X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/0b4e3aa066abc0728aacb4bbeb86f53f9737156e..7e41aa883dd258f888d0470250eead40a53ef1f5:/bsd/hfs/hfs_lookup.c?ds=inline diff --git a/bsd/hfs/hfs_lookup.c b/bsd/hfs/hfs_lookup.c index 821bd1b66..c46bce7c7 100644 --- a/bsd/hfs/hfs_lookup.c +++ b/bsd/hfs/hfs_lookup.c @@ -1,23 +1,29 @@ /* - * Copyright (c) 1999 Apple Computer, Inc. All rights reserved. + * Copyright (c) 1999-2015 Apple Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * - * The contents of this file constitute Original Code as defined in and - * are subject to the Apple Public Source License Version 1.1 (the - * "License"). You may not use this file except in compliance with the - * License. Please obtain a copy of the License at - * http://www.apple.com/publicsource and read it before using this file. + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. * - * This Original Code and all software distributed under the License are - * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the - * License for the specific language governing rights and limitations - * under the License. + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * Copyright (c) 1989, 1993 @@ -64,58 +70,27 @@ * * * hfs_lookup.c -- code to handle directory traversal on HFS/HFS+ volume - * - * MODIFICATION HISTORY: - * 21-May-1999 Don Brady Add support for HFS rooting. - * 25-Feb-1999 Clark Warner Fixed the error case of VFS_VGGET when - * processing DotDot (..) to relock parent - * 23-Feb-1999 Pat Dirks Finish cleanup around Don's last fix in "." and ".." handling. - * 11-Nov-1998 Don Brady Take out VFS_VGET that got added as part of previous fix. - * 14-Oct-1998 Don Brady Fix locking policy volation in hfs_lookup for ".." case - * (radar #2279902). - * 4-Jun-1998 Pat Dirks Split off from hfs_vnodeops.c */ #include -#include -#include #include #include #include +#include #include -#include - -#include "hfs.h" -#include "hfs_dbg.h" -#include "hfscommon/headers/FileMgrInternal.h" - -u_int16_t GetForkFromName(struct componentname *cnp); -int hfs_vget_sibling(struct vnode *vdp, u_int16_t forkType, struct vnode **vpp); -int hfs_vget_catinfo(struct vnode *parent_vp, struct hfsCatalogInfo *catInfo, u_int32_t forkType, struct vnode **target_vpp); - -/* - * XXX SER fork strings. - * Put these someplace better - */ -#define gHFSForkIdentStr "/" -#define gDataForkNameStr "data" -#define gRsrcForkNameStr "rsrc" - - -#if DBG_VOP_TEST_LOCKS -extern void DbgVopTest(int maxSlots, int retval, VopDbgStoreRec *VopDbgStore, char *funcname); -#endif +#include +#include +#include +#include -/***************************************************************************** -* -* Operations on vnodes -* -*****************************************************************************/ +#include "hfs.h" +#include "hfs_catalog.h" +#include "hfs_cnode.h" /* * FROM FREEBSD 3.1 - * Convert a component of a pathname into a pointer to a locked hfsnode. + * Convert a component of a pathname into a pointer to a locked cnode. * This is a very central and rather complicated routine. * If the file system is not maintained in a strict tree hierarchy, * this can result in a deadlock situation (see comments in code below). @@ -126,24 +101,13 @@ extern void DbgVopTest(int maxSlots, int retval, VopDbgStoreRec *VopDbgStore, ch * creating, renaming, or deleting a directory entry may be calculated. * Notice that these are the only operations that can affect the directory of the target. * - * If flag has LOCKPARENT or'ed into it and the target of the pathname - * exists, lookup returns both the target and its parent directory locked. - * When creating or renaming and LOCKPARENT is specified, the target may - * not be ".". When deleting and LOCKPARENT is specified, the target may - * be "."., but the caller must check to ensure it does an vrele and vput - * instead of two vputs. - * * LOCKPARENT and WANTPARENT actually refer to the parent of the last item, * so if ISLASTCN is not set, they should be ignored. Also they are mutually exclusive, or * WANTPARENT really implies DONTLOCKPARENT. Either of them set means that the calling * routine wants to access the parent of the target, locked or unlocked. * * Keeping the parent locked as long as possible protects from other processes - * looking up the same item, so it has to be locked until the hfsnode is totally finished - * - * This routine is actually used as VOP_CACHEDLOOKUP method, and the - * filesystem employs the generic hfs_cache_lookup() as VOP_LOOKUP - * method. + * looking up the same item, so it has to be locked until the cnode is totally finished * * hfs_cache_lookup() performs the following for us: * check that it is a directory @@ -154,7 +118,7 @@ extern void DbgVopTest(int maxSlots, int retval, VopDbgStoreRec *VopDbgStore, ch * drop it * else * return name. - * return VOP_CACHEDLOOKUP() + * return hfs_lookup() * * Overall outline of hfs_lookup: * @@ -166,433 +130,314 @@ extern void DbgVopTest(int maxSlots, int retval, VopDbgStoreRec *VopDbgStore, ch * found: * if at end of path and deleting, return information to allow delete * if at end