1 | /* |
2 | * Copyright (c) 2000-2015 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ |
29 | /* |
30 | * Copyright (c) 1989, 1993, 1995 |
31 | * The Regents of the University of California. All rights reserved. |
32 | * |
33 | * This code is derived from software contributed to Berkeley by |
34 | * Poul-Henning Kamp of the FreeBSD Project. |
35 | * |
36 | * Redistribution and use in source and binary forms, with or without |
37 | * modification, are permitted provided that the following conditions |
38 | * are met: |
39 | * 1. Redistributions of source code must retain the above copyright |
40 | * notice, this list of conditions and the following disclaimer. |
41 | * 2. Redistributions in binary form must reproduce the above copyright |
42 | * notice, this list of conditions and the following disclaimer in the |
43 | * documentation and/or other materials provided with the distribution. |
44 | * 3. All advertising materials mentioning features or use of this software |
45 | * must display the following acknowledgement: |
46 | * This product includes software developed by the University of |
47 | * California, Berkeley and its contributors. |
48 | * 4. Neither the name of the University nor the names of its contributors |
49 | * may be used to endorse or promote products derived from this software |
50 | * without specific prior written permission. |
51 | * |
52 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
53 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
54 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
55 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
56 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
57 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
58 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
59 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
60 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
61 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
62 | * SUCH DAMAGE. |
63 | * |
64 | * |
65 | * @(#)vfs_cache.c 8.5 (Berkeley) 3/22/95 |
66 | */ |
67 | /* |
68 | * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce |
69 | * support for mandatory and extensible security protections. This notice |
70 | * is included in support of clause 2.2 (b) of the Apple Public License, |
71 | * Version 2.0. |
72 | */ |
73 | #include <sys/param.h> |
74 | #include <sys/systm.h> |
75 | #include <sys/time.h> |
76 | #include <sys/mount_internal.h> |
77 | #include <sys/vnode_internal.h> |
78 | #include <miscfs/specfs/specdev.h> |
79 | #include <sys/namei.h> |
80 | #include <sys/errno.h> |
81 | #include <sys/malloc.h> |
82 | #include <sys/kauth.h> |
83 | #include <sys/user.h> |
84 | #include <sys/paths.h> |
85 | #include <os/overflow.h> |
86 | |
87 | #if CONFIG_MACF |
88 | #include <security/mac_framework.h> |
89 | #endif |
90 | |
91 | /* |
92 | * Name caching works as follows: |
93 | * |
94 | * Names found by directory scans are retained in a cache |
95 | * for future reference. It is managed LRU, so frequently |
96 | * used names will hang around. Cache is indexed by hash value |
97 | * obtained from (vp, name) where vp refers to the directory |
98 | * containing name. |
99 | * |
100 | * If it is a "negative" entry, (i.e. for a name that is known NOT to |
101 | * exist) the vnode pointer will be NULL. |
102 | * |
103 | * Upon reaching the last segment of a path, if the reference |
104 | * is for DELETE, or NOCACHE is set (rewrite), and the |
105 | * name is located in the cache, it will be dropped. |
106 | */ |
107 | |
108 | /* |
109 | * Structures associated with name cacheing. |
110 | */ |
111 | |
112 | LIST_HEAD(nchashhead, namecache) *nchashtbl; /* Hash Table */ |
113 | u_long nchashmask; |
114 | u_long nchash; /* size of hash table - 1 */ |
115 | long numcache; /* number of cache entries allocated */ |
116 | int desiredNodes; |
117 | int desiredNegNodes; |
118 | int ncs_negtotal; |
119 | int nc_disabled = 0; |
120 | TAILQ_HEAD(, namecache) nchead; /* chain of all name cache entries */ |
121 | TAILQ_HEAD(, namecache) neghead; /* chain of only negative cache entries */ |
122 | |
123 | |
124 | #if COLLECT_STATS |
125 | |
126 | struct nchstats nchstats; /* cache effectiveness statistics */ |
127 | |
128 | #define NCHSTAT(v) { \ |
129 | nchstats.v++; \ |
130 | } |
131 | #define NAME_CACHE_LOCK() name_cache_lock() |
132 | #define NAME_CACHE_UNLOCK() name_cache_unlock() |
133 | #define NAME_CACHE_LOCK_SHARED() name_cache_lock() |
134 | |
135 | #else |
136 | |
137 | #define NCHSTAT(v) |
138 | #define NAME_CACHE_LOCK() name_cache_lock() |
139 | #define NAME_CACHE_UNLOCK() name_cache_unlock() |
140 | #define NAME_CACHE_LOCK_SHARED() name_cache_lock_shared() |
141 | |
142 | #endif |
143 | |
144 | |
145 | /* vars for name cache list lock */ |
146 | lck_grp_t * namecache_lck_grp; |
147 | lck_grp_attr_t * namecache_lck_grp_attr; |
148 | lck_attr_t * namecache_lck_attr; |
149 | |
150 | lck_grp_t * strcache_lck_grp; |
151 | lck_grp_attr_t * strcache_lck_grp_attr; |
152 | lck_attr_t * strcache_lck_attr; |
153 | |
154 | lck_rw_t * namecache_rw_lock; |
155 | lck_rw_t * strtable_rw_lock; |
156 | |
157 | #define NUM_STRCACHE_LOCKS 1024 |
158 | |
159 | lck_mtx_t strcache_mtx_locks[NUM_STRCACHE_LOCKS]; |
160 | |
161 | |
162 | static vnode_t cache_lookup_locked(vnode_t dvp, struct componentname *cnp); |
163 | static const char *add_name_internal(const char *, uint32_t, u_int, boolean_t, u_int); |
164 | static void init_string_table(void); |
165 | static void cache_delete(struct namecache *, int); |
166 | static void cache_enter_locked(vnode_t dvp, vnode_t vp, struct componentname *cnp, const char *strname); |
167 | |
168 | #ifdef DUMP_STRING_TABLE |
169 | /* |
170 | * Internal dump function used for debugging |
171 | */ |
172 | void dump_string_table(void); |
173 | #endif /* DUMP_STRING_TABLE */ |
174 | |
175 | static void init_crc32(void); |
176 | static unsigned int crc32tab[256]; |
177 | |
178 | |
179 | #define NCHHASH(dvp, hash_val) \ |
180 | (&nchashtbl[(dvp->v_id ^ (hash_val)) & nchashmask]) |
181 | |
182 | /* |
183 | * This function tries to check if a directory vp is a subdirectory of dvp |
184 | * only from valid v_parent pointers. It is called with the name cache lock |
185 | * held and does not drop the lock anytime inside the function. |
186 | * |
187 | * It returns a boolean that indicates whether or not it was able to |
188 | * successfully infer the parent/descendent relationship via the v_parent |
189 | * pointers, or if it could not infer such relationship and that the decision |
190 | * must be delegated to the owning filesystem. |
191 | * |
192 | * If it does not defer the decision, i.e. it was successfuly able to determine |
193 | * the parent/descendent relationship, *is_subdir tells the caller if vp is a |
194 | * subdirectory of dvp. |
195 | * |
196 | * If the decision is deferred, *next_vp is where it stopped i.e. *next_vp |
197 | * is the vnode whose parent is to be determined from the filesystem. |
198 | * *is_subdir, in this case, is not indicative of anything and should be |
199 | * ignored. |
200 | * |
201 | * The return value and output args should be used as follows : |
202 | * |
203 | * defer = cache_check_vnode_issubdir(vp, dvp, is_subdir, next_vp); |
204 | * if (!defer) { |
205 | * if (*is_subdir) |
206 | * vp is subdirectory; |
207 | * else |
208 | * vp is not a subdirectory; |
209 | * } else { |
210 | * if (*next_vp) |
211 | * check this vnode's parent from the filesystem |
212 | * else |
213 | * error (likely because of forced unmount). |
214 | * } |
215 | * |
216 | */ |
217 | static boolean_t |
218 | cache_check_vnode_issubdir(vnode_t vp, vnode_t dvp, boolean_t *is_subdir, |
219 | vnode_t *next_vp) |
220 | { |
221 | vnode_t tvp = vp; |
222 | int defer = FALSE; |
223 | |
224 | *is_subdir = FALSE; |
225 | *next_vp = NULLVP; |
226 | while (1) { |
227 | mount_t tmp; |
228 | |
229 | if (tvp == dvp) { |
230 | *is_subdir = TRUE; |
231 | break; |
232 | } else if (tvp == rootvnode) { |
233 | /* *is_subdir = FALSE */ |
234 | break; |
235 | } |
236 | |
237 | tmp = tvp->v_mount; |
238 | while ((tvp->v_flag & VROOT) && tmp && tmp->mnt_vnodecovered && |
239 | tvp != dvp && tvp != rootvnode) { |
240 | tvp = tmp->mnt_vnodecovered; |
241 | tmp = tvp->v_mount; |
242 | } |
243 | |
244 | /* |
245 | * If dvp is not at the top of a mount "stack" then |
246 | * vp is not a subdirectory of dvp either. |
247 | */ |
248 | if (tvp == dvp || tvp == rootvnode) { |
249 | /* *is_subdir = FALSE */ |
250 | break; |
251 | } |
252 | |
253 | if (!tmp) { |
254 | defer = TRUE; |
255 | *next_vp = NULLVP; |
256 | break; |
257 | } |
258 | |
259 | if ((tvp->v_flag & VISHARDLINK) || !(tvp->v_parent)) { |
260 | defer = TRUE; |
261 | *next_vp = tvp; |
262 | break; |
263 | } |
264 | |
265 | tvp = tvp->v_parent; |
266 | } |
267 | |
268 | return (defer); |
269 | } |
270 | |
271 | /* maximum times retry from potentially transient errors in vnode_issubdir */ |
272 | #define MAX_ERROR_RETRY 3 |
273 | |
274 | /* |
275 | * This function checks if a given directory (vp) is a subdirectory of dvp. |
276 | * It walks backwards from vp and if it hits dvp in its parent chain, |
277 | * it is a subdirectory. If it encounters the root directory, it is not |
278 | * a subdirectory. |
279 | * |
280 | * This function returns an error if it is unsuccessful and 0 on success. |
281 | * |
282 | * On entry (and exit) vp has an iocount and if this function has to take |
283 | * any iocounts on other vnodes in the parent chain traversal, it releases them. |
284 | */ |
285 | int |
286 | vnode_issubdir(vnode_t vp, vnode_t dvp, int *is_subdir, vfs_context_t ctx) |
287 | { |
288 | vnode_t start_vp, tvp; |
289 | vnode_t vp_with_iocount; |
290 | int error = 0; |
291 | char dotdotbuf[] = ".." ; |
292 | int error_retry_count = 0; /* retry count for potentially transient |
293 | errors */ |
294 | |
295 | *is_subdir = FALSE; |
296 | tvp = start_vp = vp; |
297 | /* |
298 | * Anytime we acquire an iocount in this function, we save the vnode |
299 | * in this variable and release it before exiting. |
300 | */ |
301 | vp_with_iocount = NULLVP; |
302 | |
303 | while (1) { |
304 | boolean_t defer; |
305 | vnode_t pvp; |
306 | uint32_t vid; |
307 | struct componentname cn; |
308 | boolean_t is_subdir_locked = FALSE; |
309 | |
310 | if (tvp == dvp) { |
