1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Poul-Henning Kamp of the FreeBSD Project. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include "opt_ddb.h" 36 #include "opt_ktrace.h" 37 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/capsicum.h> 41 #include <sys/counter.h> 42 #include <sys/filedesc.h> 43 #include <sys/fnv_hash.h> 44 #include <sys/inotify.h> 45 #include <sys/kernel.h> 46 #include <sys/ktr.h> 47 #include <sys/lock.h> 48 #include <sys/malloc.h> 49 #include <sys/fcntl.h> 50 #include <sys/jail.h> 51 #include <sys/mount.h> 52 #include <sys/namei.h> 53 #include <sys/proc.h> 54 #include <sys/seqc.h> 55 #include <sys/sdt.h> 56 #include <sys/smr.h> 57 #include <sys/smp.h> 58 #include <sys/syscallsubr.h> 59 #include <sys/sysctl.h> 60 #include <sys/sysproto.h> 61 #include <sys/vnode.h> 62 #include <ck_queue.h> 63 #ifdef KTRACE 64 #include <sys/ktrace.h> 65 #endif 66 #ifdef INVARIANTS 67 #include <machine/_inttypes.h> 68 #endif 69 70 #include <security/audit/audit.h> 71 #include <security/mac/mac_framework.h> 72 73 #ifdef DDB 74 #include <ddb/ddb.h> 75 #endif 76 77 #include <vm/uma.h> 78 79 /* 80 * High level overview of name caching in the VFS layer. 81 * 82 * Originally caching was implemented as part of UFS, later extracted to allow 83 * use by other filesystems. A decision was made to make it optional and 84 * completely detached from the rest of the kernel, which comes with limitations 85 * outlined near the end of this comment block. 86 * 87 * This fundamental choice needs to be revisited. In the meantime, the current 88 * state is described below. Significance of all notable routines is explained 89 * in comments placed above their implementation. Scattered throughout the 90 * file are TODO comments indicating shortcomings which can be fixed without 91 * reworking everything (most of the fixes will likely be reusable). Various 92 * details are omitted from this explanation to not clutter the overview, they 93 * have to be checked by reading the code and associated commentary. 94 * 95 * Keep in mind that it's individual path components which are cached, not full 96 * paths. That is, for a fully cached path "foo/bar/baz" there are 3 entries, 97 * one for each name. 98 * 99 * I. Data organization 100 * 101 * Entries are described by "struct namecache" objects and stored in a hash 102 * table. See cache_get_hash for more information. 103 * 104 * "struct vnode" contains pointers to source entries (names which can be found 105 * when traversing through said vnode), destination entries (names of that 106 * vnode (see "Limitations" for a breakdown on the subject) and a pointer to 107 * the parent vnode. 108 * 109 * The (directory vnode; name) tuple reliably determines the target entry if 110 * it exists. 111 * 112 * Since there were no small locks at the time of writing this comment (all are 113 * 32 bytes in size on LP64), the code works around the problem by introducing 114 * lock arrays to protect hash buckets and vnode lists. 115 * 116 * II. Filesystem integration 117 * 118 * Filesystems participating in name caching do the following: 119 * - set vop_lookup routine to vfs_cache_lookup 120 * - set vop_cachedlookup to a routine which can perform the lookup if the 121 * above fails 122 * - if they support lockless lookup (see below), they set vop_fplookup_vexec 123 * and vop_fplookup_symlink along with the MNTK_FPLOOKUP flag on the mount 124 * point 125 * - call cache_purge or cache_vop_* routines to eliminate stale entries as 126 * applicable 127 * - call cache_enter to add entries depending on the MAKEENTRY flag 128 * 129 * With the above in mind, there are 2 entry points when doing lookups: 130 * - ... -> namei -> cache_fplookup -- this is the default 131 * - ... -> VOP_LOOKUP -> vfs_cache_lookup -- normally only called by namei 132 * should the above fail 133 * 134 * Example code flow how an entry is added: 135 * ... -> namei -> cache_fplookup -> cache_fplookup_noentry -> VOP_LOOKUP -> 136 * vfs_cache_lookup -> VOP_CACHEDLOOKUP -> ufs_lookup_ino -> cache_enter 137 * 138 * You may notice a degree of CPU waste in this callchain. 139 * 140 * III. Performance considerations 141 * 142 * For lockless case forward lookup avoids any writes to shared areas apart 143 * from the terminal path component. In other words non-modifying lookups of 144 * different files don't suffer any scalability problems in the namecache 145 * itself. 146 * 147 * Looking up the same file is limited by VFS and goes beyond the scope of this 148 * file. 149 * 150 * At least on amd64 the single-threaded bottleneck for long paths is hashing 151 * (see cache_get_hash). There are cases where the code issues acquire fence 152 * multiple times, they can be combined on architectures which suffer from it. 153 * 154 * For locked case each encountered vnode has to be referenced and locked in 155 * order to be handed out to the caller (normally that's namei). This 156 * introduces significant hit single-threaded and serialization multi-threaded. 157 * 158 * Reverse lookup (e.g., "getcwd") fully scales provided it is fully cached -- 159 * avoids any writes to shared areas to any components. 160 * 161 * Unrelated insertions are partially serialized on updating the global entry 162 * counter and possibly serialized on colliding bucket or vnode locks. 163 * 164 * IV. Observability 165 * 166 * Several statistics are collected in the vfs.cache sysctl tree. 167 * 168 * Some of the state can be checked for with explicit dtrace probes, must of it 169 * depends on implementation details. 170 * 171 * Examples: 172 * 173 * # Check what lookups failed to be handled in a lockless manner. Column 1 is 174 * # line number, column 2 is status code (see cache_fpl_status) 175 * dtrace -n 'vfs:fplookup:lookup:done { @[arg1, arg2] = count(); }' 176 * 177 * # Histogram of lengths of names added, aggregated by which programs are doing it 178 * dtrace -n 'fbt::cache_enter_time:entry { @[execname] = quantize(args[2]->cn_namelen); }' 179 * 180 * # Same as above but only those which exceed 64 characters 181 * dtrace -n 'fbt::cache_enter_time:entry /args[2]->cn_namelen > 64/ { @[execname] = quantize(args[2]->cn_namelen); }' 182 * 183 * # Who is performing lookups with spurious slashes (e.g., "foo//bar") and what 184 * # path is it 185 * dtrace -n 'fbt::cache_fplookup_skip_slashes:entry { @[execname, stringof(args[0]->cnp->cn_pnbuf)] = count(); }' 186 * 187 * V. Limitations and implementation defects 188 * 189 * - since it is possible there is no entry for an open file, tools like 190 * "procstat" may fail to resolve fd -> vnode -> path to anything 191 * - even if a filesystem adds an entry, it may get purged (e.g., due to memory 192 * shortage) in which case the above problem applies 193 * - hardlinks are not tracked, thus if a vnode is reachable in more than one 194 * way, resolving a name may return a different path than the one used to 195 * open it (even if said path is still valid) 196 * - by default entries are not added for newly created files 197 * - adding an entry may need to evict negative entry first, which happens in 2 198 * distinct places (evicting on lookup, adding in a later VOP) making it 199 * impossible to simply reuse it 200 * - there is a simple scheme to evict negative entries as the cache is approaching 201 * its capacity, but it is very unclear if doing so is a good idea to begin with 202 * - vnodes are subject to being recycled even if target inode is left in memory, 203 * which loses the name cache entries when it perhaps should not. in case of tmpfs 204 * names get duplicated -- kept by filesystem itself and namecache separately 205 * - vnode reclamation (see vnlru in kern/vfs_subr.c) defaults to skipping 206 * directories for this very reason, which arguably further reducing quality 207 * of vnode LRU. Per the above this is done to avoid breaking vnode -> path 208 * resolution (it becomes expensive for directories and impossible for the rest) 209 * This would not be a factor if namecache entries could persist without vnodes. 210 * - struct namecache has a fixed size and comes in 2 variants, often wasting 211 * space. now hard to replace with malloc due to dependence on SMR, which 212 * requires UMA zones to opt in 213 * - lack of better integration with the kernel also turns nullfs into a layered 214 * filesystem instead of something which can take advantage of caching 215 * 216 * Appendix A: where is the time lost, expanding on paragraph III 217 * 218 * While some care went into optimizing lookups, there is still plenty of 219 * performance left on the table, most notably from single-threaded standpoint. 220 * Below is a woefully incomplete list of changes which can help. Ideas are 221 * mostly sketched out, no claim is made all kinks or prerequisites are laid 222 * out. The name of the game is eliding branches altogether and hopefully some 223 * of memory accesses. 