X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/ff6e181ae92fc6f1e89841290f461d1f2f9badd9..bd504ef0e0b883cdd7917b73b3574eb9ce669905:/bsd/hfs/hfs_lookup.c diff --git a/bsd/hfs/hfs_lookup.c b/bsd/hfs/hfs_lookup.c index 615052a85..2200fe1de 100644 --- a/bsd/hfs/hfs_lookup.c +++ b/bsd/hfs/hfs_lookup.c @@ -1,14 +1,19 @@ /* - * Copyright (c) 1999-2005 Apple Computer, Inc. All rights reserved. + * Copyright (c) 1999-2012 Apple Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER @@ -18,7 +23,7 @@ * Please see the License for the specific language governing rights and * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * Copyright (c) 1989, 1993 @@ -72,23 +77,15 @@ #include #include #include -#include #include #include +#include +#include #include "hfs.h" #include "hfs_catalog.h" #include "hfs_cnode.h" -#define LEGACY_FORK_NAMES 1 - -static int forkcomponent(struct componentname *cnp, int *rsrcfork); - -#define _PATH_DATAFORKSPEC "/..namedfork/data" - -#if LEGACY_FORK_NAMES -#define LEGACY_RSRCFORKSPEC "/rsrc" -#endif /* * FROM FREEBSD 3.1 @@ -154,15 +151,11 @@ static int forkcomponent(struct componentname *cnp, int *rsrcfork); * When should we lock parent_hp in here ?? */ static int -hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, vfs_context_t context, int *cnode_locked) +hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, int *cnode_locked) { struct cnode *dcp; /* cnode for directory being searched */ struct vnode *tvp; /* target vnode */ struct hfsmount *hfsmp; - kauth_cred_t cred; - struct proc *p; - int wantrsrc = 0; - int forknamelen = 0; int flags; int nameiop; int retval = 0; @@ -172,8 +165,11 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, vfs struct cat_attr attr; struct cat_fork fork; int lockflags; + int newvnode_flags; - dcp = VTOC(dvp); + retry: + newvnode_flags = 0; + dcp = NULL; hfsmp = VTOHFS(dvp); *vpp = NULL; *cnode_locked = 0; @@ -183,9 +179,6 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, vfs flags = cnp->cn_flags; bzero(&desc, sizeof(desc)); - cred = vfs_context_ucred(context); - p = vfs_context_proc(context); - /* * First check to see if it is a . or .., else look it up. */ @@ -197,50 +190,74 @@ hfs_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, vfs cnp->cn_flags &= ~MAKEENTRY; goto found; /* We always know who we are */ } else { - /* Check fork suffix to see if we want the resource fork */ - forknamelen = forkcomponent(cnp, &wantrsrc); - - /* Resource fork names are not cached. */ - if (wantrsrc) - cnp->cn_flags &= ~MAKEENTRY; + if (hfs_lock(VTOC(dvp), HFS_EXCLUSIVE_LOCK) != 0) { + retval = ENOENT; /* The parent no longer exists ? */ + goto exit; + } + dcp = VTOC(dvp); - if (hfs_lock(dcp, HFS_EXCLUSIVE_LOCK) != 0) { - goto notfound; + if (dcp->c_flag & C_DIR_MODIFICATION) { + // XXXdbg - if we could msleep on a lck_rw_t then we would do that + // but since we can't we have to unlock, delay for a bit + // and then retry... + // msleep((caddr_t)&dcp->c_flag, &dcp->c_rwlock, PINOD, "hfs_vnop_lookup", 0); + hfs_unlock(dcp); + tsleep((caddr_t)dvp, PRIBIO, "hfs_lookup", 1); + + goto retry; } /* No need to go to catalog if there are no children */ if (dcp->c_entries == 0) { - hfs_unlock(dcp); goto notfound; } bzero(&cndesc, sizeof(cndesc)); - cndesc.cd_nameptr = cnp->cn_nameptr; + cndesc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr; cndesc.cd_namelen = cnp->cn_namelen; - cndesc.cd_parentcnid = dcp->c_cnid; + cndesc.cd_parentcnid = dcp->c_fileid; cndesc.cd_hint = dcp->c_childhint; lockflags = hfs_systemfile_lock(hfsmp, SFL_CATALOG, HFS_SHARED_LOCK); - retval = cat_lookup(hfsmp, &cndesc, wantrsrc, &desc, &attr, &fork, NULL); + retval = cat_lookup(hfsmp, &cndesc, 0, &desc, &attr, &fork, NULL); hfs_systemfile_unlock(hfsmp, lockflags); if (retval == 0) { dcp->c_childhint = desc.cd_hint; + /* + * Note: We must drop the parent lock here before calling + * hfs_getnewvnode (which takes the child lock). + */ hfs_unlock(dcp); + dcp = NULL; + + /* Verify that the item just looked up isn't one of the hidden directories. */ + if (desc.cd_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid || + desc.cd_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) { + retval = ENOENT; + goto exit; + } + goto found; } - hfs_unlock(dcp); notfound: - /* ENAMETOOLONG supersedes other errors */ - if (((nameiop != CREATE) && (nameiop != RENAME)) && - (retval != ENAMETOOLONG) && - (cnp->cn_namelen > kHFSPlusMaxFileNameChars)) { + /* + * ENAMETOOLONG supersedes other errors + * + * For a CREATE or RENAME operation on the last component + * the ENAMETOOLONG will be handled in the next VNOP. + */ + if ((retval != ENAMETOOLONG) && + (cnp->cn_namelen > kHFSPlusMaxFileNameChars) && + (((flags & ISLASTCN) == 0) || ((nameiop != CREATE) && (nameiop != RENAME)))) { retval = ENAMETOOLONG; } else if (retval == 0) { retval = ENOENT; } + if (retval != ENOENT) + goto exit; /* * This is a non-existing entry * @@ -253,39 +270,23 @@ notfound: (cnp->cn_flags & DOWHITEOUT) && (cnp->cn_flags & ISWHITEOUT))) && (flags & ISLASTCN) && - (retval == ENOENT)) { + !(ISSET(dcp->c_flag, C_DELETED | C_NOEXISTS))) { retval = EJUSTRETURN; goto exit; } /* - * Insert name into cache (as non-existent) if appropriate. - * - * Only done for case-sensitive HFS+ volumes. + * Insert name into the name cache (as non-existent). */ - if ((retval == ENOENT) && - (hfsmp->hfs_flags & HFS_CASE_SENSITIVE) && - (cnp->cn_flags & MAKEENTRY) && nameiop != CREATE) { + if ((hfsmp->hfs_flags & HFS_STANDARD) == 0 && + (cnp->cn_flags & MAKEENTRY) && + (nameiop != CREATE)) { cache_enter(dvp, NULL, cnp); + dcp->c_flag |= C_NEG_ENTRIES; } goto exit; } found: - /* - * Process any fork specifiers - */ - if (forknamelen && S_ISREG(attr.ca_mode)) { - /* fork names are only for lookups */ - if ((nameiop != LOOKUP) && (nameiop != CREATE)) { - retval = EPERM; - goto exit; - } - cnp->cn_consume = forknamelen; - flags |= ISLASTCN; - } else { - wantrsrc = 0; - forknamelen = 0; - } if (flags & ISLASTCN) { switch(nameiop) { case DELETE: @@ -307,8 +308,13 @@ found: goto exit; *vpp = dvp; } else if (flags & ISDOTDOT) { - if ((retval = hfs_vget(hfsmp, dcp->c_parentcnid, &tvp, 0))) + /* + * Directory hard links can have multiple parents so + * find the appropriate parent for the current thread. + */ + if ((retval = hfs_vget(hfsmp, hfs_currentparent(VTOC(dvp)), &tvp, 0, 0))) { goto exit; + } *cnode_locked = 1; *vpp = tvp; } else { @@ -318,26 +324,93 @@ found: retval = ENOTDIR; goto exit; } - + /* Don't cache directory hardlink names. */ + if (attr.ca_recflags & kHFSHasLinkChainMask) { + cnp->cn_flags &= ~MAKEENTRY; + } /* Names with composed chars are not cached. */ if (cnp->cn_namelen != desc.cd_namelen) cnp->cn_flags &= ~MAKEENTRY; - /* Resource fork vnode names include the fork specifier. */ - if (wantrsrc && (flags & ISLASTCN)) - cnp->cn_namelen += forknamelen; + retval = hfs_getnewvnode(hfsmp, dvp, cnp, &desc, 0, &attr, &fork, &tvp, &newvnode_flags); - retval = hfs_getnewvnode(hfsmp, dvp, cnp, &desc, wantrsrc, &attr, &fork, &tvp); + if (retval) { + /* + * If this was a create/rename operation lookup, then by this point + * we expected to see the item returned from hfs_getnewvnode above. + * In the create case, it would probably eventually bubble out an EEXIST + * because the item existed when we were trying to create it. In the + * rename case, it