311 | *is_subdir = TRUE; |
312 | break; |
313 | } else if (tvp == rootvnode) { |
314 | /* *is_subdir = FALSE */ |
315 | break; |
316 | } |
317 | |
318 | NAME_CACHE_LOCK_SHARED(); |
319 | |
320 | defer = cache_check_vnode_issubdir(tvp, dvp, &is_subdir_locked, |
321 | &tvp); |
322 | |
323 | if (defer && tvp) |
324 | vid = vnode_vid(tvp); |
325 | |
326 | NAME_CACHE_UNLOCK(); |
327 | |
328 | if (!defer) { |
329 | *is_subdir = is_subdir_locked; |
330 | break; |
331 | } |
332 | |
333 | if (!tvp) { |
334 | if (error_retry_count++ < MAX_ERROR_RETRY) { |
335 | tvp = vp; |
336 | continue; |
337 | } |
338 | error = ENOENT; |
339 | break; |
340 | } |
341 | |
342 | if (tvp != start_vp) { |
343 | if (vp_with_iocount) { |
344 | vnode_put(vp_with_iocount); |
345 | vp_with_iocount = NULLVP; |
346 | } |
347 | |
348 | error = vnode_getwithvid(tvp, vid); |
349 | if (error) { |
350 | if (error_retry_count++ < MAX_ERROR_RETRY) { |
351 | tvp = vp; |
352 | error = 0; |
353 | continue; |
354 | } |
355 | break; |
356 | } |
357 | |
358 | vp_with_iocount = tvp; |
359 | } |
360 | |
361 | bzero(&cn, sizeof(cn)); |
362 | cn.cn_nameiop = LOOKUP; |
363 | cn.cn_flags = ISLASTCN | ISDOTDOT; |
364 | cn.cn_context = ctx; |
365 | cn.cn_pnbuf = &dotdotbuf[0]; |
366 | cn.cn_pnlen = sizeof(dotdotbuf); |
367 | cn.cn_nameptr = cn.cn_pnbuf; |
368 | cn.cn_namelen = 2; |
369 | |
370 | pvp = NULLVP; |
371 | if ((error = VNOP_LOOKUP(tvp, &pvp, &cn, ctx))) |
372 | break; |
373 | |
374 | if (!(tvp->v_flag & VISHARDLINK) && tvp->v_parent != pvp) { |
375 | (void)vnode_update_identity(tvp, pvp, NULL, 0, 0, |
376 | VNODE_UPDATE_PARENT); |
377 | } |
378 | |
379 | if (vp_with_iocount) |
380 | vnode_put(vp_with_iocount); |
381 | |
382 | vp_with_iocount = tvp = pvp; |
383 | } |
384 | |
385 | if (vp_with_iocount) |
386 | vnode_put(vp_with_iocount); |
387 | |
388 | return (error); |
389 | } |
390 | |
391 | /* |
392 | * This function builds the path in "buff" from the supplied vnode. |
393 | * The length of the buffer *INCLUDING* the trailing zero byte is |
394 | * returned in outlen. NOTE: the length includes the trailing zero |
395 | * byte and thus the length is one greater than what strlen would |
396 | * return. This is important and lots of code elsewhere in the kernel |
397 | * assumes this behavior. |
398 | * |
399 | * This function can call vnop in file system if the parent vnode |
400 | * does not exist or when called for hardlinks via volfs path. |
401 | * If BUILDPATH_NO_FS_ENTER is set in flags, it only uses values present |
402 | * in the name cache and does not enter the file system. |
403 | * |
404 | * If BUILDPATH_CHECK_MOVED is set in flags, we return EAGAIN when |
405 | * we encounter ENOENT during path reconstruction. ENOENT means that |
406 | * one of the parents moved while we were building the path. The |
407 | * caller can special handle this case by calling build_path again. |
408 | * |
409 | * If BUILDPATH_VOLUME_RELATIVE is set in flags, we return path |
410 | * that is relative to the nearest mount point, i.e. do not |
411 | * cross over mount points during building the path. |
412 | * |
413 | * passed in vp must have a valid io_count reference |
414 | * |
415 | * If parent vnode is non-NULL it also must have an io count. This |
416 | * allows build_path_with_parent to be safely called for operations |
417 | * unlink, rmdir and rename that already have io counts on the target |
418 | * and the directory. In this way build_path_with_parent does not have |
419 | * to try and obtain an additional io count on the parent. Taking an |
420 | * io count ont the parent can lead to dead lock if a forced unmount |
421 | * occures at the right moment. For a fuller explaination on how this |
422 | * can occur see the comment for vn_getpath_with_parent. |
423 | * |
424 | */ |
425 | int |
426 | build_path_with_parent(vnode_t first_vp, vnode_t parent_vp, char *buff, int buflen, int *outlen, int flags, vfs_context_t ctx) |
427 | { |
428 | vnode_t vp, tvp; |
429 | vnode_t vp_with_iocount; |
430 | vnode_t proc_root_dir_vp; |
431 | char *end; |
432 | const char *str; |
433 | int len; |
434 | int ret = 0; |
435 | int fixhardlink; |
436 | |
437 | if (first_vp == NULLVP) |
438 | return (EINVAL); |
439 | |
440 | if (buflen <= 1) |
441 | return (ENOSPC); |
442 | |
443 | /* |
444 | * Grab the process fd so we can evaluate fd_rdir. |
445 | */ |
446 | if (vfs_context_proc(ctx)->p_fd) |
447 | proc_root_dir_vp = vfs_context_proc(ctx)->p_fd->fd_rdir; |
448 | else |
449 | proc_root_dir_vp = NULL; |
450 | |
451 | vp_with_iocount = NULLVP; |
452 | again: |
453 | vp = first_vp; |
454 | |
455 | end = &buff[buflen-1]; |
456 | *end = '\0'; |
457 | |
458 | /* |
459 | * holding the NAME_CACHE_LOCK in shared mode is |
460 | * sufficient to stabilize both the vp->v_parent chain |
461 | * and the 'vp->v_mount->mnt_vnodecovered' chain |
462 | * |
463 | * if we need to drop this lock, we must first grab the v_id |
464 | * from the vnode we're currently working with... if that |
465 | * vnode doesn't already have an io_count reference (the vp |
466 | * passed in comes with one), we must grab a reference |
467 | * after we drop the NAME_CACHE_LOCK via vnode_getwithvid... |
468 | * deadlocks may result if you call vnode_get while holding |
469 | * the NAME_CACHE_LOCK... we lazily release the reference |
470 | * we pick up the next time we encounter a need to drop |
471 | * the NAME_CACHE_LOCK or before we return from this routine |
472 | */ |
473 | NAME_CACHE_LOCK_SHARED(); |
474 | |
475 | /* |
476 | * Check if this is the root of a file system. |
477 | */ |
478 | while (vp && vp->v_flag & VROOT) { |
479 | if (vp->v_mount == NULL) { |
480 | ret = EINVAL; |
481 | goto out_unlock; |
482 | } |
483 | if ((vp->v_mount->mnt_flag & MNT_ROOTFS) || (vp == proc_root_dir_vp)) { |
484 | /* |
485 | * It's the root of the root file system, so it's |
486 | * just "/". |
487 | */ |
488 | *--end = '/'; |
489 | |
490 | goto out_unlock; |
491 | } else { |
492 | /* |
493 | * This the root of the volume and the caller does not |
494 | * want to cross mount points. Therefore just return |
495 | * '/' as the relative path. |
496 | */ |
497 | if (flags & BUILDPATH_VOLUME_RELATIVE) { |
498 | *--end = '/'; |
499 | goto out_unlock; |
500 | } else { |
501 | vp = vp->v_mount->mnt_vnodecovered; |
502 | } |
503 | } |
504 | } |
505 | |
506 | while ((vp != NULLVP) && (vp->v_parent != vp)) { |
507 | int vid; |
508 | |
509 | /* |
510 | * For hardlinks the v_name may be stale, so if its OK |
511 | * to enter a file system, ask the file system for the |
512 | * name and parent (below). |
513 | */ |
514 | fixhardlink = (vp->v_flag & VISHARDLINK) && |
515 | (vp->v_mount->mnt_kern_flag & MNTK_PATH_FROM_ID) && |
516 | !(flags & BUILDPATH_NO_FS_ENTER); |
517 | |
518 | if (!fixhardlink) { |
519 | str = vp->v_name; |
520 | |
521 | if (str == NULL || *str == '\0') { |
522 | if (vp->v_parent != NULL) |
523 | ret = EINVAL; |
524 | else |
525 | ret = ENOENT; |
526 | goto out_unlock; |
527 | } |
528 | len = strlen(str); |
529 | /* |
530 | * Check that there's enough space (including space for the '/') |
531 | */ |
532 | if ((end - buff) < (len + 1)) { |
533 | ret = ENOSPC; |
534 | goto out_unlock; |
535 | } |
536 | /* |
537 | * Copy the name backwards. |
538 | */ |
539 | str += len; |
540 | |
541 | for (; len > 0; len--) |
542 | *--end = *--str; |
543 | /* |
544 | * Add a path separator. |
545 | */ |
546 | *--end = '/'; |
547 | } |
548 | |
549 | /* |
550 | * Walk up the parent chain. |
551 | */ |
552 | if (((vp->v_parent != NULLVP) && !fixhardlink) || |
553 | (flags & BUILDPATH_NO_FS_ENTER)) { |
554 | |
555 | /* |
556 | * In this if () block we are not allowed to enter the filesystem |
557 | * to conclusively get the most accurate parent identifier. |
558 | * As a result, if 'vp' does not identify '/' and it |
559 | * does not have a valid v_parent, then error out |
560 | * and disallow further path construction |
561 | */ |
562 | if ((vp->v_parent == NULLVP) && (rootvnode != vp)) { |
563 | /* |
564 | * Only '/' is allowed to have a NULL parent |
565 | * pointer. Upper level callers should ideally |
566 | * re-drive name lookup on receiving a ENOENT. |
567 | */ |
568 | ret = ENOENT; |
569 | |
570 | /* The code below will exit early if 'tvp = vp' == NULL */ |
571 | } |
572 | vp = vp->v_parent; |
573 | |
574 | /* |
575 | * if the vnode we have in hand isn't a directory and it |
576 | * has a v_parent, then we started with the resource fork |
577 | * so skip up to avoid getting a duplicate copy of the |
578 | * file name in the path. |
579 | */ |
580 | if (vp && !vnode_isdir(vp) && vp->v_parent) { |
581 | vp = vp->v_parent; |
582 | } |
583 | } else { |
584 | /* |
585 | * No parent, go get it if supported. |
586 | */ |
587 | struct vnode_attr va; |
588 | vnode_t dvp; |
589 | |
590 | /* |
591 | * Make sure file system supports obtaining a path from id. |
592 | */ |
593 | if (!(vp->v_mount->mnt_kern_flag & MNTK_PATH_FROM_ID)) { |
594 | ret = ENOENT; |
595 | goto out_unlock; |
596 | } |
597 | vid = vp->v_id; |
598 | |
599 | NAME_CACHE_UNLOCK(); |
600 | |
601 | if (vp != first_vp && vp != parent_vp && vp != vp_with_iocount) { |
602 | if (vp_with_iocount) { |
603 | vnode_put(vp_with_iocount); |
604 | vp_with_iocount = NULLVP; |
605 | } |
606 | if (vnode_getwithvid(vp, vid)) |
607 | goto again; |
608 | vp_with_iocount = vp; |
609 | } |
610 | VATTR_INIT(&va); |
611 | VATTR_WANTED(&va, va_parentid); |
612 | |
613 | if (fixhardlink) { |
614 | VATTR_WANTED(&va, va_name); |
615 | MALLOC_ZONE(va.va_name, caddr_t, MAXPATHLEN, M_NAMEI, M_WAITOK); |
616 | } else { |
617 | va.va_name = NULL; |
618 | } |
619 | /* |
620 | * Ask the file system for its parent id and for its name (optional). |
621 | */ |
622 | ret = vnode_getattr(vp, &va, ctx); |
623 | |
624 | if (fixhardlink) { |
625 | if ((ret == 0) && (VATTR_IS_SUPPORTED(&va, va_name))) { |
626 | str = va.va_name; |
627 | vnode_update_identity(vp, NULL, str, strlen(str), 0, VNODE_UPDATE_NAME); |
628 | } else if (vp->v_name) { |
629 | str = vp->v_name; |
630 | ret = 0; |
631 | } else { |
632 | ret = ENOENT; |
633 | goto bad_news; |
634 | } |
635 | len = strlen(str); |
636 | |
637 | /* |
638 | * Check that there's enough space. |
639 | */ |
640 | if ((end - buff) < (len + 1)) { |
641 | ret = ENOSPC; |
642 | } else { |