of path and rewriting (RENAME and LOCKPARENT), lock target - * inode and return info to allow rewrite + * cnode and return info to allow rewrite * if not at end, add name to cache; if at end and neither creating * nor deleting, add name to cache */ + /* - * Lookup *nm in directory *pvp, return it in *a_vpp. - * **a_vpp is held on exit. - * We create a hfsnode for the file, but we do NOT open the file here. + * Lookup *cnp in directory *dvp, return it in *vpp. + * **vpp is held on exit. + * We create a cnode for the file, but we do NOT open the file here. #% lookup dvp L ? ? #% lookup vpp - L - IN struct vnode *dvp - Parent node of file; - INOUT struct vnode **vpp - node of target file, its a new node if the target vnode did not exist; + INOUT struct vnode **vpp - node of target file, its a new node if + the target vnode did not exist; IN struct componentname *cnp - Name of file; * When should we lock parent_hp in here ?? */ - -int -hfs_lookup(ap) - struct vop_cachedlookup_args /* { - struct vnode *a_dvp; - struct vnode **a_vpp; - struct componentname *a_cnp; - } */ *ap; +static int +hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked, int force_casesensitive_lookup) { - struct vnode *parent_vp; - struct vnode *target_vp; - struct vnode *tparent_vp; - struct hfsnode *parent_hp; /* parent */ - struct componentname *cnp; - struct ucred *cred; - struct proc *p; - struct hfsCatalogInfo catInfo; - u_int32_t parent_id; - u_int32_t nodeID; - u_int16_t targetLen; - u_int16_t forkType; - int flags; - int lockparent; /* !0 => lockparent flag is set */ - int wantparent; /* !0 => wantparent or lockparent flag */ - int nameiop; - int retval; - u_char isDot, isDotDot, found; - DBG_FUNC_NAME("lookup"); - DBG_VOP_LOCKS_DECL(2); - DBG_VOP_LOCKS_INIT(0,ap->a_dvp, VOPDBG_LOCKED, VOPDBG_IGNORE, VOPDBG_IGNORE, VOPDBG_POS); - DBG_VOP_LOCKS_INIT(1,*ap->a_vpp, VOPDBG_IGNORE, VOPDBG_LOCKED, VOPDBG_IGNORE, VOPDBG_POS); - DBG_VOP_PRINT_FUNCNAME();DBG_VOP_CONT(("\n")); - DBG_HFS_NODE_CHECK(ap->a_dvp); - - - /* - * Do initial setup - */ - INIT_CATALOGDATA(&catInfo.nodeData, 0); - parent_vp = ap->a_dvp; - cnp = ap->a_cnp; - parent_hp = VTOH(parent_vp); /* parent */ - target_vp = NULL; - targetLen = cnp->cn_namelen; - nameiop = cnp->cn_nameiop; - cred = cnp->cn_cred; - p = cnp->cn_proc; - lockparent = cnp->cn_flags & LOCKPARENT; - wantparent = cnp->cn_flags & (LOCKPARENT|WANTPARENT); - flags = cnp->cn_flags; - parent_id = H_FILEID(parent_hp); - nodeID = kUnknownID; - found = FALSE; - isDot = FALSE; - isDotDot = FALSE; - retval = E_NONE; - forkType = kUndefinedFork; - - - /* - * We now have a segment name to search for, and a directory to search. - * - */ + struct cnode *dcp; /* cnode for directory being searched */ + struct vnode *tvp; /* target vnode */ + struct hfsmount *hfsmp; + int flags; + int nameiop; + int retval = 0; + int isDot; + struct cat_desc desc; + struct cat_desc cndesc; + struct cat_attr attr; + struct cat_fork fork; + int lockflags; + int newvnode_flags; + + retry: + newvnode_flags = 0; + dcp = NULL; + hfsmp = VTOHFS(dvp); + *vpp = NULL; + *cnode_locked = 0; + isDot = FALSE; + tvp = NULL; + nameiop = cnp->cn_nameiop; + flags = cnp->cn_flags; + bzero(&desc, sizeof(desc)); /* * First check to see if it is a . or .., else look it up. */ - - if (flags & ISDOTDOT) { /* Wanting the parent */ - isDotDot = TRUE; - found = TRUE; /* .. is always defined */ - nodeID = H_DIRID(parent_hp); - } /* Wanting ourselves */ - else if ((cnp->cn_nameptr[0] == '.') && (targetLen == 1)) { + if (flags & ISDOTDOT) { /* Wanting the parent */ + cnp->cn_flags &= ~MAKEENTRY; + goto found; /* .. is always defined */ + } else if ((cnp->cn_nameptr[0] == '.') && (cnp->cn_namelen == 1)) { isDot = TRUE; - found = TRUE; /* We always know who we are */ - } - else { /* Wanting something else */ - catInfo.hint = kNoHint; - - /* lock catalog b-tree */ - retval = hfs_metafilelocking(VTOHFS(parent_vp), kHFSCatalogFileID, LK_SHARED, p); - if (retval) - goto Err_Exit; - - retval = hfs_getcatalog (VTOVCB(parent_vp), parent_id, cnp->cn_nameptr, targetLen, &catInfo); - - /* unlock catalog b-tree */ - (void) hfs_metafilelocking(VTOHFS(parent_vp), kHFSCatalogFileID, LK_RELEASE, p); - - if (retval == E_NONE) - found = TRUE; - }; + cnp->cn_flags &= ~MAKEENTRY; + goto found; /* We always know who we are */ + } else { + if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT) != 0) { + retval = ENOENT; /* The parent no longer exists ? */ + goto exit; + } + dcp = VTOC(dvp); + if (dcp->c_flag & C_DIR_MODIFICATION) { + // XXXdbg - if we could msleep on a lck_rw_t then we would do that + // but since we can't we have to unlock, delay for a bit + // and then retry... + // msleep((caddr_t)&dcp->c_flag, &dcp->c_rwlock, PINOD, "hfs_vnop_lookup", 0); + hfs_unlock(dcp); + tsleep((caddr_t)dvp, PRIBIO, "hfs_lookup", 1); - /* - * At this point we know IF we have a valid dir/name. - */ + goto retry; + } - retval = E_NONE; - if (! found) { - /* - * This is a non-existing entry - * - * If creating, and at end of pathname and current - * directory has not been removed, then can consider - * allowing file to be