]> git.saurik.com Git - apple/xnu.git/blob - bsd/hfs/hfs_cnode.h
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-3248.60.10.tar.gz
[apple/xnu.git] / bsd / hfs / hfs_cnode.h
1 /*
2 * Copyright (c) 2002-2014 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 #ifndef _HFS_CNODE_H_
29 #define _HFS_CNODE_H_
30
31 #include <sys/appleapiopts.h>
32
33 #ifdef KERNEL
34 #ifdef __APPLE_API_PRIVATE
35 #include <stdbool.h>
36 #include <sys/types.h>
37 #include <sys/queue.h>
38 #include <sys/stat.h>
39 #include <sys/vnode.h>
40 #include <sys/quota.h>
41
42 #include <kern/locks.h>
43
44 #include <hfs/hfs_catalog.h>
45 #include <hfs/rangelist.h>
46 #if HFS_COMPRESSION
47 #include <sys/decmpfs.h>
48 #endif
49 #if CONFIG_PROTECT
50 #include <sys/cprotect.h>
51 #endif
52 #include <kern/assert.h>
53
54 /*
55 * The filefork is used to represent an HFS file fork (data or resource).
56 * Reading or writing any of these fields requires holding cnode lock.
57 */
58 struct filefork {
59 struct cnode *ff_cp; /* cnode associated with this fork */
60 struct rl_head ff_invalidranges; /* Areas of disk that should read back as zeroes */
61 union {
62 void *ffu_sysfileinfo; /* additional info for system files */
63 char *ffu_symlinkptr; /* symbolic link pathname */
64 } ff_union;
65 struct cat_fork ff_data; /* fork data (size, extents) */
66 };
67 typedef struct filefork filefork_t;
68
69
70 #define HFS_TEMPLOOKUP_NAMELEN 32
71
72 /*
73 * Catalog Lookup struct (runtime)
74 *
75 * This is used so that when we need to malloc a container for a catalog
76 * lookup operation, we can acquire memory for everything in one fell swoop
77 * as opposed to putting many of these objects on the stack. The cat_fork
78 * data structure can take up 100+bytes easily, and that can add to stack
79 * overhead.
80 *
81 * As a result, we use this to easily pass around the memory needed for a
82 * lookup operation.
83 */
84 struct cat_lookup_buffer {
85 struct cat_desc lookup_desc;
86 struct cat_attr lookup_attr;
87 struct filefork lookup_fork;
88 struct componentname lookup_cn;
89 char lookup_name[HFS_TEMPLOOKUP_NAMELEN]; /* for open-unlinked paths only */
90 };
91
92
93 /* Aliases for common fields */
94 #define ff_size ff_data.cf_size
95 #define ff_new_size ff_data.cf_new_size
96 #define ff_clumpsize ff_data.cf_clump
97 #define ff_bytesread ff_data.cf_bytesread
98 #define ff_extents ff_data.cf_extents
99
100 /*
101 * Note that the blocks fields are protected by the cnode lock, *not*
102 * the truncate lock.
103 */
104 #define ff_blocks ff_data.cf_blocks
105 #define ff_unallocblocks ff_data.cf_vblocks
106 static inline uint32_t ff_allocblocks(filefork_t *ff)
107 {
108 assert(ff->ff_blocks >= ff->ff_unallocblocks);
109 return ff->ff_blocks - ff->ff_unallocblocks;
110 }
111
112 #define ff_symlinkptr ff_union.ffu_symlinkptr
113 #define ff_sysfileinfo ff_union.ffu_sysfileinfo
114
115
116 /* The btree code still needs these... */
117 #define fcbEOF ff_size
118 #define fcbExtents ff_extents
119 #define fcbBTCBPtr ff_sysfileinfo
120
121 typedef u_int8_t atomicflag_t;
122
123
124 /*
125 * Hardlink Origin (for hardlinked directories).