224 * 225 * Note there is performance lost all over VFS. 226 * 227 * === SMR-only lookup 228 * 229 * For commonly used ops like stat(2), when the terminal vnode *is* cached, 230 * lockless lookup could refrain from refing/locking the found vnode and 231 * instead return while within the SMR section. Then a call to, say, 232 * vop_stat_smr could do the work (or fail with EAGAIN), finally the result 233 * would be validated with seqc not changing. This would be faster 234 * single-threaded as it dodges atomics and would provide full scalability for 235 * multicore uses. This would *not* work for open(2) or other calls which need 236 * the vnode to hang around for the long haul, but would work for aforementioned 237 * stat(2) but also access(2), readlink(2), realpathat(2) and probably more. 238 * 239 * === copyinstr 240 * 241 * On all architectures it operates one byte at a time, while it could be 242 * word-sized instead thanks to the Mycroft trick. 243 * 244 * API itself is rather pessimal for path lookup, accepting arbitrary sizes and 245 * *optionally* filling in the length parameter. 246 * 247 * Instead a new routine (copyinpath?) could be introduced, demanding a buffer 248 * size which is a multiply of the word (and never zero), with the length 249 * always returned. On top of it the routine could be allowed to transform the 250 * buffer in arbitrary ways, most notably writing past the found length (not to 251 * be confused with writing past buffer size) -- this would allow word-sized 252 * movs while checking for '\0' later. 253 * 254 * === detour through namei 255 * 256 * Currently one suffers being called from namei, which then has to check if 257 * things worked out locklessly. Instead the lockless lookup could be the 258 * actual entry point which calls what is currently namei as a fallback. 259 * 260 * It could be hotpatched if lockless lookup is disabled. 261 * 262 * === avoidable branches in cache_can_fplookup 263 * 264 * The cache_fast_lookup_enabled flag check could be hotpatchable (in fact if 265 * this is off, none of fplookup code should execute, see above). 266 * 267 * Both audit and capsicum branches can be combined into one, but it requires 268 * paying off a lot of tech debt first. 269 * 270 * ni_startdir could be indicated with a flag in cn_flags, eliminating the 271 * branch. 272 * 273 * === mount stacks 274 * 275 * Crossing a mount requires checking if perhaps something is mounted on top. 276 * Instead, an additional entry could be added to struct mount with a pointer 277 * to the final mount on the stack. This would be recalculated on each 278 * mount/unmount. 279 * 280 * === root vnodes 281 * 282 * It could become part of the API contract to *always* have a rootvnode set in 283 * mnt_rootvnode. Such vnodes are annotated with VV_ROOT and vnlru would have 284 * to be modified to always skip them. 285 * 286 * === inactive on v_usecount reaching 0 287 * 288 * VOP_NEED_INACTIVE should not exist. Filesystems can indicate need for such 289 * processing with a bit in usecount and adding a hold count. Then vput fast path 290 * would become as simple as (ACHTUNG: locking ignored): 291 * 292 * ref = atomic_fetchadd_int(&vp->v_count, -1) - 1; 293 * if ((ref & MAGIC_BIT) == 0) // common case 294 * return; 295 * if (ref != 0) // the bit is set but this was not the last user 296 * return; 297 * // do inactive here 298 * 299 * Also see below. 300 * 301 * === v_holdcnt 302 * 303 * Hold count should probably get eliminated, but one can argue it is a useful 304 * feature. Even if so, handling of v_usecount could be decoupled from it -- 305 * vnlru et al would consider the vnode not-freeable if has either hold or 306 * usecount on it. 307 * 308 * This would eliminate 2 atomics in the common case of securing a vnode and 309 * undoing it. 310 */ 311 312 static SYSCTL_NODE(_vfs, OID_AUTO, cache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 313 "Name cache"); 314 315 SDT_PROVIDER_DECLARE(vfs); 316 SDT_PROBE_DEFINE3(vfs, namecache, enter, done, "struct vnode *", "char *", 317 "struct vnode *"); 318 SDT_PROBE_DEFINE3(vfs, namecache, enter, duplicate, "struct vnode *", "char *", 319 "struct vnode *"); 320 SDT_PROBE_DEFINE2(vfs, namecache, enter_negative, done, "struct vnode *", 321 "char *"); 322 SDT_PROBE_DEFINE2(vfs, namecache, fullpath_smr, hit, "struct vnode *", 323 "const char *"); 324 SDT_PROBE_DEFINE4(vfs, namecache, fullpath_smr, miss, "struct vnode *", 325 "struct namecache *", "int", "int"); 326 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, entry, "struct vnode *"); 327 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, hit, "struct vnode *", 328 "char *", "struct vnode *"); 329 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, miss, "struct vnode *"); 330 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, return, "int", 331 "struct vnode *", "char *"); 332 SDT_PROBE_DEFINE3(vfs, namecache, lookup, hit, "struct vnode *", "char *", 333 "struct vnode *"); 334 SDT_PROBE_DEFINE2(vfs, namecache, lookup, hit__negative, 335 "struct vnode *", "char *"); 336 SDT_PROBE_DEFINE2(vfs, namecache, lookup, miss, "struct vnode *", 337 "char *"); 338 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, hit, "struct vnode *", 339 "struct componentname *"); 340 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, miss, "struct vnode *", 341 "struct componentname *"); 342 SDT_PROBE_DEFINE3(vfs, namecache, purge, done, "struct vnode *", "size_t", "size_t"); 343 SDT_PROBE_DEFINE1(vfs, namecache, purge, batch, "int"); 344 SDT_PROBE_DEFINE1(vfs, namecache, purge_negative, done, "struct vnode *"); 345 SDT_PROBE_DEFINE1(vfs, namecache, purgevfs, done, "struct mount *"); 346 SDT_PROBE_DEFINE3(vfs, namecache, zap, done, "struct vnode *", "char *", 347 "struct vnode *"); 348 SDT_PROBE_DEFINE2(vfs, namecache, zap_negative, done, "struct vnode *", 349 "char *"); 350 SDT_PROBE_DEFINE2(vfs, namecache, evict_negative, done, "struct vnode *", 351 "char *"); 352 SDT_PROBE_DEFINE1(vfs, namecache, symlink, alloc__fail, "size_t"); 353 354 SDT_PROBE_DEFINE3(vfs, fplookup, lookup, done, "struct nameidata *", "int", 355 "enum cache_fpl_status"); 356 SDT_PROBE_DECLARE(vfs, namei, lookup, entry); 357 SDT_PROBE_DECLARE(vfs, namei, lookup, return); 358 359 static char __read_frequently cache_fast_lookup_enabled = true; 360 361 /* 362 * This structure describes the elements in the cache of recent 363 * names looked up by namei. 364 */ 365 struct negstate { 366 u_char neg_flag; 367 u_char neg_hit; 368 }; 369 _Static_assert(sizeof(struct negstate) <= sizeof(struct vnode *), 370 "the state must fit in a union with a pointer without growing it"); 371 372 struct namecache { 373 LIST_ENTRY(namecache) nc_src; /* source vnode list */ 374 TAILQ_ENTRY(namecache) nc_dst; /* destination vnode list */ 375 CK_SLIST_ENTRY(namecache) nc_hash;/* hash chain */ 376 struct vnode *nc_dvp; /* vnode of parent of name */ 377 union { 378 struct vnode *nu_vp; /* vnode the name refers to */ 379 struct negstate nu_neg;/* negative entry state */ 380 } n_un; 381 u_char nc_flag; /* flag bits */ 382 u_char nc_nlen; /* length of name */ 383 char nc_name[]; /* segment name + nul */ 384 }; 385 386 /* 387 * struct namecache_ts repeats struct namecache layout up to the 388 * nc_nlen member. 389 * struct namecache_ts is used in place of struct namecache when time(s) need 390 * to be stored. The nc_dotdottime field is used when a cache entry is mapping 391 * both a non-dotdot directory name plus dotdot for the directory's 392 * parent. 393 * 394 * See below for alignment requirement. 395 */ 396 struct namecache_ts { 397 struct timespec nc_time; /* timespec provided by fs */ 398 struct timespec nc_dotdottime; /* dotdot timespec provided by fs */ 399 int nc_ticks; /* ticks value when entry was added */ 400 int nc_pad; 401 struct namecache nc_nc; 402 }; 403 404 TAILQ_HEAD(cache_freebatch, namecache); 405 406 /* 407 * At least mips n32 performs 64-bit accesses to timespec as found 408 * in namecache_ts and requires them to be aligned. Since others 409 * may be in the same spot suffer a little bit and enforce the 410 * alignment for everyone. Note this is a nop for 64-bit platforms. 411 */ 412 #define CACHE_ZONE_ALIGNMENT UMA_ALIGNOF(time_t) 413 414 /* 415 * TODO: the initial value of CACHE_PATH_CUTOFF was inherited from the 416 * 4.4 BSD codebase. Later on struct namecache was tweaked to become 417 * smaller and the value was bumped to retain the total size, but it 418 * was never re-evaluated for suitability. A simple test counting 419 * lengths during package building shows that the value of 45 covers 420 * about 86% of all added entries, reaching 99% at 65. 421 * 422 * Regardless of the above, use of dedicated zones instead of malloc may be 423 * inducing additional waste. This may be hard to address as said zones are 424 * tied to VFS SMR. Even if retaining them, the current split should be 425 * re-evaluated. 