created. - */ - if ((nameiop == CREATE || nameiop == RENAME || - (nameiop == DELETE && - (ap->a_cnp->cn_flags & DOWHITEOUT) && - (ap->a_cnp->cn_flags & ISWHITEOUT))) && - (flags & ISLASTCN)) { /* - * Access for write is interpreted as allowing - * creation of files in the directory. - */ - retval = VOP_ACCESS(parent_vp, VWRITE, cred, cnp->cn_proc); - if (retval) - return (retval); - - cnp->cn_flags |= SAVENAME; - if (!lockparent) - VOP_UNLOCK(parent_vp, 0, p); - retval = EJUSTRETURN; - goto Err_Exit; - } - - /* - * Insert name into cache (as non-existent) if appropriate. + * We shouldn't need to go to the catalog if there are no children. + * However, in the face of a minor disk corruption where the valence of + * the directory is off, we could infinite loop here if we return ENOENT + * even though there are actually items in the directory. (create will + * see the ENOENT, try to create something, which will return with + * EEXIST over and over again). As a result, always check the catalog. */ - /* - * XXX SER - Here we would store the name in cache as non-existant if not trying to create it, but, - * the name cache IS case-sensitive, thus maybe showing a negative hit, when the name - * is only different by case. So hfs does not support negative caching. Something to look at. - * (See radar 2293594 for a failed example) - if ((cnp->cn_flags & MAKEENTRY) && nameiop != CREATE) - cache_enter(parent_vp, *vpp, cnp); - */ - - retval = ENOENT; - } - else { - /* - * We have found an entry - * - * Here we have to decide what type of vnode to create. - * There are 3 type of objects that are given: - * 1. '.': return the same dp - * 2. '..' return the parent of dp, always a VDIR - * 3. catinfo rec: return depending on type: - * A. VDIR, nodeType is kCatalogFolderNode - * B. VLINK nodeType is kCatalogFileNode, the mode is IFLNK (esp. if it is a link to a directory e.g. bar/link/foo) - * C. VREG, nodeType is kCatalogFileNode, forkType at this point is unknown - * To determine the forkType, we can use this algorithm (\0 in the strings mean the NULL character): - * a. forkType is kDataType iff ISLASTCN is set (as in the case of the default fork e.g. data/foo). - * b. forkType is kDataType iff ISLASTCN is not set and the namePtr is followed by "/?AppleHFSFork/data\0" - * c. forkType is kRsrcType iff ISLASTCN is not set and the namePtr is followed by "/?AppleHFSFork/rsrc\0" - * If the latter two are correct, then we 'consume' the remaining of the name buffer - * and set the cnp as appropriate. - * Anything else returns an retval - */ + bzero(&cndesc, sizeof(cndesc)); + cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr; + cndesc.cd_namelen = cnp->cn_namelen; + cndesc.cd_parentcnid = dcp->c_fileid; + cndesc.cd_hint = dcp->c_childhint; + + lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK); + + retval = cat_lookup(hfsmp, &cndesc, 0, force_casesensitive_lookup, &desc, &attr, &fork, NULL); + + hfs_systemfile_unlock(hfsmp, lockflags); + if (retval == 0) { + dcp->c_childhint = desc.cd_hint; + /* + * Note: We must drop the parent lock here before calling + * hfs_getnewvnode (which takes the child lock). + */ + hfs_unlock(dcp); + dcp = NULL; + + /* Verify that the item just looked up isn't one of the hidden directories. */ + if (desc.cd_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid || + desc.cd_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) { + retval = ENOENT; + goto exit; + } + + goto found; + } /* - * If deleting, and at end of pathname, return - * parameters which can be used to remove file. - * If the wantparent flag isn't set, we return only - * the directory (in ndp->ndvp), otherwise we go - * on and lock the hfsnode, being careful with ".". + * ENAMETOOLONG supersedes other errors * - * Forks cannot be deleted so scan-ahead is illegal, so just return the default fork + * For a CREATE or RENAME operation on the last component + * the ENAMETOOLONG will be handled in the next VNOP. */ - if (nameiop == DELETE && (flags & ISLASTCN)) { + if ((retval != ENAMETOOLONG) && + (cnp->cn_namelen > kHFSPlusMaxFileNameChars) && + (((flags & ISLASTCN) == 0) || ((nameiop != CREATE) && (nameiop != RENAME)))) { + retval = ENAMETOOLONG; + } else if (retval == 0) { + retval = ENOENT; + } else if (retval == ERESERVEDNAME) { /* - * Write access to directory required to delete files. - */ - retval = VOP_ACCESS(parent_vp, VWRITE, cred, cnp->cn_proc); - if (retval) - goto Err_Exit; - - if (isDot) { /* Want to return ourselves */ - VREF(parent_vp); - target_vp = parent_vp; - goto Err_Exit; - } - else if (isDotDot) { - retval = VFS_VGET(parent_vp->v_mount, &nodeID, &target_vp); - if (retval) - goto Err_Exit; - } - else { - retval = hfs_vget_catinfo(parent_vp, &catInfo, kDefault, &target_vp); - if (retval) - goto Err_Exit; - CLEAN_CATALOGDATA(&catInfo.nodeData); - }; + * We found the name in the catalog, but it is unavailable + * to us. The exact error to return to our caller depends + * on the operation, and whether we've already reached the + * last path component. In all cases, avoid a negative + * cache entry, since someone else may be able to