126 */
127 struct linkorigin {
128 TAILQ_ENTRY(linkorigin) lo_link; /* chain */
129 void * lo_thread; /* thread that performed the lookup */
130 cnid_t lo_cnid; /* hardlink's cnid */
131 cnid_t lo_parentcnid; /* hardlink's parent cnid */
132 };
133 typedef struct linkorigin linkorigin_t;
134
135 #define MAX_CACHED_ORIGINS 10
136 #define MAX_CACHED_FILE_ORIGINS 8
137
138 /*
139 * The cnode is used to represent each active (or recently active)
140 * file or directory in the HFS filesystem.
141 *
142 * Reading or writing any of these fields requires holding c_lock.
143 */
144 struct cnode {
145 lck_rw_t c_rwlock; /* cnode's lock */
146 thread_t c_lockowner; /* cnode's lock owner (exclusive case only) */
147 lck_rw_t c_truncatelock; /* protects file from truncation during read/write */
148 thread_t c_truncatelockowner; /* truncate lock owner (exclusive case only) */
149 LIST_ENTRY(cnode) c_hash; /* cnode's hash chain */
150 u_int32_t c_flag; /* cnode's runtime flags */
151 u_int32_t c_hflag; /* cnode's flags for maintaining hash - protected by global hash lock */
152 struct vnode *c_vp; /* vnode for data fork or dir */
153 struct vnode *c_rsrc_vp; /* vnode for resource fork */
154 struct dquot *c_dquot[MAXQUOTAS]; /* cnode's quota info */
155 u_int32_t c_childhint; /* catalog hint for children (small dirs only) */
156 u_int32_t c_dirthreadhint; /* catalog hint for directory's thread rec */
157 struct cat_desc c_desc; /* cnode's descriptor */
158 struct cat_attr c_attr; /* cnode's attributes */
159 TAILQ_HEAD(hfs_originhead, linkorigin) c_originlist; /* hardlink origin cache */
160 TAILQ_HEAD(hfs_hinthead, directoryhint) c_hintlist; /* readdir directory hint list */
161 int16_t c_dirhinttag; /* directory hint tag */
162 union {
163 int16_t cu_dirhintcnt; /* directory hint count */
164 int16_t cu_syslockcount; /* system file use only */
165 } c_union;
166 u_int32_t c_dirchangecnt; /* changes each insert/delete (in-core only) */
167 struct filefork *c_datafork; /* cnode's data fork */
168 struct filefork *c_rsrcfork; /* cnode's rsrc fork */
169 atomicflag_t c_touch_acctime;
170 atomicflag_t c_touch_chgtime;
171 atomicflag_t c_touch_modtime;
172
173 // The following flags are protected by the truncate lock
174 union {
175 struct {
176 bool c_need_dvnode_put_after_truncate_unlock : 1;
177 bool c_need_rvnode_put_after_truncate_unlock : 1;
178 #if HFS_COMPRESSION
179 bool c_need_decmpfs_reset : 1;
180 #endif
181 };
182 uint8_t c_tflags;
183 };
184
185 /*
186 * Where we're using a journal, we keep track of the last
187 * transaction that we did an update in. If a minor modification
188 * is made, we'll still push it if we're still on the same
189 * transaction.
