/*
- * Copyright (c) 1999-2005 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 1999-2012 Apple Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* Please see the License for the specific language governing rights and
* limitations under the License.
*
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/*
* Copyright (c) 1989, 1993
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/malloc.h>
-#include <sys/paths.h>
#include <sys/kdebug.h>
#include <sys/kauth.h>
+#include <sys/namei.h>
+#include <sys/user.h>
#include "hfs.h"
#include "hfs_catalog.h"
#include "hfs_cnode.h"
-#define LEGACY_FORK_NAMES 1
-
-static int forkcomponent(struct componentname *cnp, int *rsrcfork);
-
-#define _PATH_DATAFORKSPEC "/..namedfork/data"
-
-#if LEGACY_FORK_NAMES
-#define LEGACY_RSRCFORKSPEC "/rsrc"
-#endif
/*
* FROM FREEBSD 3.1
* When should we lock parent_hp in here ??
*/
static int
-hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, vfs_context_t context, int *cnode_locked)
+hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked)
{
struct cnode *dcp; /* cnode for directory being searched */
struct vnode *tvp; /* target vnode */
struct hfsmount *hfsmp;
- kauth_cred_t cred;
- struct proc *p;
- int wantrsrc = 0;
- int forknamelen = 0;
int flags;
int nameiop;
int retval = 0;
struct cat_attr attr;
struct cat_fork fork;
int lockflags;
+ int newvnode_flags;
- dcp = VTOC(dvp);
+ retry:
+ newvnode_flags = 0;
+ dcp = NULL;
hfsmp = VTOHFS(dvp);
*vpp = NULL;
*cnode_locked = 0;
flags = cnp->cn_flags;
bzero(&desc, sizeof(desc));
- cred = vfs_context_ucred(context);
- p = vfs_context_proc(context);
-
/*
* First check to see if it is a . or .., else look it up.
*/
cnp->cn_flags &= ~MAKEENTRY;
goto found; /* We always know who we are */
} else {
- /* Check fork suffix to see if we want the resource fork */
- forknamelen = forkcomponent(cnp, &wantrsrc);
-
- /* Resource fork names are not cached. */
- if (wantrsrc)
- cnp->cn_flags &= ~MAKEENTRY;
+ if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK) != 0) {
+ retval = ENOENT; /* The parent no longer exists ? */
+ goto exit;
+ }
+ dcp = VTOC(dvp);
- if (hfs_lock(dcp, HFS_EXCLUSIVE_LOCK) != 0) {
- goto notfound;
+ if (dcp->c_flag & C_DIR_MODIFICATION) {
+ // XXXdbg - if we could msleep on a lck_rw_t then we would do that
+ // but since we can't we have to unlock, delay for a bit
+ // and then retry...
+ // msleep((caddr_t)&dcp->c_flag, &dcp->c_rwlock, PINOD, "hfs_vnop_lookup", 0);
+ hfs_unlock(dcp);
+ tsleep((caddr_t)dvp, PRIBIO, "hfs_lookup", 1);
+
+ goto retry;
}
/* No need to go to catalog if there are no children */
if (dcp->c_entries == 0) {
- hfs_unlock(dcp);
goto notfound;
}
bzero(&cndesc, sizeof(cndesc));
- cndesc.cd_nameptr = cnp->cn_nameptr;
+ cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
cndesc.cd_namelen = cnp->cn_namelen;
- cndesc.cd_parentcnid = dcp->c_cnid;
+ cndesc.cd_parentcnid = dcp->c_fileid;
cndesc.cd_hint = dcp->c_childhint;
lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK);
- retval = cat_lookup(hfsmp, &cndesc, wantrsrc, &desc, &attr, &fork, NULL);
+ retval = cat_lookup(hfsmp, &cndesc, 0, &desc, &attr, &fork, NULL);
hfs_systemfile_unlock(hfsmp, lockflags);
if (retval == 0) {
dcp->c_childhint = desc.cd_hint;
+ /*
+ * Note: We must drop the parent lock here before calling
+ * hfs_getnewvnode (which takes the child lock).
