+
+
+/*
+ * return NULLVP if vp's parent doesn't
+ * exist, or we can't get a valid iocount
+ * else return the parent of vp
+ */
+vnode_t
+vnode_getparent(vnode_t vp)
+{
+ vnode_t pvp = NULLVP;
+ int pvid;
+
+ NAME_CACHE_LOCK_SHARED();
+ /*
+ * v_parent is stable behind the name_cache lock
+ * however, the only thing we can really guarantee
+ * is that we've grabbed a valid iocount on the
+ * parent of 'vp' at the time we took the name_cache lock...
+ * once we drop the lock, vp could get re-parented
+ */
+ if ( (pvp = vp->v_parent) != NULLVP ) {
+ pvid = pvp->v_id;
+
+ NAME_CACHE_UNLOCK();
+
+ if (vnode_getwithvid(pvp, pvid) != 0)
+ pvp = NULL;
+ } else
+ NAME_CACHE_UNLOCK();
+ return (pvp);
+}
+
+const char *
+vnode_getname(vnode_t vp)
+{
+ const char *name = NULL;
+
+ NAME_CACHE_LOCK_SHARED();
+
+ if (vp->v_name)
+ name = vfs_addname(vp->v_name, strlen(vp->v_name), 0, 0);
+ NAME_CACHE_UNLOCK();
+
+ return (name);
+}
+
+void
+vnode_putname(const char *name)
+{
+ vfs_removename(name);
+}
+
+
+/*
+ * if VNODE_UPDATE_PARENT, and we can take
+ * a reference on dvp, then update vp with
+ * it's new parent... if vp already has a parent,
+ * then drop the reference vp held on it
+ *
+ * if VNODE_UPDATE_NAME,
+ * then drop string ref on v_name if it exists, and if name is non-NULL
+ * then pick up a string reference on name and record it in v_name...
+ * optionally pass in the length and hashval of name if known
+ *
+ * if VNODE_UPDATE_CACHE, flush the name cache entries associated with vp
+ */
+void
+vnode_update_identity(vnode_t vp, vnode_t dvp, const char *name, int name_len, uint32_t name_hashval, int flags)
+{
+ struct namecache *ncp;
+ vnode_t old_parentvp = NULLVP;
+#if NAMEDSTREAMS
+ int isstream = (vp->v_flag & VISNAMEDSTREAM);
+ int kusecountbumped = 0;
+#endif
+ kauth_cred_t tcred = NULL;
+ const char *vname = NULL;
+ const char *tname = NULL;
+
+ if (flags & VNODE_UPDATE_PARENT) {
+ if (dvp && vnode_ref(dvp) != 0) {
+ dvp = NULLVP;
+ }
+#if NAMEDSTREAMS
+ /* Don't count a stream's parent ref during unmounts */
+ if (isstream && dvp && (dvp != vp) && (dvp != vp->v_parent) && (dvp->v_type == VREG)) {
+ vnode_lock_spin(dvp);
+ ++dvp->v_kusecount;
+ kusecountbumped = 1;
+ vnode_unlock(dvp);
+ }
+#endif
+ } else {
+ dvp = NULLVP;
+ }
+ if ( (flags & VNODE_UPDATE_NAME) ) {
+ if (name != vp->v_name) {
+ if (name && *name) {
+ if (name_len == 0)
+ name_len = strlen(name);
+ tname = vfs_addname(name, name_len, name_hashval, 0);
+ }
+ } else