190 */
191 uint32_t c_update_txn;
192
193 #if HFS_COMPRESSION
194 decmpfs_cnode *c_decmp;
195 #endif /* HFS_COMPRESSION */
196 #if CONFIG_PROTECT
197 cprotect_t c_cpentry; /* content protection data */
198 #endif
199
200 };
201 typedef struct cnode cnode_t;
202
203 /* Aliases for common cnode fields */
204 #define c_cnid c_desc.cd_cnid
205 #define c_hint c_desc.cd_hint
206 #define c_parentcnid c_desc.cd_parentcnid
207 #define c_encoding c_desc.cd_encoding
208
209 #define c_fileid c_attr.ca_fileid
210 #define c_mode c_attr.ca_mode
211 #define c_linkcount c_attr.ca_linkcount
212 #define c_uid c_attr.ca_uid
213 #define c_gid c_attr.ca_gid
214 #define c_rdev c_attr.ca_union1.cau_rdev
215 #define c_atime c_attr.ca_atime
216 #define c_mtime c_attr.ca_mtime
217 #define c_ctime c_attr.ca_ctime
218 #define c_itime c_attr.ca_itime
219 #define c_btime c_attr.ca_btime
220 #define c_bsdflags c_attr.ca_flags
221 #define c_finderinfo c_attr.ca_finderinfo
222 #define c_blocks c_attr.ca_union2.cau_blocks
223 #define c_entries c_attr.ca_union2.cau_entries
224 #define c_zftimeout c_childhint
225
226 #define c_dirhintcnt c_union.cu_dirhintcnt
227 #define c_syslockcount c_union.cu_syslockcount
228
229
230 /* hash maintenance flags kept in c_hflag and protected by hfs_chash_mutex */
231 #define H_ALLOC 0x00001 /* CNode is being allocated */
232 #define H_ATTACH 0x00002 /* CNode is being attached to by another vnode */
233 #define H_TRANSIT 0x00004 /* CNode is getting recycled */
234 #define H_WAITING 0x00008 /* CNode is being waited for */
235
236
237 /*
238 * Runtime cnode flags (kept in c_flag)
239 */
240 #define C_NEED_RVNODE_PUT 0x0000001 /* Need to do a vnode_put on c_rsrc_vp after the unlock */
241 #define C_NEED_DVNODE_PUT 0x0000002 /* Need to do a vnode_put on c_vp after the unlock */
242 #define C_ZFWANTSYNC 0x0000004 /* fsync requested and file has holes */
243 #define C_FROMSYNC 0x0000008 /* fsync was called from sync */
244
245 #define C_MODIFIED 0x0000010 /* CNode has been modified */
246 #define C_NOEXISTS 0x0000020 /* CNode has been deleted, catalog entry is gone */
247 #define C_DELETED 0x0000040 /* CNode has been marked to be deleted */
248 #define C_HARDLINK 0x0000080 /* CNode is a hard link (file or dir) */
249
250 /*
251 * A minor modification is one where the volume would not be inconsistent if
252 * the change was not pushed to disk. For example, changes to times.
253 */
254 #define C_MINOR_MOD 0x0000100 /* CNode has a minor modification */
255
256 #define C_HASXATTRS 0x0000200 /* cnode has extended attributes */
257 #define C_NEG_ENTRIES 0x0000400 /* directory has negative name entries */
258 /*
259 * For C_SSD_STATIC: SSDs may want to deal with the file payload data in a
260 * different manner knowing that the content is not likely to be modified. This is
261 * purely advisory at the HFS level, and is not maintained after the cnode goes out of core.
262 */
263 #define C_SSD_STATIC 0x0000800 /* Assume future writes contain static content */
264
265 #define C_NEED_DATA_SETSIZE 0x0001000 /* Do a ubc_setsize(0) on c_rsrc_vp after the unlock */
266 #define C_NEED_RSRC_SETSIZE 0x0002000 /* Do a ubc_setsize(0) on c_vp after the unlock */
267 #define C_DIR_MODIFICATION 0x0004000 /* Directory is being modified, wait for lookups */
268 #define C_ALWAYS_ZEROFILL 0x0008000 /* Always zero-fill the file on an fsync */
269
270 #define C_RENAMED 0x0010000 /* cnode was deleted as part of rename; C_DELETED should also be set */
271 #define C_NEEDS_DATEADDED 0x0020000 /* cnode needs date-added written to the finderinfo bit */
272 #define C_BACKINGSTORE 0x0040000 /* cnode is a backing store for an existing or currently-mounting filesystem */
273
274 /*
275 * This flag indicates the cnode might be dirty because it
276 * was mapped writable so if we get any page-outs, update
277 * the modification and change times.
278 */
279 #define C_MIGHT_BE_DIRTY_FROM_MAPPING 0x0080000
280
281 /*
282 * For C_SSD_GREEDY_MODE: SSDs may want to write the file payload data using the greedy mode knowing
283 * that the content needs to be written out to the disk quicker than normal at the expense of storage efficiency.
284 * This is purely advisory at the HFS level, and is not maintained after the cnode goes out of core.
