * all error cases of this function -- anywhere we zero/NULL out the *vpp parameter. It may
877 * also occur if the current thread raced with another to create the same vnode, and we
878 * find the entry already present in the cnode hash.
879 * !!! </NOTE> !!!
880 */
881 int
882 hfs_getnewvnode(
883 struct hfsmount *hfsmp,
884 struct vnode *dvp,
885 struct componentname *cnp,
886 struct cat_desc *descp,
887 int flags,
888 struct cat_attr *attrp,
889 struct cat_fork *forkp,
890 struct vnode **vpp,
891 int *out_flags)
892 {
893 struct mount *mp = HFSTOVFS(hfsmp);
894 struct vnode *vp = NULL;
895 struct vnode **cvpp;
896 struct vnode *tvp = NULLVP;
897 struct cnode *cp = NULL;
898 struct filefork *fp = NULL;
899 int hfs_standard = 0;
900 int retval = 0;
901 int issystemfile;
902 int wantrsrc;
903 int hflags = 0;
904 int need_update_identity = 0;
905 struct vnode_fsparam vfsp;
906 enum vtype vtype;
907
908 struct vnode *provided_vp = NULL;
909
910
911 #if QUOTA
912 int i;
913 #endif /* QUOTA */
914
915 hfs_standard = (hfsmp->hfs_flags & HFS_STANDARD);
916
917 if (flags & GNV_USE_VP) {
918 /* Store the provided VP for later use */
919 provided_vp = *vpp;
920 }
921
922 /* Zero out the vpp regardless of provided input */
923 *vpp = NULL;
924
925 /* Zero out the out_flags */
926 *out_flags = 0;
927
928 if (attrp->ca_fileid == 0) {
929 retval = ENOENT;
930 goto gnv_exit;
931 }
932
933 #if !FIFO
934 if (IFTOVT(attrp->ca_mode) == VFIFO) {
935 retval = ENOTSUP;
936 goto gnv_exit;
937 }
938 #endif /* !FIFO */
939 vtype = IFTOVT(attrp->ca_mode);
940 issystemfile = (descp->cd_flags & CD_ISMETA) && (vtype == VREG);
941 wantrsrc = flags & GNV_WANTRSRC;
942
943 /* Sanity checks: */
944 if (vtype == VBAD ||
945 (vtype != VDIR && forkp &&
946 (attrp->ca_blocks < forkp->cf_blocks ||
947 howmany((uint64_t)forkp->cf_size, hfsmp->blockSize) > forkp->cf_blocks ||
948 (vtype == VLNK && (uint64_t)forkp->cf_size > MAXPATHLEN)))) {
949 /* Mark the FS as corrupt and bail out */
950 hfs_mark_inconsistent(hfsmp, HFS_INCONSISTENCY_DETECTED);
951 retval = EINVAL;
952 goto gnv_exit;
953 }
954
955 #ifdef HFS_CHECK_LOCK_ORDER
956 /*
957 * The only case where it's permissible to hold the parent cnode
958 * lock is during a create operation (hfs_makenode) or when
959 * we don't need the cnode lock (GNV_SKIPLOCK).
960 */
961 if ((dvp != NULL) &&
962 (flags & (GNV_CREATE | GNV_SKIPLOCK)) == 0 &&
963 VTOC(dvp)->c_lockowner == current_thread()) {
964 panic("hfs_getnewvnode: unexpected hold of parent cnode %p", VTOC(dvp));
965 }
966 #endif /* HFS_CHECK_LOCK_ORDER */
967
968 /*
969 * Get a cnode (new or existing)
970 */
971 cp = hfs_chash_getcnode(hfsmp, attrp->ca_fileid, vpp, wantrsrc,
972 (flags & GNV_SKIPLOCK), out_flags, &hflags);
973
974 /*
975 * If the id is no longer valid for lookups we'll get back a NULL cp.
976 */
977 if (cp == NULL) {
978 retval = ENOENT;
979 goto gnv_exit;
980 }
981 /*
982 * We may have been provided a vnode via
983 * GNV_USE_VP. In this case, we have raced with
984 * a 2nd thread to create the target vnode. The provided
985 * vnode that was passed in will be dealt with at the
986 * end of the function, as we don't zero out the field
987 * until we're ready to pass responsibility to VFS.
988 */
989
990
991 /*
992 * If we get a cnode/vnode pair out of hfs_chash_getcnode, then update the
993 * descriptor in the cnode as needed if the cnode represents a hardlink.
994 * We want the caller to get the most up-to-date copy of the descriptor
995 * as possible. However, we only do anything here if there was a valid vnode.
996 * If there isn't a vnode, then the cnode is brand new and needs to be initialized
997 * as it doesn't have a descriptor or cat_attr yet.
998 *
999 * If we are about to replace the descriptor with the user-supplied one, then validate
1000 * that the descriptor correctly acknowledges this item is a hardlink. We could be
1001 * subject to a race where the calling thread invoked cat_lookup, got a valid lookup
1002 * result but the file was not yet a hardlink. With sufficient delay between there
1003 * and here, we might accidentally copy in the raw inode ID into the descriptor in the
1004 * call below. If the descriptor's CNID is the same as the fileID then it must
1005 * not yet have been a hardlink when the lookup occurred.
1006 */
1007
1008 if (!(hfs_checkdeleted(cp))) {
1009 //
1010 // If the bytes of the filename in the descp do not match the bytes in the
1011 // cnp (and we're not looking up the resource fork), then we want to update
1012 // the vnode identity to contain the bytes that HFS stores so that when an
1013 // fsevent gets generated, it has the correct filename. otherwise daemons
1014 // that match filenames produced by fsevents with filenames they have stored
1015 // elsewhere (e.g. bladerunner, backupd, mds), the filenames will not match.
1016 // See: <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1017 // for more details.
1018 //
1019 #ifdef CN_WANTSRSRCFORK
1020 if (*vpp && cnp && cnp->cn_nameptr && !(cnp->cn_flags & CN_WANTSRSRCFORK) && descp && descp->cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)descp->cd_nameptr, descp->cd_namelen) != 0) {
1021 #else
1022 if (*vpp && cnp && cnp->cn_nameptr && descp && descp->cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)descp->cd_nameptr, descp->cd_namelen) != 0) {
1023 #endif
1024 vnode_update_identity (*vpp, dvp, (const char *)descp->cd_nameptr, descp->cd_namelen, 0, VNODE_UPDATE_NAME);
1025 }
1026 if ((cp->c_flag & C_HARDLINK) && descp->cd_nameptr && descp->cd_namelen > 0) {
1027 /* If cnode is uninitialized, its c_attr will be zeroed out; cnids wont match. */
1028 if ((descp->cd_cnid == cp->c_attr.ca_fileid) &&
1029 (attrp->ca_linkcount != cp->c_attr.ca_linkcount)){
1030
1031 if ((flags & GNV_SKIPLOCK) == 0) {
1032 /*
1033 * Then we took the lock. Drop it before calling
1034 * vnode_put, which may invoke hfs_vnop_inactive and need to take
1035 * the cnode lock again.
1036 */
1037 hfs_unlock(cp);
1038 }
1039
1040 /*
1041 * Emit ERECYCLE and GNV_CAT_ATTRCHANGED to
1042 * force a re-drive in the lookup routine.
1043 * Drop the iocount on the vnode obtained from
1044 * chash_getcnode if needed.
1045 */
1046 if (*vpp != NULL) {
1047 vnode_put (*vpp);
1048 *vpp = NULL;
1049 }
1050
1051 /*
1052 * If we raced with VNOP_RECLAIM for this vnode, the hash code could
1053 * have observed it after the c_vp or c_rsrc_vp fields had been torn down;
1054 * the hash code peeks at those fields without holding the cnode lock because
1055 * it needs to be fast. As a result, we may have set H_ATTACH in the chash
1056 * call above. Since we're bailing out, unset whatever flags we just set, and
1057 * wake up all waiters for this cnode.
1058 */
1059 if (hflags) {
1060 hfs_chashwakeup(hfsmp, cp, hflags);
1061 }
1062
1063 *out_flags = GNV_CAT_ATTRCHANGED;
1064 retval = ERECYCLE;
1065 goto gnv_exit;
1066 }
1067 else {
1068 /*
1069 * Otherwise, CNID != fileid. Go ahead and copy in the new descriptor.
1070 *
1071 * Replacing the descriptor here is fine because we looked up the item without
1072 * a vnode in hand before. If a vnode existed, its identity must be attached to this
1073 * item. We are not susceptible to the lookup fastpath issue at this point.
1074 */
1075 replace_desc(cp, descp);
1076
1077 /*
1078 * This item was a hardlink, and its name needed to be updated. By replacing the
1079 * descriptor above, we've now updated the cnode's internal representation of
1080 * its link ID/CNID, parent ID, and its name. However, VFS must now be alerted
1081 * to the fact that this vnode now has a new parent, since we cannot guarantee
1082 * that the new link lived in the same directory as the alternative name for
1083 * this item.