+ flags &= ~VNODE_UPDATE_NAME;
+ }
+ if ( (flags & (VNODE_UPDATE_PURGE | VNODE_UPDATE_PARENT | VNODE_UPDATE_CACHE | VNODE_UPDATE_NAME)) ) {
+
+ NAME_CACHE_LOCK();
+
+ if ( (flags & VNODE_UPDATE_PURGE) ) {
+
+ if (vp->v_parent)
+ vp->v_parent->v_nc_generation++;
+
+ while ( (ncp = LIST_FIRST(&vp->v_nclinks)) )
+ cache_delete(ncp, 1);
+
+ while ( (ncp = LIST_FIRST(&vp->v_ncchildren)) )
+ cache_delete(ncp, 1);
+
+ /*
+ * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held
+ */
+ tcred = vp->v_cred;
+ vp->v_cred = NOCRED;
+ vp->v_authorized_actions = 0;
+ }
+ if ( (flags & VNODE_UPDATE_NAME) ) {
+ vname = vp->v_name;
+ vp->v_name = tname;
+ }
+ if (flags & VNODE_UPDATE_PARENT) {
+ if (dvp != vp && dvp != vp->v_parent) {
+ old_parentvp = vp->v_parent;
+ vp->v_parent = dvp;
+ dvp = NULLVP;
+
+ if (old_parentvp)
+ flags |= VNODE_UPDATE_CACHE;
+ }
+ }
+ if (flags & VNODE_UPDATE_CACHE) {
+ while ( (ncp = LIST_FIRST(&vp->v_nclinks)) )
+ cache_delete(ncp, 1);
+ }
+ NAME_CACHE_UNLOCK();
+
+ if (vname != NULL)
+ vfs_removename(vname);
+
+ if (IS_VALID_CRED(tcred))
+ kauth_cred_unref(&tcred);
+ }
+ if (dvp != NULLVP) {
+#if NAMEDSTREAMS
+ /* Back-out the ref we took if we lost a race for vp->v_parent. */
+ if (kusecountbumped) {
+ vnode_lock_spin(dvp);
+ if (dvp->v_kusecount > 0)
+ --dvp->v_kusecount;
+ vnode_unlock(dvp);
+ }
+#endif
+ vnode_rele(dvp);
+ }
+ if (old_parentvp) {
+ struct uthread *ut;
+
+#if NAMEDSTREAMS
+ if (isstream) {
+ vnode_lock_spin(old_parentvp);
+ if ((old_parentvp->v_type != VDIR) && (old_parentvp->v_kusecount > 0))
+ --old_parentvp->v_kusecount;
+ vnode_unlock(old_parentvp);
+ }
+#endif
+ ut = get_bsdthread_info(current_thread());
+
+ /*
+ * indicated to vnode_rele that it shouldn't do a
+ * vnode_reclaim at this time... instead it will
+ * chain the vnode to the uu_vreclaims list...
+ * we'll be responsible for calling vnode_reclaim
+ * on each of the vnodes in this list...
+ */
+ ut->uu_defer_reclaims = 1;
+ ut->uu_vreclaims = NULLVP;
+
+ while ( (vp = old_parentvp) != NULLVP ) {
+
+ vnode_lock_spin(vp);
+ vnode_rele_internal(vp, 0, 0, 1);
+
+ /*
+ * check to see if the vnode is now in the state
+ * that would have triggered a vnode_reclaim in vnode_rele
+ * if it is, we save it's parent pointer and then NULL
+ * out the v_parent field... we'll drop the reference
+ * that was held on the next iteration of this loop...
+ * this short circuits a potential deep recursion if we
+ * have a long chain of parents in this state...