+ */
hfs_unlock(dcp);
+ dcp = NULL;
+
+ /* Verify that the item just looked up isn't one of the hidden directories. */
+ if (desc.cd_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid ||
+ desc.cd_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) {
+ retval = ENOENT;
+ goto exit;
+ }
+
goto found;
}
- hfs_unlock(dcp);
notfound:
- /* ENAMETOOLONG supersedes other errors */
- if (((nameiop != CREATE) && (nameiop != RENAME)) &&
- (retval != ENAMETOOLONG) &&
- (cnp->cn_namelen > kHFSPlusMaxFileNameChars)) {
+ /*
+ * ENAMETOOLONG supersedes other errors
+ *
+ * For a CREATE or RENAME operation on the last component
+ * the ENAMETOOLONG will be handled in the next VNOP.
+ */
+ if ((retval != ENAMETOOLONG) &&
+ (cnp->cn_namelen > kHFSPlusMaxFileNameChars) &&
+ (((flags & ISLASTCN) == 0) || ((nameiop != CREATE) && (nameiop != RENAME)))) {
retval = ENAMETOOLONG;
} else if (retval == 0) {
retval = ENOENT;
}
+ if (retval != ENOENT)
+ goto exit;
/*
* This is a non-existing entry
*
(cnp->cn_flags & DOWHITEOUT) &&
(cnp->cn_flags & ISWHITEOUT))) &&
(flags & ISLASTCN) &&
- (retval == ENOENT)) {
+ !(ISSET(dcp->c_flag, C_DELETED | C_NOEXISTS))) {
retval = EJUSTRETURN;
goto exit;
}
/*
- * Insert name into cache (as non-existent) if appropriate.
- *
- * Only done for case-sensitive HFS+ volumes.
+ * Insert name into the name cache (as non-existent).
*/
- if ((retval == ENOENT) &&
- (hfsmp->hfs_flags & HFS_CASE_SENSITIVE) &&
- (cnp->cn_flags & MAKEENTRY) && nameiop != CREATE) {
+ if ((hfsmp->hfs_flags & HFS_STANDARD) == 0 &&
+ (cnp->cn_flags & MAKEENTRY) &&
+ (nameiop != CREATE)) {
cache_enter(dvp, NULL, cnp);
+ dcp->c_flag |= C_NEG_ENTRIES;
}
goto exit;
}
found:
- /*
- * Process any fork specifiers
- */
- if (forknamelen && S_ISREG(attr.ca_mode)) {
- /* fork names are only for lookups */
- if ((nameiop != LOOKUP) && (nameiop != CREATE)) {
- retval = EPERM;
- goto exit;
- }
- cnp->cn_consume = forknamelen;
- flags |= ISLASTCN;
- } else {
- wantrsrc = 0;
- forknamelen = 0;
- }
if (flags & ISLASTCN) {
switch(nameiop) {
case DELETE:
goto exit;
*vpp = dvp;
} else if (flags & ISDOTDOT) {
- if ((retval = hfs_vget(hfsmp, dcp->c_parentcnid, &tvp, 0)))
+ /*
+ * Directory hard links can have multiple parents so
+ * find the appropriate parent for the current thread.
+ */
+ if ((retval = hfs_vget(hfsmp, hfs_currentparent(VTOC(dvp)), &tvp, 0, 0))) {
goto exit;
+ }
*cnode_locked = 1;
*vpp = tvp;
} else {
retval = ENOTDIR;
goto exit;
}
-
+ /* Don't cache directory hardlink names. */
+ if (attr.ca_recflags & kHFSHasLinkChainMask) {
+ cnp->cn_flags &= ~MAKEENTRY;
+ }
/* Names with composed chars are not cached. */
if (cnp->cn_namelen != desc.cd_namelen)
cnp->cn_flags &= ~MAKEENTRY;
- /* Resource fork vnode names include the fork specifier. */
- if (wantrsrc && (flags & ISLASTCN))
- cnp->cn_namelen += forknamelen;
+ retval = hfs_getnewvnode(hfsmp, dvp, cnp, &desc, 0, &attr, &fork, &tvp, &newvnode_flags);
- retval = hfs_getnewvnode(hfsmp, dvp, cnp, &desc, wantrsrc, &attr, &fork, &tvp);
+ if (retval) {
+ /*
+ * If this was a create/rename operation lookup, then by this point
+ * we expected to see the item returned from hfs_getnewvnode above.