643 | /* Copy the name backwards. */ |
644 | str += len; |
645 | |
646 | for (; len > 0; len--) { |
647 | *--end = *--str; |
648 | } |
649 | /* |
650 | * Add a path separator. |
651 | */ |
652 | *--end = '/'; |
653 | } |
654 | bad_news: |
655 | FREE_ZONE(va.va_name, MAXPATHLEN, M_NAMEI); |
656 | } |
657 | if (ret || !VATTR_IS_SUPPORTED(&va, va_parentid)) { |
658 | ret = ENOENT; |
659 | goto out; |
660 | } |
661 | /* |
662 | * Ask the file system for the parent vnode. |
663 | */ |
664 | if ((ret = VFS_VGET(vp->v_mount, (ino64_t)va.va_parentid, &dvp, ctx))) |
665 | goto out; |
666 | |
667 | if (!fixhardlink && (vp->v_parent != dvp)) |
668 | vnode_update_identity(vp, dvp, NULL, 0, 0, VNODE_UPDATE_PARENT); |
669 | |
670 | if (vp_with_iocount) |
671 | vnode_put(vp_with_iocount); |
672 | vp = dvp; |
673 | vp_with_iocount = vp; |
674 | |
675 | NAME_CACHE_LOCK_SHARED(); |
676 | |
677 | /* |
678 | * if the vnode we have in hand isn't a directory and it |
679 | * has a v_parent, then we started with the resource fork |
680 | * so skip up to avoid getting a duplicate copy of the |
681 | * file name in the path. |
682 | */ |
683 | if (vp && !vnode_isdir(vp) && vp->v_parent) |
684 | vp = vp->v_parent; |
685 | } |
686 | |
687 | if (vp && (flags & BUILDPATH_CHECKACCESS)) { |
688 | vid = vp->v_id; |
689 | |
690 | NAME_CACHE_UNLOCK(); |
691 | |
692 | if (vp != first_vp && vp != parent_vp && vp != vp_with_iocount) { |
693 | if (vp_with_iocount) { |
694 | vnode_put(vp_with_iocount); |
695 | vp_with_iocount = NULLVP; |
696 | } |
697 | if (vnode_getwithvid(vp, vid)) |
698 | goto again; |
699 | vp_with_iocount = vp; |
700 | } |
701 | if ((ret = vnode_authorize(vp, NULL, KAUTH_VNODE_SEARCH, ctx))) |
702 | goto out; /* no peeking */ |
703 | |
704 | NAME_CACHE_LOCK_SHARED(); |
705 | } |
706 | |
707 | /* |
708 | * When a mount point is crossed switch the vp. |
709 | * Continue until we find the root or we find |
710 | * a vnode that's not the root of a mounted |
711 | * file system. |
712 | */ |
713 | tvp = vp; |
714 | |
715 | while (tvp) { |
716 | if (tvp == proc_root_dir_vp) |
717 | goto out_unlock; /* encountered the root */ |
718 | |
719 | if (!(tvp->v_flag & VROOT) || !tvp->v_mount) |
720 | break; /* not the root of a mounted FS */ |
721 | |
722 | if (flags & BUILDPATH_VOLUME_RELATIVE) { |
723 | /* Do not cross over mount points */ |
724 | tvp = NULL; |
725 | } else { |
726 | tvp = tvp->v_mount->mnt_vnodecovered; |
727 | } |
728 | } |
729 | if (tvp == NULLVP) |
730 | goto out_unlock; |
731 | vp = tvp; |
732 | } |
733 | out_unlock: |
734 | NAME_CACHE_UNLOCK(); |
735 | out: |
736 | if (vp_with_iocount) |
737 | vnode_put(vp_with_iocount); |
738 | /* |
739 | * Slide the name down to the beginning of the buffer. |
740 | */ |
741 | memmove(buff, end, &buff[buflen] - end); |
742 | |
743 | /* |
744 | * length includes the trailing zero byte |
745 | */ |
746 | *outlen = &buff[buflen] - end; |
747 | |
748 | /* One of the parents was moved during path reconstruction. |
749 | * The caller is interested in knowing whether any of the |
750 | * parents moved via BUILDPATH_CHECK_MOVED, so return EAGAIN. |
751 | */ |
752 | if ((ret == ENOENT) && (flags & BUILDPATH_CHECK_MOVED)) { |
753 | ret = EAGAIN; |
754 | } |
755 | |
756 | return (ret); |
757 | } |
758 | |
759 | int |
760 | build_path(vnode_t first_vp, char *buff, int buflen, int *outlen, int flags, vfs_context_t ctx) |
761 | { |
762 | return (build_path_with_parent(first_vp, NULL, buff, buflen, outlen, flags, ctx)); |
763 | } |
764 | |
765 | /* |
766 | * return NULLVP if vp's parent doesn't |
767 | * exist, or we can't get a valid iocount |
768 | * else return the parent of vp |
769 | */ |
770 | vnode_t |
771 | vnode_getparent(vnode_t vp) |
772 | { |
773 | vnode_t pvp = NULLVP; |
774 | int pvid; |
775 | |
776 | NAME_CACHE_LOCK_SHARED(); |
777 | /* |
778 | * v_parent is stable behind the name_cache lock |
779 | * however, the only thing we can really guarantee |
780 | * is that we've grabbed a valid iocount on the |
781 | * parent of 'vp' at the time we took the name_cache lock... |
782 | * once we drop the lock, vp could get re-parented |
783 | */ |
784 | if ( (pvp = vp->v_parent) != NULLVP ) { |
785 | pvid = pvp->v_id; |
786 | |
787 | NAME_CACHE_UNLOCK(); |
788 | |
789 | if (vnode_getwithvid(pvp, pvid) != 0) |
790 | pvp = NULL; |
791 | } else |
792 | NAME_CACHE_UNLOCK(); |
793 | return (pvp); |
794 | } |
795 | |
796 | const char * |
797 | vnode_getname(vnode_t vp) |
798 | { |
799 | const char *name = NULL; |
800 | |
801 | NAME_CACHE_LOCK_SHARED(); |
802 | |
803 | if (vp->v_name) |
804 | name = vfs_addname(vp->v_name, strlen(vp->v_name), 0, 0); |
805 | NAME_CACHE_UNLOCK(); |
806 | |
807 | return (name); |
808 | } |
809 | |
810 | void |
811 | vnode_putname(const char *name) |
812 | { |
813 | vfs_removename(name); |
814 | } |
815 | |
816 | static const char unknown_vnodename[] = "(unknown vnode name)" ; |
817 | |
818 | const char * |
819 | vnode_getname_printable(vnode_t vp) |
820 | { |
821 | const char *name = vnode_getname(vp); |
822 | if (name != NULL) |
823 | return name; |
824 | |
825 | switch (vp->v_type) { |
826 | case VCHR: |
827 | case VBLK: |
828 | { |
829 | /* |
830 | * Create an artificial dev name from |
831 | * major and minor device number |
832 | */ |
833 | char dev_name[64]; |
834 | (void) snprintf(dev_name, sizeof(dev_name), |
835 | "%c(%u, %u)" , VCHR == vp->v_type ? 'c':'b', |
836 | major(vp->v_rdev), minor(vp->v_rdev)); |
837 | /* |
838 | * Add the newly created dev name to the name |
839 | * cache to allow easier cleanup. Also, |
840 | * vfs_addname allocates memory for the new name |
841 | * and returns it. |
842 | */ |
843 | NAME_CACHE_LOCK_SHARED(); |
844 | name = vfs_addname(dev_name, strlen(dev_name), 0, 0); |
845 | NAME_CACHE_UNLOCK(); |
846 | return name; |
847 | } |
848 | default: |
849 | return unknown_vnodename; |
850 | } |
851 | } |
852 | |
853 | void |
854 | vnode_putname_printable(const char *name) |
855 | { |
856 | if (name == unknown_vnodename) |
857 | return; |
858 | vnode_putname(name); |
859 | } |
860 | |
861 | |
862 | /* |
863 | * if VNODE_UPDATE_PARENT, and we can take |
864 | * a reference on dvp, then update vp with |
865 | * it's new parent... if vp already has a parent, |
866 | * then drop the reference vp held on it |
867 | * |
868 | * if VNODE_UPDATE_NAME, |
869 | * then drop string ref on v_name if it exists, and if name is non-NULL |
870 | * then pick up a string reference on name and record it in v_name... |
871 | * optionally pass in the length and hashval of name if known |
872 | * |
873 | * if VNODE_UPDATE_CACHE, flush the name cache entries associated with vp |
874 | */ |
875 | void |
876 | vnode_update_identity(vnode_t vp, vnode_t dvp, const char *name, int name_len, uint32_t name_hashval, int flags) |
877 | { |
878 | struct namecache *ncp; |
879 | vnode_t old_parentvp = NULLVP; |
880 | int isstream = (vp->v_flag & VISNAMEDSTREAM); |
881 | int kusecountbumped = 0; |
882 | kauth_cred_t tcred = NULL; |
883 | const char *vname = NULL; |
884 | const char *tname = NULL; |
885 | |
886 | if (flags & VNODE_UPDATE_PARENT) { |
887 | if (dvp && vnode_ref(dvp) != 0) { |
888 | dvp = NULLVP; |
889 | } |
890 | /* Don't count a stream's parent ref during unmounts */ |
891 | if (isstream && dvp && (dvp != vp) && (dvp != vp->v_parent) && (dvp->v_type == VREG)) { |
892 | vnode_lock_spin(dvp); |
893 | ++dvp->v_kusecount; |
894 | kusecountbumped = 1; |
895 | vnode_unlock(dvp); |
896 | } |
897 | } else { |
898 | dvp = NULLVP; |
899 | } |
900 | if ( (flags & VNODE_UPDATE_NAME) ) { |
901 | if (name != vp->v_name) { |
902 | if (name && *name) { |
903 | if (name_len == 0) |
904 | name_len = strlen(name); |
905 | tname = vfs_addname(name, name_len, name_hashval, 0); |
906 | } |
907 | } else |
908 | flags &= ~VNODE_UPDATE_NAME; |
909 | } |
910 | if ( (flags & (VNODE_UPDATE_PURGE | VNODE_UPDATE_PARENT | VNODE_UPDATE_CACHE | VNODE_UPDATE_NAME)) ) { |
911 | |
912 | NAME_CACHE_LOCK(); |
913 | |
914 | if ( (flags & VNODE_UPDATE_PURGE) ) { |
915 | |
916 | if (vp->v_parent) |
917 | vp->v_parent->v_nc_generation++; |
918 | |
919 | while ( (ncp = LIST_FIRST(&vp->v_nclinks)) ) |
920 | cache_delete(ncp, 1); |
921 | |
922 | while ( (ncp = TAILQ_FIRST(&vp->v_ncchildren)) ) |
923 | cache_delete(ncp, 1); |
924 | |
925 | /* |
926 | * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held |
927 | */ |
928 | tcred = vp->v_cred; |
929 | vp->v_cred = NOCRED; |
930 | vp->v_authorized_actions = 0; |
931 | vp->v_cred_timestamp = 0; |
932 | } |
933 | if ( (flags & VNODE_UPDATE_NAME) ) { |
934 | vname = vp->v_name; |
935 | vp->v_name = tname; |
936 | } |
937 | if (flags & VNODE_UPDATE_PARENT) { |
938 | if (dvp != vp && dvp != vp->v_parent) { |
939 | old_parentvp = vp->v_parent; |
940 | vp->v_parent = dvp; |
941 | dvp = NULLVP; |
942 | |
943 | if (old_parentvp) |
944 | flags |= VNODE_UPDATE_CACHE; |
945 | } |
946 | } |
947 | if (flags & VNODE_UPDATE_CACHE) { |
948 | while ( (ncp = LIST_FIRST(&vp->v_nclinks)) ) |
949 | cache_delete(ncp, 1); |
950 | } |
951 | NAME_CACHE_UNLOCK(); |
952 | |
953 | if (vname != NULL) |
954 | vfs_removename(vname); |
955 | |
956 | if (IS_VALID_CRED(tcred)) |
957 | kauth_cred_unref(&tcred); |
958 | } |
959 | if (dvp != NULLVP) { |
960 | /* Back-out the ref we took if we lost a race for vp->v_parent. */ |
961 | if (kusecountbumped) { |
962 | vnode_lock_spin(dvp); |
963 | if (dvp->v_kusecount > 0) |
964 | --dvp->v_kusecount; |
965 | vnode_unlock(dvp); |
966 | } |
967 | vnode_rele(dvp); |
968 | } |
969 | if (old_parentvp) { |
970 | struct uthread *ut; |
971 | |
972 | if (isstream) { |
973 | vnode_lock_spin(old_parentvp); |
974 | if ((old_parentvp->v_type != VDIR) && (old_parentvp->v_kusecount > 0)) |
975 | --old_parentvp->v_kusecount; |
976 | vnode_unlock(old_parentvp); |
977 | } |
978 | ut = get_bsdthread_info(current_thread()); |
979 | |
980 | /* |
981 | * indicated to vnode_rele that it shouldn't do a |
982 | * vnode_reclaim at this time... instead it will |
983 | * chain the vnode to the uu_vreclaims list... |
984 | * we'll be responsible for calling vnode_reclaim |
985 | * on each of the vnodes in this list... |
986 | */ |
987 | ut->uu_defer_reclaims = 1; |
988 | ut->uu_vreclaims = NULLVP; |
989 | |
990 | while ( (vp = old_parentvp) != NULLVP ) { |
991 | |
992 | vnode_lock_spin(vp); |