285 */
286 #define C_SSD_GREEDY_MODE 0x0100000 /* Assume future writes are recommended to be written in SLC mode */
287
288 /* 0x0200000 is currently unused */
289
290 #define C_IO_ISOCHRONOUS 0x0400000 /* device-specific isochronous throughput I/O */
291
292 #define ZFTIMELIMIT (5 * 60)
293
294 /*
295 * The following is the "invisible" bit from the fdFlags field
296 * in the FndrFileInfo.
297 */
298 enum { kFinderInvisibleMask = 1 << 14 };
299
300
301 /*
302 * Convert between cnode pointers and vnode pointers
303 */
304 #define VTOC(vp) ((struct cnode *)vnode_fsnode((vp)))
305
306 #define CTOV(cp,rsrc) (((rsrc) && S_ISREG((cp)->c_mode)) ? \
307 (cp)->c_rsrc_vp : (cp)->c_vp)
308
309 /*
310 * Convert between vnode pointers and file forks
311 *
312 * Note: no CTOF since that is ambiguous
313 */
314
315 #define FTOC(fp) ((fp)->ff_cp)
316
317 #define VTOF(vp) ((vp) == VTOC((vp))->c_rsrc_vp ? \
318 VTOC((vp))->c_rsrcfork : \
319 VTOC((vp))->c_datafork)
320
321 #define VCTOF(vp, cp) ((vp) == (cp)->c_rsrc_vp ? \
322 (cp)->c_rsrcfork : \
323 (cp)->c_datafork)
324
325 #define FTOV(fp) ((fp) == FTOC(fp)->c_rsrcfork ? \
326 FTOC(fp)->c_rsrc_vp : \
327 FTOC(fp)->c_vp)
328
329 /*
330 * This is a helper function used for determining whether or not a cnode has become open
331 * unlinked in between the time we acquired its vnode and the time we acquire the cnode lock
332 * to start manipulating it. Due to the SMP nature of VFS, it is probably necessary to
333 * use this macro every time we acquire a cnode lock, as the content of the Cnode may have
334 * been modified in betweeen the lookup and a VNOP. Whether or not to call this is dependent
335 * upon the VNOP in question. Sometimes it is OK to use an open-unlinked file, for example, in,
336 * reading. But other times, such as on the source of a VNOP_RENAME, it should be disallowed.
337 */
338 int hfs_checkdeleted(struct cnode *cp);
339
340 /*
341 * Test for a resource fork
342 */
343 #define FORK_IS_RSRC(fp) ((fp) == FTOC(fp)->c_rsrcfork)
344
345 #define VNODE_IS_RSRC(vp) ((vp) == VTOC((vp))->c_rsrc_vp)
346
347 #if HFS_COMPRESSION
348 /*
349 * VTOCMP(vp) returns a pointer to vp's decmpfs_cnode; this could be NULL
350 * if the file is not compressed or if hfs_file_is_compressed() hasn't
351 * yet been called on this file.
352 */
353 #define VTOCMP(vp) (VTOC((vp))->c_decmp)
354 int hfs_file_is_compressed(struct cnode *cp, int skiplock);
355 int hfs_uncompressed_size_of_compressed_file(struct hfsmount *hfsmp, struct vnode *vp, cnid_t fid, off_t *size, int skiplock);
356 int hfs_hides_rsrc(vfs_context_t ctx, struct cnode *cp, int skiplock);
357 int hfs_hides_xattr(vfs_context_t ctx, struct cnode *cp, const char *name, int skiplock);
358 #endif
359
360 #define ATIME_ONDISK_ACCURACY 300
361
362 static inline bool hfs_should_save_atime(cnode_t *cp)
363 {
364 /*
365 * We only write atime updates to disk if the delta is greater
366 * than ATIME_ONDISK_ACCURACY.