+ * In the create case, it would probably eventually bubble out an EEXIST
+ * because the item existed when we were trying to create it. In the
+ * rename case, it would let us know that we need to go ahead and
+ * delete it as part of the rename. However, if we hit the condition below
+ * then it means that we found the element during cat_lookup above, but
+ * it is now no longer there. We simply behave as though we never found
+ * the element at all and return EJUSTRETURN.
+ */
+ if ((retval == ENOENT) &&
+ ((cnp->cn_nameiop == CREATE) || (cnp->cn_nameiop == RENAME)) &&
+ (flags & ISLASTCN)) {
+ retval = EJUSTRETURN;
+ }
+
+ /*
+ * If this was a straight lookup operation, we may need to redrive the entire
+ * lookup starting from cat_lookup if the element was deleted as the result of
+ * a rename operation. Since rename is supposed to guarantee atomicity, then
+ * lookups cannot fail because the underlying element is deleted as a result of
+ * the rename call -- either they returned the looked up element prior to rename
+ * or return the newer element. If we are in this region, then all we can do is add
+ * workarounds to guarantee the latter case. The element has already been deleted, so
+ * we just re-try the lookup to ensure the caller gets the most recent element.
+ */
+ if ((retval == ENOENT) && (cnp->cn_nameiop == LOOKUP) &&
+ (newvnode_flags & (GNV_CHASH_RENAMED | GNV_CAT_DELETED))) {
+ if (dcp) {
+ hfs_unlock (dcp);
+ }
+ /* get rid of any name buffers that may have lingered from the cat_lookup call */
+ cat_releasedesc (&desc);
+ goto retry;
+ }
- if (wantrsrc && (flags & ISLASTCN))
- cnp->cn_namelen -= forknamelen;
+ /* Also, re-drive the lookup if the item we looked up was a hardlink, and the number
+ * or name of hardlinks has changed in the interim between the cat_lookup above, and
+ * our call to hfs_getnewvnode. hfs_getnewvnode will validate the cattr we passed it
+ * against what is actually in the catalog after the cnode is created. If there were
+ * any issues, it will bubble out ERECYCLE, which we need to swallow and use as the
+ * key to redrive as well. We need to special case this below because in this case,
+ * it needs to occur regardless of the type of lookup we're doing here.
+ */
+ if ((retval == ERECYCLE) && (newvnode_flags & GNV_CAT_ATTRCHANGED)) {
+ if (dcp) {
+ hfs_unlock (dcp);
+ }
+ /* get rid of any name buffers that may have lingered from the cat_lookup call */
+ cat_releasedesc (&desc);
+ retval = 0;
+ goto retry;
+ }
- if (retval)
+ /* skip to the error-handling code if we can't retry */
goto exit;
+ }
+
+ /*
+ * Save the origin info for file and directory hardlinks. Directory hardlinks
+ * need the origin for '..' lookups, and file hardlinks need it to ensure that
+ * competing lookups do not cause us to vend different hardlinks than the ones requested.
+ * We want to restrict saving the cache entries to LOOKUP namei operations, since
+ * we're really doing this to protect getattr.
+ */
+ if ((nameiop == LOOKUP) && (VTOC(tvp)->c_flag & C_HARDLINK)) {
+ hfs_savelinkorigin(VTOC(tvp), VTOC(dvp)->c_fileid);
+ }
*cnode_locked = 1;
*vpp = tvp;
}
exit:
+ if (dcp) {
+ hfs_unlock(dcp);
+ }
cat_releasedesc(&desc);
return (retval);
}
#define S_IXALL 0000111
-__private_extern__
int
hfs_vnop_lookup(struct vnop_lookup_args *ap)
{
struct vnode *vp;
struct cnode *cp;
struct cnode *dcp;
+ struct hfsmount *hfsmp;
int error;
struct vnode **vpp = ap->a_vpp;
struct componentname *cnp = ap->a_cnp;
*vpp = NULL;
dcp = VTOC(dvp);
+
+ hfsmp = VTOHFS(dvp);
/*
* Lookup an entry in the cache
*/
error = cache_lookup(dvp, vpp, cnp);
if (error != -1) {
- if (error == ENOENT) /* found a negative cache entry */
- goto exit;
- goto lookup; /* did not find it in the cache */
+ if ((error == ENOENT) && (cnp->cn_nameiop != CREATE))
+ goto exit; /* found a negative cache entry */
+ goto lookup; /* did not find it in the cache */
}
/*
* We have a name that matched
*/
error = 0;
vp = *vpp;
-
+ cp = VTOC(vp);
+
+ /* We aren't allowed to vend out vp's via lookup to the hidden directory */
+ if (cp->c_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid ||
+ cp->c_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) {
+ /* Drop the iocount from cache_lookup */
+ vnode_put (vp);
+ error = ENOENT;
+ goto exit;
+ }
+
+
/*
* If this is a hard-link vnode then we need to update
* the name (of the link), the parent ID, the cnid, the
* text encoding and the catalog hint. This enables
* getattrlist calls to return the correct link info.