993 | vnode_rele_internal(vp, 0, 0, 1); |
994 | |
995 | /* |
996 | * check to see if the vnode is now in the state |
997 | * that would have triggered a vnode_reclaim in vnode_rele |
998 | * if it is, we save it's parent pointer and then NULL |
999 | * out the v_parent field... we'll drop the reference |
1000 | * that was held on the next iteration of this loop... |
1001 | * this short circuits a potential deep recursion if we |
1002 | * have a long chain of parents in this state... |
1003 | * we'll sit in this loop until we run into |
1004 | * a parent in this chain that is not in this state |
1005 | * |
1006 | * make our check and the vnode_rele atomic |
1007 | * with respect to the current vnode we're working on |
1008 | * by holding the vnode lock |
1009 | * if vnode_rele deferred the vnode_reclaim and has put |
1010 | * this vnode on the list to be reaped by us, than |
1011 | * it has left this vnode with an iocount == 1 |
1012 | */ |
1013 | if ( (vp->v_iocount == 1) && (vp->v_usecount == 0) && |
1014 | ((vp->v_lflag & (VL_MARKTERM | VL_TERMINATE | VL_DEAD)) == VL_MARKTERM)) { |
1015 | /* |
1016 | * vnode_rele wanted to do a vnode_reclaim on this vnode |
1017 | * it should be sitting on the head of the uu_vreclaims chain |
1018 | * pull the parent pointer now so that when we do the |
1019 | * vnode_reclaim for each of the vnodes in the uu_vreclaims |
1020 | * list, we won't recurse back through here |
1021 | * |
1022 | * need to do a convert here in case vnode_rele_internal |
1023 | * returns with the lock held in the spin mode... it |
1024 | * can drop and retake the lock under certain circumstances |
1025 | */ |
1026 | vnode_lock_convert(vp); |
1027 | |
1028 | NAME_CACHE_LOCK(); |
1029 | old_parentvp = vp->v_parent; |
1030 | vp->v_parent = NULLVP; |
1031 | NAME_CACHE_UNLOCK(); |
1032 | } else { |
1033 | /* |
1034 | * we're done... we ran into a vnode that isn't |
1035 | * being terminated |
1036 | */ |
1037 | old_parentvp = NULLVP; |
1038 | } |
1039 | vnode_unlock(vp); |
1040 | } |
1041 | ut->uu_defer_reclaims = 0; |
1042 | |
1043 | while ( (vp = ut->uu_vreclaims) != NULLVP) { |
1044 | ut->uu_vreclaims = vp->v_defer_reclaimlist; |
1045 | |
1046 | /* |
1047 | * vnode_put will drive the vnode_reclaim if |
1048 | * we are still the only reference on this vnode |
1049 | */ |
1050 | vnode_put(vp); |
1051 | } |
1052 | } |
1053 | } |
1054 | |
1055 | |
1056 | /* |
1057 | * Mark a vnode as having multiple hard links. HFS makes use of this |
1058 | * because it keeps track of each link separately, and wants to know |
1059 | * which link was actually used. |
1060 | * |
1061 | * This will cause the name cache to force a VNOP_LOOKUP on the vnode |
1062 | * so that HFS can post-process the lookup. Also, volfs will call |
1063 | * VNOP_GETATTR2 to determine the parent, instead of using v_parent. |
1064 | */ |
1065 | void vnode_setmultipath(vnode_t vp) |
1066 | { |
1067 | vnode_lock_spin(vp); |
1068 | |
1069 | /* |
1070 | * In theory, we're changing the vnode's identity as far as the |
1071 | * name cache is concerned, so we ought to grab the name cache lock |
1072 | * here. However, there is already a race, and grabbing the name |
1073 | * cache lock only makes the race window slightly smaller. |
1074 | * |
1075 | * The race happens because the vnode already exists in the name |
1076 | * cache, and could be found by one thread before another thread |
1077 | * can set the hard link flag. |
1078 | */ |
1079 | |
1080 | vp->v_flag |= VISHARDLINK; |
1081 | |
1082 | vnode_unlock(vp); |
1083 | } |
1084 | |
1085 | |
1086 | |
1087 | /* |
1088 | * backwards compatibility |
1089 | */ |
1090 | void vnode_uncache_credentials(vnode_t vp) |
1091 | { |
1092 | vnode_uncache_authorized_action(vp, KAUTH_INVALIDATE_CACHED_RIGHTS); |
1093 | } |
1094 | |
1095 | |
1096 | /* |
1097 | * use the exclusive form of NAME_CACHE_LOCK to protect the update of the |
1098 | * following fields in the vnode: v_cred_timestamp, v_cred, v_authorized_actions |
1099 | * we use this lock so that we can look at the v_cred and v_authorized_actions |
1100 | * atomically while behind the NAME_CACHE_LOCK in shared mode in 'cache_lookup_path', |
1101 | * which is the super-hot path... if we are updating the authorized actions for this |
1102 | * vnode, we are already in the super-slow and far less frequented path so its not |
1103 | * that bad that we take the lock exclusive for this case... of course we strive |
1104 | * to hold it for the minimum amount of time possible |
1105 | */ |
1106 | |
1107 | void vnode_uncache_authorized_action(vnode_t vp, kauth_action_t action) |
1108 | { |
1109 | kauth_cred_t tcred = NOCRED; |
1110 | |
1111 | NAME_CACHE_LOCK(); |
1112 | |
1113 | vp->v_authorized_actions &= ~action; |
1114 | |
1115 | if (action == KAUTH_INVALIDATE_CACHED_RIGHTS && |
1116 | IS_VALID_CRED(vp->v_cred)) { |
1117 | /* |
1118 | * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held |
1119 | */ |
1120 | tcred = vp->v_cred; |
1121 | vp->v_cred = NOCRED; |
1122 | } |
1123 | NAME_CACHE_UNLOCK(); |
1124 | |
1125 | if (tcred != NOCRED) |
1126 | kauth_cred_unref(&tcred); |
1127 | } |
1128 | |
1129 | |
1130 | extern int bootarg_vnode_cache_defeat; /* default = 0, from bsd_init.c */ |
1131 | |
1132 | boolean_t |
1133 | vnode_cache_is_authorized(vnode_t vp, vfs_context_t ctx, kauth_action_t action) |
1134 | { |
1135 | kauth_cred_t ucred; |
1136 | boolean_t retval = FALSE; |
1137 | |
1138 | /* Boot argument to defeat rights caching */ |
1139 | if (bootarg_vnode_cache_defeat) |
1140 | return FALSE; |
1141 | |
1142 | if ( (vp->v_mount->mnt_kern_flag & (MNTK_AUTH_OPAQUE | MNTK_AUTH_CACHE_TTL)) ) { |
1143 | /* |
1144 | * a TTL is enabled on the rights cache... handle it here |
1145 | * a TTL of 0 indicates that no rights should be cached |
1146 | */ |
1147 | if (vp->v_mount->mnt_authcache_ttl) { |
1148 | if ( !(vp->v_mount->mnt_kern_flag & MNTK_AUTH_CACHE_TTL) ) { |
1149 | /* |
1150 | * For filesystems marked only MNTK_AUTH_OPAQUE (generally network ones), |
1151 | * we will only allow a SEARCH right on a directory to be cached... |
1152 | * that cached right always has a default TTL associated with it |
1153 | */ |
1154 | if (action != KAUTH_VNODE_SEARCH || vp->v_type != VDIR) |
1155 | vp = NULLVP; |
1156 | } |
1157 | if (vp != NULLVP && vnode_cache_is_stale(vp) == TRUE) { |
1158 | vnode_uncache_authorized_action(vp, vp->v_authorized_actions); |
1159 | vp = NULLVP; |
1160 | } |
1161 | } else |
1162 | vp = NULLVP; |
1163 | } |
1164 | if (vp != NULLVP) { |
1165 | ucred = vfs_context_ucred(ctx); |
1166 | |
1167 | NAME_CACHE_LOCK_SHARED(); |
1168 | |
1169 | if (vp->v_cred == ucred && (vp->v_authorized_actions & action) == action) |
1170 | retval = TRUE; |
1171 | |
1172 | NAME_CACHE_UNLOCK(); |
1173 | } |
1174 | return retval; |
1175 | } |
1176 | |
1177 | |
1178 | void vnode_cache_authorized_action(vnode_t vp, vfs_context_t ctx, kauth_action_t action) |
1179 | { |
1180 | kauth_cred_t tcred = NOCRED; |
1181 | kauth_cred_t ucred; |
1182 | struct timeval tv; |
1183 | boolean_t ttl_active = FALSE; |
1184 | |
1185 | ucred = vfs_context_ucred(ctx); |
1186 | |
1187 | if (!IS_VALID_CRED(ucred) || action == 0) |
1188 | return; |
1189 | |
1190 | if ( (vp->v_mount->mnt_kern_flag & (MNTK_AUTH_OPAQUE | MNTK_AUTH_CACHE_TTL)) ) { |
1191 | /* |
1192 | * a TTL is enabled on the rights cache... handle it here |
1193 | * a TTL of 0 indicates that no rights should be cached |
1194 | */ |
1195 | if (vp->v_mount->mnt_authcache_ttl == 0) |
1196 | return; |
1197 | |
1198 | if ( !(vp->v_mount->mnt_kern_flag & MNTK_AUTH_CACHE_TTL) ) { |
1199 | /* |
1200 | * only cache SEARCH action for filesystems marked |
1201 | * MNTK_AUTH_OPAQUE on VDIRs... |
1202 | * the lookup_path code will time these out |
1203 | */ |
1204 | if ( (action & ~KAUTH_VNODE_SEARCH) || vp->v_type != VDIR ) |
1205 | return; |
1206 | } |
1207 | ttl_active = TRUE; |
1208 | |
1209 | microuptime(&tv); |
1210 | } |
1211 | NAME_CACHE_LOCK(); |
1212 | |
1213 | if (vp->v_cred != ucred) { |
1214 | kauth_cred_ref(ucred); |
1215 | /* |
1216 | * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held |
1217 | */ |
1218 | tcred = vp->v_cred; |
1219 | vp->v_cred = ucred; |
1220 | vp->v_authorized_actions = 0; |
1221 | } |
1222 | if (ttl_active == TRUE && vp->v_authorized_actions == 0) { |
1223 | /* |
1224 | * only reset the timestamnp on the |
1225 | * first authorization cached after the previous |
1226 | * timer has expired or we're switching creds... |
1227 | * 'vnode_cache_is_authorized' will clear the |
1228 | * authorized actions if the TTL is active and |
1229 | * it has expired |
1230 | */ |
1231 | vp->v_cred_timestamp = tv.tv_sec; |
1232 | } |
1233 | vp->v_authorized_actions |= action; |
1234 | |
1235 | NAME_CACHE_UNLOCK(); |
1236 | |
1237 | if (IS_VALID_CRED(tcred)) |
1238 | kauth_cred_unref(&tcred); |
1239 | } |
1240 | |
1241 | |
1242 | boolean_t vnode_cache_is_stale(vnode_t vp) |
1243 | { |
1244 | struct timeval tv; |
1245 | boolean_t retval; |
1246 | |
1247 | microuptime(&tv); |
1248 | |
1249 | if ((tv.tv_sec - vp->v_cred_timestamp) > vp->v_mount->mnt_authcache_ttl) |
1250 | retval = TRUE; |
1251 | else |
1252 | retval = FALSE; |
1253 | |
1254 | return retval; |
1255 | } |
1256 | |
1257 | |
1258 | |
1259 | /* |
1260 | * Returns: 0 Success |
1261 | * ERECYCLE vnode was recycled from underneath us. Force lookup to be re-driven from namei. |
1262 | * This errno value should not be seen by anyone outside of the kernel. |
1263 | */ |
1264 | int |
1265 | cache_lookup_path(struct nameidata *ndp, struct componentname *cnp, vnode_t dp, |
1266 | vfs_context_t ctx, int *dp_authorized, vnode_t last_dp) |
1267 | { |
1268 | char *cp; /* pointer into pathname argument */ |
1269 | int vid; |
1270 | int vvid = 0; /* protected by vp != NULLVP */ |
1271 | vnode_t vp = NULLVP; |
1272 | vnode_t tdp = NULLVP; |
1273 | kauth_cred_t ucred; |
1274 | boolean_t ttl_enabled = FALSE; |
1275 | struct timeval tv; |
1276 | mount_t mp; |
1277 | unsigned int hash; |
1278 | int error = 0; |
1279 | boolean_t dotdotchecked = FALSE; |
1280 | |
1281 | #if CONFIG_TRIGGERS |
1282 | vnode_t trigger_vp; |
1283 | #endif /* CONFIG_TRIGGERS */ |
1284 | |
1285 | ucred = vfs_context_ucred(ctx); |
1286 | ndp->ni_flag &= ~(NAMEI_TRAILINGSLASH); |
1287 | |
1288 | NAME_CACHE_LOCK_SHARED(); |
1289 | |
