X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..c18c124eaa464aaaa5549e99e5a70fc9cbb50944:/bsd/hfs/hfs_lookup.c?ds=sidebyside diff --git a/bsd/hfs/hfs_lookup.c b/bsd/hfs/hfs_lookup.c index 13cb1aa48..e198d3190 100644 --- a/bsd/hfs/hfs_lookup.c +++ b/bsd/hfs/hfs_lookup.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2008 Apple Inc. All rights reserved. + * Copyright (c) 1999-2012 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -80,6 +80,7 @@ #include #include #include +#include #include "hfs.h" #include "hfs_catalog.h" @@ -150,7 +151,7 @@ * When should we lock parent_hp in here ?? */ static int -hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked) +hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked, int force_casesensitive_lookup) { struct cnode *dcp; /* cnode for directory being searched */ struct vnode *tvp; /* target vnode */ @@ -189,7 +190,7 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int cnp->cn_flags &= ~MAKEENTRY; goto found; /* We always know who we are */ } else { - if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK) != 0) { + if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK, HFS_LOCK_DEFAULT) != 0) { retval = ENOENT; /* The parent no longer exists ? */ goto exit; } @@ -206,10 +207,15 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int goto retry; } - /* No need to go to catalog if there are no children */ - if (dcp->c_entries == 0) { - goto notfound; - } + + /* + * We shouldn't need to go to the catalog if there are no children. + * However, in the face of a minor disk corruption where the valence of + * the directory is off, we could infinite loop here if we return ENOENT + * even though there are actually items in the directory. (create will + * see the ENOENT, try to create something, which will return with + * EEXIST over and over again). As a result, always check the catalog. + */ bzero(&cndesc, sizeof(cndesc)); cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr; @@ -219,7 +225,7 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK); - retval = cat_lookup(hfsmp, &cndesc, 0, &desc, &attr, &fork, NULL); + retval = cat_lookup(hfsmp, &cndesc, 0, force_casesensitive_lookup, &desc, &attr, &fork, NULL); hfs_systemfile_unlock(hfsmp, lockflags); @@ -241,7 +247,7 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int goto found; } -notfound: + /* * ENAMETOOLONG supersedes other errors * @@ -254,6 +260,25 @@ notfound: retval = ENAMETOOLONG; } else if (retval == 0) { retval = ENOENT; + } else if (retval == ERESERVEDNAME) { + /* + * We found the name in the catalog, but it is unavailable + * to us. The exact error to return to our caller depends + * on the operation, and whether we've already reached the + * last path component. In all cases, avoid a negative + * cache entry, since someone else may be able to access + * the name if their lookup is configured differently. + */ + + cnp->cn_flags &= ~MAKEENTRY; + + if (((flags & ISLASTCN) == 0) || ((nameiop == LOOKUP) || (nameiop == DELETE))) { + /* A reserved name for a pure lookup is the same as the path not being present */ + retval = ENOENT; + } else { + /* A reserved name with intent to create must be rejected as impossible */ + retval = EEXIST; + } } if (retval != ENOENT) goto exit; @@ -264,10 +289,7 @@ notfound: * directory has not been removed, then can consider * allowing file to be created. */ - if ((nameiop == CREATE || nameiop == RENAME || - (nameiop == DELETE && - (cnp->cn_flags & DOWHITEOUT) && - (cnp->cn_flags & ISWHITEOUT))) && + if ((nameiop == CREATE || nameiop == RENAME) && (flags & ISLASTCN) && !(ISSET(dcp->c_flag, C_DELETED | C_NOEXISTS))) { retval = EJUSTRETURN; @@ -447,7 +469,9 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) int error; struct vnode **vpp = ap->a_vpp; struct componentname *cnp = ap->a_cnp; + struct proc *p = vfs_context_proc(ap->a_context); int flags = cnp->cn_flags; + int force_casesensitive_lookup = proc_is_forcing_hfs_case_sensitivity(p); int cnode_locked; *vpp = NULL; @@ -497,13 +521,36 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) * getattrlist calls to return the correct link info. */ - if ((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK)) { - hfs_lock(cp, HFS_FORCE_LOCK); + /* + * Alternatively, if we are forcing a case-sensitive lookup + * on a case-insensitive volume, the namecache entry + * may have been for an incorrect case. Since we cannot + * determine case vs. normalization, redrive the catalog + * lookup based on any byte mismatch. + */ + if (((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK)) + || (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE))) { + int stale_link = 0; + + hfs_lock(cp, HFS_EXCLUSIVE_LOCK, HFS_LOCK_ALLOW_NOEXISTS); if ((cp->c_parentcnid != dcp->c_cnid) || + (cnp->cn_namelen != cp->c_desc.cd_namelen) || (bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) { struct cat_desc desc; + struct cat_attr lookup_attr; int lockflags; + if (force_casesensitive_lookup && !