*/
- cp = VTOC(vp);
if ((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK)) {
- hfs_lock(cp, HFS_FORCE_LOCK);
- if ((cp->c_parentcnid != VTOC(dvp)->c_cnid) ||
+ int stale_link = 0;
+
+ hfs_lock(cp, HFS_FORCE_LOCK);
+ if ((cp->c_parentcnid != dcp->c_cnid) ||
(bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) {
struct cat_desc desc;
+ struct cat_attr lookup_attr;
int lockflags;
-
/*
* Get an updated descriptor
*/
- bzero(&desc, sizeof(desc));
- desc.cd_nameptr = cnp->cn_nameptr;
+ desc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr;
desc.cd_namelen = cnp->cn_namelen;
- desc.cd_parentcnid = VTOC(dvp)->c_cnid;
- desc.cd_hint = VTOC(dvp)->c_childhint;
-
- lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK);
- if (cat_lookup(VTOHFS(vp), &desc, 0, &desc, NULL, NULL, NULL) == 0)
- replace_desc(cp, &desc);
- hfs_systemfile_unlock(VTOHFS(dvp), lockflags);
- }
- hfs_unlock(cp);
- }
- if (dvp != vp && !(flags & ISDOTDOT)) {
- if ((flags & ISLASTCN) == 0 && vnode_isreg(vp)) {
- int wantrsrc = 0;
-
- cnp->cn_consume = forkcomponent(cnp, &wantrsrc);
- if (cnp->cn_consume) {
- flags |= ISLASTCN;
- /* Fork names are only for lookups */
- if (cnp->cn_nameiop != LOOKUP &&
- cnp->cn_nameiop != CREATE) {
- vnode_put(vp);
- error = EPERM;
- goto exit;
- }
- }
+ desc.cd_parentcnid = dcp->c_fileid;
+ desc.cd_hint = dcp->c_childhint;
+ desc.cd_encoding = 0;
+ desc.cd_cnid = 0;
+ desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0;
+
/*
- * Use cnode's rsrcfork vnode if possible.
+ * Because lookups call replace_desc to put a new descriptor in
+ * the cnode we are modifying it is possible that this cnode's
+ * descriptor is out of date for the parent ID / name that
+ * we are trying to look up. (It may point to a different hardlink).
+ *
+ * We need to be cautious that when re-supplying the
+ * descriptor below that the results of the catalog lookup
+ * still point to the same raw inode for the hardlink. This would
+ * not be the case if we found something in the cache above but
+ * the vnode it returned no longer has a valid hardlink for the
+ * parent ID/filename combo we are requesting. (This is because
+ * hfs_unlink does not directly trigger namecache removal).
+ *
+ * As a result, before vending out the vnode (and replacing
+ * its descriptor) verify that the fileID is the same by comparing
+ * the in-cnode attributes vs. the one returned from the lookup call
+ * below. If they do not match, treat this lookup as if we never hit
+ * in the cache at all.
*/
- if (wantrsrc) {
- int vid;
-
- *vpp = NULL;
- if (cp->c_rsrc_vp == NULL) {
- vnode_put(vp);
- goto lookup;
- }
- vid = vnode_vid(cp->c_rsrc_vp);
+ lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK);
+
+ error = cat_lookup(VTOHFS(vp), &desc, 0, &desc, &lookup_attr, NULL, NULL);
+
+ hfs_systemfile_unlock(VTOHFS(dvp), lockflags);
- error = vnode_getwithvid(cp->c_rsrc_vp, vid);
- if (error) {
- vnode_put(vp);
- goto lookup;
+ /*
+ * Note that cat_lookup may fail to find something with the name provided in the
+ * stack-based descriptor above. In that case, an ENOENT is a legitimate errno
+ * to be placed in error, which will get returned in the fastpath below.