1084 */
1085 if ((*vpp != NULL) && (cnp || cp->c_desc.cd_nameptr)) {
1086 /* we could be requesting the rsrc of a hardlink file... */
1087 #ifdef CN_WANTSRSRCFORK
1088 if (cp->c_desc.cd_nameptr && (cnp == NULL || !(cnp->cn_flags & CN_WANTSRSRCFORK))) {
1089 #else
1090 if (cp->c_desc.cd_nameptr) {
1091 #endif
1092 //
1093 // Update the identity with what we have stored on disk as
1094 // the name of this file. This is related to:
1095 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1096 //
1097 vnode_update_identity (*vpp, dvp, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen, 0,
1098 (VNODE_UPDATE_PARENT | VNODE_UPDATE_NAME));
1099 } else if (cnp) {
1100 vnode_update_identity (*vpp, dvp, cnp->cn_nameptr, cnp->cn_namelen, cnp->cn_hash,
1101 (VNODE_UPDATE_PARENT | VNODE_UPDATE_NAME));
1102 }
1103 }
1104 }
1105 }
1106 }
1107
1108 /*
1109 * At this point, we have performed hardlink and open-unlinked checks
1110 * above. We have now validated the state of the vnode that was given back
1111 * to us from the cnode hash code and find it safe to return.
1112 */
1113 if (*vpp != NULL) {
1114 retval = 0;
1115 goto gnv_exit;
1116 }
1117
1118 /*
1119 * If this is a new cnode then initialize it.
1120 */
1121 if (ISSET(cp->c_hflag, H_ALLOC)) {
1122 lck_rw_init(&cp->c_truncatelock, hfs_rwlock_group, hfs_lock_attr);
1123 #if HFS_COMPRESSION
1124 cp->c_decmp = NULL;
1125 #endif
1126
1127 /* Make sure its still valid (ie exists on disk). */
1128 if (!(flags & GNV_CREATE)) {
1129 int error = 0;
1130 if (!hfs_valid_cnode (hfsmp, dvp, (wantrsrc ? NULL : cnp), cp->c_fileid, attrp, &error)) {
1131 hfs_chash_abort(hfsmp, cp);
1132 if ((flags & GNV_SKIPLOCK) == 0) {
1133 hfs_unlock(cp);
1134 }
1135 hfs_reclaim_cnode(hfsmp, cp);
1136 *vpp = NULL;
1137 /*
1138 * If we hit this case, that means that the entry was there in the catalog when
1139 * we did a cat_lookup earlier. Think hfs_lookup. However, in between the time
1140 * that we checked the catalog and the time we went to get a vnode/cnode for it,
1141 * it had been removed from the namespace and the vnode totally reclaimed. As a result,
1142 * it's not there in the catalog during the check in hfs_valid_cnode and we bubble out
1143 * an ENOENT. To indicate to the caller that they should really double-check the
1144 * entry (it could have been renamed over and gotten a new fileid), we mark a bit
1145 * in the output flags.
1146 */
1147 if (error == ENOENT) {
1148 *out_flags = GNV_CAT_DELETED;
1149 retval = ENOENT;
1150 goto gnv_exit;
1151 }
1152
1153 /*
1154 * Also, we need to protect the cat_attr acquired during hfs_lookup and passed into
1155 * this function as an argument because the catalog may have changed w.r.t hardlink
1156 * link counts and the firstlink field. If that validation check fails, then let
1157 * lookup re-drive itself to get valid/consistent data with the same failure condition below.
1158 */
1159 if (error == ERECYCLE) {
1160 *out_flags = GNV_CAT_ATTRCHANGED;
1161 retval = ERECYCLE;
1162 goto gnv_exit;
1163 }
1164 }
1165 }
1166 bcopy(attrp, &cp->c_attr, sizeof(struct cat_attr));
1167 bcopy(descp, &cp->c_desc, sizeof(struct cat_desc));
1168
1169 /* The name was inherited so clear descriptor state... */
1170 descp->cd_namelen = 0;
1171 descp->cd_nameptr = NULL;
1172 descp->cd_flags &= ~CD_HASBUF;
1173
1174 /* Tag hardlinks */
1175 if ((vtype == VREG || vtype == VDIR
1176 || vtype == VSOCK || vtype == VFIFO)
1177 && (descp->cd_cnid != attrp->ca_fileid
1178 || ISSET(attrp->ca_recflags, kHFSHasLinkChainMask))) {
1179 cp->c_flag |= C_HARDLINK;
1180 }
1181 /*
1182 * Fix-up dir link counts.
1183 *
1184 * Earlier versions of Leopard used ca_linkcount for posix
1185 * nlink support (effectively the sub-directory count + 2).
1186 * That is now accomplished using the ca_dircount field with
1187 * the corresponding kHFSHasFolderCountMask flag.
1188 *
1189 * For directories the ca_linkcount is the true link count,
1190 * tracking the number of actual hardlinks to a directory.
1191 *
1192 * We only do this if the mount has HFS_FOLDERCOUNT set;
1193 * at the moment, we only set that for HFSX volumes.
1194 */
1195 if ((hfsmp->hfs_flags & HFS_FOLDERCOUNT) &&
1196 (vtype == VDIR) &&
1197 !(attrp->ca_recflags & kHFSHasFolderCountMask) &&
1198 (cp->c_attr.ca_linkcount > 1)) {
1199 if (cp->c_attr.ca_entries == 0)
1200 cp->c_attr.ca_dircount = 0;
1201 else
1202 cp->c_attr.ca_dircount = cp->c_attr.ca_linkcount - 2;
1203
1204 cp->c_attr.ca_linkcount = 1;
1205 cp->c_attr.ca_recflags |= kHFSHasFolderCountMask;
1206 if ( !(hfsmp->hfs_flags & HFS_READ_ONLY) )
1207 cp->c_flag |= C_MODIFIED;
1208 }
1209 #if QUOTA
1210 if (hfsmp->hfs_flags & HFS_QUOTAS) {
1211 for (i = 0; i < MAXQUOTAS; i++)
1212 cp->c_dquot[i] = NODQUOT;
1213 }
1214 #endif /* QUOTA */
1215 /* Mark the output flag that we're vending a new cnode */
1216 *out_flags |= GNV_NEW_CNODE;
1217 }
1218
1219 if (vtype == VDIR) {
1220 if (cp->c_vp != NULL)
1221 panic("hfs_getnewvnode: orphaned vnode (data)");
1222 cvpp = &cp->c_vp;
1223 } else {
1224 /*
1225 * Allocate and initialize a file fork...