+ * we'll sit in this loop until we run into
+ * a parent in this chain that is not in this state
+ *
+ * make our check and the vnode_rele atomic
+ * with respect to the current vnode we're working on
+ * by holding the vnode lock
+ * if vnode_rele deferred the vnode_reclaim and has put
+ * this vnode on the list to be reaped by us, than
+ * it has left this vnode with an iocount == 1
+ */
+ if ( (vp->v_iocount == 1) && (vp->v_usecount == 0) &&
+ ((vp->v_lflag & (VL_MARKTERM | VL_TERMINATE | VL_DEAD)) == VL_MARKTERM)) {
+ /*
+ * vnode_rele wanted to do a vnode_reclaim on this vnode
+ * it should be sitting on the head of the uu_vreclaims chain
+ * pull the parent pointer now so that when we do the
+ * vnode_reclaim for each of the vnodes in the uu_vreclaims
+ * list, we won't recurse back through here
+ *
+ * need to do a convert here in case vnode_rele_internal
+ * returns with the lock held in the spin mode... it
+ * can drop and retake the lock under certain circumstances
+ */
+ vnode_lock_convert(vp);
+
+ NAME_CACHE_LOCK();
+ old_parentvp = vp->v_parent;
+ vp->v_parent = NULLVP;
+ NAME_CACHE_UNLOCK();
+ } else {
+ /*
+ * we're done... we ran into a vnode that isn't
+ * being terminated
+ */
+ old_parentvp = NULLVP;
+ }
+ vnode_unlock(vp);
+ }
+ ut->uu_defer_reclaims = 0;
+
+ while ( (vp = ut->uu_vreclaims) != NULLVP) {
+ ut->uu_vreclaims = vp->v_defer_reclaimlist;
+
+ /*
+ * vnode_put will drive the vnode_reclaim if
+ * we are still the only reference on this vnode
+ */
+ vnode_put(vp);
+ }
+ }
+}
+
+
+/*
+ * Mark a vnode as having multiple hard links. HFS makes use of this
+ * because it keeps track of each link separately, and wants to know
+ * which link was actually used.
+ *
+ * This will cause the name cache to force a VNOP_LOOKUP on the vnode
+ * so that HFS can post-process the lookup. Also, volfs will call
+ * VNOP_GETATTR2 to determine the parent, instead of using v_parent.
+ */
+void vnode_setmultipath(vnode_t vp)
+{
+ vnode_lock_spin(vp);
+
+ /*
+ * In theory, we're changing the vnode's identity as far as the
+ * name cache is concerned, so we ought to grab the name cache lock
+ * here. However, there is already a race, and grabbing the name
+ * cache lock only makes the race window slightly smaller.
+ *
+ * The race happens because the vnode already exists in the name
+ * cache, and could be found by one thread before another thread
+ * can set the hard link flag.
+ */
+
+ vp->v_flag |= VISHARDLINK;
+
+ vnode_unlock(vp);
+}
+
+
+
+/*
+ * backwards compatibility
+ */
+void vnode_uncache_credentials(vnode_t vp)
+{
+ vnode_uncache_authorized_action(vp, KAUTH_INVALIDATE_CACHED_RIGHTS);
+}
+
+
+/*
+ * use the exclusive form of NAME_CACHE_LOCK to protect the update of the
+ * following fields in the vnode: v_cred_timestamp, v_cred, v_authorized_actions
+ * we use this lock so that we can look at the v_cred and v_authorized_actions
+ * atomically while behind the NAME_CACHE_LOCK in shared mode in 'cache_lookup_path',
+ * which is the super-hot path... if we are updating the authorized actions for this
+ * vnode, we are already in the super-slow and far less frequented path so its not
+ * that bad that we take the lock exclusive for this case... of course we strive
+ * to hold it for the minimum amount of time possible
+ */
+
+void vnode_uncache_authorized_action(vnode_t vp, kauth_action_t action)
+{
+ kauth_cred_t tcred = NOCRED;
+
+ NAME_CACHE_LOCK();
+
+ vp->v_authorized_actions &= ~action;
+
+ if (action == KAUTH_INVALIDATE_CACHED_RIGHTS &&
+ IS_VALID_CRED(vp->v_cred)) {
+ /*
+ * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held
+ */
+ tcred = vp->v_cred;
+ vp->v_cred = NOCRED;
+ }
+ NAME_CACHE_UNLOCK();
+
+ if (tcred != NOCRED)
+ kauth_cred_unref(&tcred);
+}
+
+
+extern int bootarg_vnode_cache_defeat; /* default = 0, from bsd_init.c */
+
+boolean_t
+vnode_cache_is_authorized(vnode_t vp, vfs_context_t ctx, kauth_action_t action)
+{
+ kauth_cred_t ucred;
+ boolean_t retval = FALSE;
+
+ /* Boot argument to defeat rights caching */
+ if (bootarg_vnode_cache_defeat)
+ return FALSE;
+
+ if ( (vp->v_mount->mnt_kern_flag & (MNTK_AUTH_OPAQUE | MNTK_AUTH_CACHE_TTL)) ) {
+ /*
+ * a TTL is enabled on the rights cache... handle it here
+ * a TTL of 0 indicates that no rights should be cached
+ */
+ if (vp->v_mount->mnt_authcache_ttl) {
+ if ( !(vp->v_mount->mnt_kern_flag & MNTK_AUTH_CACHE_TTL) ) {
+ /*
+ * For filesystems marked only MNTK_AUTH_OPAQUE (generally network ones),
+ * we will only allow a SEARCH right on a directory to be cached...