426 */ 427 #ifdef __LP64__ 428 #define CACHE_PATH_CUTOFF 45 429 #define CACHE_LARGE_PAD 6 430 #else 431 #define CACHE_PATH_CUTOFF 41 432 #define CACHE_LARGE_PAD 2 433 #endif 434 435 #define CACHE_ZONE_SMALL_SIZE (offsetof(struct namecache, nc_name) + CACHE_PATH_CUTOFF + 1) 436 #define CACHE_ZONE_SMALL_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_SMALL_SIZE) 437 #define CACHE_ZONE_LARGE_SIZE (offsetof(struct namecache, nc_name) + NAME_MAX + 1 + CACHE_LARGE_PAD) 438 #define CACHE_ZONE_LARGE_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_LARGE_SIZE) 439 440 _Static_assert((CACHE_ZONE_SMALL_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 441 _Static_assert((CACHE_ZONE_SMALL_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 442 _Static_assert((CACHE_ZONE_LARGE_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 443 _Static_assert((CACHE_ZONE_LARGE_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 444 445 #define nc_vp n_un.nu_vp 446 #define nc_neg n_un.nu_neg 447 448 /* 449 * Flags in namecache.nc_flag 450 */ 451 #define NCF_WHITE 0x01 452 #define NCF_ISDOTDOT 0x02 453 #define NCF_TS 0x04 454 #define NCF_DTS 0x08 455 #define NCF_DVDROP 0x10 456 #define NCF_NEGATIVE 0x20 457 #define NCF_INVALID 0x40 458 #define NCF_WIP 0x80 459 460 /* 461 * Flags in negstate.neg_flag 462 */ 463 #define NEG_HOT 0x01 464 465 static bool cache_neg_evict_cond(u_long lnumcache); 466 467 /* 468 * Mark an entry as invalid. 469 * 470 * This is called before it starts getting deconstructed. 471 */ 472 static void 473 cache_ncp_invalidate(struct namecache *ncp) 474 { 475 476 KASSERT((ncp->nc_flag & NCF_INVALID) == 0, 477 ("%s: entry %p already invalid", __func__, ncp)); 478 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_INVALID); 479 atomic_thread_fence_rel(); 480 } 481 482 /* 483 * Does this entry match the given directory and name? 484 */ 485 static bool 486 cache_ncp_match(struct namecache *ncp, struct vnode *dvp, 487 struct componentname *cnp) 488 { 489 return (ncp->nc_dvp == dvp && 490 ncp->nc_nlen == cnp->cn_namelen && 491 bcmp(ncp->nc_name, cnp->cn_nameptr, cnp->cn_namelen) == 0); 492 } 493 494 /* 495 * Check whether the entry can be safely used. 496 * 497 * All places which elide locks are supposed to call this after they are 498 * done with reading from an entry. 499 */ 500 #define cache_ncp_canuse(ncp) ({ \ 501 struct namecache *_ncp = (ncp); \ 502 u_char _nc_flag; \ 503 \ 504 atomic_thread_fence_acq(); \ 505 _nc_flag = atomic_load_char(&_ncp->nc_flag); \ 506 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP)) == 0); \ 507 }) 508 509 /* 510 * Like the above but also checks NCF_WHITE. 511 */ 512 #define cache_fpl_neg_ncp_canuse(ncp) ({ \ 513 struct namecache *_ncp = (ncp); \ 514 u_char _nc_flag; \ 515 \ 516 atomic_thread_fence_acq(); \ 517 _nc_flag = atomic_load_char(&_ncp->nc_flag); \ 518 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP | NCF_WHITE)) == 0); \ 519 }) 520 521 VFS_SMR_DECLARE; 522 523 static SYSCTL_NODE(_vfs_cache, OID_AUTO, param, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 524 "Name cache parameters"); 525 526 static u_int __read_mostly ncsize; /* the size as computed on creation or resizing */ 527 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, size, CTLFLAG_RD, &ncsize, 0, 528 "Total namecache capacity"); 529 530 u_int ncsizefactor = 2; 531 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, sizefactor, CTLFLAG_RW, &ncsizefactor, 0, 532 "Size factor for namecache"); 533 534 static u_long __read_mostly ncnegfactor = 5; /* ratio of negative entries */ 535 SYSCTL_ULONG(_vfs_cache_param, OID_AUTO, negfactor, CTLFLAG_RW, &ncnegfactor, 0, 536 "Ratio of negative namecache entries"); 537 538 /* 539 * Negative entry % of namecache capacity above which automatic eviction is allowed. 540 * 541 * Check cache_neg_evict_cond for details. 542 */ 543 static u_int ncnegminpct = 3; 544 545 static u_int __read_mostly neg_min; /* the above recomputed against ncsize */ 546 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, negmin, CTLFLAG_RD, &neg_min, 0, 547 "Negative entry count above which automatic eviction is allowed"); 548 549 /* 550 * Structures associated with name caching. 551 */ 552 #define NCHHASH(hash) \ 553 (&nchashtbl[(hash) & nchash]) 554 static __read_mostly CK_SLIST_HEAD(nchashhead, namecache) *nchashtbl;/* Hash Table */ 555 static u_long __read_mostly nchash; /* size of hash table */ 556 SYSCTL_ULONG(_debug, OID_AUTO, nchash, CTLFLAG_RD, &nchash, 0, 557 "Size of namecache hash table"); 558 static u_long __exclusive_cache_line numneg; /* number of negative entries allocated */ 559 static u_long __exclusive_cache_line numcache;/* number of cache entries allocated */ 560 561 struct nchstats nchstats; /* cache effectiveness statistics */ 562 563 static u_int __exclusive_cache_line neg_cycle; 564 565 #define ncneghash 3 566 #define numneglists (ncneghash + 1) 567 568 struct neglist { 569 struct mtx nl_evict_lock; 570 struct mtx nl_lock __aligned(CACHE_LINE_SIZE); 571 TAILQ_HEAD(, namecache) nl_list; 572 TAILQ_HEAD(, namecache) nl_hotlist; 573 u_long nl_hotnum; 574 } __aligned(CACHE_LINE_SIZE); 575 576 static struct neglist neglists[numneglists]; 577 578 static inline struct neglist * 579 NCP2NEGLIST(struct namecache *ncp) 580 { 581 582 return (&neglists[(((uintptr_t)(ncp) >> 8) & ncneghash)]); 583 } 584 585 static inline struct negstate * 586 NCP2NEGSTATE(struct namecache *ncp) 587 { 588 589 MPASS(atomic_load_char(&ncp->nc_flag) & NCF_NEGATIVE); 590 return (&ncp->nc_neg); 591 } 592 593 #define numbucketlocks (ncbuckethash + 1) 594 static u_int __read_mostly ncbuckethash; 595 static struct mtx_padalign __read_mostly *bucketlocks; 596 #define HASH2BUCKETLOCK(hash) \ 597 ((struct mtx *)(&bucketlocks[((hash) & ncbuckethash)])) 598 599 #define numvnodelocks (ncvnodehash + 1) 600 static u_int __read_mostly ncvnodehash; 601 static struct mtx __read_mostly *vnodelocks; 602 static inline struct mtx * 603 VP2VNODELOCK(struct vnode *vp) 604 { 605 606 return (&vnodelocks[(((uintptr_t)(vp) >> 8) & ncvnodehash)]); 607 } 608 609 /* 610 * Search the hash table for a namecache entry. Either the corresponding bucket 611 * must be locked, or the caller must be in an SMR read section. 612 */ 613 static struct namecache * 614 cache_ncp_find(struct vnode *dvp, struct componentname *cnp, uint32_t hash) 615 { 616 struct namecache *ncp; 617 618 KASSERT(mtx_owned(HASH2BUCKETLOCK(hash)) || VFS_SMR_ENTERED(), 619 ("%s: hash %u not locked", __func__, hash)); 620 CK_SLIST_FOREACH(ncp, NCHHASH(hash), nc_hash) { 621 if (cache_ncp_match(ncp, dvp, cnp)) 622 break; 623 } 624 return (ncp); 625 } 626 627 static void 628 cache_out_ts(struct namecache *ncp, struct timespec *tsp, int *ticksp) 629 { 630 struct namecache_ts *ncp_ts; 631 632 KASSERT((ncp->nc_flag & NCF_TS) != 0 || 633 (tsp == NULL && ticksp == NULL), 634 ("No NCF_TS")); 635 636 if (tsp == NULL) 637 return; 638 639 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 640 *tsp = ncp_ts->nc_time; 641 *ticksp = ncp_ts->nc_ticks; 642 } 643 644 #ifdef DEBUG_CACHE 645 static int __read_mostly doingcache = 1; /* 1 => enable the cache */ 646 SYSCTL_INT(_debug, OID_AUTO, vfscache, CTLFLAG_RW, &doingcache, 0, 647 "VFS namecache enabled"); 648 #endif 649 650 /* Export size information to userland */ 651 SYSCTL_SIZEOF_STRUCT(namecache); 652 653 /* 654 * The new name cache statistics 655 */ 656 static SYSCTL_NODE(_vfs_cache, OID_AUTO, stats, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 657 "Name cache statistics"); 658 659 #define STATNODE_ULONG(name, varname, descr) \ 660 SYSCTL_ULONG(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr); 661 #define STATNODE_COUNTER(name, varname, descr) \ 662 static COUNTER_U64_DEFINE_EARLY(varname); \ 663 SYSCTL_COUNTER_U64(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, \ 664 descr); 665 STATNODE_ULONG(neg, numneg, "Number of negative cache entries"); 666 STATNODE_ULONG(count, numcache, "Number of cache entries"); 667 STATNODE_COUNTER(heldvnodes, numcachehv, "Number of namecache entries with vnodes held"); 668 STATNODE_COUNTER(drops, numdrops, "Number of dropped entries due to reaching the limit"); 669 STATNODE_COUNTER(miss, nummiss, "Number of cache misses"); 670 STATNODE_COUNTER(misszap, nummisszap, "Number of cache misses we do not want to cache"); 671 STATNODE_COUNTER(poszaps, numposzaps, 672 "Number of cache hits (positive) we do not want to cache"); 673 STATNODE_COUNTER(poshits, numposhits, "Number of cache hits (positive)"); 674 STATNODE_COUNTER(negzaps, numnegzaps, 675 "Number of cache hits (negative) we do not want to cache"); 676 STATNODE_COUNTER(neghits, numneghits, "Number of cache hits (negative)"); 677 /* These count for vn_getcwd(), too. */ 678 STATNODE_COUNTER(fullpathcalls, numfullpathcalls, "Number of fullpath search calls"); 679 STATNODE_COUNTER(fullpathfail2, numfullpathfail2, 680 "Number of fullpath search errors (VOP_VPTOCNP failures)"); 681 STATNODE_COUNTER(fullpathfail4, numfullpathfail4, "Number of fullpath search errors (ENOMEM)"); 682 STATNODE_COUNTER(fullpathfound, numfullpathfound, "Number of successful fullpath calls"); 683 STATNODE_COUNTER(symlinktoobig, symlinktoobig, "Number of times symlink did not fit the cache"); 684 685 /* 686 * Debug or developer statistics. 