1226 */
1227 fp = hfs_zalloc(HFS_FILEFORK_ZONE);
1228 fp->ff_cp = cp;
1229 if (forkp)
1230 bcopy(forkp, &fp->ff_data, sizeof(struct cat_fork));
1231 else
1232 bzero(&fp->ff_data, sizeof(struct cat_fork));
1233 rl_init(&fp->ff_invalidranges);
1234 fp->ff_sysfileinfo = 0;
1235
1236 if (wantrsrc) {
1237 if (cp->c_rsrcfork != NULL)
1238 panic("hfs_getnewvnode: orphaned rsrc fork");
1239 if (cp->c_rsrc_vp != NULL)
1240 panic("hfs_getnewvnode: orphaned vnode (rsrc)");
1241 cp->c_rsrcfork = fp;
1242 cvpp = &cp->c_rsrc_vp;
1243 if ( (tvp = cp->c_vp) != NULLVP )
1244 cp->c_flag |= C_NEED_DVNODE_PUT;
1245 } else {
1246 if (cp->c_datafork != NULL)
1247 panic("hfs_getnewvnode: orphaned data fork");
1248 if (cp->c_vp != NULL)
1249 panic("hfs_getnewvnode: orphaned vnode (data)");
1250 cp->c_datafork = fp;
1251 cvpp = &cp->c_vp;
1252 if ( (tvp = cp->c_rsrc_vp) != NULLVP)
1253 cp->c_flag |= C_NEED_RVNODE_PUT;
1254 }
1255 }
1256 if (tvp != NULLVP) {
1257 /*
1258 * grab an iocount on the vnode we weren't
1259 * interested in (i.e. we want the resource fork
1260 * but the cnode already has the data fork)
1261 * to prevent it from being
1262 * recycled by us when we call vnode_create
1263 * which will result in a deadlock when we
1264 * try to take the cnode lock in hfs_vnop_fsync or
1265 * hfs_vnop_reclaim... vnode_get can be called here
1266 * because we already hold the cnode lock which will
1267 * prevent the vnode from changing identity until
1268 * we drop it.. vnode_get will not block waiting for
1269 * a change of state... however, it will return an
1270 * error if the current iocount == 0 and we've already
1271 * started to terminate the vnode... we don't need/want to
1272 * grab an iocount in the case since we can't cause
1273 * the fileystem to be re-entered on this thread for this vp
1274 *
1275 * the matching vnode_put will happen in hfs_unlock
1276 * after we've dropped the cnode lock
1277 */
1278 if ( vnode_get(tvp) != 0)
1279 cp->c_flag &= ~(C_NEED_RVNODE_PUT | C_NEED_DVNODE_PUT);
1280 }
1281 vfsp.vnfs_mp = mp;
1282 vfsp.vnfs_vtype = vtype;
1283 vfsp.vnfs_str = "hfs";
1284 if ((cp->c_flag & C_HARDLINK) && (vtype == VDIR)) {
1285 vfsp.vnfs_dvp = NULL; /* no parent for me! */
1286 vfsp.vnfs_cnp = NULL; /* no name for me! */
1287 } else {
1288 vfsp.vnfs_dvp = dvp;
1289 vfsp.vnfs_cnp = cnp;
1290 }
1291
1292 vfsp.vnfs_fsnode = cp;
1293
1294 /*
1295 * Special Case HFS Standard VNOPs from HFS+, since
1296 * HFS standard is readonly/deprecated as of 10.6
1297 */
1298
1299 #if FIFO
1300 if (vtype == VFIFO )
1301 vfsp.vnfs_vops = hfs_fifoop_p;
1302 else
1303 #endif
1304 if (vtype == VBLK || vtype == VCHR)
1305 vfsp.vnfs_vops = hfs_specop_p;
1306 #if CONFIG_HFS_STD
1307 else if (hfs_standard)
1308 vfsp.vnfs_vops = hfs_std_vnodeop_p;
1309 #endif
1310 else
1311 vfsp.vnfs_vops = hfs_vnodeop_p;
1312
1313 if (vtype == VBLK || vtype == VCHR)
1314 vfsp.vnfs_rdev = attrp->ca_rdev;
1315 else
1316 vfsp.vnfs_rdev = 0;
1317
1318 if (forkp)
1319 vfsp.vnfs_filesize = forkp->cf_size;
1320 else
1321 vfsp.vnfs_filesize = 0;
1322
1323 vfsp.vnfs_flags = VNFS_ADDFSREF;
1324 #ifdef CN_WANTSRSRCFORK
1325 if (cnp && cnp->cn_nameptr && !(cnp->cn_flags & CN_WANTSRSRCFORK) && cp->c_desc.cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0) {
1326 #else
1327 if (cnp && cnp->cn_nameptr && cp->c_desc.cd_nameptr && strncmp((const char *)cnp->cn_nameptr, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0) {
1328 #endif
1329 //
1330 // We don't want VFS to add an entry for this vnode because the name in the
1331 // cnp does not match the bytes stored on disk for this file. Instead we'll
1332 // update the identity later after the vnode is created and we'll do so with
1333 // the correct bytes for this filename. For more details, see:
1334 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1335 //
1336 vfsp.vnfs_flags |= VNFS_NOCACHE;
1337 need_update_identity = 1;
1338 } else if (dvp == NULLVP || cnp == NULL || !(cnp->cn_flags & MAKEENTRY) || (flags & GNV_NOCACHE)) {
1339 vfsp.vnfs_flags |= VNFS_NOCACHE;
1340 }
1341
1342 /* Tag system files */
1343 vfsp.vnfs_marksystem = issystemfile;
1344
1345 /* Tag root directory */
1346 if (descp->cd_cnid == kHFSRootFolderID)
1347 vfsp.vnfs_markroot = 1;
1348 else
1349 vfsp.vnfs_markroot = 0;
1350
1351 /*
1352 * If provided_vp was non-NULL, then it is an already-allocated (but not
1353 * initialized) vnode. We simply need to initialize it to this identity.
1354 * If it was NULL, then assume that we need to call vnode_create with the
1355 * normal arguments/types.
1356 */
1357 if (provided_vp) {
1358 vp = provided_vp;
1359 /*
1360 * After we assign the value of provided_vp into 'vp' (so that it can be
1361 * mutated safely by vnode_initialize), we can NULL it out. At this point, the disposal
1362 * and handling of the provided vnode will be the responsibility of VFS, which will
1363 * clean it up and vnode_put it properly if vnode_initialize fails.
1364 */
1365 provided_vp = NULL;
1366
1367 retval = vnode_initialize (VNCREATE_FLAVOR, VCREATESIZE, &vfsp, &vp);
1368 /* See error handling below for resolving provided_vp */
1369 }
1370 else {
1371 /* Do a standard vnode_create */
1372 retval = vnode_create (VNCREATE_FLAVOR, VCREATESIZE, &vfsp, &vp);
1373 }
1374
1375 /*
1376 * We used a local variable to hold the result of vnode_create/vnode_initialize so that
1377 * on error cases in vnode_create we won't accidentally harm the cnode's fields
1378 */
1379
1380 if (retval) {
1381 /* Clean up if we encountered an error */
1382 if (fp) {
1383 if (fp == cp->c_datafork)
1384 cp->c_datafork = NULL;
1385 else
1386 cp->c_rsrcfork = NULL;
1387
1388 hfs_zfree(fp, HFS_FILEFORK_ZONE);
1389 }
1390 /*
1391 * If this is a newly created cnode or a vnode reclaim
1392 * occurred during the attachment, then cleanup the cnode.
1393 */
1394 if ((cp->c_vp == NULL) && (cp->c_rsrc_vp == NULL)) {
1395 hfs_chash_abort(hfsmp, cp);
1396 hfs_reclaim_cnode(hfsmp, cp);
1397 }
1398 else {
1399 hfs_chashwakeup(hfsmp, cp, H_ALLOC | H_ATTACH);
1400 if ((flags & GNV_SKIPLOCK) == 0){
1401 hfs_unlock(cp);
1402 }
1403 }
1404 *vpp = NULL;
1405 goto gnv_exit;
1406 }
1407
1408 /* If no error, then assign the value into the cnode's fields */
1409 *cvpp = vp;
1410
1411 vnode_settag(vp, VT_HFS);
1412 if (cp->c_flag & C_HARDLINK) {
1413 vnode_setmultipath(vp);
1414 }
1415
1416 if (cp->c_attr.ca_recflags & kHFSFastDevCandidateMask) {
1417 vnode_setfastdevicecandidate(vp);
1418 }
1419
1420 if (cp->c_attr.ca_recflags & kHFSAutoCandidateMask) {
1421 vnode_setautocandidate(vp);
1422 }
1423
1424
1425
1426
1427 if (vp && need_update_identity) {
1428 //
1429 // As above, update the name of the vnode if the bytes stored in hfs do not match
1430 // the bytes in the cnp. See this radar:
1431 // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories
1432 // for more details.
1433 //
1434 vnode_update_identity (vp, dvp, (const char *)cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen, 0, VNODE_UPDATE_NAME);
1435 }
1436
1437 /*
1438 * Tag resource fork vnodes as needing an VNOP_INACTIVE
1439 * so that any deferred removes (open unlinked files)
1440 * have the chance to process the resource fork.
1441 */
1442 if (VNODE_IS_RSRC(vp)) {
1443 int err;
1444
1445 KDBG(HFSDBG_GETNEWVNODE, kdebug_vnode(cp->c_vp), kdebug_vnode(cp->c_rsrc_vp));
1446
1447 /* Force VL_NEEDINACTIVE on this vnode */
1448 err = vnode_ref(vp);
1449 if (err == 0) {
1450 vnode_rele(vp);
1451 }
1452 }
1453 hfs_chashwakeup(hfsmp, cp, H_ALLOC | H_ATTACH);
1454
1455 /*
1456 * Stop tracking an active hot file.
1457 */
1458 if (!(flags & GNV_CREATE) && (vtype != VDIR) && !issystemfile && !(hfsmp->hfs_flags & HFS_CS_HOTFILE_PIN)) {
1459 (void) hfs_removehotfile(vp);
1460 }
1461
1462 #if CONFIG_PROTECT
1463 /* Initialize the cp data structures. The key should be in place now. */
1464 if (!issystemfile && (*out_flags & GNV_NEW_CNODE)) {
1465 cp_entry_init(cp, mp);
1466 }
1467 #endif
1468
1469 *vpp = vp;
1470 retval = 0;
1471
1472 gnv_exit:
1473 if (provided_vp) {
1474 /* Release our empty vnode if it was not used */
1475 vnode_put (provided_vp);
1476 }
1477 return retval;
1478 }
1479
1480
1481 static void
1482 hfs_reclaim_cnode(hfsmount_t *hfsmp, struct cnode *cp)
1483 {
1484 #if QUOTA
1485 int i;
1486
1487 for (i = 0; i < MAXQUOTAS; i++) {
1488 if (cp->c_dquot[i] != NODQUOT) {
1489 dqreclaim(cp->c_dquot[i]);
1490 cp->c_dquot[i] = NODQUOT;
1491 }
1492 }
1493 #endif /* QUOTA */
1494
1495 /*
1496 * If the descriptor has a name then release it
1497 */
1498 if ((cp->c_desc.cd_flags & CD_HASBUF) && (cp->c_desc.cd_nameptr != 0)) {
1499 const char *nameptr;
1500
1501 nameptr = (const char *) cp->c_desc.cd_nameptr;
1502 cp->c_desc.cd_nameptr = 0;
1503 cp->c_desc.cd_flags &= ~CD_HASBUF;
1504 cp->c_desc.cd_namelen = 0;
1505 vfs_removename(nameptr);
1506 }
1507
1508 /*
1509 * We only call this function if we are in hfs_vnop_reclaim and
1510 * attempting to reclaim a cnode with only one live fork. Because the vnode
1511 * went through reclaim, any future attempts to use this item will have to
1512 * go through lookup again, which will need to create a new vnode. Thus,
1513 * destroying the locks below is safe.
