/*
- * Copyright (c) 1999-2008 Apple Inc. All rights reserved.
+ * Copyright (c) 1999-2012 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
#include <sys/kdebug.h>
#include <sys/kauth.h>
#include <sys/namei.h>
+#include <sys/user.h>
#include "hfs.h"
#include "hfs_catalog.h"
* When should we lock parent_hp in here ??
*/
static int
-hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked)
+hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked, int force_casesensitive_lookup)
{
struct cnode *dcp; /* cnode for directory being searched */
struct vnode *tvp; /* target vnode */
cnp->cn_flags &= ~MAKEENTRY;
goto found; /* We always know who we are */
} else {
- if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK) != 0) {
+ if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT) != 0) {
retval = ENOENT; /* The parent no longer exists ? */
goto exit;
}
goto retry;
}
- /* No need to go to catalog if there are no children */
- if (dcp->c_entries == 0) {
- goto notfound;
- }
+
+ /*
+ * We shouldn't need to go to the catalog if there are no children.
+ * However, in the face of a minor disk corruption where the valence of
+ * the directory is off, we could infinite loop here if we return ENOENT
+ * even though there are actually items in the directory. (create will
+ * see the ENOENT, try to create something, which will return with
+ * EEXIST over and over again). As a result, always check the catalog.
+ */
bzero(&cndesc, sizeof(cndesc));
cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
- retval = cat_lookup(hfsmp, &cndesc, 0, &desc, &attr, &fork, NULL);
+ retval = cat_lookup(hfsmp, &cndesc, 0, force_casesensitive_lookup, &desc, &attr, &fork, NULL);
hfs_systemfile_unlock(hfsmp, lockflags);
goto found;
}
-notfound:
+
/*
* ENAMETOOLONG supersedes other errors
*
retval = ENAMETOOLONG;
} else if (retval == 0) {
retval = ENOENT;
+ } else if (retval == ERESERVEDNAME) {
+ /*
+ * We found the name in the catalog, but it is unavailable
+ * to us. The exact error to return to our caller depends
+ * on the operation, and whether we've already reached the
+ * last path component. In all cases, avoid a negative
+ * cache entry, since someone else may be able to access
+ * the name if their lookup is configured differently.
+ */
+
+ cnp->cn_flags &= ~MAKEENTRY;
+
+ if (((flags & ISLASTCN) == 0) || ((nameiop == LOOKUP) || (nameiop == DELETE))) {
+ /* A reserved name for a pure lookup is the same as the path not being present */
+ retval = ENOENT;
+ } else {
+ /* A reserved name with intent to create must be rejected as impossible */
+ retval = EEXIST;
+ }
}
if (retval != ENOENT)
goto exit;
* directory has not been removed, then can consider
* allowing file to be created.
*/
- if ((nameiop == CREATE || nameiop == RENAME ||
- (nameiop == DELETE &&
- (cnp->cn_flags & DOWHITEOUT) &&
- (cnp->cn_flags & ISWHITEOUT))) &&
+ if ((nameiop == CREATE || nameiop == RENAME) &&
(flags & ISLASTCN) &&
!(ISSET(dcp->c_flag, C_DELETED | C_NOEXISTS))) {
retval = EJUSTRETURN;
int error;
struct vnode **vpp = ap->a_vpp;
struct componentname *cnp = ap->a_cnp;
+ struct proc *p = vfs_context_proc(ap->a_context);
int flags = cnp->cn_flags;
+ int force_casesensitive_lookup = proc_is_forcing_hfs_case_sensitivity(p);
int cnode_locked;
*vpp = NULL;
* getattrlist calls to return the correct link info.
*/
- if ((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK)) {
- hfs_lock(cp, HFS_FORCE_LOCK);
+ /*
+ * Alternatively, if we are forcing a case-sensitive lookup
+ * on a case-insensitive volume, the namecache entry
+ * may have been for an incorrect case. Since we cannot
+ * determine case vs. normalization, redrive the catalog
+ * lookup based on any byte mismatch.
+ */
+ if (((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK))
+ || (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE))) {
+ int stale_link = 0;
+
+ hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS);
if ((cp->c_parentcnid != dcp->c_cnid) ||
+ (cnp->cn_namelen != cp->c_desc.cd_namelen) ||
(bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) {
struct cat_desc desc;
+ struct cat_attr lookup_attr;
int lockflags;
+ if (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE)) {
+ /*
+ * Since the name in the cnode doesn't match our lookup
+ * string exactly, do a full lookup.