access + * the name if their lookup is configured differently. + */ + cnp->cn_flags &= ~MAKEENTRY; - /* - * If directory is "sticky", then user must own - * the directory, or the file in it, else she - * may not delete it (unless she's root). This - * implements append-only directories. - */ - if ((parent_hp->h_meta->h_mode & ISVTX) && - (cred->cr_uid != 0) && - (cred->cr_uid != parent_hp->h_meta->h_uid) && - (target_vp->v_type != VLNK) && - (hfs_owner_rights(target_vp, cred, p, false))) { - vput(target_vp); - retval = EPERM; - goto Err_Exit; + if (((flags & ISLASTCN) == 0) || ((nameiop == LOOKUP) || (nameiop == DELETE))) { + /* A reserved name for a pure lookup is the same as the path not being present */ + retval = ENOENT; + } else { + /* A reserved name with intent to create must be rejected as impossible */ + retval = EEXIST; } -#if HFS_HARDLINKS - /* - * If this is a link node then we need to save the name - * (of the link) so we can delete it from the catalog b-tree. - * In this case, hfs_remove will then free the component name. - */ - if (target_vp && (VTOH(target_vp)->h_meta->h_metaflags & IN_DATANODE)) - cnp->cn_flags |= SAVENAME; -#endif - - if (!lockparent) - VOP_UNLOCK(parent_vp, 0, p); - goto Err_Exit; - }; - + } + if (retval != ENOENT) + goto exit; /* - * If rewriting 'RENAME', return the hfsnode and the - * information required to rewrite the present directory + * This is a non-existing entry + * + * If creating, and at end of pathname and current + * directory has not been removed, then can consider + * allowing file to be created. */ - if (nameiop == RENAME && wantparent && (cnp->cn_flags & ISLASTCN)) { - - if ((retval = VOP_ACCESS(parent_vp, VWRITE, cred, cnp->cn_proc)) != 0) - goto Err_Exit; + if ((nameiop == CREATE || nameiop == RENAME) && + (flags & ISLASTCN) && + !(ISSET(dcp->c_flag, C_DELETED | C_NOEXISTS))) { + retval = EJUSTRETURN; + goto exit; + } + /* + * Insert name into the name cache (as non-existent). + */ + if ((hfsmp->hfs_flags & HFS_STANDARD) == 0 && + (cnp->cn_flags & MAKEENTRY) && + (nameiop != CREATE)) { + cache_enter(dvp, NULL, cnp); + dcp->c_flag |= C_NEG_ENTRIES; + } + goto exit; + } - /* - * Careful about locking second inode. - * This can only occur if the target is ".". like 'mv foo/bar foo/.' - */ +found: + if (flags & ISLASTCN) { + switch(nameiop) { + case DELETE: + cnp->cn_flags &= ~MAKEENTRY; + break; + + case RENAME: + cnp->cn_flags &= ~MAKEENTRY; if (isDot) { retval = EISDIR; - goto Err_Exit; - } - else if (isDotDot) { - retval = VFS_VGET(parent_vp->v_mount, &nodeID, &target_vp); - if (retval) - goto Err_Exit; + goto exit; } - else { - - retval = hfs_vget_catinfo(parent_vp, &catInfo, kDefault, &target_vp); - if (retval) - goto Err_Exit; - - CLEAN_CATALOGDATA(&catInfo.nodeData); /* Should do nothing */ - }; - - cnp->cn_flags |= SAVENAME; - if (!lockparent) - VOP_UNLOCK(parent_vp, 0, p); - - goto Err_Exit; - /* Finished...all is well, goto the end */ - }; + break; + } + } + if (isDot) { + if ((retval = vnode_get(dvp))) + goto exit; + *vpp = dvp; + } else if (flags & ISDOTDOT) { /* - * Step through the translation in the name. We do not `vput' the - * directory because we may need it again if a symbolic link - * is relative to the current directory. Instead we save it - * unlocked as "tparent_vp". We must get the target hfsnode before unlocking - * the directory to insure that the hfsnode will not be removed - * before we get it. We prevent deadlock by always fetching - * inodes from the root, moving down the directory tree. Thus - * when following backward pointers ".." we must unlock the - * parent directory before getting the requested directory. - * There is a potential race condition here if both the current - * and parent directories are removed before the VFS_VGET for the - * hfsnode associated with ".." returns. We hope that this occurs - * infrequently since we cannot avoid this race condition without - * implementing a sophisticated deadlock detection algorithm. - * Note also that this simple deadlock detection scheme will not - * work if the file system has any hard links other than ".." - * that point backwards in the directory structure. + * Directory hard links can have multiple parents so + * find the appropriate parent for the current thread. */ - - tparent_vp = parent_vp; - if (isDotDot) { - VOP_UNLOCK(tparent_vp, 0, p); /* race to get the inode */ - if ((retval = VFS_VGET(parent_vp->v_mount, &nodeID, &target_vp))) { - vn_lock(tparent_vp, LK_EXCLUSIVE | LK_RETRY, p); - goto Err_Exit; + if ((retval = hfs_vget(hfsmp, hfs_currentparent(VTOC(dvp), + /* have_lock: */ false), &tvp, 0, 0))) { + goto exit; } - if (lockparent && (flags & ISLASTCN) && (tparent_vp != target_vp) && - (retval = vn_lock(tparent_vp, LK_EXCLUSIVE, p))) { - vput(target_vp); - goto Err_Exit; - } + *cnode_locked = 1; + *vpp = tvp; + } else { + int type = (attr.ca_mode & S_IFMT); + + if (!