1514 */
1515
1516 lck_rw_destroy(&cp->c_rwlock, hfs_rwlock_group);
1517 lck_rw_destroy(&cp->c_truncatelock, hfs_rwlock_group);
1518 #if HFS_COMPRESSION
1519 if (cp->c_decmp) {
1520 decmpfs_cnode_destroy(cp->c_decmp);
1521 decmpfs_cnode_free(cp->c_decmp);
1522 }
1523 #endif
1524 #if CONFIG_PROTECT
1525 cp_entry_destroy(hfsmp, cp->c_cpentry);
1526 cp->c_cpentry = NULL;
1527 #else
1528 (void)hfsmp; // Prevent compiler warning
1529 #endif
1530
1531 hfs_zfree(cp, HFS_CNODE_ZONE);
1532 }
1533
1534
1535 /*
1536 * hfs_valid_cnode
1537 *
1538 * This function is used to validate data that is stored in-core against what is contained
1539 * in the catalog. Common uses include validating that the parent-child relationship still exist
1540 * for a specific directory entry (guaranteeing it has not been renamed into a different spot) at
1541 * the point of the check.
1542 */
1543 int
1544 hfs_valid_cnode(struct hfsmount *hfsmp, struct vnode *dvp, struct componentname *cnp,
1545 cnid_t cnid, struct cat_attr *cattr, int *error)
1546 {
1547 struct cat_attr attr;
1548 struct cat_desc cndesc;
1549 int stillvalid = 0;
1550 int lockflags;
1551
1552 /* System files are always valid */
1553 if (cnid < kHFSFirstUserCatalogNodeID) {
1554 *error = 0;
1555 return (1);
1556 }
1557
1558 /* XXX optimization: check write count in dvp */
1559
1560 lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
1561
1562 if (dvp && cnp) {
1563 int lookup = 0;
1564 struct cat_fork fork;
1565 bzero(&cndesc, sizeof(cndesc));
1566 cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
1567 cndesc.cd_namelen = cnp->cn_namelen;
1568 cndesc.cd_parentcnid = VTOC(dvp)->c_fileid;
1569 cndesc.cd_hint = VTOC(dvp)->c_childhint;
1570
1571 /*
1572 * We have to be careful when calling cat_lookup. The result argument
1573 * 'attr' may get different results based on whether or not you ask
1574 * for the filefork to be supplied as output. This is because cat_lookupbykey
1575 * will attempt to do basic validation/smoke tests against the resident
1576 * extents if there are no overflow extent records, but it needs someplace
1577 * in memory to store the on-disk fork structures.
1578 *
1579 * Since hfs_lookup calls cat_lookup with a filefork argument, we should
1580 * do the same here, to verify that block count differences are not
1581 * due to calling the function with different styles. cat_lookupbykey
1582 * will request the volume be fsck'd if there is true on-disk corruption
1583 * where the number of blocks does not match the number generated by
1584 * summing the number of blocks in the resident extents.
1585 */
1586
1587 lookup = cat_lookup (hfsmp, &cndesc, 0, 0, NULL, &attr, &fork, NULL);
1588
1589 if ((lookup == 0) && (cnid == attr.ca_fileid)) {
1590 stillvalid = 1;
1591 *error = 0;
1592 }
1593 else {
1594 *error = ENOENT;
1595 }
1596
1597 /*
1598 * In hfs_getnewvnode, we may encounter a time-of-check vs. time-of-vnode creation
1599 * race. Specifically, if there is no vnode/cnode pair for the directory entry
1600 * being looked up, we have to go to the catalog. But since we don't hold any locks (aside
1601 * from the dvp in 'shared' mode) there is nothing to protect us against the catalog record
1602 * changing in between the time we do the cat_lookup there and the time we re-grab the
1603 * catalog lock above to do another cat_lookup.
1604 *
1605 * However, we need to check more than just the CNID and parent-child name relationships above.
1606 * Hardlinks can suffer the same race in the following scenario: Suppose we do a
1607 * cat_lookup, and find a leaf record and a raw inode for a hardlink. Now, we have
1608 * the cat_attr in hand (passed in above). But in between then and now, the vnode was
1609 * created by a competing hfs_getnewvnode call, and is manipulated and reclaimed before we get
1610 * a chance to do anything. This is possible if there are a lot of threads thrashing around
1611 * with the cnode hash. In this case, if we don't check/validate the cat_attr in-hand, we will
1612 * blindly stuff it into the cnode, which will make the in-core data inconsistent with what is
1613 * on disk. So validate the cat_attr below, if required. This race cannot happen if the cnode/vnode
1614 * already exists, as it does in the case of rename and delete.
1615 */
1616 if (stillvalid && cattr != NULL) {
1617 if (cattr->ca_linkcount != attr.ca_linkcount) {
1618 stillvalid = 0;
1619 *error = ERECYCLE;
1620 goto notvalid;
1621 }
1622
1623 if (cattr->ca_union1.cau_linkref != attr.ca_union1.cau_linkref) {
1624 stillvalid = 0;
1625 *error = ERECYCLE;
1626 goto notvalid;
1627 }
1628
1629 if (cattr->ca_union3.cau_firstlink != attr.ca_union3.cau_firstlink) {
1630 stillvalid = 0;
1631 *error = ERECYCLE;
1632 goto notvalid;
1633 }
1634
1635 if (cattr->ca_union2.cau_blocks != attr.ca_union2.cau_blocks) {
1636 stillvalid = 0;
1637 *error = ERECYCLE;
1638 goto notvalid;
1639 }
1640 }
1641 } else {
1642 if (cat_idlookup(hfsmp, cnid, 0, 0, NULL, NULL, NULL) == 0) {
1643 stillvalid = 1;
1644 *error = 0;
1645 }
1646 else {
1647 *error = ENOENT;
1648 }
1649 }
1650 notvalid:
1651 hfs_systemfile_unlock(hfsmp, lockflags);
1652
1653 return (stillvalid);
1654 }
1655
1656
1657 /*
1658 * Per HI and Finder requirements, HFS should add in the
1659 * date/time that a particular directory entry was added
1660 * to the containing directory.
1661 * This is stored in the extended Finder Info for the
1662 * item in question.
1663 *
1664 * Note that this field is also set explicitly in the hfs_vnop_setxattr code.
1665 * We must ignore user attempts to set this part of the finderinfo, and
1666 * so we need to save a local copy of the date added, write in the user
1667 * finderinfo, then stuff the value back in.
1668 */
1669 void hfs_write_dateadded (struct cat_attr *attrp, u_int32_t dateadded) {
1670 u_int8_t *finfo = NULL;
1671
1672 /* overlay the FinderInfo to the correct pointer, and advance */
1673 finfo = (u_int8_t*)attrp->ca_finderinfo;
1674 finfo = finfo + 16;
1675
1676 /*
1677 * Make sure to write it out as big endian, since that's how
1678 * finder info is defined.
1679 *
1680 * NOTE: This is a Unix-epoch timestamp, not a HFS/Traditional Mac timestamp.
1681 */
1682 if (S_ISREG(attrp->ca_mode)) {
1683 struct FndrExtendedFileInfo *extinfo = (struct FndrExtendedFileInfo *)finfo;
1684 extinfo->date_added = OSSwapHostToBigInt32(dateadded);
1685 attrp->ca_recflags |= kHFSHasDateAddedMask;
1686 }
1687 else if (S_ISDIR(attrp->ca_mode)) {
1688 struct FndrExtendedDirInfo *extinfo = (struct FndrExtendedDirInfo *)finfo;
1689 extinfo->date_added = OSSwapHostToBigInt32(dateadded);
1690 attrp->ca_recflags |= kHFSHasDateAddedMask;
1691 }
1692 /* If it were neither directory/file, then we'd bail out */
1693 return;
1694 }
1695
1696 static u_int32_t
1697 hfs_get_dateadded_internal(const uint8_t *finderinfo, mode_t mode)
1698 {
1699 const uint8_t *finfo = NULL;
1700 u_int32_t dateadded = 0;
1701
1702
1703
1704 /* overlay the FinderInfo to the correct pointer, and advance */
1705 finfo = finderinfo + 16;
1706
1707 /*
1708 * FinderInfo is written out in big endian... make sure to convert it to host
1709 * native before we use it.