1290 | if ( dp->v_mount && (dp->v_mount->mnt_kern_flag & (MNTK_AUTH_OPAQUE | MNTK_AUTH_CACHE_TTL)) ) { |
1291 | ttl_enabled = TRUE; |
1292 | microuptime(&tv); |
1293 | } |
1294 | for (;;) { |
1295 | /* |
1296 | * Search a directory. |
1297 | * |
1298 | * The cn_hash value is for use by cache_lookup |
1299 | * The last component of the filename is left accessible via |
1300 | * cnp->cn_nameptr for callers that need the name. |
1301 | */ |
1302 | hash = 0; |
1303 | cp = cnp->cn_nameptr; |
1304 | |
1305 | while (*cp && (*cp != '/')) { |
1306 | hash = crc32tab[((hash >> 24) ^ (unsigned char)*cp++)] ^ hash << 8; |
1307 | } |
1308 | /* |
1309 | * the crc generator can legitimately generate |
1310 | * a 0... however, 0 for us means that we |
1311 | * haven't computed a hash, so use 1 instead |
1312 | */ |
1313 | if (hash == 0) |
1314 | hash = 1; |
1315 | cnp->cn_hash = hash; |
1316 | cnp->cn_namelen = cp - cnp->cn_nameptr; |
1317 | |
1318 | ndp->ni_pathlen -= cnp->cn_namelen; |
1319 | ndp->ni_next = cp; |
1320 | |
1321 | /* |
1322 | * Replace multiple slashes by a single slash and trailing slashes |
1323 | * by a null. This must be done before VNOP_LOOKUP() because some |
1324 | * fs's don't know about trailing slashes. Remember if there were |
1325 | * trailing slashes to handle symlinks, existing non-directories |
1326 | * and non-existing files that won't be directories specially later. |
1327 | */ |
1328 | while (*cp == '/' && (cp[1] == '/' || cp[1] == '\0')) { |
1329 | cp++; |
1330 | ndp->ni_pathlen--; |
1331 | |
1332 | if (*cp == '\0') { |
1333 | ndp->ni_flag |= NAMEI_TRAILINGSLASH; |
1334 | *ndp->ni_next = '\0'; |
1335 | } |
1336 | } |
1337 | ndp->ni_next = cp; |
1338 | |
1339 | cnp->cn_flags &= ~(MAKEENTRY | ISLASTCN | ISDOTDOT); |
1340 | |
1341 | if (*cp == '\0') |
1342 | cnp->cn_flags |= ISLASTCN; |
1343 | |
1344 | if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') |
1345 | cnp->cn_flags |= ISDOTDOT; |
1346 | |
1347 | *dp_authorized = 0; |
1348 | #if NAMEDRSRCFORK |
1349 | /* |
1350 | * Process a request for a file's resource fork. |
1351 | * |
1352 | * Consume the _PATH_RSRCFORKSPEC suffix and tag the path. |
1353 | */ |
1354 | if ((ndp->ni_pathlen == sizeof(_PATH_RSRCFORKSPEC)) && |
1355 | (cp[1] == '.' && cp[2] == '.') && |
1356 | bcmp(cp, _PATH_RSRCFORKSPEC, sizeof(_PATH_RSRCFORKSPEC)) == 0) { |
1357 | /* Skip volfs file systems that don't support native streams. */ |
1358 | if ((dp->v_mount != NULL) && |
1359 | (dp->v_mount->mnt_flag & MNT_DOVOLFS) && |
1360 | (dp->v_mount->mnt_kern_flag & MNTK_NAMED_STREAMS) == 0) { |
1361 | goto skiprsrcfork; |
1362 | } |
1363 | cnp->cn_flags |= CN_WANTSRSRCFORK; |
1364 | cnp->cn_flags |= ISLASTCN; |
1365 | ndp->ni_next[0] = '\0'; |
1366 | ndp->ni_pathlen = 1; |
1367 | } |
1368 | skiprsrcfork: |
1369 | #endif |
1370 | |
1371 | #if CONFIG_MACF |
1372 | |
1373 | /* |
1374 | * Name cache provides authorization caching (see below) |
1375 | * that will short circuit MAC checks in lookup(). |
1376 | * We must perform MAC check here. On denial |
1377 | * dp_authorized will remain 0 and second check will |
1378 | * be perfomed in lookup(). |
1379 | */ |
1380 | if (!(cnp->cn_flags & DONOTAUTH)) { |
1381 | error = mac_vnode_check_lookup(ctx, dp, cnp); |
1382 | if (error) { |
1383 | NAME_CACHE_UNLOCK(); |
1384 | goto errorout; |
1385 | } |
1386 | } |
1387 | #endif /* MAC */ |
1388 | if (ttl_enabled && |
1389 | (dp->v_mount->mnt_authcache_ttl == 0 || |
1390 | ((tv.tv_sec - dp->v_cred_timestamp) > dp->v_mount->mnt_authcache_ttl))) { |
1391 | break; |
1392 | } |
1393 | |
1394 | /* |
1395 | * NAME_CACHE_LOCK holds these fields stable |
1396 | * |
1397 | * We can't cache KAUTH_VNODE_SEARCHBYANYONE for root correctly |
1398 | * so we make an ugly check for root here. root is always |
1399 | * allowed and breaking out of here only to find out that is |
1400 | * authorized by virtue of being root is very very expensive. |
1401 | * However, the check for not root is valid only for filesystems |
1402 | * which use local authorization. |
1403 | * |
1404 | * XXX: Remove the check for root when we can reliably set |
1405 | * KAUTH_VNODE_SEARCHBYANYONE as root. |
1406 | */ |
1407 | if ((dp->v_cred != ucred || !(dp->v_authorized_actions & KAUTH_VNODE_SEARCH)) && |
1408 | !(dp->v_authorized_actions & KAUTH_VNODE_SEARCHBYANYONE) && |
1409 | (ttl_enabled || !vfs_context_issuser(ctx))) { |
1410 | break; |
1411 | } |
1412 | |
1413 | /* |
1414 | * indicate that we're allowed to traverse this directory... |
1415 | * even if we fail the cache lookup or decide to bail for |
1416 | * some other reason, this information is valid and is used |
1417 | * to avoid doing a vnode_authorize before the call to VNOP_LOOKUP |
1418 | */ |
1419 | *dp_authorized = 1; |
1420 | |
1421 | if ( (cnp->cn_flags & (ISLASTCN | ISDOTDOT)) ) { |
1422 | if (cnp->cn_nameiop != LOOKUP) |
1423 | break; |
1424 | if (cnp->cn_flags & LOCKPARENT) |
1425 | break; |
1426 | if (cnp->cn_flags & NOCACHE) |
1427 | break; |
1428 | if (cnp->cn_flags & ISDOTDOT) { |
1429 | /* |
1430 | * Force directory hardlinks to go to |
1431 | * file system for ".." requests. |
1432 | */ |
1433 | if ((dp->v_flag & VISHARDLINK)) { |
1434 | break; |
1435 | } |
1436 | /* |
1437 | * Quit here only if we can't use |
1438 | * the parent directory pointer or |
1439 | * don't have one. Otherwise, we'll |
1440 | * use it below. |
1441 | */ |
1442 | if ((dp->v_flag & VROOT) || |
1443 | dp == ndp->ni_rootdir || |
1444 | dp->v_parent == NULLVP) |
1445 | break; |
1446 | } |
1447 | } |
1448 | |
1449 | if ((cnp->cn_flags & CN_SKIPNAMECACHE)) { |
1450 | /* |
1451 | * Force lookup to go to the filesystem with |
1452 | * all cnp fields set up. |
1453 | */ |
1454 | break; |
1455 | } |
1456 | |
1457 | /* |
1458 | * "." and ".." aren't supposed to be cached, so check |
1459 | * for them before checking the cache. |
1460 | */ |
1461 | if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') |
1462 | vp = dp; |
1463 | else if ( (cnp->cn_flags & ISDOTDOT) ) { |
1464 | /* |
1465 | * If this is a chrooted process, we need to check if |
1466 | * the process is trying to break out of its chrooted |
1467 | * jail. We do that by trying to determine if dp is |
1468 | * a subdirectory of ndp->ni_rootdir. If we aren't |
1469 | * able to determine that by the v_parent pointers, we |
1470 | * will leave the fast path. |
1471 | * |
1472 | * Since this function may see dotdot components |
1473 | * many times and it has the name cache lock held for |
1474 | * the entire duration, we optimise this by doing this |
1475 | * check only once per cache_lookup_path call. |
1476 | * If dotdotchecked is set, it means we've done this |
1477 | * check once already and don't need to do it again. |
1478 | */ |
1479 | if (!dotdotchecked && (ndp->ni_rootdir != rootvnode)) { |
1480 | vnode_t tvp = dp; |
1481 | boolean_t defer = FALSE; |
1482 | boolean_t is_subdir = FALSE; |
1483 | |
1484 | defer = cache_check_vnode_issubdir(tvp, |
1485 | ndp->ni_rootdir, &is_subdir, &tvp); |
1486 | |
1487 | if (defer) { |
1488 | /* defer to Filesystem */ |
1489 | break; |
1490 | } else if (!is_subdir) { |
1491 | /* |
1492 | * This process is trying to break out |
1493 | * of its chrooted jail, so all its |
1494 | * dotdot accesses will be translated to |
1495 | * its root directory. |
1496 | */ |
1497 | vp = ndp->ni_rootdir; |
1498 | } else { |
1499 | /* |
1500 | * All good, let this dotdot access |
1501 | * proceed normally |
1502 | */ |
1503 | vp = dp->v_parent; |
1504 | } |
1505 | dotdotchecked = TRUE; |
1506 | } else { |
1507 | vp = dp->v_parent; |
1508 | } |
1509 | } else { |
1510 | if ( (vp = cache_lookup_locked(dp, cnp)) == NULLVP) |
1511 | break; |
1512 | |
1513 | if ( (vp->v_flag & VISHARDLINK) ) { |
1514 | /* |
1515 | * The file system wants a VNOP_LOOKUP on this vnode |
1516 | */ |
1517 | vp = NULL; |
1518 | break; |
1519 | } |
1520 | } |
1521 | if ( (cnp->cn_flags & ISLASTCN) ) |
1522 | break; |
1523 | |
1524 | if (vp->v_type != VDIR) { |
1525 | if (vp->v_type != VLNK) |
1526 | vp = NULL; |
1527 | break; |
1528 | } |
1529 | |
1530 | if ( (mp = vp->v_mountedhere) && ((cnp->cn_flags & NOCROSSMOUNT) == 0)) { |
1531 | vnode_t tmp_vp = mp->mnt_realrootvp; |
1532 | if (tmp_vp == NULLVP || mp->mnt_generation != mount_generation || |
1533 | mp->mnt_realrootvp_vid != tmp_vp->v_id) |
1534 | break; |
1535 | vp = tmp_vp; |
1536 | } |
1537 | |
1538 | #if CONFIG_TRIGGERS |
1539 | /* |
1540 | * After traversing all mountpoints stacked here, if we have a |
1541 | * trigger in hand, resolve it. Note that we don't need to |
1542 | * leave the fast path if the mount has already happened. |
1543 | */ |
1544 | if (vp->v_resolve) |
1545 | break; |
1546 | #endif /* CONFIG_TRIGGERS */ |
1547 | |
1548 | |
1549 | dp = vp; |
1550 | vp = NULLVP; |
1551 | |
1552 | cnp->cn_nameptr = ndp->ni_next + 1; |
1553 | ndp->ni_pathlen--; |
1554 | while (*cnp->cn_nameptr == '/') { |
1555 | cnp->cn_nameptr++; |
1556 | ndp->ni_pathlen--; |
1557 | } |
1558 | } |
1559 | if (vp != NULLVP) |
1560 | vvid = vp->v_id; |
1561 | vid = dp->v_id; |
1562 | |
1563 | NAME_CACHE_UNLOCK(); |
1564 | |
1565 | if ((vp != NULLVP) && (vp->v_type != VLNK) && |
1566 | ((cnp->cn_flags & (ISLASTCN | LOCKPARENT | WANTPARENT | SAVESTART)) == ISLASTCN)) { |
1567 | /* |
1568 | * if we've got a child and it's the last component, and |
1569 | * the lookup doesn't need to return the parent then we |
1570 | * can skip grabbing an iocount on the parent, since all |
1571 | * we're going to do with it is a vnode_put just before |
1572 | * we return from 'lookup'. If it's a symbolic link, |
1573 | * we need the parent in case the link happens to be |
1574 | * a relative pathname. |
1575 | */ |
1576 | tdp = dp; |
1577 | dp = NULLVP; |
1578 | } else { |
1579 | need_dp: |
1580 | /* |
1581 | * return the last directory we looked at |
1582 | * with an io reference held. If it was the one passed |
1583 | * in as a result of the last iteration of VNOP_LOOKUP, |
1584 | * it should already hold an io ref. No need to increase ref. |
1585 | */ |
1586 | if (last_dp != dp){ |
1587 | |
1588 | if (dp == ndp->ni_usedvp) { |
1589 | /* |
1590 | * if this vnode matches the one passed in via USEDVP |
1591 | * than this context already holds an io_count... just |
1592 | * use vnode_get to get an extra ref for lookup to play |