would let us know that we need to go ahead and + * delete it as part of the rename. However, if we hit the condition below + * then it means that we found the element during cat_lookup above, but + * it is now no longer there. We simply behave as though we never found + * the element at all and return EJUSTRETURN. + */ + if ((retval == ENOENT) && + ((cnp->cn_nameiop == CREATE) || (cnp->cn_nameiop == RENAME)) && + (flags & ISLASTCN)) { + retval = EJUSTRETURN; + } + + /* + * If this was a straight lookup operation, we may need to redrive the entire + * lookup starting from cat_lookup if the element was deleted as the result of + * a rename operation. Since rename is supposed to guarantee atomicity, then + * lookups cannot fail because the underlying element is deleted as a result of + * the rename call -- either they returned the looked up element prior to rename + * or return the newer element. If we are in this region, then all we can do is add + * workarounds to guarantee the latter case. The element has already been deleted, so + * we just re-try the lookup to ensure the caller gets the most recent element. + */ + if ((retval == ENOENT) && (cnp->cn_nameiop == LOOKUP) && + (newvnode_flags & (GNV_CHASH_RENAMED | GNV_CAT_DELETED))) { + if (dcp) { + hfs_unlock (dcp); + } + /* get rid of any name buffers that may have lingered from the cat_lookup call */ + cat_releasedesc (&desc); + goto retry; + } - if (wantrsrc && (flags & ISLASTCN)) - cnp->cn_namelen -= forknamelen; + /* Also, re-drive the lookup if the item we looked up was a hardlink, and the number + * or name of hardlinks has changed in the interim between the cat_lookup above, and + * our call to hfs_getnewvnode. hfs_getnewvnode will validate the cattr we passed it + * against what is actually in the catalog after the cnode is created. If there were + * any issues, it will bubble out ERECYCLE, which we need to swallow and use as the + * key to redrive as well. We need to special case this below because in this case, + * it needs to occur regardless of the type of lookup we're doing here. + */ + if ((retval == ERECYCLE) && (newvnode_flags & GNV_CAT_ATTRCHANGED)) { + if (dcp) { + hfs_unlock (dcp); + } + /* get rid of any name buffers that may have lingered from the cat_lookup call */ + cat_releasedesc (&desc); + retval = 0; + goto retry; + } - if (retval) + /* skip to the error-handling code if we can't retry */ goto exit; + } + + /* + * Save the origin info for file and directory hardlinks. Directory hardlinks + * need the origin for '..' lookups, and file hardlinks need it to ensure that + * competing lookups do not cause us to vend different hardlinks than the ones requested. + * We want to restrict saving the cache entries to LOOKUP namei operations, since + * we're really doing this to protect getattr. + */ + if ((nameiop == LOOKUP) && (VTOC(tvp)->c_flag & C_HARDLINK)) { + hfs_savelinkorigin(VTOC(tvp), VTOC(dvp)->c_fileid); + } *cnode_locked = 1; *vpp = tvp; } exit: + if (dcp) { + hfs_unlock(dcp); + } cat_releasedesc(&desc); return (retval); } @@ -364,7 +437,6 @@ exit: #define S_IXALL 0000111 -__private_extern__ int hfs_vnop_lookup(struct vnop_lookup_args *ap) { @@ -372,6 +444,7 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) struct vnode *vp; struct cnode *cp; struct cnode *dcp; + struct hfsmount *hfsmp; int error; struct vnode **vpp = ap->a_vpp; struct componentname *cnp = ap->a_cnp; @@ -380,6 +453,8 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) *vpp = NULL; dcp = VTOC(dvp); + + hfsmp = VTOHFS(dvp); /* * Lookup an entry in the cache @@ -394,9 +469,9 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) */ error = cache_lookup(dvp, vpp, cnp); if (error != -1) { - if (error == ENOENT) /* found a negative cache entry */ - goto exit; - goto lookup; /* did not find it in the cache */ + if ((error == ENOENT) && (cnp->cn_nameiop != CREATE)) + goto exit; /* found a negative cache entry */ + goto lookup; /* did not find it in the cache */ } /* * We have a name that matched @@ -404,79 +479,122 @@ hfs_vnop_lookup(struct vnop_lookup_args *ap) */ error = 0; vp = *vpp; - + cp = VTOC(vp); + + /* We aren't allowed to vend out vp's via lookup to the hidden directory */ + if (cp->c_cnid == hfsmp->hfs_private_desc[FILE_HARDLINKS].cd_cnid || + cp->c_cnid == hfsmp->hfs_private_desc[DIR_HARDLINKS].cd_cnid) { + /* Drop the iocount from cache_lookup */ + vnode_put (vp); + error = ENOENT; + goto exit; + } + + /* * If this is a hard-link vnode then we need to update * the name (of the link), the parent ID, the cnid, the * text encoding and the catalog hint. This enables * getattrlist calls to return the correct link info. */ - cp = VTOC(vp); if ((flags & ISLASTCN) && (cp->c_flag & C_HARDLINK)) { - hfs_lock(cp, HFS_FORCE_LOCK); - if ((cp->c_parentcnid != VTOC(dvp)->c_cnid) || + int stale_link = 0; + + hfs_lock(cp, HFS_FORCE_LOCK); + if ((cp->c_parentcnid != dcp->c_cnid) || (bcmp(cnp->cn_nameptr, cp->c_desc.cd_nameptr, cp->c_desc.cd_namelen) != 0)) { struct cat_desc desc; + struct cat_attr lookup_attr; int lockflags; - /* * Get an updated descriptor */ - bzero(&desc, sizeof(desc)); - desc.cd_nameptr = cnp->cn_nameptr; + desc.cd_nameptr = (const u_int8_t *)cnp->cn_nameptr; desc.cd_namelen = cnp->cn_namelen; - desc.cd_parentcnid = VTOC(dvp)->c_cnid; - desc.cd_hint = VTOC(dvp)->c_childhint; - - lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK); - if (cat_lookup(VTOHFS(vp), &desc, 0, &desc, NULL, NULL, NULL) == 0) - replace_desc(cp, &desc); - hfs_systemfile_unlock(VTOHFS(dvp), lockflags); - } - hfs_unlock(cp); - } - if (dvp != vp && !(flags & ISDOTDOT)) { - if ((flags & ISLASTCN) == 0 && vnode_isreg(vp)) { - int wantrsrc = 0; - - cnp->cn_consume = forkcomponent(cnp, &wantrsrc); - if (cnp->cn_consume) { - flags |= ISLASTCN; - /* Fork names are only for lookups */ - if (cnp->cn_nameiop != LOOKUP && - cnp->cn_nameiop != CREATE) { - vnode_put(vp); - error = EPERM; - goto exit; - } - } + desc.cd_parentcnid = dcp->c_fileid; + desc.cd_hint = dcp->c_childhint; + desc.cd_encoding = 0; + desc.cd_cnid = 0; + desc.cd_flags = S_ISDIR(cp->c_mode) ? CD_ISDIR : 0; + /* - * Use cnode's rsrcfork vnode if possible. + * Because lookups call replace_desc to put a new descriptor in + * the cnode we are modifying it is possible that this cnode's + * descriptor is out of date for the parent ID / name that + * we are trying to look up. (It may point to a different hardlink). + * + * We need to be cautious that when re-supplying the + * descriptor below that the results of the catalog lookup + * still point to the same raw inode for the hardlink. This would + * not be the case if we found something in the cache above but + * the vnode it returned no longer has a valid hardlink for the + * parent ID/filename combo we are requesting. (This is because + * hfs_unlink does not directly trigger namecache removal). + * + * As a result, before vending out the vnode (and replacing + * its descriptor) verify that the fileID is the same by comparing + * the in-cnode attributes vs. the one returned from the lookup call + * below. If they do not match, treat this lookup as if we never hit + * in the cache at all. */ - if (wantrsrc) { - int vid; - - *vpp = NULL; - if (cp->c_rsrc_vp == NULL) { - vnode_put(vp); - goto lookup; - } - vid = vnode_vid(cp->c_rsrc_vp); + lockflags = hfs_systemfile_lock(VTOHFS(dvp), SFL_CATALOG, HFS_SHARED_LOCK); + + error = cat_lookup(VTOHFS(vp), &desc, 0, &desc, &lookup_attr, NULL, NULL); + + hfs_systemfile_unlock(VTOHFS(dvp), lockflags); - error = vnode_getwithvid(cp->c_rsrc_vp, vid); - if (error) { - vnode_put(vp); - goto lookup; + /* + * Note that cat_lookup may fail to find something with the name provided in the + * stack-based descriptor above. In that case, an ENOENT is a legitimate errno + * to be placed in error, which will get returned in the fastpath below. + */ + if (error == 0) { + if (lookup_attr.ca_fileid == cp->c_attr.ca_fileid) { + /* It still points to the right raw inode. Replacing the descriptor is fine */ + replace_desc (cp, &desc); + + /* + * Save the origin info for file and directory hardlinks. Directory hardlinks + * need the origin for '..' lookups, and file hardlinks need it to ensure that + * competing lookups do not cause us to vend different hardlinks than the ones requested. + * We want to restrict saving the cache entries to LOOKUP namei operations, since + * we're really doing this to protect getattr. + */ + if (cnp->cn_nameiop == LOOKUP) { + hfs_savelinkorigin(cp, dcp->c_fileid); + } } - *vpp = cp->c_rsrc_vp; - vnode_put(vp); - vp = *vpp; + else { + /* If the fileID does not match then do NOT replace the descriptor! */ + stale_link = 1; + } } } - } - return (error); + hfs_unlock (cp); + + if (stale_link) { + /* + * If we had a stale_link, then we need to pretend as though + * we never found this vnode and force a lookup through the + * traditional path. Drop the iocount acquired through + * cache_lookup above and force a cat lookup / getnewvnode + */ + vnode_put(vp); + goto lookup; + } + + if (error) { + /* + * If the cat_lookup failed then the caller will not expect + * a vnode with an iocount on it. + */ + vnode_put(vp); + } + + } + goto exit; lookup: /* @@ -486,48 +604,30 @@ lookup: */ cnode_locked = 0; - error = hfs_lookup(dvp, vpp, cnp, ap->a_context, &cnode_locked); + error = hfs_lookup(dvp, vpp, cnp, &cnode_locked); if (cnode_locked) hfs_unlock(VTOC(*vpp)); exit: - return (error); -} + { + uthread_t ut = (struct uthread *)get_bsdthread_info(current_thread()); - -/* - * forkcomponent - look for a fork suffix in the component name - * - */ -static int -forkcomponent(struct componentname *cnp, int *rsrcfork) -{ - char *suffix = cnp->cn_nameptr + cnp->cn_namelen; - int consume = 0; - - *rsrcfork = 0; - if (*suffix == '\0') - return (0); /* - * There are only 3 valid fork suffixes: - * "/..namedfork/rsrc" - * "/..namedfork/data" - * "/rsrc" (legacy) + * check to see if we issued any I/O while completing this lookup and + * this thread/task is throttleable... if so, throttle now + * + * this allows us to throttle in between multiple meta data reads that + * might result due to looking up a long pathname (since we'll have to + * re-enter hfs_vnop_lookup for each component of the pathnam not in + * the VFS cache), instead of waiting until the entire path lookup has + * completed and throttling at the systemcall return */ - if (bcmp(suffix, _PATH_RSRCFORKSPEC, sizeof(_PATH_RSRCFORKSPEC)) == 0) { - consume = sizeof(_PATH_RSRCFORKSPEC) - 1; - *rsrcfork = 1; - } else if (bcmp(suffix, _PATH_DATAFORKSPEC, sizeof(_PATH_DATAFORKSPEC)) == 0) { - consume = sizeof(_PATH_DATAFORKSPEC) - 1; + if (__improbable(ut->uu_lowpri_window)) { + throttle_lowpri_io(TRUE); } - -#if LEGACY_FORK_NAMES - else if (bcmp(suffix, LEGACY_RSRCFORKSPEC, sizeof(LEGACY_RSRCFORKSPEC)) == 0) { - consume = sizeof(LEGACY_RSRCFORKSPEC) - 1; - *rsrcfork = 1; - printf("HFS: /rsrc paths are deprecated (%s)\n", cnp->cn_nameptr); } -#endif - return (consume); + + return (error); } +