1710 */
1711 if (S_ISREG(mode)) {
1712 const struct FndrExtendedFileInfo *extinfo = (const struct FndrExtendedFileInfo *)finfo;
1713 dateadded = OSSwapBigToHostInt32 (extinfo->date_added);
1714 }
1715 else if (S_ISDIR(mode)) {
1716 const struct FndrExtendedDirInfo *extinfo = (const struct FndrExtendedDirInfo *)finfo;
1717 dateadded = OSSwapBigToHostInt32 (extinfo->date_added);
1718 }
1719
1720 return dateadded;
1721 }
1722
1723 u_int32_t
1724 hfs_get_dateadded(struct cnode *cp)
1725 {
1726 if ((cp->c_attr.ca_recflags & kHFSHasDateAddedMask) == 0) {
1727 /* Date added was never set. Return 0. */
1728 return (0);
1729 }
1730
1731 return (hfs_get_dateadded_internal((u_int8_t*)cp->c_finderinfo,
1732 cp->c_attr.ca_mode));
1733 }
1734
1735 u_int32_t
1736 hfs_get_dateadded_from_blob(const uint8_t *finderinfo, mode_t mode)
1737 {
1738 return (hfs_get_dateadded_internal(finderinfo, mode));
1739 }
1740
1741 /*
1742 * Per HI and Finder requirements, HFS maintains a "write/generation
1743 * count" for each file that is incremented on any write & pageout.
1744 * It should start at 1 to reserve "0" as a special value. If it
1745 * should ever wrap around, it will skip using 0.
1746 *
1747 * Note that finderinfo is manipulated in hfs_vnop_setxattr and care
1748 * is and should be taken to ignore user attempts to set the part of
1749 * the finderinfo that records the generation counter.
1750 *
1751 * Any change to the generation counter *must* not be visible before
1752 * the change that caused it (for obvious reasons), and given the
1753 * limitations of our current architecture, the change to the
1754 * generation counter may occur some time afterwards (particularly in
1755 * the case where a file is mapped writable---more on that below).
1756 *
1757 * We make no guarantees about the consistency of a file. In other
1758 * words, a reader that is operating concurrently with a writer might
1759 * see some, but not all of writer's changes, and the generation
1760 * counter will *not* necessarily tell you this has happened. To
1761 * enforce consistency, clients must make their own arrangements
1762 * e.g. use file locking.
1763 *
1764 * We treat files that are mapped writable as a special case: when
1765 * that happens, clients requesting the generation count will be told
1766 * it has a generation count of zero and they use that knowledge as a
1767 * hint that the file is changing and it therefore might be prudent to
1768 * wait until it is no longer mapped writable. Clients should *not*
1769 * rely on this behaviour however; we might decide that it's better
1770 * for us to publish the fact that a file is mapped writable via
1771 * alternate means and return the generation counter when it is mapped
1772 * writable as it still has some, albeit limited, use. We reserve the
1773 * right to make this change.
1774 *
1775 * Lastly, it's important to realise that because data and metadata
1776 * take different paths through the system, it's possible upon crash
1777 * or sudden power loss and after a restart, that a change may be
1778 * visible to the rest of the system without a corresponding change to
1779 * the generation counter. The reverse may also be true, but for all
1780 * practical applications this shouldn't be an issue.
1781 */
1782 void hfs_write_gencount (struct cat_attr *attrp, uint32_t gencount) {
1783 u_int8_t *finfo = NULL;
1784
1785 /* overlay the FinderInfo to the correct pointer, and advance */
1786 finfo = (u_int8_t*)attrp->ca_finderinfo;
1787 finfo = finfo + 16;
1788
1789 /*
1790 * Make sure to write it out as big endian, since that's how
1791 * finder info is defined.
1792 *
1793 * Generation count is only supported for files.
1794 */
1795 if (S_ISREG(attrp->ca_mode)) {
1796 struct FndrExtendedFileInfo *extinfo = (struct FndrExtendedFileInfo *)finfo;
1797 extinfo->write_gen_counter = OSSwapHostToBigInt32(gencount);
1798 }
1799
1800 /* If it were neither directory/file, then we'd bail out */
1801 return;
1802 }
1803
1804 /*
1805 * Increase the gen count by 1; if it wraps around to 0, increment by
1806 * two. The cnode *must* be locked exclusively by the caller.
1807 *
1808 * You may think holding the lock is unnecessary because we only need
1809 * to change the counter, but consider this sequence of events: thread
1810 * A calls hfs_incr_gencount and the generation counter is 2 upon
1811 * entry. A context switch occurs and thread B increments the counter
1812 * to 3, thread C now gets the generation counter (for whatever
1813 * purpose), and then another thread makes another change and the
1814 * generation counter is incremented again---it's now 4. Now thread A
1815 * continues and it sets the generation counter back to 3. So you can
1816 * see, thread C would miss the change that caused the generation
1817 * counter to increment to 4 and for this reason the cnode *must*
1818 * always be locked exclusively.
1819 */
1820 uint32_t hfs_incr_gencount (struct cnode *cp) {
1821 u_int8_t *finfo = NULL;
1822 u_int32_t gcount = 0;
1823
1824 /* overlay the FinderInfo to the correct pointer, and advance */
1825 finfo = (u_int8_t*)cp->c_finderinfo;
1826 finfo = finfo + 16;
1827
1828 /*
1829 * FinderInfo is written out in big endian... make sure to convert it to host
1830 * native before we use it.
1831 *
1832 * NOTE: the write_gen_counter is stored in the same location in both the
1833 * FndrExtendedFileInfo and FndrExtendedDirInfo structs (it's the
1834 * last 32-bit word) so it is safe to have one code path here.
1835 */
1836 if (S_ISDIR(cp->c_attr.ca_mode) || S_ISREG(cp->c_attr.ca_mode)) {
1837 struct FndrExtendedFileInfo *extinfo = (struct FndrExtendedFileInfo *)finfo;
1838 gcount = OSSwapBigToHostInt32 (extinfo->write_gen_counter);
1839
1840 /* Was it zero to begin with (file originated in 10.8 or earlier?) */
1841 if (gcount == 0) {
1842 gcount++;
1843 }
1844
1845 /* now bump it */
1846 gcount++;
1847
1848 /* Did it wrap around ? */
1849 if (gcount == 0) {
1850 gcount++;
1851 }
1852 extinfo->write_gen_counter = OSSwapHostToBigInt32 (gcount);
1853
1854 SET(cp->c_flag, C_MINOR_MOD);
1855 }
1856 else {
1857 gcount = 0;
1858 }
1859
1860 return gcount;
1861 }
1862
1863 /*
1864 * There is no need for any locks here (other than an iocount on an
1865 * associated vnode) because reading and writing an aligned 32 bit
1866 * integer should be atomic on all platforms we support.
1867 */
1868 static u_int32_t
1869 hfs_get_gencount_internal(const uint8_t *finderinfo, mode_t mode)
1870 {
1871 const uint8_t *finfo = NULL;
1872 u_int32_t gcount = 0;
1873
1874 /* overlay the FinderInfo to the correct pointer, and advance */
1875 finfo = finderinfo;
1876 finfo = finfo + 16;
1877
1878 /*
1879 * FinderInfo is written out in big endian... make sure to convert it to host
1880 * native before we use it.
1881 *
1882 * NOTE: the write_gen_counter is stored in the same location in both the
1883 * FndrExtendedFileInfo and FndrExtendedDirInfo structs (it's the
1884 * last 32-bit word) so it is safe to have one code path here.
1885 */
1886 if (S_ISDIR(mode) || S_ISREG(mode)) {
1887 const struct FndrExtendedFileInfo *extinfo = (const struct FndrExtendedFileInfo *)finfo;
1888 gcount = OSSwapBigToHostInt32 (extinfo->write_gen_counter);
1889
1890 /*
1891 * Is it zero? File might originate in 10.8 or earlier. We lie and bump it to 1,
1892 * since the incrementer code is able to handle this case and will double-increment
1893 * for us.