1593 | * with... can't use the getwithvid variant here because |
1594 | * it will block behind a vnode_drain which would result |
1595 | * in a deadlock (since we already own an io_count that the |
1596 | * vnode_drain is waiting on)... vnode_get grabs the io_count |
1597 | * immediately w/o waiting... it always succeeds |
1598 | */ |
1599 | vnode_get(dp); |
1600 | } else if ((error = vnode_getwithvid_drainok(dp, vid))) { |
1601 | /* |
1602 | * failure indicates the vnode |
1603 | * changed identity or is being |
1604 | * TERMINATED... in either case |
1605 | * punt this lookup. |
1606 | * |
1607 | * don't necessarily return ENOENT, though, because |
1608 | * we really want to go back to disk and make sure it's |
1609 | * there or not if someone else is changing this |
1610 | * vnode. That being said, the one case where we do want |
1611 | * to return ENOENT is when the vnode's mount point is |
1612 | * in the process of unmounting and we might cause a deadlock |
1613 | * in our attempt to take an iocount. An ENODEV error return |
1614 | * is from vnode_get* is an indication this but we change that |
1615 | * ENOENT for upper layers. |
1616 | */ |
1617 | if (error == ENODEV) { |
1618 | error = ENOENT; |
1619 | } else { |
1620 | error = ERECYCLE; |
1621 | } |
1622 | goto errorout; |
1623 | } |
1624 | } |
1625 | } |
1626 | if (vp != NULLVP) { |
1627 | if ( (vnode_getwithvid_drainok(vp, vvid)) ) { |
1628 | vp = NULLVP; |
1629 | |
1630 | /* |
1631 | * can't get reference on the vp we'd like |
1632 | * to return... if we didn't grab a reference |
1633 | * on the directory (due to fast path bypass), |
1634 | * then we need to do it now... we can't return |
1635 | * with both ni_dvp and ni_vp NULL, and no |
1636 | * error condition |
1637 | */ |
1638 | if (dp == NULLVP) { |
1639 | dp = tdp; |
1640 | goto need_dp; |
1641 | } |
1642 | } |
1643 | } |
1644 | |
1645 | ndp->ni_dvp = dp; |
1646 | ndp->ni_vp = vp; |
1647 | |
1648 | #if CONFIG_TRIGGERS |
1649 | trigger_vp = vp ? vp : dp; |
1650 | if ((error == 0) && (trigger_vp != NULLVP) && vnode_isdir(trigger_vp)) { |
1651 | error = vnode_trigger_resolve(trigger_vp, ndp, ctx); |
1652 | if (error) { |
1653 | if (vp) |
1654 | vnode_put(vp); |
1655 | if (dp) |
1656 | vnode_put(dp); |
1657 | goto errorout; |
1658 | } |
1659 | } |
1660 | #endif /* CONFIG_TRIGGERS */ |
1661 | |
1662 | errorout: |
1663 | /* |
1664 | * If we came into cache_lookup_path after an iteration of the lookup loop that |
1665 | * resulted in a call to VNOP_LOOKUP, then VNOP_LOOKUP returned a vnode with a io ref |
1666 | * on it. It is now the job of cache_lookup_path to drop the ref on this vnode |
1667 | * when it is no longer needed. If we get to this point, and last_dp is not NULL |
1668 | * and it is ALSO not the dvp we want to return to caller of this function, it MUST be |
1669 | * the case that we got to a subsequent path component and this previous vnode is |
1670 | * no longer needed. We can then drop the io ref on it. |
1671 | */ |
1672 | if ((last_dp != NULLVP) && (last_dp != ndp->ni_dvp)){ |
1673 | vnode_put(last_dp); |
1674 | } |
1675 | |
1676 | //initialized to 0, should be the same if no error cases occurred. |
1677 | return error; |
1678 | } |
1679 | |
1680 | |
1681 | static vnode_t |
1682 | cache_lookup_locked(vnode_t dvp, struct componentname *cnp) |
1683 | { |
1684 | struct namecache *ncp; |
1685 | struct nchashhead *ncpp; |
1686 | long namelen = cnp->cn_namelen; |
1687 | unsigned int hashval = cnp->cn_hash; |
1688 | |
1689 | if (nc_disabled) { |
1690 | return NULL; |
1691 | } |
1692 | |
1693 | ncpp = NCHHASH(dvp, cnp->cn_hash); |
1694 | LIST_FOREACH(ncp, ncpp, nc_hash) { |
1695 | if ((ncp->nc_dvp == dvp) && (ncp->nc_hashval == hashval)) { |
1696 | if (strncmp(ncp->nc_name, cnp->cn_nameptr, namelen) == 0 && ncp->nc_name[namelen] == 0) |
1697 | break; |
1698 | } |
1699 | } |
1700 | if (ncp == 0) { |
1701 | /* |
1702 | * We failed to find an entry |
1703 | */ |
1704 | NCHSTAT(ncs_miss); |
1705 | return (NULL); |
1706 | } |
1707 | NCHSTAT(ncs_goodhits); |
1708 | |
1709 | return (ncp->nc_vp); |
1710 | } |
1711 | |
1712 | |
1713 | unsigned int hash_string(const char *cp, int len); |
1714 | // |
1715 | // Have to take a len argument because we may only need to |
1716 | // hash part of a componentname. |
1717 | // |
1718 | unsigned int |
1719 | hash_string(const char *cp, int len) |
1720 | { |
1721 | unsigned hash = 0; |
1722 | |
1723 | if (len) { |
1724 | while (len--) { |
1725 | hash = crc32tab[((hash >> 24) ^ (unsigned char)*cp++)] ^ hash << 8; |
1726 | } |
1727 | } else { |
1728 | while (*cp != '\0') { |
1729 | hash = crc32tab[((hash >> 24) ^ (unsigned char)*cp++)] ^ hash << 8; |
1730 | } |
1731 | } |
1732 | /* |
1733 | * the crc generator can legitimately generate |
1734 | * a 0... however, 0 for us means that we |
1735 | * haven't computed a hash, so use 1 instead |
1736 | */ |
1737 | if (hash == 0) |
1738 | hash = 1; |
1739 | return hash; |
1740 | } |
1741 | |
1742 | |
1743 | /* |
1744 | * Lookup an entry in the cache |
1745 | * |
1746 | * We don't do this if the segment name is long, simply so the cache |
1747 | * can avoid holding long names (which would either waste space, or |
1748 | * add greatly to the complexity). |
1749 | * |
1750 | * Lookup is called with dvp pointing to the directory to search, |
1751 | * cnp pointing to the name of the entry being sought. If the lookup |
1752 | * succeeds, the vnode is returned in *vpp, and a status of -1 is |
1753 | * returned. If the lookup determines that the name does not exist |
1754 | * (negative cacheing), a status of ENOENT is returned. If the lookup |
1755 | * fails, a status of zero is returned. |
1756 | */ |
1757 | |
1758 | int |
1759 | cache_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp) |
1760 | { |
1761 | struct namecache *ncp; |
1762 | struct nchashhead *ncpp; |
1763 | long namelen = cnp->cn_namelen; |
1764 | unsigned int hashval; |
1765 | boolean_t have_exclusive = FALSE; |
1766 | uint32_t vid; |
1767 | vnode_t vp; |
1768 | |
1769 | if (cnp->cn_hash == 0) |
1770 | cnp->cn_hash = hash_string(cnp->cn_nameptr, cnp->cn_namelen); |
1771 | hashval = cnp->cn_hash; |
1772 | |
1773 | if (nc_disabled) { |
1774 | return 0; |
1775 | } |
1776 | |
1777 | NAME_CACHE_LOCK_SHARED(); |
1778 | |
1779 | relook: |
1780 | ncpp = NCHHASH(dvp, cnp->cn_hash); |
1781 | LIST_FOREACH(ncp, ncpp, nc_hash) { |
1782 | if ((ncp->nc_dvp == dvp) && (ncp->nc_hashval == hashval)) { |
1783 | if (strncmp(ncp->nc_name, cnp->cn_nameptr, namelen) == 0 && ncp->nc_name[namelen] == 0) |
1784 | break; |
1785 | } |
1786 | } |
1787 | /* We failed to find an entry */ |
1788 | if (ncp == 0) { |
1789 | NCHSTAT(ncs_miss); |
1790 | NAME_CACHE_UNLOCK(); |
1791 | return (0); |
1792 | } |
1793 | |
1794 | /* We don't want to have an entry, so dump it */ |
1795 | if ((cnp->cn_flags & MAKEENTRY) == 0) { |
1796 | if (have_exclusive == TRUE) { |
1797 | NCHSTAT(ncs_badhits); |
1798 | cache_delete(ncp, 1); |
1799 | NAME_CACHE_UNLOCK(); |
1800 | return (0); |
1801 | } |
1802 | NAME_CACHE_UNLOCK(); |
1803 | NAME_CACHE_LOCK(); |
1804 | have_exclusive = TRUE; |
1805 | goto relook; |
1806 | } |
1807 | vp = ncp->nc_vp; |
1808 | |
1809 | /* We found a "positive" match, return the vnode */ |
1810 | if (vp) { |
1811 | NCHSTAT(ncs_goodhits); |
1812 | |
1813 | vid = vp->v_id; |
1814 | NAME_CACHE_UNLOCK(); |
1815 | |
1816 | if (vnode_getwithvid(vp, vid)) { |
1817 | #if COLLECT_STATS |
1818 | NAME_CACHE_LOCK(); |
1819 | NCHSTAT(ncs_badvid); |
1820 | NAME_CACHE_UNLOCK(); |
1821 | #endif |
1822 | return (0); |
1823 | } |
1824 | *vpp = vp; |
1825 | return (-1); |
1826 | } |
1827 | |
1828 | /* We found a negative match, and want to create it, so purge */ |
1829 | if (cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME) { |
1830 | if (have_exclusive == TRUE) { |
1831 | NCHSTAT(ncs_badhits); |
1832 | cache_delete(ncp, 1); |
1833 | NAME_CACHE_UNLOCK(); |
1834 | return (0); |
1835 | } |
1836 | NAME_CACHE_UNLOCK(); |
1837 | NAME_CACHE_LOCK(); |
1838 | have_exclusive = TRUE; |
1839 | goto relook; |
1840 | } |
1841 | |
1842 | /* |
1843 | * We found a "negative" match, ENOENT notifies client of this match. |
1844 | */ |
1845 | NCHSTAT(ncs_neghits); |
1846 | |
1847 | NAME_CACHE_UNLOCK(); |
1848 | return (ENOENT); |
1849 | } |
1850 | |
1851 | const char * |
1852 | cache_enter_create(vnode_t dvp, vnode_t vp, struct componentname *cnp) |
1853 | { |
1854 | const char *strname; |
1855 | |
1856 | if (cnp->cn_hash == 0) |
1857 | cnp->cn_hash = hash_string(cnp->cn_nameptr, cnp->cn_namelen); |
1858 | |
1859 | /* |
1860 | * grab 2 references on the string entered |
1861 | * one for the cache_enter_locked to consume |
1862 | * and the second to be consumed by v_name (vnode_create call point) |
1863 | */ |
1864 | strname = add_name_internal(cnp->cn_nameptr, cnp->cn_namelen, cnp->cn_hash, TRUE, 0); |
1865 | |
1866 | NAME_CACHE_LOCK(); |
1867 | |
1868 | cache_enter_locked(dvp, vp, cnp, strname); |
1869 | |
1870 | NAME_CACHE_UNLOCK(); |
1871 | |
1872 | return (strname); |
1873 | } |
1874 | |
1875 | |
1876 | /* |
1877 | * Add an entry to the cache... |
1878 | * but first check to see if the directory |
1879 | * that this entry is to be associated with has |
1880 | * had any cache_purges applied since we took |
1881 | * our identity snapshot... this check needs to |
1882 | * be done behind the name cache lock |
1883 | */ |
1884 | void |
1885 | cache_enter_with_gen(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, int gen) |
1886 | { |
1887 | |
1888 | if (cnp->cn_hash == 0) |
1889 | cnp->cn_hash = hash_string(cnp->cn_nameptr, cnp->cn_namelen); |
1890 | |
1891 | NAME_CACHE_LOCK(); |
1892 | |
1893 | if (dvp->v_nc_generation == gen) |
1894 | (void)cache_enter_locked(dvp, vp, cnp, NULL); |
1895 | |
1896 | NAME_CACHE_UNLOCK(); |
1897 | } |
1898 | |
1899 | |
1900 | /* |
1901 | * Add an entry to the cache. |
1902 | */ |
1903 | void |
1904 | cache_enter(struct vnode *dvp, struct vnode *vp, struct componentname *cnp) |
1905 | { |
1906 | const char *strname; |
1907 | |
1908 | if (cnp->cn_hash == 0) |
1909 | cnp->cn_hash = hash_string(cnp->cn_nameptr, cnp->cn_namelen); |
1910 | |
1911 | /* |
1912 | * grab 1 reference on the string entered |
1913 | * for the cache_enter_locked to consume |
1914 | */ |
1915 | strname = add_name_internal(cnp->cn_nameptr, cnp->cn_namelen, cnp->cn_hash, FALSE, 0); |