(flags & ISLASTCN) && (type != S_IFDIR) && (type != S_IFLNK)) { + retval = ENOTDIR; + goto exit; } - else if (isDot) { - VREF(parent_vp); /* we want ourself, ie "." */ - target_vp = parent_vp; + /* Don't cache directory hardlink names. */ + if (attr.ca_recflags & kHFSHasLinkChainMask) { + cnp->cn_flags &= ~MAKEENTRY; } - else { - mode_t mode; - /* - * Determine what fork to get, currenty 3 scenarios are supported: - * 1. ./foo: if it is a dir, return a VDIR else return data fork - * 2. ./foo/.__Fork/data: return data fork - * 3. ./foo/.__Fork/rsrc: return resource fork - * So the algorithm is: - * If the object is a directory - * then return a VDIR vnode - * else if ISLASTCN is true - * then get the vnode with forkType=kDataFork - * else - * compare with the remaining cnp buffer with "/.__Fork/" - * if a match - * then compare string after that with either 'data' or 'rsrc' - * if match - * then - * 'consume' rest of cnp, setting appropriate values and flags - * return vnode depending on match - * else - * bad fork name - * else - * illegal path after a file object - */ + /* Names with composed chars are not cached. */ + if (cnp->cn_namelen != desc.cd_namelen) + cnp->cn_flags &= ~MAKEENTRY; - mode = (mode_t)(catInfo.nodeData.cnd_mode); - - if (catInfo.nodeData.cnd_type == kCatalogFolderNode) { - forkType = kDirectory; /* Really ignored */ - } - else if ((mode & IFMT) == IFLNK) { - forkType = kDataFork; - } /* After this point, nodeType should be a file */ - else if (flags & ISLASTCN) { /* Create a default fork */ - forkType = kDataFork; - } - else { /* determine what fork was specified */ - forkType = GetForkFromName(cnp); - flags |= ISLASTCN; /* To know to unlock the parent if needed */ - }; /* else */ + retval = hfs_getnewvnode(hfsmp, dvp, cnp, &desc, 0, &attr, &fork, &tvp, &newvnode_flags); + if (retval) { + /* + * If this was a create/rename operation lookup, then by this point + * we expected to see the item returned from hfs_getnewvnode above. + * In the create case, it would probably eventually bubble out an EEXIST + * because the item existed when we were trying to create it. In the + * rename case, it would let us know that we need to go ahead and + * delete it as part of the rename. However, if we hit the condition below + * then it means that we found the element during cat_lookup above, but + * it is now no longer there. We simply behave as though we never found + * the element at all and return EJUSTRETURN. + */ + if ((retval == ENOENT) && + ((cnp->cn_nameiop == CREATE) || (cnp->cn_nameiop == RENAME)) && + (flags & ISLASTCN)) { + retval = EJUSTRETURN; + } - /* If couldn't determine what type of fork, leave */ - if (forkType == kUndefinedFork) { - retval = ENOTDIR; - goto Err_Exit; - }; - - /* Get the vnode now that what type of fork is known */ - DBG_ASSERT((forkType==kDirectory) || (forkType==kDataFork) || (forkType==kRsrcFork)); - retval = hfs_vget_catinfo(tparent_vp, &catInfo, forkType, &target_vp); - if (retval != E_NONE) - goto Err_Exit; - - if (!lockparent || !(flags & ISLASTCN)) - VOP_UNLOCK(tparent_vp, 0, p); - - CLEAN_CATALOGDATA(&catInfo.nodeData); - - }; /* else found */ - - - /* - * Insert name in cache if wanted. - * Names with composed chars are not put into the name cache. - * Resource forks are not entered in the name cache. This - * avoids deadlocks. - */ - if ((cnp->cn_flags & MAKEENTRY) - && (cnp->cn_namelen == catInfo.nodeData.cnm_length) - && ((H_FORKTYPE(VTOH(target_vp))) != kRsrcFork)) { /* - * XXX SER - Might be good idea to bcopy(catInfo.nodeData.fsspec.name, cnp->cn_nameptr) - * to "normalize" the name cache. This will avoid polluting the name cache with - * names that are different in case, and allow negative caching + * If this was a straight lookup operation, we may need to redrive the entire + * lookup starting from cat_lookup if the element was deleted as the result of + * a rename operation. Since rename is supposed to guarantee atomicity, then + * lookups cannot fail because the underlying element is deleted as a result of + * the rename call -- either they returned the looked up element prior to rename + * or return the newer element. If we are in this region, then all we can do is add + * workarounds to guarantee the latter case. The element has already been deleted, so + * we just re-try the lookup to ensure the caller gets the most recent element. */ - cache_enter(parent_vp, target_vp, cnp); + if ((retval == ENOENT) && (cnp->cn_nameiop == LOOKUP) && + (newvnode_flags & (GNV_CHASH_RENAMED | GNV_CAT_DELETED))) { + if (dcp) { + hfs_unlock (dcp); + } + /* get rid of any name buffers that may have lingered from the cat_lookup call */ + cat_releasedesc (&desc); + goto retry; } - - - }; /* else found == TRUE */ - -Err_Exit: - - CLEAN_CATALOGDATA(&catInfo.nodeData); /* Just to make sure */ - *ap->a_vpp = target_vp; + /* Also, re-drive the lookup if the item we looked up was a hardlink, and the number + * or name of hardlinks has changed in the interim between the cat_lookup above, and + * our call to hfs_getnewvnode. hfs_getnewvnode will validate the cattr we passed it + * against what is actually in the catalog after the cnode is created. If there were + * any issues, it will bubble out ERECYCLE, which we need to swallow and use as the + * key to redrive as well. We need to special case this below because in this