1894 */
1895 if (gcount == 0) {
1896 gcount++;
1897 }
1898 }
1899
1900 return gcount;
1901 }
1902
1903 /* Getter for the gen count */
1904 u_int32_t hfs_get_gencount (struct cnode *cp) {
1905 return hfs_get_gencount_internal(cp->c_finderinfo, cp->c_attr.ca_mode);
1906 }
1907
1908 /* Getter for the gen count from a buffer (currently pointer to finderinfo)*/
1909 u_int32_t hfs_get_gencount_from_blob (const uint8_t *finfoblob, mode_t mode) {
1910 return hfs_get_gencount_internal(finfoblob, mode);
1911 }
1912
1913 void hfs_clear_might_be_dirty_flag(cnode_t *cp)
1914 {
1915 /*
1916 * If we're about to touch both mtime and ctime, we can clear the
1917 * C_MIGHT_BE_DIRTY_FROM_MAPPING since we can guarantee that
1918 * subsequent page-outs can only be for data made dirty before
1919 * now.
1920 */
1921 CLR(cp->c_flag, C_MIGHT_BE_DIRTY_FROM_MAPPING);
1922 }
1923
1924 /*
1925 * Touch cnode times based on c_touch_xxx flags
1926 *
1927 * cnode must be locked exclusive
1928 *
1929 * This will also update the volume modify time
1930 */
1931 void
1932 hfs_touchtimes(struct hfsmount *hfsmp, struct cnode* cp)
1933 {
1934 vfs_context_t ctx;
1935
1936 if (ISSET(hfsmp->hfs_flags, HFS_READ_ONLY) || ISSET(cp->c_flag, C_NOEXISTS)) {
1937 cp->c_touch_acctime = FALSE;
1938 cp->c_touch_chgtime = FALSE;
1939 cp->c_touch_modtime = FALSE;
1940 CLR(cp->c_flag, C_NEEDS_DATEADDED);
1941 return;
1942 }
1943 #if CONFIG_HFS_STD
1944 else if (hfsmp->hfs_flags & HFS_STANDARD) {
1945 /* HFS Standard doesn't support access times */
1946 cp->c_touch_acctime = FALSE;
1947 }
1948 #endif
1949
1950 ctx = vfs_context_current();
1951 /*
1952 * Skip access time updates if:
1953 * . MNT_NOATIME is set
1954 * . a file system freeze is in progress
1955 * . a file system resize is in progress
1956 * . the vnode associated with this cnode is marked for rapid aging
1957 */
1958 if (cp->c_touch_acctime) {
1959 if ((vfs_flags(hfsmp->hfs_mp) & MNT_NOATIME) ||
1960 hfsmp->hfs_freeze_state != HFS_THAWED ||
1961 (hfsmp->hfs_flags & HFS_RESIZE_IN_PROGRESS) ||
1962 (cp->c_vp && ((vnode_israge(cp->c_vp) || (vfs_ctx_skipatime(ctx)))))) {
1963
1964 cp->c_touch_acctime = FALSE;
1965 }
1966 }
1967 if (cp->c_touch_acctime || cp->c_touch_chgtime ||
1968 cp->c_touch_modtime || (cp->c_flag & C_NEEDS_DATEADDED)) {
1969 struct timeval tv;
1970 int touchvol = 0;
1971
1972 if (cp->c_touch_modtime && cp->c_touch_chgtime)
1973 hfs_clear_might_be_dirty_flag(cp);
1974
1975 microtime(&tv);
1976
1977 if (cp->c_touch_acctime) {
1978 /*
1979 * When the access time is the only thing changing, we
1980 * won't necessarily write it to disk immediately. We
1981 * only do the atime update at vnode recycle time, when
1982 * fsync is called or when there's another reason to write
1983 * to the metadata.
1984 */
1985 cp->c_atime = tv.tv_sec;
1986 cp->c_touch_acctime = FALSE;
1987 }
1988 if (cp->c_touch_modtime) {
1989 cp->c_touch_modtime = FALSE;
1990 time_t new_time = tv.tv_sec;
1991 #if CONFIG_HFS_STD
1992 /*
1993 * HFS dates that WE set must be adjusted for DST
1994 */
1995 if ((hfsmp->hfs_flags & HFS_STANDARD) && gTimeZone.tz_dsttime) {
1996 new_time += 3600;
1997 }
1998 #endif
1999 if (cp->c_mtime != new_time) {
2000 cp->c_mtime = new_time;
2001 cp->c_flag |= C_MINOR_MOD;
2002 touchvol = 1;
2003 }
2004 }
2005 if (cp->c_touch_chgtime) {
2006 cp->c_touch_chgtime = FALSE;
2007 if (cp->c_ctime != tv.tv_sec) {
2008 cp->c_ctime = tv.tv_sec;
2009 cp->c_flag |= C_MINOR_MOD;
2010 touchvol = 1;
2011 }
2012 }
2013
2014 if (cp->c_flag & C_NEEDS_DATEADDED) {
2015 hfs_write_dateadded (&(cp->c_attr), tv.tv_sec);
2016 cp->c_flag |= C_MINOR_MOD;
2017 /* untwiddle the bit */
2018 cp->c_flag &= ~C_NEEDS_DATEADDED;
2019 touchvol = 1;
2020 }
2021
2022 /* Touch the volume modtime if needed */
2023 if (touchvol) {
2024 hfs_note_header_minor_change(hfsmp);
2025 HFSTOVCB(hfsmp)->vcbLsMod = tv.tv_sec;
2026 }
2027 }
2028 }
2029
2030 // Use this if you don't want to check the return code
2031 void hfs_lock_always(cnode_t *cp, enum hfs_locktype locktype)
2032 {
2033 hfs_lock(cp, locktype, HFS_LOCK_ALWAYS);
2034 }
2035
2036 /*
2037 * Lock a cnode.
2038 * N.B. If you add any failure cases, *make* sure hfs_lock_always works
2039 */
2040 int
2041 hfs_lock(struct cnode *cp, enum hfs_locktype locktype, enum hfs_lockflags flags)
2042 {
2043 thread_t thread = current_thread();
2044
2045 if (cp->c_lockowner == thread) {
2046 /*
2047 * Only the extents and bitmap files support lock recursion
2048 * here. The other system files support lock recursion in
2049 * hfs_systemfile_lock. Eventually, we should change to
2050 * handle recursion solely in hfs_systemfile_lock.
2051 */
2052 if ((cp->c_fileid == kHFSExtentsFileID) ||
2053 (cp->c_fileid == kHFSAllocationFileID)) {
2054 cp->c_syslockcount++;
2055 } else {
2056 panic("hfs_lock: locking against myself!");
2057 }
2058 } else if (locktype == HFS_SHARED_LOCK) {
2059 lck_rw_lock_shared(&cp->c_rwlock);
2060 cp->c_lockowner = HFS_SHARED_OWNER;
2061 } else { /* HFS_EXCLUSIVE_LOCK */
2062 lck_rw_lock_exclusive(&cp->c_rwlock);
2063 cp->c_lockowner = thread;
2064
2065 /* Only the extents and bitmap files support lock recursion. */
2066 if ((cp->c_fileid == kHFSExtentsFileID) ||
2067 (cp->c_fileid == kHFSAllocationFileID)) {
2068 cp->c_syslockcount = 1;
2069 }
2070 }
2071
2072 #ifdef HFS_CHECK_LOCK_ORDER
2073 /*
2074 * Regular cnodes (non-system files) cannot be locked
2075 * while holding the journal lock or a system file lock.
2076 */
2077 if (!(cp->c_desc.cd_flags & CD_ISMETA) &&
2078 ((cp->c_fileid > kHFSFirstUserCatalogNodeID) || (cp->c_fileid == kHFSRootFolderID))) {
2079 vnode_t vp = NULLVP;
2080
2081 /* Find corresponding vnode. */
2082 if (cp->c_vp != NULLVP && VTOC(cp->c_vp) == cp) {
2083 vp = cp->c_vp;
2084 } else if (cp->c_rsrc_vp != NULLVP && VTOC(cp->c_rsrc_vp) == cp) {
2085 vp = cp->c_rsrc_vp;
2086 }
2087 if (vp != NULLVP) {
2088 struct hfsmount *hfsmp = VTOHFS(vp);
2089
2090 if (hfsmp->jnl && (journal_owner(hfsmp->jnl) == thread)) {
2091 /* This will eventually be a panic here, but we need
2092 to fix where we create the hot files BTree
2093 first. */
2094 printf("hfs_lock: bad lock order (cnode after journal)\n");
2095 }
2096 if (hfsmp->hfs_catalog_cp && hfsmp->hfs_catalog_cp->c_lockowner == thread) {
2097 panic("hfs_lock: bad lock order (cnode after catalog)");
2098 }
2099 if (hfsmp->hfs_attribute_cp && hfsmp->hfs_attribute_cp->c_lockowner == thread) {
2100 panic("hfs_lock: bad lock order (cnode after attribute)");
2101 }
2102 if (hfsmp->hfs_extents_cp && hfsmp->hfs_extents_cp->c_lockowner == thread) {
2103 panic("hfs_lock: bad lock order (cnode after extents)");
2104 }
2105 }
2106 }
2107 #endif /* HFS_CHECK_LOCK_ORDER */
2108
2109 /*
2110 * Skip cnodes for regular files that no longer exist
2111 * (marked deleted, catalog entry gone).