687 */ 688 static SYSCTL_NODE(_vfs_cache, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 689 "Name cache debugging"); 690 #define DEBUGNODE_ULONG(name, varname, descr) \ 691 SYSCTL_ULONG(_vfs_cache_debug, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr); 692 static u_long zap_bucket_relock_success; 693 DEBUGNODE_ULONG(zap_bucket_relock_success, zap_bucket_relock_success, 694 "Number of successful removals after relocking"); 695 static u_long zap_bucket_fail; 696 DEBUGNODE_ULONG(zap_bucket_fail, zap_bucket_fail, ""); 697 static u_long zap_bucket_fail2; 698 DEBUGNODE_ULONG(zap_bucket_fail2, zap_bucket_fail2, ""); 699 static u_long cache_lock_vnodes_cel_3_failures; 700 DEBUGNODE_ULONG(vnodes_cel_3_failures, cache_lock_vnodes_cel_3_failures, 701 "Number of times 3-way vnode locking failed"); 702 703 static void cache_zap_locked(struct namecache *ncp); 704 static int vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf, 705 char **retbuf, size_t *buflen, size_t addend); 706 static int vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, 707 char **retbuf, size_t *buflen); 708 static int vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, 709 char **retbuf, size_t *len, size_t addend); 710 711 static MALLOC_DEFINE(M_VFSCACHE, "vfscache", "VFS name cache entries"); 712 713 static inline void 714 cache_assert_vlp_locked(struct mtx *vlp) 715 { 716 717 if (vlp != NULL) 718 mtx_assert(vlp, MA_OWNED); 719 } 720 721 static inline void 722 cache_assert_vnode_locked(struct vnode *vp) 723 { 724 struct mtx *vlp; 725 726 vlp = VP2VNODELOCK(vp); 727 cache_assert_vlp_locked(vlp); 728 } 729 730 /* 731 * Directory vnodes with entries are held for two reasons: 732 * 1. make them less of a target for reclamation in vnlru 733 * 2. suffer smaller performance penalty in locked lookup as requeieing is avoided 734 * 735 * It will be feasible to stop doing it altogether if all filesystems start 736 * supporting lockless lookup. 737 */ 738 static void 739 cache_hold_vnode(struct vnode *vp) 740 { 741 742 cache_assert_vnode_locked(vp); 743 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp); 744 vhold(vp); 745 counter_u64_add(numcachehv, 1); 746 } 747 748 static void 749 cache_drop_vnode(struct vnode *vp) 750 { 751 752 /* 753 * Called after all locks are dropped, meaning we can't assert 754 * on the state of v_cache_src. 755 */ 756 vdrop(vp); 757 counter_u64_add(numcachehv, -1); 758 } 759 760 /* 761 * UMA zones. 762 */ 763 static uma_zone_t __read_mostly cache_zone_small; 764 static uma_zone_t __read_mostly cache_zone_small_ts; 765 static uma_zone_t __read_mostly cache_zone_large; 766 static uma_zone_t __read_mostly cache_zone_large_ts; 767 768 char * 769 cache_symlink_alloc(size_t size, int flags) 770 { 771 772 if (size < CACHE_ZONE_SMALL_SIZE) { 773 return (uma_zalloc_smr(cache_zone_small, flags)); 774 } 775 if (size < CACHE_ZONE_LARGE_SIZE) { 776 return (uma_zalloc_smr(cache_zone_large, flags)); 777 } 778 counter_u64_add(symlinktoobig, 1); 779 SDT_PROBE1(vfs, namecache, symlink, alloc__fail, size); 780 return (NULL); 781 } 782 783 void 784 cache_symlink_free(char *string, size_t size) 785 { 786 787 MPASS(string != NULL); 788 KASSERT(size < CACHE_ZONE_LARGE_SIZE, 789 ("%s: size %zu too big", __func__, size)); 790 791 if (size < CACHE_ZONE_SMALL_SIZE) { 792 uma_zfree_smr(cache_zone_small, string); 793 return; 794 } 795 if (size < CACHE_ZONE_LARGE_SIZE) { 796 uma_zfree_smr(cache_zone_large, string); 797 return; 798 } 799 __assert_unreachable(); 800 } 801 802 static struct namecache * 803 cache_alloc_uma(int len, bool ts) 804 { 805 struct namecache_ts *ncp_ts; 806 struct namecache *ncp; 807 808 if (__predict_false(ts)) { 809 if (len <= CACHE_PATH_CUTOFF) 810 ncp_ts = uma_zalloc_smr(cache_zone_small_ts, M_WAITOK); 811 else 812 ncp_ts = uma_zalloc_smr(cache_zone_large_ts, M_WAITOK); 813 ncp = &ncp_ts->nc_nc; 814 } else { 815 if (len <= CACHE_PATH_CUTOFF) 816 ncp = uma_zalloc_smr(cache_zone_small, M_WAITOK); 817 else 818 ncp = uma_zalloc_smr(cache_zone_large, M_WAITOK); 819 } 820 return (ncp); 821 } 822 823 static void 824 cache_free_uma(struct namecache *ncp) 825 { 826 struct namecache_ts *ncp_ts; 827 828 if (__predict_false(ncp->nc_flag & NCF_TS)) { 829 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 830 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF) 831 uma_zfree_smr(cache_zone_small_ts, ncp_ts); 832 else 833 uma_zfree_smr(cache_zone_large_ts, ncp_ts); 834 } else { 835 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF) 836 uma_zfree_smr(cache_zone_small, ncp); 837 else 838 uma_zfree_smr(cache_zone_large, ncp); 839 } 840 } 841 842 static struct namecache * 843 cache_alloc(int len, bool ts) 844 { 845 u_long lnumcache; 846 847 /* 848 * Avoid blowout in namecache entries. 849 * 850 * Bugs: 851 * 1. filesystems may end up trying to add an already existing entry 852 * (for example this can happen after a cache miss during concurrent 853 * lookup), in which case we will call cache_neg_evict despite not 854 * adding anything. 855 * 2. the routine may fail to free anything and no provisions are made 856 * to make it try harder (see the inside for failure modes) 857 * 3. it only ever looks at negative entries. 858 */ 859 lnumcache = atomic_fetchadd_long(&numcache, 1) + 1; 860 if (cache_neg_evict_cond(lnumcache)) { 861 lnumcache = atomic_load_long(&numcache); 862 } 863 if (__predict_false(lnumcache >= ncsize)) { 864 atomic_subtract_long(&numcache, 1); 865 counter_u64_add(numdrops, 1); 866 return (NULL); 867 } 868 return (cache_alloc_uma(len, ts)); 869 } 870 871 static void 872 cache_free(struct namecache *ncp) 873 { 874 875 MPASS(ncp != NULL); 876 if ((ncp->nc_flag & NCF_DVDROP) != 0) { 877 cache_drop_vnode(ncp->nc_dvp); 878 } 879 cache_free_uma(ncp); 880 atomic_subtract_long(&numcache, 1); 881 } 882 883 static void 884 cache_free_batch(struct cache_freebatch *batch) 885 { 886 struct namecache *ncp, *nnp; 887 int i; 888 889 i = 0; 890 if (TAILQ_EMPTY(batch)) 891 goto out; 892 TAILQ_FOREACH_SAFE(ncp, batch, nc_dst, nnp) { 893 if ((ncp->nc_flag & NCF_DVDROP) != 0) { 894 cache_drop_vnode(ncp->nc_dvp); 895 } 896 cache_free_uma(ncp); 897 i++; 898 } 899 atomic_subtract_long(&numcache, i); 900 out: 901 SDT_PROBE1(vfs, namecache, purge, batch, i); 902 } 903 904 /* 905 * Hashing. 906 * 907 * The code was made to use FNV in 2001 and this choice needs to be revisited. 908 * 909 * Short summary of the difficulty: 910 * The longest name which can be inserted is NAME_MAX characters in length (or 911 * 255 at the time of writing this comment), while majority of names used in 912 * practice are significantly shorter (mostly below 10). More importantly 913 * majority of lookups performed find names are even shorter than that. 914 * 915 * This poses a problem where hashes which do better than FNV past word size 916 * (or so) tend to come with additional overhead when finalizing the result, 917 * making them noticeably slower for the most commonly used range. 918 * 919 * Consider a path like: /usr/obj/usr/src/sys/amd64/GENERIC/vnode_if.c 920 * 921 * When looking it up the most time consuming part by a large margin (at least 922 * on amd64) is hashing. Replacing FNV with something which pessimizes short 923 * input would make the slowest part stand out even more. 924 */ 925 926 /* 927 * TODO: With the value stored we can do better than computing the hash based 928 * on the address. 