1916 | |
1917 | NAME_CACHE_LOCK(); |
1918 | |
1919 | cache_enter_locked(dvp, vp, cnp, strname); |
1920 | |
1921 | NAME_CACHE_UNLOCK(); |
1922 | } |
1923 | |
1924 | |
1925 | static void |
1926 | cache_enter_locked(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, const char *strname) |
1927 | { |
1928 | struct namecache *ncp, *negp; |
1929 | struct nchashhead *ncpp; |
1930 | |
1931 | if (nc_disabled) |
1932 | return; |
1933 | |
1934 | /* |
1935 | * if the entry is for -ve caching vp is null |
1936 | */ |
1937 | if ((vp != NULLVP) && (LIST_FIRST(&vp->v_nclinks))) { |
1938 | /* |
1939 | * someone beat us to the punch.. |
1940 | * this vnode is already in the cache |
1941 | */ |
1942 | if (strname != NULL) |
1943 | vfs_removename(strname); |
1944 | return; |
1945 | } |
1946 | /* |
1947 | * We allocate a new entry if we are less than the maximum |
1948 | * allowed and the one at the front of the list is in use. |
1949 | * Otherwise we use the one at the front of the list. |
1950 | */ |
1951 | if (numcache < desiredNodes && |
1952 | ((ncp = nchead.tqh_first) == NULL || |
1953 | ncp->nc_hash.le_prev != 0)) { |
1954 | /* |
1955 | * Allocate one more entry |
1956 | */ |
1957 | ncp = (struct namecache *)_MALLOC_ZONE(sizeof(*ncp), M_CACHE, M_WAITOK); |
1958 | numcache++; |
1959 | } else { |
1960 | /* |
1961 | * reuse an old entry |
1962 | */ |
1963 | ncp = TAILQ_FIRST(&nchead); |
1964 | TAILQ_REMOVE(&nchead, ncp, nc_entry); |
1965 | |
1966 | if (ncp->nc_hash.le_prev != 0) { |
1967 | /* |
1968 | * still in use... we need to |
1969 | * delete it before re-using it |
1970 | */ |
1971 | NCHSTAT(ncs_stolen); |
1972 | cache_delete(ncp, 0); |
1973 | } |
1974 | } |
1975 | NCHSTAT(ncs_enters); |
1976 | |
1977 | /* |
1978 | * Fill in cache info, if vp is NULL this is a "negative" cache entry. |
1979 | */ |
1980 | ncp->nc_vp = vp; |
1981 | ncp->nc_dvp = dvp; |
1982 | ncp->nc_hashval = cnp->cn_hash; |
1983 | |
1984 | if (strname == NULL) |
1985 | ncp->nc_name = add_name_internal(cnp->cn_nameptr, cnp->cn_namelen, cnp->cn_hash, FALSE, 0); |
1986 | else |
1987 | ncp->nc_name = strname; |
1988 | |
1989 | // |
1990 | // If the bytes of the name associated with the vnode differ, |
1991 | // use the name associated with the vnode since the file system |
1992 | // may have set that explicitly in the case of a lookup on a |
1993 | // case-insensitive file system where the case of the looked up |
1994 | // name differs from what is on disk. For more details, see: |
1995 | // <rdar://problem/8044697> FSEvents doesn't always decompose diacritical unicode chars in the paths of the changed directories |
1996 | // |
1997 | const char *vn_name = vp ? vp->v_name : NULL; |
1998 | unsigned int len = vn_name ? strlen(vn_name) : 0; |
1999 | if (vn_name && ncp && ncp->nc_name && strncmp(ncp->nc_name, vn_name, len) != 0) { |
2000 | unsigned int hash = hash_string(vn_name, len); |
2001 | |
2002 | vfs_removename(ncp->nc_name); |
2003 | ncp->nc_name = add_name_internal(vn_name, len, hash, FALSE, 0); |
2004 | ncp->nc_hashval = hash; |
2005 | } |
2006 | |
2007 | /* |
2008 | * make us the newest entry in the cache |
2009 | * i.e. we'll be the last to be stolen |
2010 | */ |
2011 | TAILQ_INSERT_TAIL(&nchead, ncp, nc_entry); |
2012 | |
2013 | ncpp = NCHHASH(dvp, cnp->cn_hash); |
2014 | #if DIAGNOSTIC |
2015 | { |
2016 | struct namecache *p; |
2017 | |
2018 | for (p = ncpp->lh_first; p != 0; p = p->nc_hash.le_next) |
2019 | if (p == ncp) |
2020 | panic("cache_enter: duplicate" ); |
2021 | } |
2022 | #endif |
2023 | /* |
2024 | * make us available to be found via lookup |
2025 | */ |
2026 | LIST_INSERT_HEAD(ncpp, ncp, nc_hash); |
2027 | |
2028 | if (vp) { |
2029 | /* |
2030 | * add to the list of name cache entries |
2031 | * that point at vp |
2032 | */ |
2033 | LIST_INSERT_HEAD(&vp->v_nclinks, ncp, nc_un.nc_link); |
2034 | } else { |
2035 | /* |
2036 | * this is a negative cache entry (vp == NULL) |
2037 | * stick it on the negative cache list. |
2038 | */ |
2039 | TAILQ_INSERT_TAIL(&neghead, ncp, nc_un.nc_negentry); |
2040 | |
2041 | ncs_negtotal++; |
2042 | |
2043 | if (ncs_negtotal > desiredNegNodes) { |
2044 | /* |
2045 | * if we've reached our desired limit |
2046 | * of negative cache entries, delete |
2047 | * the oldest |
2048 | */ |
2049 | negp = TAILQ_FIRST(&neghead); |
2050 | cache_delete(negp, 1); |
2051 | } |
2052 | } |
2053 | /* |
2054 | * add us to the list of name cache entries that |
2055 | * are children of dvp |
2056 | */ |
2057 | if (vp) |
2058 | TAILQ_INSERT_TAIL(&dvp->v_ncchildren, ncp, nc_child); |
2059 | else |
2060 | TAILQ_INSERT_HEAD(&dvp->v_ncchildren, ncp, nc_child); |
2061 | } |
2062 | |
2063 | |
2064 | /* |
2065 | * Initialize CRC-32 remainder table. |
2066 | */ |
2067 | static void init_crc32(void) |
2068 | { |
2069 | /* |
2070 | * the CRC-32 generator polynomial is: |
2071 | * x^32 + x^26 + x^23 + x^22 + x^16 + x^12 + x^10 |
2072 | * + x^8 + x^7 + x^5 + x^4 + x^2 + x + 1 |
2073 | */ |
2074 | unsigned int crc32_polynomial = 0x04c11db7; |
2075 | unsigned int i,j; |
2076 | |
2077 | /* |
2078 | * pre-calculate the CRC-32 remainder for each possible octet encoding |
2079 | */ |
2080 | for (i = 0; i < 256; i++) { |
2081 | unsigned int crc_rem = i << 24; |
2082 | |
2083 | for (j = 0; j < 8; j++) { |
2084 | if (crc_rem & 0x80000000) |
2085 | crc_rem = (crc_rem << 1) ^ crc32_polynomial; |
2086 | else |
2087 | crc_rem = (crc_rem << 1); |
2088 | } |
2089 | crc32tab[i] = crc_rem; |
2090 | } |
2091 | } |
2092 | |
2093 | |
2094 | /* |
2095 | * Name cache initialization, from vfs_init() when we are booting |
2096 | */ |
2097 | void |
2098 | nchinit(void) |
2099 | { |
2100 | int i; |
2101 | |
2102 | desiredNegNodes = (desiredvnodes / 10); |
2103 | desiredNodes = desiredvnodes + desiredNegNodes; |
2104 | |
2105 | TAILQ_INIT(&nchead); |
2106 | TAILQ_INIT(&neghead); |
2107 | |
2108 | init_crc32(); |
2109 | |
2110 | nchashtbl = hashinit(MAX(CONFIG_NC_HASH, (2 *desiredNodes)), M_CACHE, &nchash); |
2111 | nchashmask = nchash; |
2112 | nchash++; |
2113 | |
2114 | init_string_table(); |
2115 | |
2116 | /* Allocate name cache lock group attribute and group */ |
2117 | namecache_lck_grp_attr= lck_grp_attr_alloc_init(); |
2118 | |
2119 | namecache_lck_grp = lck_grp_alloc_init("Name Cache" , namecache_lck_grp_attr); |
2120 | |
2121 | /* Allocate name cache lock attribute */ |
2122 | namecache_lck_attr = lck_attr_alloc_init(); |
2123 | |
2124 | /* Allocate name cache lock */ |
2125 | namecache_rw_lock = lck_rw_alloc_init(namecache_lck_grp, namecache_lck_attr); |
2126 | |
2127 | |
2128 | /* Allocate string cache lock group attribute and group */ |
2129 | strcache_lck_grp_attr= lck_grp_attr_alloc_init(); |
2130 | |
2131 | strcache_lck_grp = lck_grp_alloc_init("String Cache" , strcache_lck_grp_attr); |
2132 | |
2133 | /* Allocate string cache lock attribute */ |
2134 | strcache_lck_attr = lck_attr_alloc_init(); |
2135 | |
2136 | /* Allocate string cache lock */ |
2137 | strtable_rw_lock = lck_rw_alloc_init(strcache_lck_grp, strcache_lck_attr); |
2138 | |
2139 | for (i = 0; i < NUM_STRCACHE_LOCKS; i++) |
2140 | lck_mtx_init(&strcache_mtx_locks[i], strcache_lck_grp, strcache_lck_attr); |
2141 | } |
2142 | |
2143 | void |
2144 | name_cache_lock_shared(void) |
2145 | { |
2146 | lck_rw_lock_shared(namecache_rw_lock); |
2147 | } |
2148 | |
2149 | void |
2150 | name_cache_lock(void) |
2151 | { |
2152 | lck_rw_lock_exclusive(namecache_rw_lock); |
2153 | } |
2154 | |
2155 | void |
2156 | name_cache_unlock(void) |
2157 | { |
2158 | lck_rw_done(namecache_rw_lock); |
2159 | } |
2160 | |
2161 | |
2162 | int |
2163 | resize_namecache(int newsize) |
2164 | { |
2165 | struct nchashhead *new_table; |
2166 | struct nchashhead *old_table; |
2167 | struct nchashhead *old_head, *head; |
2168 | struct namecache *entry, *next; |
2169 | uint32_t i, hashval; |
2170 | int dNodes, dNegNodes, nelements; |
2171 | u_long new_size, old_size; |
2172 | |
2173 | if (newsize < 0) |
2174 | return EINVAL; |
2175 | |
2176 | dNegNodes = (newsize / 10); |
2177 | dNodes = newsize + dNegNodes; |
2178 | // we don't support shrinking yet |
2179 | if (dNodes <= desiredNodes) { |
2180 | return 0; |
2181 | } |
2182 | |
2183 | if (os_mul_overflow(dNodes, 2, &nelements)) { |
2184 | return EINVAL; |
2185 | } |
2186 | |
2187 | new_table = hashinit(nelements, M_CACHE, &nchashmask); |
2188 | new_size = nchashmask + 1; |
2189 | |
2190 | if (new_table == NULL) { |
2191 | return ENOMEM; |
2192 | } |
2193 | |
2194 | NAME_CACHE_LOCK(); |
2195 | // do the switch! |
2196 | old_table = nchashtbl; |
2197 | nchashtbl = new_table; |
2198 | old_size = nchash; |
2199 | nchash = new_size; |
2200 | |
2201 | // walk the old table and insert all the entries into |
2202 | // the new table |
2203 | // |
2204 | for(i=0; i < old_size; i++) { |
2205 | old_head = &old_table[i]; |
2206 | for (entry=old_head->lh_first; entry != NULL; entry=next) { |
2207 | // |
2208 | // XXXdbg - Beware: this assumes that hash_string() does |
2209 | // the same thing as what happens in |
2210 | // lookup() over in vfs_lookup.c |
2211 | hashval = hash_string(entry->nc_name, 0); |
2212 | entry->nc_hashval = hashval; |
2213 | head = NCHHASH(entry->nc_dvp, hashval); |
2214 | |
2215 | next = entry->nc_hash.le_next; |
2216 | LIST_INSERT_HEAD(head, entry, nc_hash); |
2217 | } |
2218 | } |
2219 | desiredNodes = dNodes; |
2220 | desiredNegNodes = dNegNodes; |
2221 | |
2222 | NAME_CACHE_UNLOCK(); |
2223 | FREE(old_table, M_CACHE); |
2224 | |
2225 | return 0; |
2226 | } |
2227 | |
2228 | static void |
2229 | cache_delete(struct namecache *ncp, int free_entry) |
2230 | { |
2231 | NCHSTAT(ncs_deletes); |
2232 | |
2233 | if (ncp->nc_vp) { |
2234 | LIST_REMOVE(ncp, nc_un.nc_link); |
2235 | } else { |
2236 | TAILQ_REMOVE(&neghead, ncp, nc_un.nc_negentry); |
2237 | ncs_negtotal--; |
2238 | } |
2239 | TAILQ_REMOVE(&(ncp->nc_dvp->v_ncchildren), ncp, nc_child); |
2240 | |
2241 | LIST_REMOVE(ncp, nc_hash); |
2242 | /* |
2243 | * this field is used to indicate |
2244 | * that the entry is in use and |
2245 | * must be deleted before it can |
2246 | * be reused... |
2247 | */ |
2248 | ncp->nc_hash.le_prev = NULL; |
2249 | |
2250 | vfs_removename(ncp->nc_name); |
2251 | ncp->nc_name = NULL; |
2252 | if (free_entry) { |
2253 | TAILQ_REMOVE(&nchead, ncp, nc_entry); |