367 */
368 return (cp->c_atime < cp->c_attr.ca_atimeondisk
369 || cp->c_atime - cp->c_attr.ca_atimeondisk > ATIME_ONDISK_ACCURACY);
370 }
371
372 typedef enum {
373 HFS_NOT_DIRTY = 0,
374 HFS_DIRTY = 1,
375 HFS_DIRTY_ATIME = 2
376 } hfs_dirty_t;
377
378 static inline hfs_dirty_t hfs_is_dirty(cnode_t *cp)
379 {
380 if (ISSET(cp->c_flag, C_NOEXISTS))
381 return HFS_NOT_DIRTY;
382
383 if (ISSET(cp->c_flag, C_MODIFIED | C_MINOR_MOD | C_NEEDS_DATEADDED)
384 || cp->c_touch_chgtime || cp->c_touch_modtime) {
385 return HFS_DIRTY;
386 }
387
388 if (cp->c_touch_acctime || hfs_should_save_atime(cp))
389 return HFS_DIRTY_ATIME;
390
391 return HFS_NOT_DIRTY;
392 }
393
394 /* This overlays the FileID portion of NFS file handles. */
395 struct hfsfid {
396 u_int32_t hfsfid_cnid; /* Catalog node ID. */
397 u_int32_t hfsfid_gen; /* Generation number (create date). */
398 };
399
400
401 /* Get new default vnode */
402 extern int hfs_getnewvnode(struct hfsmount *hfsmp, struct vnode *dvp, struct componentname *cnp,
403 struct cat_desc *descp, int flags, struct cat_attr *attrp,
404 struct cat_fork *forkp, struct vnode **vpp, int *out_flags);
405
406 /* Input flags for hfs_getnewvnode */
407
408 #define GNV_WANTRSRC 0x01 /* Request the resource fork vnode. */
409 #define GNV_SKIPLOCK 0x02 /* Skip taking the cnode lock (when getting resource fork). */
410 #define GNV_CREATE 0x04 /* The vnode is for a newly created item. */
411 #define GNV_NOCACHE 0x08 /* Delay entering this item in the name cache */
412 #define GNV_USE_VP 0x10 /* Use the vnode provided in *vpp instead of creating a new one */
413
414 /* Output flags for hfs_getnewvnode */
415 #define GNV_CHASH_RENAMED 0x01 /* The cnode was renamed in-flight */
416 #define GNV_CAT_DELETED 0x02 /* The cnode was deleted from the catalog */
417 #define GNV_NEW_CNODE 0x04 /* We are vending out a newly initialized cnode */
418 #define GNV_CAT_ATTRCHANGED 0x08 /* Something in struct cat_attr changed in between cat_lookups */
419
420
421 /* Touch cnode times based on c_touch_xxx flags */
422 extern void hfs_touchtimes(struct hfsmount *, struct cnode *);
423 extern void hfs_write_dateadded (struct cat_attr *cattrp, u_int32_t dateadded);
424 extern u_int32_t hfs_get_dateadded (struct cnode *cp);
425 extern u_int32_t hfs_get_dateadded_from_blob(const uint8_t * /* finderinfo */, mode_t /* mode */);
426
427 /* Gen counter methods */
428 extern void hfs_write_gencount(struct cat_attr *cattrp, uint32_t gencount);
429 extern uint32_t hfs_get_gencount(struct cnode *cp);
430 extern uint32_t hfs_incr_gencount (struct cnode *cp);
431 extern uint32_t hfs_get_gencount_from_blob(const uint8_t * /* finderinfo */, mode_t /* mode */);
432
433 /* Document id methods */
434 extern uint32_t hfs_get_document_id(struct cnode * /* cp */);
435 extern uint32_t hfs_get_document_id_from_blob(const uint8_t * /* finderinfo */, mode_t /* mode */);
436
437 /* Zero-fill file and push regions out to disk */
438 enum {
439 // Use this flag if you're going to sync later
440 HFS_FILE_DONE_NO_SYNC = 1,
441 };
442 typedef uint32_t hfs_file_done_opts_t;
443 extern int hfs_filedone(struct vnode *vp, vfs_context_t context,
444 hfs_file_done_opts_t opts);
445
446 /*
447 * HFS cnode hash functions.