929 */ 930 static void 931 cache_prehash(struct vnode *vp) 932 { 933 934 vp->v_nchash = fnv_32_buf(&vp, sizeof(vp), FNV1_32_INIT); 935 } 936 937 static uint32_t 938 cache_get_hash(char *name, u_char len, struct vnode *dvp) 939 { 940 941 return (fnv_32_buf(name, len, dvp->v_nchash)); 942 } 943 944 static uint32_t 945 cache_get_hash_iter_start(struct vnode *dvp) 946 { 947 948 return (dvp->v_nchash); 949 } 950 951 static uint32_t 952 cache_get_hash_iter(char c, uint32_t hash) 953 { 954 955 return (fnv_32_buf(&c, 1, hash)); 956 } 957 958 static uint32_t 959 cache_get_hash_iter_finish(uint32_t hash) 960 { 961 962 return (hash); 963 } 964 965 static inline struct nchashhead * 966 NCP2BUCKET(struct namecache *ncp) 967 { 968 uint32_t hash; 969 970 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp); 971 return (NCHHASH(hash)); 972 } 973 974 static inline struct mtx * 975 NCP2BUCKETLOCK(struct namecache *ncp) 976 { 977 uint32_t hash; 978 979 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp); 980 return (HASH2BUCKETLOCK(hash)); 981 } 982 983 #ifdef INVARIANTS 984 static void 985 cache_assert_bucket_locked(struct namecache *ncp) 986 { 987 struct mtx *blp; 988 989 blp = NCP2BUCKETLOCK(ncp); 990 mtx_assert(blp, MA_OWNED); 991 } 992 993 static void 994 cache_assert_bucket_unlocked(struct namecache *ncp) 995 { 996 struct mtx *blp; 997 998 blp = NCP2BUCKETLOCK(ncp); 999 mtx_assert(blp, MA_NOTOWNED); 1000 } 1001 #else 1002 #define cache_assert_bucket_locked(x) do { } while (0) 1003 #define cache_assert_bucket_unlocked(x) do { } while (0) 1004 #endif 1005 1006 #define cache_sort_vnodes(x, y) _cache_sort_vnodes((void **)(x), (void **)(y)) 1007 static void 1008 _cache_sort_vnodes(void **p1, void **p2) 1009 { 1010 void *tmp; 1011 1012 MPASS(*p1 != NULL || *p2 != NULL); 1013 1014 if (*p1 > *p2) { 1015 tmp = *p2; 1016 *p2 = *p1; 1017 *p1 = tmp; 1018 } 1019 } 1020 1021 static void 1022 cache_lock_all_buckets(void) 1023 { 1024 u_int i; 1025 1026 for (i = 0; i < numbucketlocks; i++) 1027 mtx_lock(&bucketlocks[i]); 1028 } 1029 1030 static void 1031 cache_unlock_all_buckets(void) 1032 { 1033 u_int i; 1034 1035 for (i = 0; i < numbucketlocks; i++) 1036 mtx_unlock(&bucketlocks[i]); 1037 } 1038 1039 static void 1040 cache_lock_all_vnodes(void) 1041 { 1042 u_int i; 1043 1044 for (i = 0; i < numvnodelocks; i++) 1045 mtx_lock(&vnodelocks[i]); 1046 } 1047 1048 static void 1049 cache_unlock_all_vnodes(void) 1050 { 1051 u_int i; 1052 1053 for (i = 0; i < numvnodelocks; i++) 1054 mtx_unlock(&vnodelocks[i]); 1055 } 1056 1057 static int 1058 cache_trylock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1059 { 1060 1061 cache_sort_vnodes(&vlp1, &vlp2); 1062 1063 if (vlp1 != NULL) { 1064 if (!mtx_trylock(vlp1)) 1065 return (EAGAIN); 1066 } 1067 if (!mtx_trylock(vlp2)) { 1068 if (vlp1 != NULL) 1069 mtx_unlock(vlp1); 1070 return (EAGAIN); 1071 } 1072 1073 return (0); 1074 } 1075 1076 static void 1077 cache_lock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1078 { 1079 1080 MPASS(vlp1 != NULL || vlp2 != NULL); 1081 MPASS(vlp1 <= vlp2); 1082 1083 if (vlp1 != NULL) 1084 mtx_lock(vlp1); 1085 if (vlp2 != NULL) 1086 mtx_lock(vlp2); 1087 } 1088 1089 static void 1090 cache_unlock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1091 { 1092 1093 MPASS(vlp1 != NULL || vlp2 != NULL); 1094 1095 if (vlp1 != NULL) 1096 mtx_unlock(vlp1); 1097 if (vlp2 != NULL) 1098 mtx_unlock(vlp2); 1099 } 1100 1101 static int 1102 sysctl_nchstats(SYSCTL_HANDLER_ARGS) 1103 { 1104 struct nchstats snap; 1105 1106 if (req->oldptr == NULL) 1107 return (SYSCTL_OUT(req, 0, sizeof(snap))); 1108 1109 snap = nchstats; 1110 snap.ncs_goodhits = counter_u64_fetch(numposhits); 1111 snap.ncs_neghits = counter_u64_fetch(numneghits); 1112 snap.ncs_badhits = counter_u64_fetch(numposzaps) + 1113 counter_u64_fetch(numnegzaps); 1114 snap.ncs_miss = counter_u64_fetch(nummisszap) + 1115 counter_u64_fetch(nummiss); 1116 1117 return (SYSCTL_OUT(req, &snap, sizeof(snap))); 1118 } 1119 SYSCTL_PROC(_vfs_cache, OID_AUTO, nchstats, CTLTYPE_OPAQUE | CTLFLAG_RD | 1120 CTLFLAG_MPSAFE, 0, 0, sysctl_nchstats, "LU", 1121 "VFS cache effectiveness statistics"); 1122 1123 static int 1124 sysctl_hitpct(SYSCTL_HANDLER_ARGS) 1125 { 1126 long poshits, neghits, miss, total; 1127 long pct; 1128 1129 poshits = counter_u64_fetch(numposhits); 1130 neghits = counter_u64_fetch(numneghits); 1131 miss = counter_u64_fetch(nummiss); 1132 total = poshits + neghits + miss; 1133 1134 pct = 0; 1135 if (total != 0) 1136 pct = ((poshits + neghits) * 100) / total; 1137 return (sysctl_handle_int(oidp, 0, pct, req)); 1138 } 1139 SYSCTL_PROC(_vfs_cache_stats, OID_AUTO, hitpct, 1140 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RD, NULL, 0, sysctl_hitpct, 1141 "I", "Percentage of hits"); 1142 1143 static void 1144 cache_recalc_neg_min(void) 1145 { 1146 1147 neg_min = (ncsize * ncnegminpct) / 100; 1148 } 1149 1150 static int 1151 sysctl_negminpct(SYSCTL_HANDLER_ARGS) 1152 { 1153 u_int val; 1154 int error; 1155 1156 val = ncnegminpct; 1157 error = sysctl_handle_int(oidp, &val, 0, req); 1158 if (error != 0 || req->newptr == NULL) 1159 return (error); 1160 1161 if (val == ncnegminpct) 1162 return (0); 1163 if (val < 0 || val > 99) 1164 return (EINVAL); 1165 ncnegminpct = val; 1166 cache_recalc_neg_min(); 1167 return (0); 1168 } 1169 1170 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, negminpct, 1171 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0, sysctl_negminpct, 1172 "I", "Negative entry \% of namecache capacity above which automatic eviction is allowed"); 1173 1174 #ifdef DEBUG_CACHE 1175 /* 1176 * Grab an atomic snapshot of the name cache hash chain lengths 1177 */ 1178 static SYSCTL_NODE(_debug, OID_AUTO, hashstat, 1179 CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 1180 "hash table stats"); 1181 1182 static int 1183 sysctl_debug_hashstat_rawnchash(SYSCTL_HANDLER_ARGS) 1184 { 1185 struct nchashhead *ncpp; 1186 struct namecache *ncp; 1187 int i, error, n_nchash, *cntbuf; 1188 1189 retry: 1190 n_nchash = nchash + 1; /* nchash is max index, not count */ 1191 if (req->oldptr == NULL) 1192 return SYSCTL_OUT(req, 0, n_nchash * sizeof(int)); 1193 cntbuf = malloc(n_nchash * sizeof(int), M_TEMP, M_ZERO | M_WAITOK); 1194 cache_lock_all_buckets(); 1195 if (n_nchash != nchash + 1) { 1196 cache_unlock_all_buckets(); 1197 free(cntbuf, M_TEMP); 1198 goto retry; 1199 } 1200 /* Scan hash tables counting entries */ 1201 for (ncpp = nchashtbl, i = 0; i < n_nchash; ncpp++, i++) 1202 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) 1203 cntbuf[i]++; 1204 cache_unlock_all_buckets(); 1205 for (error = 0, i = 0; i < n_nchash; i++) 1206 if ((error = SYSCTL_OUT(req, &cntbuf[i], sizeof(int))) != 0) 1207 break; 1208 free(cntbuf, M_TEMP); 1209 return (error); 1210 } 1211 SYSCTL_PROC(_debug_hashstat, OID_AUTO, rawnchash, CTLTYPE_INT|CTLFLAG_RD| 1212 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_rawnchash, "S,int", 1213 "nchash chain lengths"); 1214 1215 static int 1216 sysctl_debug_hashstat_nchash(SYSCTL_HANDLER_ARGS) 1217 { 1218 int error; 1219 struct nchashhead *ncpp; 1220 struct namecache *ncp; 1221 int n_nchash; 1222 int count, maxlength, used, pct; 1223 1224 if (!req->oldptr) 1225 return SYSCTL_OUT(req, 0, 4 * sizeof(int)); 1226 1227 cache_lock_all_buckets(); 1228 n_nchash = nchash + 1; /* nchash is max index, not count */ 1229 used = 0; 1230 maxlength = 0; 1231 1232 /* Scan hash tables for applicable entries */ 1233 for (ncpp = nchashtbl; n_nchash > 0; n_nchash--, ncpp++) { 1234 count = 0; 1235 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) { 1236 count++; 1237 } 1238 if (count) 1239 used++; 1240 if (maxlength < count) 1241 maxlength = count; 1242 } 1243 n_nchash = nchash + 1; 1244 cache_unlock_all_buckets(); 1245 pct = (used * 100) / (n_nchash / 100); 1246 error = SYSCTL_OUT(req, &n_nchash, sizeof(n_nchash)); 1247 if (error) 1248 return (error); 1249 error = SYSCTL_OUT(req, &used, sizeof(used)); 1250 if (error) 1251 return (error); 1252 error = SYSCTL_OUT(req, &maxlength, sizeof(maxlength)); 1253 if (error) 1254 return (error); 1255 error = SYSCTL_OUT(req, &pct, sizeof(pct)); 1256 if (error) 1257 return (error); 1258 return (0); 1259 } 1260 SYSCTL_PROC(_debug_hashstat, OID_AUTO, nchash, CTLTYPE_INT|CTLFLAG_RD| 1261 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_nchash, "I", 1262 "nchash statistics (number of total/used buckets, maximum chain length, usage percentage)"); 1263 #endif 1264 1265 /* 1266 * Negative entries management 1267 * 1268 * Various workloads create plenty of negative entries and barely use them 1269 * afterwards. Moreover malicious users can keep performing bogus lookups 1270 * adding even more entries. For example "make tinderbox" as of writing this 1271 * comment ends up with 2.6M namecache entries in total, 1.2M of which are 1272 * negative. 1273 * 1274 * As such, a rather aggressive eviction method is needed. The currently 1275 * employed method is a placeholder. 1276 * 1277 * Entries are split over numneglists separate lists, each of which is further 1278 * split into hot and cold entries. Entries get promoted after getting a hit. 1279 * Eviction happens on addition of new entry. 