+ * that cached right always has a default TTL associated with it
+ */
+ if (action != KAUTH_VNODE_SEARCH || vp->v_type != VDIR)
+ vp = NULLVP;
+ }
+ if (vp != NULLVP && vnode_cache_is_stale(vp) == TRUE) {
+ vnode_uncache_authorized_action(vp, vp->v_authorized_actions);
+ vp = NULLVP;
+ }
+ } else
+ vp = NULLVP;
+ }
+ if (vp != NULLVP) {
+ ucred = vfs_context_ucred(ctx);
+
+ NAME_CACHE_LOCK_SHARED();
+
+ if (vp->v_cred == ucred && (vp->v_authorized_actions & action) == action)
+ retval = TRUE;
+
+ NAME_CACHE_UNLOCK();
+ }
+ return retval;
+}
+
+
+void vnode_cache_authorized_action(vnode_t vp, vfs_context_t ctx, kauth_action_t action)
+{
+ kauth_cred_t tcred = NOCRED;
+ kauth_cred_t ucred;
+ struct timeval tv;
+ boolean_t ttl_active = FALSE;
+
+ ucred = vfs_context_ucred(ctx);
+
+ if (!IS_VALID_CRED(ucred) || action == 0)
+ return;
+
+ if ( (vp->v_mount->mnt_kern_flag & (MNTK_AUTH_OPAQUE | MNTK_AUTH_CACHE_TTL)) ) {
+ /*
+ * a TTL is enabled on the rights cache... handle it here
+ * a TTL of 0 indicates that no rights should be cached
+ */
+ if (vp->v_mount->mnt_authcache_ttl == 0)
+ return;
+
+ if ( !(vp->v_mount->mnt_kern_flag & MNTK_AUTH_CACHE_TTL) ) {
+ /*
+ * only cache SEARCH action for filesystems marked
+ * MNTK_AUTH_OPAQUE on VDIRs...
+ * the lookup_path code will time these out
+ */
+ if ( (action & ~KAUTH_VNODE_SEARCH) || vp->v_type != VDIR )
+ return;
+ }
+ ttl_active = TRUE;
+
+ microuptime(&tv);
+ }
+ NAME_CACHE_LOCK();
+
+ if (vp->v_cred != ucred) {
+ kauth_cred_ref(ucred);
+ /*
+ * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held
+ */
+ tcred = vp->v_cred;
+ vp->v_cred = ucred;
+ vp->v_authorized_actions = 0;
+ }
+ if (ttl_active == TRUE && vp->v_authorized_actions == 0) {
+ /*
+ * only reset the timestamnp on the
+ * first authorization cached after the previous
+ * timer has expired or we're switching creds...
+ * 'vnode_cache_is_authorized' will clear the
+ * authorized actions if the TTL is active and
+ * it has expired
+ */
+ vp->v_cred_timestamp = tv.tv_sec;
+ }
+ vp->v_authorized_actions |= action;
+
+ NAME_CACHE_UNLOCK();
+
+ if (IS_VALID_CRED(tcred))
+ kauth_cred_unref(&tcred);
+}
+
+
+boolean_t vnode_cache_is_stale(vnode_t vp)
+{
+ struct timeval tv;
+ boolean_t retval;
+
+ microuptime(&tv);
+
+ if ((tv.tv_sec - vp->v_cred_timestamp) > vp->v_mount->mnt_authcache_ttl)
+ retval = TRUE;
+ else
+ retval = FALSE;
+
+ return retval;
projects / apple / xnu.git / blobdiff