448 */
449 extern void hfs_chashinit(void);
450 extern void hfs_chashinit_finish(struct hfsmount *hfsmp);
451 extern void hfs_delete_chash(struct hfsmount *hfsmp);
452 extern int hfs_chashremove(struct hfsmount *hfsmp, struct cnode *cp);
453 extern void hfs_chash_abort(struct hfsmount *hfsmp, struct cnode *cp);
454 extern void hfs_chash_rehash(struct hfsmount *hfsmp, struct cnode *cp1, struct cnode *cp2);
455 extern void hfs_chashwakeup(struct hfsmount *hfsmp, struct cnode *cp, int flags);
456 extern void hfs_chash_mark_in_transit(struct hfsmount *hfsmp, struct cnode *cp);
457
458 extern struct vnode * hfs_chash_getvnode(struct hfsmount *hfsmp, ino_t inum, int wantrsrc,
459 int skiplock, int allow_deleted);
460 extern struct cnode * hfs_chash_getcnode(struct hfsmount *hfsmp, ino_t inum, struct vnode **vpp,
461 int wantrsrc, int skiplock, int *out_flags, int *hflags);
462 extern int hfs_chash_snoop(struct hfsmount *, ino_t, int, int (*)(const cnode_t *, void *), void *);
463 extern int hfs_valid_cnode(struct hfsmount *hfsmp, struct vnode *dvp, struct componentname *cnp,
464 cnid_t cnid, struct cat_attr *cattr, int *error);
465
466 extern int hfs_chash_set_childlinkbit(struct hfsmount *hfsmp, cnid_t cnid);
467
468 /*
469 * HFS cnode lock functions.
470 *
471 * HFS Locking Order:
472 *
473 * 1. cnode truncate lock (if needed) -- see below for more on this
474 *
475 * + hfs_vnop_pagein/out handles recursive use of this lock (by
476 * using flag option HFS_LOCK_SKIP_IF_EXCLUSIVE) although there
477 * are issues with this (see #16620278).
478 *
479 * + If locking multiple cnodes then the truncate lock must be taken on
480 * all (in address order), before taking the cnode locks.
481 *
482 * 2. Hot Files stage mutex (grabbed before manipulating individual vnodes/cnodes)
483 *
484 * 3. cnode locks in address order (if needed)
485 *
486 * 4. journal (if needed)
487 *
488 * 5. Hot Files B-Tree lock (not treated as a system file)
489 *
490 * 6. system files (as needed)
491 *
492 * A. Catalog B-tree file
493 * B. Attributes B-tree file
494 * C. Startup file (if there is one)
495 * D. Allocation Bitmap file (always exclusive, supports recursion)
496 * E. Overflow Extents B-tree file (always exclusive, supports recursion)
497 *
498 * 7. hfs mount point (always last)
499 *
500 *
501 * I. HFS cnode hash lock (must not acquire any new locks while holding this lock, always taken last)
502 */
503
504 /*
505 * -- The Truncate Lock --
506 *
507 * The truncate lock is used for a few purposes (more than its name
508 * might suggest). The first thing to note is that the cnode lock
509 * cannot be held whilst issuing any I/O other than metadata changes,
510 * so the truncate lock, in either shared or exclusive form, must
511 * usually be held in these cases. This includes calls to ubc_setsize
512 * where the new size is less than the current size known to the VM
513 * subsystem (for two reasons: a) because reaping pages can block
514 * (e.g. on pages that are busy or being cleaned); b) reaping pages
515 * might require page-in for tasks that have that region mapped
516 * privately). The same applies to other calls into the VM subsystem.
517 *
518 * Here are some (but not necessarily all) cases that the truncate
519 * lock protects for:
520 *
521 * + When reading and writing a file, we hold the truncate lock
522 * shared to ensure that the underlying blocks cannot be deleted
523 * and on systems that use content protection, this also ensures
524 * the keys remain valid (which might be being used by the
525 * underlying layers).
526 *
527 * + We need to protect against the following sequence of events:
528 *
529 * A file is initially size X. A thread issues an append to that
530 * file. Another thread truncates the file and then extends it
531 * to a a new size Y. Now the append can be applied at offset X
532 * and then the data is lost when the file is truncated; or it
533 * could be applied after the truncate, i.e. at offset 0; or it
534 * can be applied at offset Y. What we *cannot* do is apply the
535 * append at offset X and for the data to be visible at the end.
536 * (Note that we are free to choose when we apply the append
537 * operation.)
538 *
539 * To solve this, we keep things simple and take the truncate lock
540 * exclusively in order to sequence the append with other size
541 * changes. Therefore any size change must take the truncate lock
542 * exclusively.