1280 */ 1281 static SYSCTL_NODE(_vfs_cache, OID_AUTO, neg, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 1282 "Name cache negative entry statistics"); 1283 1284 SYSCTL_ULONG(_vfs_cache_neg, OID_AUTO, count, CTLFLAG_RD, &numneg, 0, 1285 "Number of negative cache entries"); 1286 1287 static COUNTER_U64_DEFINE_EARLY(neg_created); 1288 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, created, CTLFLAG_RD, &neg_created, 1289 "Number of created negative entries"); 1290 1291 static COUNTER_U64_DEFINE_EARLY(neg_evicted); 1292 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evicted, CTLFLAG_RD, &neg_evicted, 1293 "Number of evicted negative entries"); 1294 1295 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_empty); 1296 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_empty, CTLFLAG_RD, 1297 &neg_evict_skipped_empty, 1298 "Number of times evicting failed due to lack of entries"); 1299 1300 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_missed); 1301 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_missed, CTLFLAG_RD, 1302 &neg_evict_skipped_missed, 1303 "Number of times evicting failed due to target entry disappearing"); 1304 1305 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_contended); 1306 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_contended, CTLFLAG_RD, 1307 &neg_evict_skipped_contended, 1308 "Number of times evicting failed due to contention"); 1309 1310 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, hits, CTLFLAG_RD, &numneghits, 1311 "Number of cache hits (negative)"); 1312 1313 static int 1314 sysctl_neg_hot(SYSCTL_HANDLER_ARGS) 1315 { 1316 int i, out; 1317 1318 out = 0; 1319 for (i = 0; i < numneglists; i++) 1320 out += neglists[i].nl_hotnum; 1321 1322 return (SYSCTL_OUT(req, &out, sizeof(out))); 1323 } 1324 SYSCTL_PROC(_vfs_cache_neg, OID_AUTO, hot, CTLTYPE_INT | CTLFLAG_RD | 1325 CTLFLAG_MPSAFE, 0, 0, sysctl_neg_hot, "I", 1326 "Number of hot negative entries"); 1327 1328 static void 1329 cache_neg_init(struct namecache *ncp) 1330 { 1331 struct negstate *ns; 1332 1333 ncp->nc_flag |= NCF_NEGATIVE; 1334 ns = NCP2NEGSTATE(ncp); 1335 ns->neg_flag = 0; 1336 ns->neg_hit = 0; 1337 counter_u64_add(neg_created, 1); 1338 } 1339 1340 #define CACHE_NEG_PROMOTION_THRESH 2 1341 1342 static bool 1343 cache_neg_hit_prep(struct namecache *ncp) 1344 { 1345 struct negstate *ns; 1346 u_char n; 1347 1348 ns = NCP2NEGSTATE(ncp); 1349 n = atomic_load_char(&ns->neg_hit); 1350 for (;;) { 1351 if (n >= CACHE_NEG_PROMOTION_THRESH) 1352 return (false); 1353 if (atomic_fcmpset_8(&ns->neg_hit, &n, n + 1)) 1354 break; 1355 } 1356 return (n + 1 == CACHE_NEG_PROMOTION_THRESH); 1357 } 1358 1359 /* 1360 * Nothing to do here but it is provided for completeness as some 1361 * cache_neg_hit_prep callers may end up returning without even 1362 * trying to promote. 1363 */ 1364 #define cache_neg_hit_abort(ncp) do { } while (0) 1365 1366 static void 1367 cache_neg_hit_finish(struct namecache *ncp) 1368 { 1369 1370 SDT_PROBE2(vfs, namecache, lookup, hit__negative, ncp->nc_dvp, ncp->nc_name); 1371 counter_u64_add(numneghits, 1); 1372 } 1373 1374 /* 1375 * Move a negative entry to the hot list. 1376 */ 1377 static void 1378 cache_neg_promote_locked(struct namecache *ncp) 1379 { 1380 struct neglist *nl; 1381 struct negstate *ns; 1382 1383 ns = NCP2NEGSTATE(ncp); 1384 nl = NCP2NEGLIST(ncp); 1385 mtx_assert(&nl->nl_lock, MA_OWNED); 1386 if ((ns->neg_flag & NEG_HOT) == 0) { 1387 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst); 1388 TAILQ_INSERT_TAIL(&nl->nl_hotlist, ncp, nc_dst); 1389 nl->nl_hotnum++; 1390 ns->neg_flag |= NEG_HOT; 1391 } 1392 } 1393 1394 /* 1395 * Move a hot negative entry to the cold list. 1396 */ 1397 static void 1398 cache_neg_demote_locked(struct namecache *ncp) 1399 { 1400 struct neglist *nl; 1401 struct negstate *ns; 1402 1403 ns = NCP2NEGSTATE(ncp); 1404 nl = NCP2NEGLIST(ncp); 1405 mtx_assert(&nl->nl_lock, MA_OWNED); 1406 MPASS(ns->neg_flag & NEG_HOT); 1407 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst); 1408 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst); 1409 nl->nl_hotnum--; 1410 ns->neg_flag &= ~NEG_HOT; 1411 atomic_store_char(&ns->neg_hit, 0); 1412 } 1413 1414 /* 1415 * Move a negative entry to the hot list if it matches the lookup. 1416 * 1417 * We have to take locks, but they may be contended and in the worst 1418 * case we may need to go off CPU. We don't want to spin within the 1419 * smr section and we can't block with it. Exiting the section means 1420 * the found entry could have been evicted. We are going to look it 1421 * up again. 1422 */ 1423 static bool 1424 cache_neg_promote_cond(struct vnode *dvp, struct componentname *cnp, 1425 struct namecache *oncp, uint32_t hash) 1426 { 1427 struct namecache *ncp; 1428 struct neglist *nl; 1429 u_char nc_flag; 1430 1431 nl = NCP2NEGLIST(oncp); 1432 1433 mtx_lock(&nl->nl_lock); 1434 /* 1435 * For hash iteration. 1436 */ 1437 vfs_smr_enter(); 1438 1439 /* 1440 * Avoid all surprises by only succeeding if we got the same entry and 1441 * bailing completely otherwise. 1442 * XXX There are no provisions to keep the vnode around, meaning we may 1443 * end up promoting a negative entry for a *new* vnode and returning 1444 * ENOENT on its account. This is the error we want to return anyway 1445 * and promotion is harmless. 1446 * 1447 * In particular at this point there can be a new ncp which matches the 1448 * search but hashes to a different neglist. 1449 */ 1450 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) { 1451 if (ncp == oncp) 1452 break; 1453 } 1454 1455 /* 1456 * No match to begin with. 1457 */ 1458 if (__predict_false(ncp == NULL)) { 1459 goto out_abort; 1460 } 1461 1462 /* 1463 * The newly found entry may be something different... 1464 */ 1465 if (!cache_ncp_match(ncp, dvp, cnp)) { 1466 goto out_abort; 1467 } 1468 1469 /* 1470 * ... and not even negative. 1471 */ 1472 nc_flag = atomic_load_char(&ncp->nc_flag); 1473 if ((nc_flag & NCF_NEGATIVE) == 0) { 1474 goto out_abort; 1475 } 1476 1477 if (!cache_ncp_canuse(ncp)) { 1478 goto out_abort; 1479 } 1480 1481 cache_neg_promote_locked(ncp); 1482 cache_neg_hit_finish(ncp); 1483 vfs_smr_exit(); 1484 mtx_unlock(&nl->nl_lock); 1485 return (true); 1486 out_abort: 1487 vfs_smr_exit(); 1488 mtx_unlock(&nl->nl_lock); 1489 return (false); 1490 } 1491 1492 static void 1493 cache_neg_promote(struct namecache *ncp) 1494 { 1495 struct neglist *nl; 1496 1497 nl = NCP2NEGLIST(ncp); 1498 mtx_lock(&nl->nl_lock); 1499 cache_neg_promote_locked(ncp); 1500 mtx_unlock(&nl->nl_lock); 1501 } 1502 1503 static void 1504 cache_neg_insert(struct namecache *ncp) 1505 { 1506 struct neglist *nl; 1507 1508 MPASS(ncp->nc_flag & NCF_NEGATIVE); 1509 cache_assert_bucket_locked(ncp); 1510 nl = NCP2NEGLIST(ncp); 1511 mtx_lock(&nl->nl_lock); 1512 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst); 1513 mtx_unlock(&nl->nl_lock); 1514 atomic_add_long(&numneg, 1); 1515 } 1516 1517 static void 1518 cache_neg_remove(struct namecache *ncp) 1519 { 1520 struct neglist *nl; 1521 struct negstate *ns; 1522 1523 cache_assert_bucket_locked(ncp); 1524 nl = NCP2NEGLIST(ncp); 1525 ns = NCP2NEGSTATE(ncp); 1526 mtx_lock(&nl->nl_lock); 1527 if ((ns->neg_flag & NEG_HOT) != 0) { 1528 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst); 1529 nl->nl_hotnum--; 1530 } else { 1531 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst); 1532 } 1533 mtx_unlock(&nl->nl_lock); 1534 atomic_subtract_long(&numneg, 1); 1535 } 1536 1537 static struct neglist * 1538 cache_neg_evict_select_list(void) 1539 { 1540 struct neglist *nl; 1541 u_int c; 1542 1543 c = atomic_fetchadd_int(&neg_cycle, 1) + 1; 1544 nl = &neglists[c % numneglists]; 1545 if (!mtx_trylock(&nl->nl_evict_lock)) { 1546 counter_u64_add(neg_evict_skipped_contended, 1); 1547 return (NULL); 1548 } 1549 return (nl); 1550 } 1551 1552 static struct namecache * 1553 cache_neg_evict_select_entry(struct neglist *nl) 1554 { 1555 struct namecache *ncp, *lncp; 1556 struct negstate *ns, *lns; 1557 int i; 1558 1559 mtx_assert(&nl->nl_evict_lock, MA_OWNED); 1560 mtx_assert(&nl->nl_lock, MA_OWNED); 1561 ncp = TAILQ_FIRST(&nl->nl_list); 1562 if (ncp == NULL) 1563 return (NULL); 1564 lncp = ncp; 1565 lns = NCP2NEGSTATE(lncp); 1566 for (i = 1; i < 4; i++) { 1567 ncp = TAILQ_NEXT(ncp, nc_dst); 1568 if (ncp == NULL) 1569 break; 1570 ns = NCP2NEGSTATE(ncp); 1571 if (ns->neg_hit < lns->neg_hit) { 1572 lncp = ncp; 1573 lns = ns; 1574 } 1575 } 1576 return (lncp); 1577 } 1578 1579 static bool 1580 cache_neg_evict(void) 1581 { 1582 struct namecache *ncp, *ncp2; 1583 struct neglist *nl; 1584 struct vnode *dvp; 1585 struct mtx *dvlp; 1586 struct mtx *blp; 1587 uint32_t hash; 1588 u_char nlen; 1589 bool evicted; 1590 1591 nl = cache_neg_evict_select_list(); 1592 if (nl == NULL) { 1593 return (false); 1594 } 1595 1596 mtx_lock(&nl->nl_lock); 1597 ncp = TAILQ_FIRST(&nl->nl_hotlist); 1598 if (ncp != NULL) { 1599 cache_neg_demote_locked(ncp); 1600 } 1601 ncp = cache_neg_evict_select_entry(nl); 1602 if (ncp == NULL) { 1603 counter_u64_add(neg_evict_skipped_empty, 1); 1604 mtx_unlock(&nl->nl_lock); 1605 mtx_unlock(&nl->nl_evict_lock); 1606 return (false); 1607 } 1608 nlen = ncp->nc_nlen; 1609 dvp = ncp->nc_dvp; 1610 hash = cache_get_hash(ncp->nc_name, nlen, dvp); 1611 dvlp = VP2VNODELOCK(dvp); 1612 blp = HASH2BUCKETLOCK(hash); 1613 mtx_unlock(&nl->nl_lock); 1614 mtx_unlock(&nl->nl_evict_lock); 1615 mtx_lock(dvlp); 1616 mtx_lock(blp); 1617 /* 1618 * Note that since all locks were dropped above, the entry may be 1619 * gone or reallocated to be something else. 1620 */ 1621 CK_SLIST_FOREACH(ncp2, (NCHHASH(hash)), nc_hash) { 1622 if (ncp2 == ncp && ncp2->nc_dvp == dvp && 1623 ncp2->nc_nlen == nlen && (ncp2->nc_flag & NCF_NEGATIVE) != 0) 1624 break; 1625 } 1626 if (ncp2 == NULL) { 1627 counter_u64_add(neg_evict_skipped_missed, 1); 1628 ncp = NULL; 1629 evicted = false; 1630 } else { 1631 MPASS(dvlp == VP2VNODELOCK(ncp->nc_dvp)); 1632 MPASS(blp == NCP2BUCKETLOCK(ncp)); 1633 SDT_PROBE2(vfs, namecache, evict_negative, done, ncp->nc_dvp, 1634 ncp->nc_name); 1635 cache_zap_locked(ncp); 1636 counter_u64_add(neg_evicted, 1); 1637 evicted = true; 1638 } 1639 mtx_unlock(blp); 1640 mtx_unlock(dvlp); 1641 if (ncp != NULL) 1642 cache_free(ncp); 1643 return (evicted); 1644 } 1645 1646 /* 1647 * Maybe evict a negative entry to create more room. 1648 * 1649 * The ncnegfactor parameter limits what fraction of the total count 1650 * can comprise of negative entries. However, if the cache is just 1651 * warming up this leads to excessive evictions. As such, ncnegminpct 1652 * (recomputed to neg_min) dictates whether the above should be 1653 * applied. 