case, + * it needs to occur regardless of the type of lookup we're doing here. + */ + if ((retval == ERECYCLE) && (newvnode_flags & GNV_CAT_ATTRCHANGED)) { + if (dcp) { + hfs_unlock (dcp); + } + /* get rid of any name buffers that may have lingered from the cat_lookup call */ + cat_releasedesc (&desc); + retval = 0; + goto retry; + } - DBG_VOP_UPDATE_VP(1, *ap->a_vpp); - //DBG_VOP_LOOKUP_TEST (funcname, cnp, parent_vp, target_vp); - //DBG_VOP_LOCKS_TEST(E_NONE); + /* skip to the error-handling code if we can't retry */ + goto exit; + } + /* + * Save the origin info for file and directory hardlinks. Directory hardlinks + * need the origin for '..' lookups, and file hardlinks need it to ensure that + * competing lookups do not cause us to vend different hardlinks than the ones requested. + */ + if (ISSET(VTOC(tvp)->c_flag, C_HARDLINK)) + hfs_savelinkorigin(VTOC(tvp), VTOC(dvp)->c_fileid); + *cnode_locked = 1; + *vpp = tvp; + } +exit: + if (dcp) { + hfs_unlock(dcp); + } + cat_releasedesc(&desc); return (retval); } /* - * Based on vn_cache_lookup (which is vfs_cache_lookup in FreeBSD 3.1) - * * Name caching works as follows: * * Names found by directory scans are retained in a cache @@ -608,242 +453,246 @@ Err_Exit: * is for DELETE, or NOCACHE is set (rewrite), and the * name is located in the cache, it will be dropped. * - * In hfs, since a name can represent multiple forks, it cannot - * be known what fork the name matches, so further checks have to be done. - * Currently a policy of first requested, is the one stored, is followed. - * - * SER XXX If this proves inadequate maybe we can munge the name to contain a fork reference - * like foo -> foo.d for the data fork. */ +#define S_IXALL 0000111 + int -hfs_cache_lookup(ap) - struct vop_lookup_args /* { - struct vnode *a_dvp; - struct vnode **a_vpp; - struct componentname *a_cnp; - } */ *ap; +hfs_vnop_lookup(struct vnop_lookup_args *ap) { - struct vnode *vdp; - struct vnode *pdp; - int lockparent; + struct vnode *dvp = ap->a_dvp; + struct vnode *vp; + struct cnode *cp; + struct cnode *dcp; + struct hfsmount *hfsmp; int error; struct vnode **vpp = ap->a_vpp; - struct componentname *cnp = ap->a_cnp; - struct ucred *cred = cnp->cn_cred; + struct componentname *cnp = ap->a_cnp; + struct proc *p = vfs_context_proc(ap->a_context); int flags = cnp->cn_flags; - struct proc *p = cnp->cn_proc; - struct hfsnode *hp; - u_int32_t vpid; /* capability number of vnode */ - DBG_FUNC_NAME("cache_lookup"); - DBG_VOP_LOCKS_DECL(2); - DBG_VOP_LOCKS_INIT(0,ap->a_dvp, VOPDBG_LOCKED, VOPDBG_IGNORE, VOPDBG_IGNORE, VOPDBG_POS); - DBG_VOP_LOCKS_INIT(1,*ap->a_vpp, VOPDBG_IGNORE, VOPDBG_LOCKED, VOPDBG_IGNORE, VOPDBG_POS); - DBG_VOP_PRINT_FUNCNAME();DBG_VOP_CONT(("\n")); - DBG_VOP_CONT(("\tTarget: "));DBG_VOP_PRINT_CPN_INFO(ap->a_cnp);DBG_VOP_CONT(("\n")); - DBG_HFS_NODE_CHECK(ap->a_dvp); + int force_casesensitive_lookup = proc_is_forcing_hfs_case_sensitivity(p); + int cnode_locked; + int fastdev_candidate = 0; + int auto_candidate = 0; *vpp = NULL; - vdp = ap->a_dvp; - lockparent = flags & LOCKPARENT; + dcp = VTOC(dvp); + hfsmp = VTOHFS(dvp); - if (vdp->v_type != VDIR) - return (ENOTDIR); - - if ((flags & ISLASTCN) && (vdp->v_mount->mnt_flag & MNT_RDONLY) && - (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) - return (EROFS); - - error = VOP_ACCESS(vdp, VEXEC, cred, cnp->cn_proc); - - if (error) - return (error); + if ((hfsmp->hfs_flags & HFS_CS_HOTFILE_PIN) && (vnode_isfastdevicecandidate(dvp) || (dcp->c_attr.ca_recflags & kHFSFastDevCandidateMask)) ){ + fastdev_candidate = 1; + auto_candidate = (vnode_isautocandidate(dvp) || (dcp->c_attr.ca_recflags & kHFSAutoCandidateMask)); + } + /* * Lookup an entry in the cache - * If the lookup succeeds, the vnode is returned in *vpp, and a status of -1 is - * returned. If the lookup determines that the name does not exist - * (negative cacheing), a status of ENOENT is returned. If the lookup - * fails, a status of zero is returned. + * + * If the lookup succeeds, the vnode is returned in *vpp, + * and a status of -1 is returned. + * + * If the lookup determines that the name does not exist + * (negative cacheing), a status of ENOENT is returned. + * + * If the lookup fails, a status of zero is returned. */ - error = cache_lookup(vdp, vpp, cnp); - - if (error == 0) { /* Unsuccessfull */ - DBG_VOP(("\tWas not in name cache\n")); - error = hfs_lookup(ap); -#if HFS_HARDLINKS - if (error) - return (error); - /* - * If this is a hard-link vnode then we need to update - * the name (of the link) and update the parent ID. This - * enables getattrlist calls to return correct link info. - */ - hp = VTOH(*ap->a_vpp); - if ((flags & ISLASTCN) && (hp->h_meta->h_metaflags & IN_DATANODE)) { - H_DIRID(hp) = H_FILEID(VTOH(ap->a_dvp)); - hfs_set_metaname(cnp->cn_nameptr, hp->h_meta, HTOHFS(hp)); - } -#endif - return (error); - }; + error = cache_lookup(dvp, vpp, cnp); + if (error != -1) { + if ((error == ENOENT) && (cnp->cn_nameiop != CREATE)) + goto exit; /* found a negative cache entry */ + goto lookup; /* did not find it in the cache */ + } + /* + * We have a name that matched + * cache_lookup returns the vp with an iocount reference already taken + */ + error = 0; + vp = *vpp; + cp = VTOC(vp); - DBG_VOP(("\tName was found in the name cache")); - if (error == ENOENT) { - DBG_VOP_CONT((" though it was a NEGATIVE HIT\n")); - return (error); - }; - DBG_VOP_CONT(("\n")); + /* We aren't allowed to vend out vp's via lookup to the hidden directory */ + if (cp->c_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid || + cp->c_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) { + /* Drop the iocount from cache_lookup */ + vnode_put (vp); + error = ENOENT; + goto exit; + } -#if HFS_HARDLINKS + if (cp->c_attr.ca_recflags & kHFSDoNotFastDevPinMask) { + fastdev_candidate = 0; + } + /* * If this is a hard-link vnode then we need to update - * the name (of the link) and update the parent ID. This - * enables getattrlist calls to return correct link info. + * the name (of the link), the parent ID, the cnid, the + * text encoding and the catalog hint. This enables + * getattrlist calls to return the correct link info. */ - hp = VTOH(*vpp); - if ((flags & ISLASTCN) && (hp->h_meta->h_metaflags & IN_DATANODE)) { - H_DIRID(hp) = H_FILEID(VTOH(vdp)); - hfs_set_metaname(cnp->cn_nameptr, hp->h_meta, HTOHFS(hp)); - } -#endif - - /* We have a name that matched */ - pdp = vdp; - vdp = *vpp; - vpid = vdp->v_id; - if (pdp == vdp) { /* lookup on "." */ - VREF(vdp); - error = 0; - } else if (flags & ISDOTDOT) { - /* - * Carefull on the locking policy, - * remember we always lock from parent to child, so have - * to release lock on child before trying to lock parent - * then regain lock if needed - */ - VOP_UNLOCK(pdp, 0, p); - error = vget(vdp, LK_EXCLUSIVE, p); - if (!error && lockparent && (flags & ISLASTCN)) - error = vn_lock(pdp, LK_EXCLUSIVE, p); - } else if ((! (flags & ISLASTCN)) && (vdp->v_type == VREG) && - (GetForkFromName(cnp) != kDataFork)) { - /* - * We only store data forks in the name cache. - */ - goto finished; - } else { - error = vget(vdp, LK_EXCLUSIVE, p); - if (!lockparent || error || !(flags & ISLASTCN)) - VOP_UNLOCK(pdp, 0, p); - } + /* - * Check that the capability number did not change - * while we were waiting for the lock. + * Alternatively, if we are forcing a case-sensitive lookup + * on a case-insensitive volume, the namecache entry + * may have been for an incorrect case. Since we cannot + * determine case vs. normalization, redrive the catalog + * lookup based on any byte mismatch. */ - if (!error) { - if (vpid == vdp->v_id) - return (0); /* HERE IS THE NORMAL EXIT FOR CACHE LOOKUP!!!! */ - /* - * The above is the NORMAL exit, after this point is an error - * condition. - */ - vput(vdp); - if (lockparent && pdp != vdp && (flags & ISLASTCN)) - VOP_UNLOCK(pdp, 0, p); - } - error = vn_lock(pdp, LK_EXCLUSIVE, p); - if (error) - return (error); + if (((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK)) + || (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE))) { + int stale_link = 0; + + hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS); + if ((cp->c_parentcnid != dcp->c_cnid) || + (cnp->cn_namelen != cp->c_desc.cd_namelen) || + (bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) { + struct cat_desc desc; + struct cat_attr lookup_attr; + int lockflags; + + if (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE)) { + /* + * Since the name in the cnode doesn't match our lookup + * string exactly, do a full lookup. + */ + hfs_unlock (cp); + + vnode_put(vp); + goto lookup; + } -finished: + /* + * Get an updated descriptor + */ + desc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr; + desc.cd_namelen = cnp->cn_namelen; + desc.cd_parentcnid = dcp->c_fileid; + desc.cd_hint = dcp->c_childhint; + desc.cd_encoding = 0; + desc.cd_cnid = 0; + desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0; - return (hfs_lookup(ap)); -} + /* + * Because lookups call replace_desc to put a new descriptor in + * the cnode we are modifying it is possible that this cnode's + * descriptor is out of date for the parent ID / name that + * we are trying to look up. (It may point to a different hardlink). + * + * We need to be cautious that when re-supplying the + * descriptor below that the results of the catalog lookup + * still point to the same raw inode for the hardlink. This would + * not be the case if we found something in the cache above but + * the vnode it returned no longer has a valid hardlink for the + * parent ID/filename combo we are requesting. (This is because + * hfs_unlink does not directly trigger namecache removal). + * + * As a result, before vending out the vnode (and replacing + * its descriptor) verify that the fileID is the same by comparing + * the in-cnode attributes vs. the one returned from the lookup call + * below. If they do not match, treat this lookup as if we never hit + * in the cache at all. + */ -/* - * Parses a componentname and sees if the remaining path - * contains a hfs named fork specifier. If it does set the - * componentname to consume the rest of the path, and - * return the forkType - */ + lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK); + + error = cat_lookup(VTOHFS(vp), &desc, 0, 0, &desc, &lookup_attr, NULL, NULL); + + hfs_systemfile_unlock(VTOHFS(dvp), lockflags); -u_int16_t GetForkFromName(struct componentname *cnp) -{ - u_int16_t forkType = kUndefinedFork; - char *tcp = cnp->cn_nameptr + cnp->cn_namelen; - - if (bcmp(tcp, _PATH_FORKSPECIFIER, sizeof(_PATH_FORKSPECIFIER) - 1) == 0) { - /* Its a HFS fork, so far */ - tcp += (sizeof(_PATH_FORKSPECIFIER) - 1); - if (bcmp(tcp, _PATH_DATANAME, sizeof(_PATH_DATANAME)) == 0) { - forkType = kDataFork; - cnp->cn_consume = sizeof(_PATH_FORKSPECIFIER) + sizeof(_PATH_DATANAME) - 2; - } - else if (bcmp(tcp, _PATH_RSRCNAME, sizeof(_PATH_RSRCNAME)) == 0) { - forkType = kRsrcFork; - cnp->cn_consume = sizeof(_PATH_FORKSPECIFIER) + sizeof(_PATH_RSRCNAME) - 2; - }; /* else if */ - }; /* if bcmp */ - - - /* XXX SER For backwards compatability...keep it */ - if (forkType == kUndefinedFork) { - tcp = cnp->cn_nameptr + cnp->cn_namelen; - if (bcmp(tcp, gHFSForkIdentStr, sizeof(gHFSForkIdentStr) - 1) == 0) { - /* Its a HFS fork, so far */ - tcp += (sizeof(gHFSForkIdentStr) - 1); - if (bcmp(tcp, gDataForkNameStr, sizeof(gDataForkNameStr)) == 0) { - forkType = kDataFork; - cnp->cn_consume = sizeof(gHFSForkIdentStr) + sizeof(gDataForkNameStr) - 2; + /* + * Note that cat_lookup may fail to find something with the name provided in the + * stack-based descriptor above. In that case, an ENOENT is a legitimate errno + * to be placed in error, which will get returned in the fastpath below. + */ + if (error == 0) { + if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) { + /* It still points to the right raw inode. Replacing the descriptor is fine */ + replace_desc (cp, &desc); + + /* + * Save the origin info for file and directory hardlinks. Directory hardlinks + * need the origin for '..' lookups, and file hardlinks need it to ensure that + * competing lookups do not cause us to vend different hardlinks than the ones requested. + */ + hfs_savelinkorigin(cp, dcp->c_fileid); + } + else { + /* If the fileID does not match then do NOT replace the descriptor! */ + stale_link = 1; + } + } } - else if (bcmp(tcp, gRsrcForkNameStr, sizeof(gRsrcForkNameStr)) == 0) { - forkType = kRsrcFork; - cnp->cn_consume = sizeof(gHFSForkIdentStr) + sizeof(gRsrcForkNameStr) - 2; - }; /* else if */ - }; /* if bcmp */ - }; - - return forkType; -} - -#if DBG_VOP_TEST_LOCKS - -void DbgLookupTest( char *funcname, struct componentname *cnp, struct vnode *dvp, struct vnode *vp) -{ - if (! (hfs_dbg_lookup || hfs_dbg_all)) - return; + hfs_unlock (cp); - - if (dvp) { - if (lockstatus(&VTOH(dvp)->h_lock)) { - DBG_LOOKUP (("%s: Parent vnode exited LOCKED", funcname)); + if (stale_link) { + /* + * If we had a stale_link, then we need to pretend as though + * we never found this vnode and force a lookup through the + * traditional path. Drop the iocount acquired through + * cache_lookup above and force a cat lookup / getnewvnode + */ + vnode_put(vp); + goto lookup; } - else { - DBG_LOOKUP (("%s: Parent vnode exited UNLOCKED", funcname)); + + if (error) { + /* + * If the cat_lookup failed then the caller will not expect + * a vnode with an iocount on it. + */ + vnode_put(vp); } + + } + goto exit; + +lookup: + /* + * The vnode was not in the name cache or it was stale. + * + * So we need to do a real lookup. + */ + cnode_locked = 0; + + error = hfs_lookup(dvp, vpp, cnp, &cnode_locked, force_casesensitive_lookup); + + if (*vpp && (VTOC(*vpp)->c_attr.ca_recflags & kHFSDoNotFastDevPinMask)) { + fastdev_candidate = 0; } - if (vp) { - if (vp==dvp) - { - DBG_LOOKUP (("%s: Target and Parent are the same", funcname)); - } - else { - if (lockstatus(&VTOH(vp)->h_lock)) { - DBG_LOOKUP (("%s: Found vnode exited LOCKED", funcname)); - } - else { - DBG_LOOKUP (("%s: Found vnode exited LOCKED", funcname)); - } + if (*vpp && (VTOC(*vpp)->c_attr.ca_recflags & kHFSAutoCandidateMask)) { + //printf("vp %s / %d is an auto-candidate\n", (*vpp)->v_name ? (*vpp)->v_name : "no-name", VTOC(*vpp)->c_fileid); + auto_candidate = 1; + } + + if (cnode_locked) + hfs_unlock(VTOC(*vpp)); +exit: + if (*vpp && fastdev_candidate && (*vpp)->v_parent == dvp && !(vnode_isfastdevicecandidate(*vpp))) { + vnode_setfastdevicecandidate(*vpp); + if (auto_candidate) { + vnode_setautocandidate(*vpp); } - DBG_LOOKUP (("%s: Found vnode 0x%x has vtype of %d\n ", funcname, (u_int)vp, vp->v_type)); } - else - DBG_LOOKUP (("%s: Found vnode exited NULL\n", funcname)); + { + uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread()); + + /* + * check to see if we issued any I/O while completing this lookup and + * this thread/task is throttleable... if so, throttle now + * + * this allows us to throttle in between multiple meta data reads that + * might result due to looking up a long pathname (since we'll have to + * re-enter hfs_vnop_lookup for each component of the pathnam not in + * the VFS cache), instead of waiting until the entire path lookup has + * completed and throttling at the systemcall return + */ + if (__improbable(ut->uu_lowpri_window)) { + throttle_lowpri_io(1); + } + } + return (error); } -#endif /* DBG_VOP_TEST_LOCKS */