543 *
544 * (N.B. we could do better and allow readers to run concurrently
545 * during the append and other size changes.)
546 *
547 * So here are the rules:
548 *
549 * + If you plan to change ff_size, you must take the truncate lock
550 * exclusively, *but* be careful what I/O you do whilst you have
551 * the truncate lock exclusively and try and avoid it if you can:
552 * if the VM subsystem tries to do something with some pages on a
553 * different thread and you try and do some I/O with those same
554 * pages, we will deadlock. (See #16620278.)
555 *
556 * + If you do anything that requires blocks to not be deleted or
557 * encryption keys to remain valid, you must take the truncate lock
558 * shared.
559 *
560 * + And it follows therefore, that if you want to delete blocks or
561 * delete keys, you must take the truncate lock exclusively. Note
562 * that for asynchronous writes, the truncate lock will be dropped
563 * after issuing I/O but before the I/O has completed which means
564 * that before manipulating keys, you *must* issue
565 * vnode_wait_for_writes in addition to holding the truncate lock.
566 *
567 * N.B. ff_size is actually protected by the cnode lock and so you
568 * must hold the cnode lock exclusively to change it and shared to
569 * read it.
570 *
571 */
572
573 enum hfs_locktype {
574 HFS_SHARED_LOCK = 1,
575 HFS_EXCLUSIVE_LOCK = 2
576 };
577
578 /* Option flags for cnode and truncate lock functions */
579 enum hfs_lockflags {
580 HFS_LOCK_DEFAULT = 0x0, /* Default flag, no options provided */
581 HFS_LOCK_ALLOW_NOEXISTS = 0x1, /* Allow locking of all cnodes, including cnode marked deleted with no catalog entry */
582 HFS_LOCK_SKIP_IF_EXCLUSIVE = 0x2, /* Skip locking if the current thread already holds the lock exclusive */
583
584 // Used when you do not want to check return from hfs_lock
585 HFS_LOCK_ALWAYS = HFS_LOCK_ALLOW_NOEXISTS,
586 };
587 #define HFS_SHARED_OWNER (void *)0xffffffff
588
589 void hfs_lock_always(cnode_t *cnode, enum hfs_locktype);
590 int hfs_lock(struct cnode *, enum hfs_locktype, enum hfs_lockflags);
591 bool hfs_lock_upgrade(cnode_t *cp);
592 int hfs_lockpair(struct cnode *, struct cnode *, enum hfs_locktype);
593 int hfs_lockfour(struct cnode *, struct cnode *, struct cnode *, struct cnode *,
594 enum hfs_locktype, struct cnode **);
595 void hfs_unlock(struct cnode *);
596 void hfs_unlockpair(struct cnode *, struct cnode *);
597 void hfs_unlockfour(struct cnode *, struct cnode *, struct cnode *, struct cnode *);
598
599 void hfs_lock_truncate(struct cnode *, enum hfs_locktype, enum hfs_lockflags);
600 bool hfs_truncate_lock_upgrade(struct cnode *cp);
601 void hfs_truncate_lock_downgrade(struct cnode *cp);
602 void hfs_unlock_truncate(struct cnode *, enum hfs_lockflags);
603 int hfs_try_trunclock(struct cnode *, enum hfs_locktype, enum hfs_lockflags);
604
605 extern int hfs_systemfile_lock(struct hfsmount *, int, enum hfs_locktype);
606 extern void hfs_systemfile_unlock(struct hfsmount *, int);
607
608 void hfs_clear_might_be_dirty_flag(cnode_t *cp);
609
610 // cnode must be locked
611 static inline __attribute__((pure))
612 bool hfs_has_rsrc(const cnode_t *cp)
613 {
614 if (cp->c_rsrcfork)
615 return cp->c_rsrcfork->ff_blocks > 0;
616 else
617 return cp->c_datafork && cp->c_blocks > cp->c_datafork->ff_blocks;
618 }
619
620 #endif /* __APPLE_API_PRIVATE */
621 #endif /* KERNEL */
622
623 #endif /* ! _HFS_CNODE_H_ */
mirror of XNU