1654 * 1655 * Try evicting if the cache is close to full capacity regardless of 1656 * other considerations. 1657 */ 1658 static bool 1659 cache_neg_evict_cond(u_long lnumcache) 1660 { 1661 u_long lnumneg; 1662 1663 if (ncsize - 1000 < lnumcache) 1664 goto out_evict; 1665 lnumneg = atomic_load_long(&numneg); 1666 if (lnumneg < neg_min) 1667 return (false); 1668 if (lnumneg * ncnegfactor < lnumcache) 1669 return (false); 1670 out_evict: 1671 return (cache_neg_evict()); 1672 } 1673 1674 /* 1675 * cache_zap_locked(): 1676 * 1677 * Removes a namecache entry from cache, whether it contains an actual 1678 * pointer to a vnode or if it is just a negative cache entry. 1679 */ 1680 static void 1681 cache_zap_locked(struct namecache *ncp) 1682 { 1683 struct nchashhead *ncpp; 1684 struct vnode *dvp, *vp; 1685 1686 dvp = ncp->nc_dvp; 1687 vp = ncp->nc_vp; 1688 1689 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1690 cache_assert_vnode_locked(vp); 1691 cache_assert_vnode_locked(dvp); 1692 cache_assert_bucket_locked(ncp); 1693 1694 cache_ncp_invalidate(ncp); 1695 1696 ncpp = NCP2BUCKET(ncp); 1697 CK_SLIST_REMOVE(ncpp, ncp, namecache, nc_hash); 1698 if (!(ncp->nc_flag & NCF_NEGATIVE)) { 1699 SDT_PROBE3(vfs, namecache, zap, done, dvp, ncp->nc_name, vp); 1700 TAILQ_REMOVE(&vp->v_cache_dst, ncp, nc_dst); 1701 if (ncp == vp->v_cache_dd) { 1702 atomic_store_ptr(&vp->v_cache_dd, NULL); 1703 } 1704 } else { 1705 SDT_PROBE2(vfs, namecache, zap_negative, done, dvp, ncp->nc_name); 1706 cache_neg_remove(ncp); 1707 } 1708 if (ncp->nc_flag & NCF_ISDOTDOT) { 1709 if (ncp == dvp->v_cache_dd) { 1710 atomic_store_ptr(&dvp->v_cache_dd, NULL); 1711 } 1712 } else { 1713 LIST_REMOVE(ncp, nc_src); 1714 if (LIST_EMPTY(&dvp->v_cache_src)) { 1715 ncp->nc_flag |= NCF_DVDROP; 1716 } 1717 } 1718 } 1719 1720 static void 1721 cache_zap_negative_locked_vnode_kl(struct namecache *ncp, struct vnode *vp) 1722 { 1723 struct mtx *blp; 1724 1725 MPASS(ncp->nc_dvp == vp); 1726 MPASS(ncp->nc_flag & NCF_NEGATIVE); 1727 cache_assert_vnode_locked(vp); 1728 1729 blp = NCP2BUCKETLOCK(ncp); 1730 mtx_lock(blp); 1731 cache_zap_locked(ncp); 1732 mtx_unlock(blp); 1733 } 1734 1735 static bool 1736 cache_zap_locked_vnode_kl2(struct namecache *ncp, struct vnode *vp, 1737 struct mtx **vlpp) 1738 { 1739 struct mtx *pvlp, *vlp1, *vlp2, *to_unlock; 1740 struct mtx *blp; 1741 1742 MPASS(vp == ncp->nc_dvp || vp == ncp->nc_vp); 1743 cache_assert_vnode_locked(vp); 1744 1745 if (ncp->nc_flag & NCF_NEGATIVE) { 1746 if (*vlpp != NULL) { 1747 mtx_unlock(*vlpp); 1748 *vlpp = NULL; 1749 } 1750 cache_zap_negative_locked_vnode_kl(ncp, vp); 1751 return (true); 1752 } 1753 1754 pvlp = VP2VNODELOCK(vp); 1755 blp = NCP2BUCKETLOCK(ncp); 1756 vlp1 = VP2VNODELOCK(ncp->nc_dvp); 1757 vlp2 = VP2VNODELOCK(ncp->nc_vp); 1758 1759 if (*vlpp == vlp1 || *vlpp == vlp2) { 1760 to_unlock = *vlpp; 1761 *vlpp = NULL; 1762 } else { 1763 if (*vlpp != NULL) { 1764 mtx_unlock(*vlpp); 1765 *vlpp = NULL; 1766 } 1767 cache_sort_vnodes(&vlp1, &vlp2); 1768 if (vlp1 == pvlp) { 1769 mtx_lock(vlp2); 1770 to_unlock = vlp2; 1771 } else { 1772 if (!mtx_trylock(vlp1)) 1773 goto out_relock; 1774 to_unlock = vlp1; 1775 } 1776 } 1777 mtx_lock(blp); 1778 cache_zap_locked(ncp); 1779 mtx_unlock(blp); 1780 if (to_unlock != NULL) 1781 mtx_unlock(to_unlock); 1782 return (true); 1783 1784 out_relock: 1785 mtx_unlock(vlp2); 1786 mtx_lock(vlp1); 1787 mtx_lock(vlp2); 1788 MPASS(*vlpp == NULL); 1789 *vlpp = vlp1; 1790 return (false); 1791 } 1792 1793 /* 1794 * If trylocking failed we can get here. We know enough to take all needed locks 1795 * in the right order and re-lookup the entry. 1796 */ 1797 static int 1798 cache_zap_unlocked_bucket(struct namecache *ncp, struct componentname *cnp, 1799 struct vnode *dvp, struct mtx *dvlp, struct mtx *vlp, uint32_t hash, 1800 struct mtx *blp) 1801 { 1802 struct namecache *rncp; 1803 struct mtx *rvlp; 1804 1805 cache_assert_bucket_unlocked(ncp); 1806 1807 cache_sort_vnodes(&dvlp, &vlp); 1808 cache_lock_vnodes(dvlp, vlp); 1809 mtx_lock(blp); 1810 CK_SLIST_FOREACH(rncp, (NCHHASH(hash)), nc_hash) { 1811 if (rncp == ncp && cache_ncp_match(rncp, dvp, cnp)) 1812 break; 1813 } 1814 if (rncp == NULL) 1815 goto out_mismatch; 1816 1817 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1818 rvlp = VP2VNODELOCK(rncp->nc_vp); 1819 else 1820 rvlp = NULL; 1821 if (rvlp != vlp) 1822 goto out_mismatch; 1823 1824 cache_zap_locked(rncp); 1825 mtx_unlock(blp); 1826 cache_unlock_vnodes(dvlp, vlp); 1827 atomic_add_long(&zap_bucket_relock_success, 1); 1828 return (0); 1829 1830 out_mismatch: 1831 mtx_unlock(blp); 1832 cache_unlock_vnodes(dvlp, vlp); 1833 return (EAGAIN); 1834 } 1835 1836 static int __noinline 1837 cache_zap_locked_bucket(struct namecache *ncp, struct componentname *cnp, 1838 uint32_t hash, struct mtx *blp) 1839 { 1840 struct mtx *dvlp, *vlp; 1841 struct vnode *dvp; 1842 1843 cache_assert_bucket_locked(ncp); 1844 1845 dvlp = VP2VNODELOCK(ncp->nc_dvp); 1846 vlp = NULL; 1847 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1848 vlp = VP2VNODELOCK(ncp->nc_vp); 1849 if (cache_trylock_vnodes(dvlp, vlp) == 0) { 1850 cache_zap_locked(ncp); 1851 mtx_unlock(blp); 1852 cache_unlock_vnodes(dvlp, vlp); 1853 return (0); 1854 } 1855 1856 dvp = ncp->nc_dvp; 1857 mtx_unlock(blp); 1858 return (cache_zap_unlocked_bucket(ncp, cnp, dvp, dvlp, vlp, hash, blp)); 1859 } 1860 1861 static __noinline int 1862 cache_remove_cnp(struct vnode *dvp, struct componentname *cnp) 1863 { 1864 struct namecache *ncp; 1865 struct mtx *blp; 1866 struct mtx *dvlp, *dvlp2; 1867 uint32_t hash; 1868 int error; 1869 1870 if (cnp->cn_namelen == 2 && 1871 cnp->cn_nameptr[0] == '.' && cnp->cn_nameptr[1] == '.') { 1872 dvlp = VP2VNODELOCK(dvp); 1873 dvlp2 = NULL; 1874 mtx_lock(dvlp); 1875 retry_dotdot: 1876 ncp = dvp->v_cache_dd; 1877 if (ncp == NULL) { 1878 mtx_unlock(dvlp); 1879 if (dvlp2 != NULL) 1880 mtx_unlock(dvlp2); 1881 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp); 1882 return (0); 1883 } 1884 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) { 1885 if (!cache_zap_locked_vnode_kl2(ncp, dvp, &dvlp2)) 1886 goto retry_dotdot; 1887 MPASS(dvp->v_cache_dd == NULL); 1888 mtx_unlock(dvlp); 1889 if (dvlp2 != NULL) 1890 mtx_unlock(dvlp2); 1891 cache_free(ncp); 1892 } else { 1893 atomic_store_ptr(&dvp->v_cache_dd, NULL); 1894 mtx_unlock(dvlp); 1895 if (dvlp2 != NULL) 1896 mtx_unlock(dvlp2); 1897 } 1898 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp); 1899 return (1); 1900 } 1901 1902 /* 1903 * XXX note that access here is completely unlocked with no provisions 1904 * to keep the hash allocated. If one is sufficiently unlucky a 1905 * parallel cache resize can reallocate the hash, unmap backing pages 1906 * and cause the empty check below to fault. 1907 * 1908 * Fixing this has epsilon priority, but can be done with no overhead 1909 * for this codepath with sufficient effort. 1910 */ 1911 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 1912 blp = HASH2BUCKETLOCK(hash); 1913 retry: 1914 if (CK_SLIST_EMPTY(NCHHASH(hash))) 1915 goto out_no_entry; 1916 1917 mtx_lock(blp); 1918 ncp = cache_ncp_find(dvp, cnp, hash); 1919 if (ncp == NULL) { 1920 mtx_unlock(blp); 1921 goto out_no_entry; 1922 } 1923 1924 error = cache_zap_locked_bucket(ncp, cnp, hash, blp); 1925 if (__predict_false(error != 0)) { 1926 atomic_add_long(&zap_bucket_fail, 1); 1927 goto retry; 1928 } 1929 counter_u64_add(numposzaps, 1); 1930 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp); 1931 cache_free(ncp); 1932 return (1); 1933 out_no_entry: 1934 counter_u64_add(nummisszap, 1); 1935 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp); 1936 return (0); 1937 } 1938 1939 static int __noinline 1940 cache_lookup_dot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 1941 struct timespec *tsp, int *ticksp) 1942 { 1943 int ltype; 1944 1945 *vpp = dvp; 1946 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ".", *vpp); 1947 if (tsp != NULL) 1948 timespecclear(tsp); 1949 if (ticksp != NULL) 1950 *ticksp = ticks; 1951 vrefact(*vpp); 1952 /* 1953 * When we lookup "." we still can be asked to lock it 1954 * differently... 