2112 */
2113 if (((flags & HFS_LOCK_ALLOW_NOEXISTS) == 0) &&
2114 ((cp->c_desc.cd_flags & CD_ISMETA) == 0) &&
2115 (cp->c_flag & C_NOEXISTS)) {
2116 hfs_unlock(cp);
2117 return (ENOENT);
2118 }
2119 return (0);
2120 }
2121
2122 bool hfs_lock_upgrade(cnode_t *cp)
2123 {
2124 if (lck_rw_lock_shared_to_exclusive(&cp->c_rwlock)) {
2125 cp->c_lockowner = current_thread();
2126 return true;
2127 } else
2128 return false;
2129 }
2130
2131 /*
2132 * Lock a pair of cnodes.
2133 */
2134 int
2135 hfs_lockpair(struct cnode *cp1, struct cnode *cp2, enum hfs_locktype locktype)
2136 {
2137 struct cnode *first, *last;
2138 int error;
2139
2140 /*
2141 * If cnodes match then just lock one.
2142 */
2143 if (cp1 == cp2) {
2144 return hfs_lock(cp1, locktype, HFS_LOCK_DEFAULT);
2145 }
2146
2147 /*
2148 * Lock in cnode address order.
2149 */
2150 if (cp1 < cp2) {
2151 first = cp1;
2152 last = cp2;
2153 } else {
2154 first = cp2;
2155 last = cp1;
2156 }
2157
2158 if ( (error = hfs_lock(first, locktype, HFS_LOCK_DEFAULT))) {
2159 return (error);
2160 }
2161 if ( (error = hfs_lock(last, locktype, HFS_LOCK_DEFAULT))) {
2162 hfs_unlock(first);
2163 return (error);
2164 }
2165 return (0);
2166 }
2167
2168 /*
2169 * Check ordering of two cnodes. Return true if they are are in-order.
2170 */
2171 static int
2172 hfs_isordered(struct cnode *cp1, struct cnode *cp2)
2173 {
2174 if (cp1 == cp2)
2175 return (0);
2176 if (cp1 == NULL || cp2 == (struct cnode *)0xffffffff)
2177 return (1);
2178 if (cp2 == NULL || cp1 == (struct cnode *)0xffffffff)
2179 return (0);
2180 /*
2181 * Locking order is cnode address order.
2182 */
2183 return (cp1 < cp2);
2184 }
2185
2186 /*
2187 * Acquire 4 cnode locks.
2188 * - locked in cnode address order (lesser address first).
2189 * - all or none of the locks are taken
2190 * - only one lock taken per cnode (dup cnodes are skipped)
2191 * - some of the cnode pointers may be null
2192 */
2193 int
2194 hfs_lockfour(struct cnode *cp1, struct cnode *cp2, struct cnode *cp3,
2195 struct cnode *cp4, enum hfs_locktype locktype, struct cnode **error_cnode)
2196 {
2197 struct cnode * a[3];
2198 struct cnode * b[3];
2199 struct cnode * list[4];
2200 struct cnode * tmp;
2201 int i, j, k;
2202 int error;
2203 if (error_cnode) {
2204 *error_cnode = NULL;
2205 }
2206
2207 if (hfs_isordered(cp1, cp2)) {
2208 a[0] = cp1; a[1] = cp2;
2209 } else {
2210 a[0] = cp2; a[1] = cp1;
2211 }
2212 if (hfs_isordered(cp3, cp4)) {
2213 b[0] = cp3; b[1] = cp4;
2214 } else {
2215 b[0] = cp4; b[1] = cp3;
2216 }
2217 a[2] = (struct cnode *)0xffffffff; /* sentinel value */
2218 b[2] = (struct cnode *)0xffffffff; /* sentinel value */
2219
2220 /*
2221 * Build the lock list, skipping over duplicates
2222 */
2223 for (i = 0, j = 0, k = 0; (i < 2 || j < 2); ) {
2224 tmp = hfs_isordered(a[i], b[j]) ? a[i++] : b[j++];
2225 if (k == 0 || tmp != list[k-1])
2226 list[k++] = tmp;
2227 }
2228
2229 /*
2230 * Now we can lock using list[0 - k].
2231 * Skip over NULL entries.
2232 */
2233 for (i = 0; i < k; ++i) {
2234 if (list[i])
2235 if ((error = hfs_lock(list[i], locktype, HFS_LOCK_DEFAULT))) {
2236 /* Only stuff error_cnode if requested */
2237 if (error_cnode) {
2238 *error_cnode = list[i];
2239 }
2240 /* Drop any locks we acquired. */
2241 while (--i >= 0) {
2242 if (list[i])
2243 hfs_unlock(list[i]);
2244 }
2245 return (error);
2246 }
2247 }
2248 return (0);
2249 }
2250
2251
2252 /*
2253 * Unlock a cnode.
2254 */
2255 void
2256 hfs_unlock(struct cnode *cp)
2257 {
2258 vnode_t rvp = NULLVP;
2259 vnode_t vp = NULLVP;
2260 u_int32_t c_flag = 0;
2261
2262 /*
2263 * Only the extents and bitmap file's support lock recursion.
2264 */
2265 if ((cp->c_fileid == kHFSExtentsFileID) ||
2266 (cp->c_fileid == kHFSAllocationFileID)) {
2267 if (--cp->c_syslockcount > 0) {
2268 return;
2269 }
2270 }
2271
2272 const thread_t thread = current_thread();
2273
2274 if (cp->c_lockowner == thread) {
2275 c_flag = cp->c_flag;
2276
2277 // If we have the truncate lock, we must defer the puts
2278 if (cp->c_truncatelockowner == thread) {
2279 if (ISSET(c_flag, C_NEED_DVNODE_PUT)
2280 && !cp->c_need_dvnode_put_after_truncate_unlock) {
2281 CLR(c_flag, C_NEED_DVNODE_PUT);
2282 cp->c_need_dvnode_put_after_truncate_unlock = true;
2283 }
2284 if (ISSET(c_flag, C_NEED_RVNODE_PUT)
2285 && !cp->c_need_rvnode_put_after_truncate_unlock) {
2286 CLR(c_flag, C_NEED_RVNODE_PUT);
2287 cp->c_need_rvnode_put_after_truncate_unlock = true;
2288 }
2289 }
2290
2291 CLR(cp->c_flag, (C_NEED_DATA_SETSIZE | C_NEED_RSRC_SETSIZE
2292 | C_NEED_DVNODE_PUT | C_NEED_RVNODE_PUT));
2293
2294 if (c_flag & (C_NEED_DVNODE_PUT | C_NEED_DATA_SETSIZE)) {
2295 vp = cp->c_vp;
2296 }
2297 if (c_flag & (C_NEED_RVNODE_PUT | C_NEED_RSRC_SETSIZE)) {
2298 rvp = cp->c_rsrc_vp;
2299 }
2300
2301 cp->c_lockowner = NULL;
2302 lck_rw_unlock_exclusive(&cp->c_rwlock);
2303 } else {
2304 lck_rw_unlock_shared(&cp->c_rwlock);
2305 }
2306
2307 /* Perform any vnode post processing after cnode lock is dropped. */
2308 if (vp) {
2309 if (c_flag & C_NEED_DATA_SETSIZE) {
2310 ubc_setsize(vp, VTOF(vp)->ff_size);
2311 #if HFS_COMPRESSION
2312 /*
2313 * If this is a compressed file, we need to reset the
2314 * compression state. We will have set the size to zero
2315 * above and it will get fixed up later (in exactly the
2316 * same way that new vnodes are fixed up). Note that we
2317 * should only be able to get here if the truncate lock is
2318 * held exclusively and so we do the reset when that's
2319 * unlocked.
2320 */
2321 decmpfs_cnode *dp = VTOCMP(vp);
2322 if (dp && decmpfs_cnode_get_vnode_state(dp) != FILE_TYPE_UNKNOWN)
2323 cp->c_need_decmpfs_reset = true;
2324 #endif
2325 }
2326 if (c_flag & C_NEED_DVNODE_PUT)
2327 vnode_put(vp);
2328 }
2329 if (rvp) {
2330 if (c_flag & C_NEED_RSRC_SETSIZE)
2331 ubc_setsize(rvp, VTOF(rvp)->ff_size);
2332 if (c_flag & C_NEED_RVNODE_PUT)
2333 vnode_put(rvp);
2334 }
2335 }
2336
2337 /*
2338 * Unlock a pair of cnodes.
2339 */
2340 void
2341 hfs_unlockpair(struct cnode *cp1, struct cnode *cp2)
2342 {
2343 hfs_unlock(cp1);
2344 if (cp2 != cp1)
2345 hfs_unlock(cp2);
2346 }
2347
2348 /*
2349 * Unlock a group of cnodes.