+ */
+ hfs_unlock (cp);
+
+ vnode_put(vp);
+ goto lookup;
+ }
+
/*
* Get an updated descriptor
*/
desc.cd_encoding = 0;
desc.cd_cnid = 0;
desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0;
-
+
+ /*
+ * Because lookups call replace_desc to put a new descriptor in
+ * the cnode we are modifying it is possible that this cnode's
+ * descriptor is out of date for the parent ID / name that
+ * we are trying to look up. (It may point to a different hardlink).
+ *
+ * We need to be cautious that when re-supplying the
+ * descriptor below that the results of the catalog lookup
+ * still point to the same raw inode for the hardlink. This would
+ * not be the case if we found something in the cache above but
+ * the vnode it returned no longer has a valid hardlink for the
+ * parent ID/filename combo we are requesting. (This is because
+ * hfs_unlink does not directly trigger namecache removal).
+ *
+ * As a result, before vending out the vnode (and replacing
+ * its descriptor) verify that the fileID is the same by comparing
+ * the in-cnode attributes vs. the one returned from the lookup call
+ * below. If they do not match, treat this lookup as if we never hit
+ * in the cache at all.
+ */
lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK);
- if (cat_lookup(VTOHFS(vp), &desc, 0, &desc, NULL, NULL, NULL) == 0)
- replace_desc(cp, &desc);
+
+ error = cat_lookup(VTOHFS(vp), &desc, 0, 0, &desc, &lookup_attr, NULL, NULL);
+
hfs_systemfile_unlock(VTOHFS(dvp), lockflags);
/*
- * Save the origin info for file and directory hardlinks. Directory hardlinks
- * need the origin for '..' lookups, and file hardlinks need it to ensure that
- * competing lookups do not cause us to vend different hardlinks than the ones requested.
- * We want to restrict saving the cache entries to LOOKUP namei operations, since
- * we're really doing this to protect getattr.
+ * Note that cat_lookup may fail to find something with the name provided in the
+ * stack-based descriptor above. In that case, an ENOENT is a legitimate errno
+ * to be placed in error, which will get returned in the fastpath below.
*/
- if (cnp->cn_nameiop == LOOKUP) {
- hfs_savelinkorigin(cp, dcp->c_fileid);
+ if (error == 0) {
+ if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) {
+ /* It still points to the right raw inode. Replacing the descriptor is fine */
+ replace_desc (cp, &desc);
+
+ /*
+ * Save the origin info for file and directory hardlinks. Directory hardlinks
+ * need the origin for '..' lookups, and file hardlinks need it to ensure that
+ * competing lookups do not cause us to vend different hardlinks than the ones requested.
+ * We want to restrict saving the cache entries to LOOKUP namei operations, since
+ * we're really doing this to protect getattr.
+ */
+ if (cnp->cn_nameiop == LOOKUP) {
+ hfs_savelinkorigin(cp, dcp->c_fileid);
+ }
+ }
+ else {
+ /* If the fileID does not match then do NOT replace the descriptor! */
+ stale_link = 1;
+ }
}
}
- hfs_unlock(cp);
- }
+ hfs_unlock (cp);
+
+ if (stale_link) {
+ /*
+ * If we had a stale_link, then we need to pretend as though
+ * we never found this vnode and force a lookup through the
+ * traditional path. Drop the iocount acquired through
+ * cache_lookup above and force a cat lookup / getnewvnode
+ */
+ vnode_put(vp);
+ goto lookup;
+ }
+
+ if (error) {
+ /*
+ * If the cat_lookup failed then the caller will not expect
+ * a vnode with an iocount on it.
+ */
+ vnode_put(vp);
+ }
- return (error);
+ }
+ goto exit;
lookup:
/*
*/
cnode_locked = 0;
- error = hfs_lookup(dvp, vpp, cnp, &cnode_locked);
+ error = hfs_lookup(dvp, vpp, cnp, &cnode_locked, force_casesensitive_lookup);
if (cnode_locked)
hfs_unlock(VTOC(*vpp));
exit:
+ {
+ uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
+
+ /*
+ * check to see if we issued any I/O while completing this lookup and
+ * this thread/task is throttleable... if so, throttle now
+ *
+ * this allows us to throttle in between multiple meta data reads that
+ * might result due to looking up a long pathname (since we'll have to
+ * re-enter hfs_vnop_lookup for each component of the pathnam not in
+ * the VFS cache), instead of waiting until the entire path lookup has
+ * completed and throttling at the systemcall return
+ */
+ if (__improbable(ut->uu_lowpri_window)) {
+ throttle_lowpri_io(1);
+ }
+ }
+
return (error);
}
projects / apple / xnu.git / blobdiff