(hfsmp->hfs_flags & HFS_CASE_SENSITIVE)) { + /* + * Since the name in the cnode doesn't match our lookup + * string exactly, do a full lookup. + */ + hfs_unlock (cp); + + vnode_put(vp); + goto lookup; + } + /* * Get an updated descriptor */ @@ -514,28 +561,84 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) desc.cd_encoding = 0; desc.cd_cnid = 0; desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0; - + + /* + * Because lookups call replace_desc to put a new descriptor in + * the cnode we are modifying it is possible that this cnode's + * descriptor is out of date for the parent ID / name that + * we are trying to look up. (It may point to a different hardlink). + * + * We need to be cautious that when re-supplying the + * descriptor below that the results of the catalog lookup + * still point to the same raw inode for the hardlink. This would + * not be the case if we found something in the cache above but + * the vnode it returned no longer has a valid hardlink for the + * parent ID/filename combo we are requesting. (This is because + * hfs_unlink does not directly trigger namecache removal). + * + * As a result, before vending out the vnode (and replacing + * its descriptor) verify that the fileID is the same by comparing + * the in-cnode attributes vs. the one returned from the lookup call + * below. If they do not match, treat this lookup as if we never hit + * in the cache at all. + */ lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK); - if (cat_lookup(VTOHFS(vp), &desc, 0, &desc, NULL, NULL, NULL) == 0) - replace_desc(cp, &desc); + + error = cat_lookup(VTOHFS(vp), &desc, 0, 0, &desc, &lookup_attr, NULL, NULL); + hfs_systemfile_unlock(VTOHFS(dvp), lockflags); /* - * Save the origin info for file and directory hardlinks. Directory hardlinks - * need the origin for '..' lookups, and file hardlinks need it to ensure that - * competing lookups do not cause us to vend different hardlinks than the ones requested. - * We want to restrict saving the cache entries to LOOKUP namei operations, since - * we're really doing this to protect getattr. + * Note that cat_lookup may fail to find something with the name provided in the + * stack-based descriptor above. In that case, an ENOENT is a legitimate errno + * to be placed in error, which will get returned in the fastpath below. */ - if (cnp->cn_nameiop == LOOKUP) { - hfs_savelinkorigin(cp, dcp->c_fileid); + if (error == 0) { + if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) { + /* It still points to the right raw inode. Replacing the descriptor is fine */ + replace_desc (cp, &desc); + + /* + * Save the origin info for file and directory hardlinks. Directory hardlinks + * need the origin for '..' lookups, and file hardlinks need it to ensure that + * competing lookups do not cause us to vend different hardlinks than the ones requested. + * We want to restrict saving the cache entries to LOOKUP namei operations, since + * we're really doing this to protect getattr. + */ + if (cnp->cn_nameiop == LOOKUP) { + hfs_savelinkorigin(cp, dcp->c_fileid); + } + } + else { + /* If the fileID does not match then do NOT replace the descriptor! */ + stale_link = 1; + } } } - hfs_unlock(cp); - } + hfs_unlock (cp); + + if (stale_link) { + /* + * If we had a stale_link, then we need to pretend as though + * we never found this vnode and force a lookup through the + * traditional path. Drop the iocount acquired through + * cache_lookup above and force a cat lookup / getnewvnode + */ + vnode_put(vp); + goto lookup; + } + + if (error) { + /* + * If the cat_lookup failed then the caller will not expect + * a vnode with an iocount on it. + */ + vnode_put(vp); + } - return (error); + } + goto exit; lookup: /* @@ -545,11 +648,29 @@ lookup: */ cnode_locked = 0; - error = hfs_lookup(dvp, vpp, cnp, &cnode_locked); + error = hfs_lookup(dvp, vpp, cnp, &cnode_locked, force_casesensitive_lookup); if (cnode_locked) hfs_unlock(VTOC(*vpp)); exit: + { + uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread()); + + /* + * check to see if we issued any I/O while completing this lookup and + * this thread/task is throttleable... if so, throttle now + * + * this allows us to throttle in between multiple meta data reads that + * might result due to looking up a long pathname (since we'll have to + * re-enter hfs_vnop_lookup for each component of the pathnam not in + * the VFS cache), instead of waiting until the entire path lookup has + * completed and throttling at the systemcall return + */ + if (__improbable(ut->uu_lowpri_window)) { + throttle_lowpri_io(1); + } + } + return (error); }