2350 */
2351 void
2352 hfs_unlockfour(struct cnode *cp1, struct cnode *cp2, struct cnode *cp3, struct cnode *cp4)
2353 {
2354 struct cnode * list[4];
2355 int i, k = 0;
2356
2357 if (cp1) {
2358 hfs_unlock(cp1);
2359 list[k++] = cp1;
2360 }
2361 if (cp2) {
2362 for (i = 0; i < k; ++i) {
2363 if (list[i] == cp2)
2364 goto skip1;
2365 }
2366 hfs_unlock(cp2);
2367 list[k++] = cp2;
2368 }
2369 skip1:
2370 if (cp3) {
2371 for (i = 0; i < k; ++i) {
2372 if (list[i] == cp3)
2373 goto skip2;
2374 }
2375 hfs_unlock(cp3);
2376 list[k++] = cp3;
2377 }
2378 skip2:
2379 if (cp4) {
2380 for (i = 0; i < k; ++i) {
2381 if (list[i] == cp4)
2382 return;
2383 }
2384 hfs_unlock(cp4);
2385 }
2386 }
2387
2388
2389 /*
2390 * Protect a cnode against a truncation.
2391 *
2392 * Used mainly by read/write since they don't hold the
2393 * cnode lock across calls to the cluster layer.
2394 *
2395 * The process doing a truncation must take the lock
2396 * exclusive. The read/write processes can take it
2397 * shared. The locktype argument is the same as supplied to
2398 * hfs_lock.
2399 */
2400 void
2401 hfs_lock_truncate(struct cnode *cp, enum hfs_locktype locktype, enum hfs_lockflags flags)
2402 {
2403 thread_t thread = current_thread();
2404
2405 if (cp->c_truncatelockowner == thread) {
2406 /*
2407 * Ignore grabbing the lock if it the current thread already
2408 * holds exclusive lock.
2409 *
2410 * This is needed on the hfs_vnop_pagein path where we need to ensure
2411 * the file does not change sizes while we are paging in. However,
2412 * we may already hold the lock exclusive due to another
2413 * VNOP from earlier in the call stack. So if we already hold
2414 * the truncate lock exclusive, allow it to proceed, but ONLY if
2415 * it's in the recursive case.
2416 */
2417 if ((flags & HFS_LOCK_SKIP_IF_EXCLUSIVE) == 0) {
2418 panic("hfs_lock_truncate: cnode %p locked!", cp);
2419 }
2420 } else if (locktype == HFS_SHARED_LOCK) {
2421 lck_rw_lock_shared(&cp->c_truncatelock);
2422 cp->c_truncatelockowner = HFS_SHARED_OWNER;
2423 } else { /* HFS_EXCLUSIVE_LOCK */
2424 lck_rw_lock_exclusive(&cp->c_truncatelock);
2425 cp->c_truncatelockowner = thread;
2426 }
2427 }
2428
2429 bool hfs_truncate_lock_upgrade(struct cnode *cp)
2430 {
2431 hfs_assert(cp->c_truncatelockowner == HFS_SHARED_OWNER);
2432 if (!lck_rw_lock_shared_to_exclusive(&cp->c_truncatelock))
2433 return false;
2434 cp->c_truncatelockowner = current_thread();
2435 return true;
2436 }
2437
2438 void hfs_truncate_lock_downgrade(struct cnode *cp)
2439 {
2440 hfs_assert(cp->c_truncatelockowner == current_thread());
2441 lck_rw_lock_exclusive_to_shared(&cp->c_truncatelock);
2442 cp->c_truncatelockowner = HFS_SHARED_OWNER;
2443 }
2444
2445 /*
2446 * Attempt to get the truncate lock. If it cannot be acquired, error out.
2447 * This function is needed in the degenerate hfs_vnop_pagein during force unmount
2448 * case. To prevent deadlocks while a VM copy object is moving pages, HFS vnop pagein will
2449 * temporarily need to disable V2 semantics.
2450 */
2451 int hfs_try_trunclock (struct cnode *cp, enum hfs_locktype locktype, enum hfs_lockflags flags)
2452 {
2453 thread_t thread = current_thread();
2454 boolean_t didlock = false;
2455
2456 if (cp->c_truncatelockowner == thread) {
2457 /*
2458 * Ignore grabbing the lock if the current thread already
2459 * holds exclusive lock.
2460 *
2461 * This is needed on the hfs_vnop_pagein path where we need to ensure
2462 * the file does not change sizes while we are paging in. However,
2463 * we may already hold the lock exclusive due to another
2464 * VNOP from earlier in the call stack. So if we already hold
2465 * the truncate lock exclusive, allow it to proceed, but ONLY if
2466 * it's in the recursive case.
2467 */
2468 if ((flags & HFS_LOCK_SKIP_IF_EXCLUSIVE) == 0) {
2469 panic("hfs_lock_truncate: cnode %p locked!", cp);
2470 }
2471 } else if (locktype == HFS_SHARED_LOCK) {
2472 didlock = lck_rw_try_lock(&cp->c_truncatelock, LCK_RW_TYPE_SHARED);
2473 if (didlock) {
2474 cp->c_truncatelockowner = HFS_SHARED_OWNER;
2475 }
2476 } else { /* HFS_EXCLUSIVE_LOCK */
2477 didlock = lck_rw_try_lock (&cp->c_truncatelock, LCK_RW_TYPE_EXCLUSIVE);
2478 if (didlock) {
2479 cp->c_truncatelockowner = thread;
2480 }
2481 }
2482
2483 return didlock;
2484 }
2485
2486
2487 /*
2488 * Unlock the truncate lock, which protects against size changes.
2489 *
2490 * If HFS_LOCK_SKIP_IF_EXCLUSIVE flag was set, it means that a previous
2491 * hfs_lock_truncate() might have skipped grabbing a lock because
2492 * the current thread was already holding the lock exclusive and
2493 * we may need to return from this function without actually unlocking
2494 * the truncate lock.
2495 */
2496 void
2497 hfs_unlock_truncate(struct cnode *cp, enum hfs_lockflags flags)
2498 {
2499 thread_t thread = current_thread();
2500
2501 /*
2502 * If HFS_LOCK_SKIP_IF_EXCLUSIVE is set in the flags AND the current
2503 * lock owner of the truncate lock is our current thread, then
2504 * we must have skipped taking the lock earlier by in
2505 * hfs_lock_truncate() by setting HFS_LOCK_SKIP_IF_EXCLUSIVE in the
2506 * flags (as the current thread was current lock owner).
2507 *
2508 * If HFS_LOCK_SKIP_IF_EXCLUSIVE is not set (most of the time) then
2509 * we check the lockowner field to infer whether the lock was taken
2510 * exclusively or shared in order to know what underlying lock
2511 * routine to call.
2512 */
2513 if (flags & HFS_LOCK_SKIP_IF_EXCLUSIVE) {
2514 if (cp->c_truncatelockowner == thread) {
2515 return;
2516 }
2517 }
2518
2519 /* HFS_LOCK_EXCLUSIVE */
2520 if (thread == cp->c_truncatelockowner) {
2521 vnode_t vp = NULL, rvp = NULL;
2522
2523 /*
2524 * If there are pending set sizes, the cnode lock should be dropped
2525 * first.
2526 */
2527 hfs_assert(!(cp->c_lockowner == thread
2528 && ISSET(cp->c_flag, C_NEED_DATA_SETSIZE | C_NEED_RSRC_SETSIZE)));
2529
2530 if (cp->c_need_dvnode_put_after_truncate_unlock) {
2531 vp = cp->c_vp;
2532 cp->c_need_dvnode_put_after_truncate_unlock = false;
2533 }
2534 if (cp->c_need_rvnode_put_after_truncate_unlock) {
2535 rvp = cp->c_rsrc_vp;
2536 cp->c_need_rvnode_put_after_truncate_unlock = false;
2537 }
2538
2539 #if HFS_COMPRESSION
2540 bool reset_decmpfs = cp->c_need_decmpfs_reset;
2541 cp->c_need_decmpfs_reset = false;
2542 #endif
2543
2544 cp->c_truncatelockowner = NULL;
2545 lck_rw_unlock_exclusive(&cp->c_truncatelock);
2546
2547 #if HFS_COMPRESSION
2548 if (reset_decmpfs) {
2549 decmpfs_cnode *dp = cp->c_decmp;
2550 if (dp && decmpfs_cnode_get_vnode_state(dp) != FILE_TYPE_UNKNOWN)
2551 decmpfs_cnode_set_vnode_state(dp, FILE_TYPE_UNKNOWN, 0);
2552 }
2553 #endif
2554
2555 // Do the puts now
2556 if (vp)
2557 vnode_put(vp);
2558 if (rvp)
2559 vnode_put(rvp);
2560 } else { /* HFS_LOCK_SHARED */
2561 lck_rw_unlock_shared(&cp->c_truncatelock);
2562 }
2563 }
mirror of hfs