2254 | FREE_ZONE(ncp, sizeof(*ncp), M_CACHE); |
2255 | numcache--; |
2256 | } |
2257 | } |
2258 | |
2259 | |
2260 | /* |
2261 | * purge the entry associated with the |
2262 | * specified vnode from the name cache |
2263 | */ |
2264 | void |
2265 | cache_purge(vnode_t vp) |
2266 | { |
2267 | struct namecache *ncp; |
2268 | kauth_cred_t tcred = NULL; |
2269 | |
2270 | if ((LIST_FIRST(&vp->v_nclinks) == NULL) && |
2271 | (TAILQ_FIRST(&vp->v_ncchildren) == NULL) && |
2272 | (vp->v_cred == NOCRED) && |
2273 | (vp->v_parent == NULLVP)) |
2274 | return; |
2275 | |
2276 | NAME_CACHE_LOCK(); |
2277 | |
2278 | if (vp->v_parent) |
2279 | vp->v_parent->v_nc_generation++; |
2280 | |
2281 | while ( (ncp = LIST_FIRST(&vp->v_nclinks)) ) |
2282 | cache_delete(ncp, 1); |
2283 | |
2284 | while ( (ncp = TAILQ_FIRST(&vp->v_ncchildren)) ) |
2285 | cache_delete(ncp, 1); |
2286 | |
2287 | /* |
2288 | * Use a temp variable to avoid kauth_cred_unref() while NAME_CACHE_LOCK is held |
2289 | */ |
2290 | tcred = vp->v_cred; |
2291 | vp->v_cred = NOCRED; |
2292 | vp->v_authorized_actions = 0; |
2293 | |
2294 | NAME_CACHE_UNLOCK(); |
2295 | |
2296 | if (IS_VALID_CRED(tcred)) |
2297 | kauth_cred_unref(&tcred); |
2298 | } |
2299 | |
2300 | /* |
2301 | * Purge all negative cache entries that are children of the |
2302 | * given vnode. A case-insensitive file system (or any file |
2303 | * system that has multiple equivalent names for the same |
2304 | * directory entry) can use this when creating or renaming |
2305 | * to remove negative entries that may no longer apply. |
2306 | */ |
2307 | void |
2308 | cache_purge_negatives(vnode_t vp) |
2309 | { |
2310 | struct namecache *ncp, *next_ncp; |
2311 | |
2312 | NAME_CACHE_LOCK(); |
2313 | |
2314 | TAILQ_FOREACH_SAFE(ncp, &vp->v_ncchildren, nc_child, next_ncp) { |
2315 | if (ncp->nc_vp) |
2316 | break; |
2317 | |
2318 | cache_delete(ncp, 1); |
2319 | } |
2320 | |
2321 | NAME_CACHE_UNLOCK(); |
2322 | } |
2323 | |
2324 | /* |
2325 | * Flush all entries referencing a particular filesystem. |
2326 | * |
2327 | * Since we need to check it anyway, we will flush all the invalid |
2328 | * entries at the same time. |
2329 | */ |
2330 | void |
2331 | cache_purgevfs(struct mount *mp) |
2332 | { |
2333 | struct nchashhead *ncpp; |
2334 | struct namecache *ncp; |
2335 | |
2336 | NAME_CACHE_LOCK(); |
2337 | /* Scan hash tables for applicable entries */ |
2338 | for (ncpp = &nchashtbl[nchash - 1]; ncpp >= nchashtbl; ncpp--) { |
2339 | restart: |
2340 | for (ncp = ncpp->lh_first; ncp != 0; ncp = ncp->nc_hash.le_next) { |
2341 | if (ncp->nc_dvp->v_mount == mp) { |
2342 | cache_delete(ncp, 0); |
2343 | goto restart; |
2344 | } |
2345 | } |
2346 | } |
2347 | NAME_CACHE_UNLOCK(); |
2348 | } |
2349 | |
2350 | |
2351 | |
2352 | // |
2353 | // String ref routines |
2354 | // |
2355 | static LIST_HEAD(stringhead, string_t) *string_ref_table; |
2356 | static u_long string_table_mask; |
2357 | static uint32_t filled_buckets=0; |
2358 | |
2359 | |
2360 | typedef struct string_t { |
2361 | LIST_ENTRY(string_t) hash_chain; |
2362 | const char *str; |
2363 | uint32_t refcount; |
2364 | } string_t; |
2365 | |
2366 | |
2367 | static void |
2368 | resize_string_ref_table(void) |
2369 | { |
2370 | struct stringhead *new_table; |
2371 | struct stringhead *old_table; |
2372 | struct stringhead *old_head, *head; |
2373 | string_t *entry, *next; |
2374 | uint32_t i, hashval; |
2375 | u_long new_mask, old_mask; |
2376 | |
2377 | /* |
2378 | * need to hold the table lock exclusively |
2379 | * in order to grow the table... need to recheck |
2380 | * the need to resize again after we've taken |
2381 | * the lock exclusively in case some other thread |
2382 | * beat us to the punch |
2383 | */ |
2384 | lck_rw_lock_exclusive(strtable_rw_lock); |
2385 | |
2386 | if (4 * filled_buckets < ((string_table_mask + 1) * 3)) { |
2387 | lck_rw_done(strtable_rw_lock); |
2388 | return; |
2389 | } |
2390 | new_table = hashinit((string_table_mask + 1) * 2, M_CACHE, &new_mask); |
2391 | |
2392 | if (new_table == NULL) { |
2393 | printf("failed to resize the hash table.\n" ); |
2394 | lck_rw_done(strtable_rw_lock); |
2395 | return; |
2396 | } |
2397 | |
2398 | // do the switch! |
2399 | old_table = string_ref_table; |
2400 | string_ref_table = new_table; |
2401 | old_mask = string_table_mask; |
2402 | string_table_mask = new_mask; |
2403 | filled_buckets = 0; |
2404 | |
2405 | // walk the old table and insert all the entries into |
2406 | // the new table |
2407 | // |
2408 | for (i = 0; i <= old_mask; i++) { |
2409 | old_head = &old_table[i]; |
2410 | for (entry = old_head->lh_first; entry != NULL; entry = next) { |
2411 | hashval = hash_string((const char *)entry->str, 0); |
2412 | head = &string_ref_table[hashval & string_table_mask]; |
2413 | if (head->lh_first == NULL) { |
2414 | filled_buckets++; |
2415 | } |
2416 | next = entry->hash_chain.le_next; |
2417 | LIST_INSERT_HEAD(head, entry, hash_chain); |
2418 | } |
2419 | } |
2420 | lck_rw_done(strtable_rw_lock); |
2421 | |
2422 | FREE(old_table, M_CACHE); |
2423 | } |
2424 | |
2425 | |
2426 | static void |
2427 | init_string_table(void) |
2428 | { |
2429 | string_ref_table = hashinit(CONFIG_VFS_NAMES, M_CACHE, &string_table_mask); |
2430 | } |
2431 | |
2432 | |
2433 | const char * |
2434 | vfs_addname(const char *name, uint32_t len, u_int hashval, u_int flags) |
2435 | { |
2436 | return (add_name_internal(name, len, hashval, FALSE, flags)); |
2437 | } |
2438 | |
2439 | |
2440 | static const char * |
2441 | add_name_internal(const char *name, uint32_t len, u_int hashval, boolean_t , __unused u_int flags) |
2442 | { |
2443 | struct stringhead *head; |
2444 | string_t *entry; |
2445 | uint32_t chain_len = 0; |
2446 | uint32_t hash_index; |
2447 | uint32_t lock_index; |
2448 | char *ptr; |
2449 | |
2450 | if (len > MAXPATHLEN) |
2451 | len = MAXPATHLEN; |
2452 | |
2453 | /* |
2454 | * if the length already accounts for the null-byte, then |
2455 | * subtract one so later on we don't index past the end |
2456 | * of the string. |
2457 | */ |
2458 | if (len > 0 && name[len-1] == '\0') { |
2459 | len--; |
2460 | } |
2461 | if (hashval == 0) { |
2462 | hashval = hash_string(name, len); |
2463 | } |
2464 | |
2465 | /* |
2466 | * take this lock 'shared' to keep the hash stable |
2467 | * if someone else decides to grow the pool they |
2468 | * will take this lock exclusively |
2469 | */ |
2470 | lck_rw_lock_shared(strtable_rw_lock); |
2471 | |
2472 | /* |
2473 | * If the table gets more than 3/4 full, resize it |
2474 | */ |
2475 | if (4 * filled_buckets >= ((string_table_mask + 1) * 3)) { |
2476 | lck_rw_done(strtable_rw_lock); |
2477 | |
2478 | resize_string_ref_table(); |
2479 | |
2480 | lck_rw_lock_shared(strtable_rw_lock); |
2481 | } |
2482 | hash_index = hashval & string_table_mask; |
2483 | lock_index = hash_index % NUM_STRCACHE_LOCKS; |
2484 | |
2485 | head = &string_ref_table[hash_index]; |
2486 | |
2487 | lck_mtx_lock_spin(&strcache_mtx_locks[lock_index]); |
2488 | |
2489 | for (entry = head->lh_first; entry != NULL; chain_len++, entry = entry->hash_chain.le_next) { |
2490 | if (strncmp(entry->str, name, len) == 0 && entry->str[len] == 0) { |
2491 | entry->refcount++; |
2492 | break; |
2493 | } |
2494 | } |
2495 | if (entry == NULL) { |
2496 | lck_mtx_convert_spin(&strcache_mtx_locks[lock_index]); |
2497 | /* |
2498 | * it wasn't already there so add it. |
2499 | */ |
2500 | MALLOC(entry, string_t *, sizeof(string_t) + len + 1, M_TEMP, M_WAITOK); |
2501 | |
2502 | if (head->lh_first == NULL) { |
2503 | OSAddAtomic(1, &filled_buckets); |
2504 | } |
2505 | ptr = (char *)((char *)entry + sizeof(string_t)); |
2506 | strncpy(ptr, name, len); |
2507 | ptr[len] = '\0'; |
2508 | entry->str = ptr; |
2509 | entry->refcount = 1; |
2510 | LIST_INSERT_HEAD(head, entry, hash_chain); |
2511 | } |
2512 | if (need_extra_ref == TRUE) |
2513 | entry->refcount++; |
2514 | |
2515 | lck_mtx_unlock(&strcache_mtx_locks[lock_index]); |
2516 | lck_rw_done(strtable_rw_lock); |
2517 | |
2518 | return (const char *)entry->str; |
2519 | } |
2520 | |
2521 | |
2522 | int |
2523 | vfs_removename(const char *nameref) |
2524 | { |
2525 | struct stringhead *head; |
2526 | string_t *entry; |
2527 | uint32_t hashval; |
2528 | uint32_t hash_index; |
2529 | uint32_t lock_index; |
2530 | int retval = ENOENT; |
2531 | |
2532 | hashval = hash_string(nameref, 0); |
2533 | |
2534 | /* |
2535 | * take this lock 'shared' to keep the hash stable |
2536 | * if someone else decides to grow the pool they |
2537 | * will take this lock exclusively |
2538 | */ |
2539 | lck_rw_lock_shared(strtable_rw_lock); |
2540 | /* |
2541 | * must compute the head behind the table lock |
2542 | * since the size and location of the table |
2543 | * can change on the fly |
2544 | */ |
2545 | hash_index = hashval & string_table_mask; |
2546 | lock_index = hash_index % NUM_STRCACHE_LOCKS; |
2547 | |
2548 | head = &string_ref_table[hash_index]; |
2549 | |
2550 | lck_mtx_lock_spin(&strcache_mtx_locks[lock_index]); |
2551 | |
2552 | for (entry = head->lh_first; entry != NULL; entry = entry->hash_chain.le_next) { |
2553 | if (entry->str == nameref) { |
2554 | entry->refcount--; |
2555 | |
2556 | if (entry->refcount == 0) { |
2557 | LIST_REMOVE(entry, hash_chain); |
2558 | |
2559 | if (head->lh_first == NULL) { |
2560 | OSAddAtomic(-1, &filled_buckets); |
2561 | } |
2562 | } else { |
2563 | entry = NULL; |
2564 | } |
2565 | retval = 0; |
2566 | break; |
2567 | } |
2568 | } |
2569 | lck_mtx_unlock(&strcache_mtx_locks[lock_index]); |
2570 | lck_rw_done(strtable_rw_lock); |
2571 | |
2572 | if (entry != NULL) |
2573 | FREE(entry, M_TEMP); |
2574 | |
2575 | return retval; |
2576 | } |
2577 | |
2578 | |
2579 | #ifdef DUMP_STRING_TABLE |
2580 | void |
2581 | dump_string_table(void) |
2582 | { |
2583 | struct stringhead *head; |
2584 | string_t *entry; |
2585 | u_long i; |
2586 | |
2587 | lck_rw_lock_shared(strtable_rw_lock); |
2588 | |
2589 | for (i = 0; i <= string_table_mask; i++) { |
2590 | head = &string_ref_table[i]; |
2591 | for (entry=head->lh_first; entry != NULL; entry=entry->hash_chain.le_next) { |
2592 | printf("%6d - %s\n" , entry->refcount, entry->str); |
2593 | } |
2594 | } |
2595 | lck_rw_done(strtable_rw_lock); |
2596 | } |
2597 | #endif /* DUMP_STRING_TABLE */ |
2598 | |