+ */
+ if (error == 0) {
+ if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) {
+ /* It still points to the right raw inode. Replacing the descriptor is fine */
+ replace_desc (cp, &desc);
+
+ /*
+ * Save the origin info for file and directory hardlinks. Directory hardlinks
+ * need the origin for '..' lookups, and file hardlinks need it to ensure that
+ * competing lookups do not cause us to vend different hardlinks than the ones requested.
+ * We want to restrict saving the cache entries to LOOKUP namei operations, since
+ * we're really doing this to protect getattr.
+ */
+ if (cnp->cn_nameiop == LOOKUP) {
+ hfs_savelinkorigin(cp, dcp->c_fileid);
+ }
}
- *vpp = cp->c_rsrc_vp;
- vnode_put(vp);
- vp = *vpp;
+ else {
+ /* If the fileID does not match then do NOT replace the descriptor! */
+ stale_link = 1;
+ }
}
}
- }
- return (error);
+ hfs_unlock (cp);
+
+ if (stale_link) {
+ /*
+ * If we had a stale_link, then we need to pretend as though
+ * we never found this vnode and force a lookup through the
+ * traditional path. Drop the iocount acquired through
+ * cache_lookup above and force a cat lookup / getnewvnode
+ */
+ vnode_put(vp);
+ goto lookup;
+ }
+
+ if (error) {
+ /*
+ * If the cat_lookup failed then the caller will not expect
+ * a vnode with an iocount on it.
+ */
+ vnode_put(vp);
+ }
+
+ }
+ goto exit;
lookup:
/*
*/
cnode_locked = 0;
- error = hfs_lookup(dvp, vpp, cnp, ap->a_context, &cnode_locked);
+ error = hfs_lookup(dvp, vpp, cnp, &cnode_locked);
if (cnode_locked)
hfs_unlock(VTOC(*vpp));
exit:
- return (error);
-}
+ {
+ uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread());
-
-/*
- * forkcomponent - look for a fork suffix in the component name
- *
- */
-static int
-forkcomponent(struct componentname *cnp, int *rsrcfork)
-{
- char *suffix = cnp->cn_nameptr + cnp->cn_namelen;
- int consume = 0;
-
- *rsrcfork = 0;
- if (*suffix == '\0')
- return (0);
/*
- * There are only 3 valid fork suffixes:
- * "/..namedfork/rsrc"
- * "/..namedfork/data"
- * "/rsrc" (legacy)
+ * check to see if we issued any I/O while completing this lookup and
+ * this thread/task is throttleable... if so, throttle now
+ *
+ * this allows us to throttle in between multiple meta data reads that
+ * might result due to looking up a long pathname (since we'll have to
+ * re-enter hfs_vnop_lookup for each component of the pathnam not in
+ * the VFS cache), instead of waiting until the entire path lookup has
+ * completed and throttling at the systemcall return
*/
- if (bcmp(suffix, _PATH_RSRCFORKSPEC, sizeof(_PATH_RSRCFORKSPEC)) == 0) {
- consume = sizeof(_PATH_RSRCFORKSPEC) - 1;
- *rsrcfork = 1;
- } else if (bcmp(suffix, _PATH_DATAFORKSPEC, sizeof(_PATH_DATAFORKSPEC)) == 0) {
- consume = sizeof(_PATH_DATAFORKSPEC) - 1;
+ if (__improbable(ut->uu_lowpri_window)) {
+ throttle_lowpri_io(TRUE);
}
-
-#if LEGACY_FORK_NAMES
- else if (bcmp(suffix, LEGACY_RSRCFORKSPEC, sizeof(LEGACY_RSRCFORKSPEC)) == 0) {
- consume = sizeof(LEGACY_RSRCFORKSPEC) - 1;
- *rsrcfork = 1;
- printf("HFS: /rsrc paths are deprecated (%s)\n", cnp->cn_nameptr);
}
-#endif
- return (consume);
+
+ return (error);
}
+