1955 */ 1956 ltype = cnp->cn_lkflags & LK_TYPE_MASK; 1957 if (ltype != VOP_ISLOCKED(*vpp)) { 1958 if (ltype == LK_EXCLUSIVE) { 1959 vn_lock(*vpp, LK_UPGRADE | LK_RETRY); 1960 if (VN_IS_DOOMED((*vpp))) { 1961 /* forced unmount */ 1962 vrele(*vpp); 1963 *vpp = NULL; 1964 return (ENOENT); 1965 } 1966 } else 1967 vn_lock(*vpp, LK_DOWNGRADE | LK_RETRY); 1968 } 1969 return (-1); 1970 } 1971 1972 static int __noinline 1973 cache_lookup_dotdot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 1974 struct timespec *tsp, int *ticksp) 1975 { 1976 struct namecache_ts *ncp_ts; 1977 struct namecache *ncp; 1978 struct mtx *dvlp; 1979 enum vgetstate vs; 1980 int error, ltype; 1981 bool whiteout; 1982 1983 MPASS((cnp->cn_flags & ISDOTDOT) != 0); 1984 1985 if ((cnp->cn_flags & MAKEENTRY) == 0) { 1986 cache_remove_cnp(dvp, cnp); 1987 return (0); 1988 } 1989 1990 retry: 1991 dvlp = VP2VNODELOCK(dvp); 1992 mtx_lock(dvlp); 1993 ncp = dvp->v_cache_dd; 1994 if (ncp == NULL) { 1995 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, ".."); 1996 mtx_unlock(dvlp); 1997 return (0); 1998 } 1999 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) { 2000 if (ncp->nc_flag & NCF_NEGATIVE) 2001 *vpp = NULL; 2002 else 2003 *vpp = ncp->nc_vp; 2004 } else 2005 *vpp = ncp->nc_dvp; 2006 if (*vpp == NULL) 2007 goto negative_success; 2008 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, "..", *vpp); 2009 cache_out_ts(ncp, tsp, ticksp); 2010 if ((ncp->nc_flag & (NCF_ISDOTDOT | NCF_DTS)) == 2011 NCF_DTS && tsp != NULL) { 2012 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 2013 *tsp = ncp_ts->nc_dotdottime; 2014 } 2015 2016 MPASS(dvp != *vpp); 2017 ltype = VOP_ISLOCKED(dvp); 2018 VOP_UNLOCK(dvp); 2019 vs = vget_prep(*vpp); 2020 mtx_unlock(dvlp); 2021 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2022 vn_lock(dvp, ltype | LK_RETRY); 2023 if (VN_IS_DOOMED(dvp)) { 2024 if (error == 0) 2025 vput(*vpp); 2026 *vpp = NULL; 2027 return (ENOENT); 2028 } 2029 if (error) { 2030 *vpp = NULL; 2031 goto retry; 2032 } 2033 return (-1); 2034 negative_success: 2035 if (__predict_false(cnp->cn_nameiop == CREATE)) { 2036 if (cnp->cn_flags & ISLASTCN) { 2037 counter_u64_add(numnegzaps, 1); 2038 cache_zap_negative_locked_vnode_kl(ncp, dvp); 2039 mtx_unlock(dvlp); 2040 cache_free(ncp); 2041 return (0); 2042 } 2043 } 2044 2045 whiteout = (ncp->nc_flag & NCF_WHITE); 2046 cache_out_ts(ncp, tsp, ticksp); 2047 if (cache_neg_hit_prep(ncp)) 2048 cache_neg_promote(ncp); 2049 else 2050 cache_neg_hit_finish(ncp); 2051 mtx_unlock(dvlp); 2052 if (whiteout) 2053 cnp->cn_flags |= ISWHITEOUT; 2054 return (ENOENT); 2055 } 2056 2057 /** 2058 * Lookup a name in the name cache 2059 * 2060 * # Arguments 2061 * 2062 * - dvp: Parent directory in which to search. 2063 * - vpp: Return argument. Will contain desired vnode on cache hit. 2064 * - cnp: Parameters of the name search. The most interesting bits of 2065 * the cn_flags field have the following meanings: 2066 * - MAKEENTRY: If clear, free an entry from the cache rather than look 2067 * it up. 2068 * - ISDOTDOT: Must be set if and only if cn_nameptr == ".." 2069 * - tsp: Return storage for cache timestamp. On a successful (positive 2070 * or negative) lookup, tsp will be filled with any timespec that 2071 * was stored when this cache entry was created. However, it will 2072 * be clear for "." entries. 2073 * - ticks: Return storage for alternate cache timestamp. On a successful 2074 * (positive or negative) lookup, it will contain the ticks value 2075 * that was current when the cache entry was created, unless cnp 2076 * was ".". 2077 * 2078 * Either both tsp and ticks have to be provided or neither of them. 2079 * 2080 * # Returns 2081 * 2082 * - -1: A positive cache hit. vpp will contain the desired vnode. 2083 * - ENOENT: A negative cache hit, or dvp was recycled out from under us due 2084 * to a forced unmount. vpp will not be modified. If the entry 2085 * is a whiteout, then the ISWHITEOUT flag will be set in 2086 * cnp->cn_flags. 2087 * - 0: A cache miss. vpp will not be modified. 2088 * 2089 * # Locking 2090 * 2091 * On a cache hit, vpp will be returned locked and ref'd. If we're looking up 2092 * .., dvp is unlocked. If we're looking up . an extra ref is taken, but the 2093 * lock is not recursively acquired. 2094 */ 2095 static int __noinline 2096 cache_lookup_fallback(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 2097 struct timespec *tsp, int *ticksp) 2098 { 2099 struct namecache *ncp; 2100 struct mtx *blp; 2101 uint32_t hash; 2102 enum vgetstate vs; 2103 int error; 2104 bool whiteout; 2105 2106 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 2107 MPASS((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) != 0); 2108 2109 retry: 2110 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 2111 blp = HASH2BUCKETLOCK(hash); 2112 mtx_lock(blp); 2113 2114 ncp = cache_ncp_find(dvp, cnp, hash); 2115 if (__predict_false(ncp == NULL)) { 2116 mtx_unlock(blp); 2117 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr); 2118 counter_u64_add(nummiss, 1); 2119 return (0); 2120 } 2121 2122 if (ncp->nc_flag & NCF_NEGATIVE) 2123 goto negative_success; 2124 2125 counter_u64_add(numposhits, 1); 2126 *vpp = ncp->nc_vp; 2127 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp); 2128 cache_out_ts(ncp, tsp, ticksp); 2129 MPASS(dvp != *vpp); 2130 vs = vget_prep(*vpp); 2131 mtx_unlock(blp); 2132 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2133 if (error) { 2134 *vpp = NULL; 2135 goto retry; 2136 } 2137 return (-1); 2138 negative_success: 2139 /* 2140 * We don't get here with regular lookup apart from corner cases. 2141 */ 2142 if (__predict_true(cnp->cn_nameiop == CREATE)) { 2143 if (cnp->cn_flags & ISLASTCN) { 2144 counter_u64_add(numnegzaps, 1); 2145 error = cache_zap_locked_bucket(ncp, cnp, hash, blp); 2146 if (__predict_false(error != 0)) { 2147 atomic_add_long(&zap_bucket_fail2, 1); 2148 goto retry; 2149 } 2150 cache_free(ncp); 2151 return (0); 2152 } 2153 } 2154 2155 whiteout = (ncp->nc_flag & NCF_WHITE); 2156 cache_out_ts(ncp, tsp, ticksp); 2157 if (cache_neg_hit_prep(ncp)) 2158 cache_neg_promote(ncp); 2159 else 2160 cache_neg_hit_finish(ncp); 2161 mtx_unlock(blp); 2162 if (whiteout) 2163 cnp->cn_flags |= ISWHITEOUT; 2164 return (ENOENT); 2165 } 2166 2167 int 2168 cache_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 2169 struct timespec *tsp, int *ticksp) 2170 { 2171 struct namecache *ncp; 2172 uint32_t hash; 2173 enum vgetstate vs; 2174 int error; 2175 bool whiteout, neg_promote; 2176 u_short nc_flag; 2177 2178 MPASS((tsp == NULL && ticksp == NULL) || (tsp != NULL && ticksp != NULL)); 2179 2180 #ifdef DEBUG_CACHE 2181 if (__predict_false(!doingcache)) { 2182 cnp->cn_flags &= ~MAKEENTRY; 2183 return (0); 2184 } 2185 #endif 2186 2187 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 2188 if (cnp->cn_namelen == 1) 2189 return (cache_lookup_dot(dvp, vpp, cnp, tsp, ticksp)); 2190 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') 2191 return (cache_lookup_dotdot(dvp, vpp, cnp, tsp, ticksp)); 2192 } 2193 2194 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 2195 2196 if ((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) == 0) { 2197 cache_remove_cnp(dvp, cnp); 2198 return (0); 2199 } 2200 2201 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 2202 vfs_smr_enter(); 2203 2204 ncp = cache_ncp_find(dvp, cnp, hash); 2205 if (__predict_false(ncp == NULL)) { 2206 vfs_smr_exit(); 2207 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr); 2208 counter_u64_add(nummiss, 1); 2209 return (0); 2210 } 2211 2212 nc_flag = atomic_load_char(&ncp->nc_flag); 2213 if (nc_flag & NCF_NEGATIVE) 2214 goto negative_success; 2215 2216 counter_u64_add(numposhits, 1); 2217 *vpp = ncp->nc_vp; 2218 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp); 2219 cache_out_ts(ncp, tsp, ticksp); 2220 MPASS(dvp != *vpp); 2221 if (!cache_ncp_canuse(ncp)) { 2222 vfs_smr_exit(); 2223 *vpp = NULL; 2224 goto out_fallback; 2225 } 2226 vs = vget_prep_smr(*vpp); 2227 vfs_smr_exit(); 2228 if (__predict_false(vs == VGET_NONE)) { 2229 *vpp = NULL; 2230 goto out_fallback; 2231 } 2232 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2233 if (error) { 2234 *vpp = NULL; 2235 goto out_fallback; 2236 } 2237 return (-1); 2238 negative_success: 2239 if (cnp->cn_nameiop == CREATE) { 2240 if (cnp->cn_flags & ISLASTCN) { 2241 vfs_smr_exit(); 2242 goto out_fallback; 2243 } 2244 } 2245 2246 cache_out_ts(ncp, tsp, ticksp); 2247 whiteout = (atomic_load_char(&ncp->nc_flag) & NCF_WHITE); 2248 neg_promote = cache_neg_hit_prep(ncp); 2249 if (!cache_ncp_canuse(ncp)) { 2250 cache_neg_hit_abort(ncp); 2251 vfs_smr_exit(); 2252 goto out_fallback; 2253 } 2254 if (neg_promote) { 2255 vfs_smr_exit(); 2256 if (!cache_neg_promote_cond(dvp, cnp, ncp, hash)) 2257 goto out_fallback; 2258 } else { 2259 cache_neg_hit_finish(ncp); 2260 vfs_smr_exit(); 2261 } 2262 if (whiteout) 2263 cnp->cn_flags |= ISWHITEOUT; 2264 return (ENOENT); 2265 out_fallback: 2266 return (cache_lookup_fallback(dvp, vpp, cnp, tsp, ticksp)); 2267 } 2268 2269 struct celockstate { 2270 struct mtx *vlp[3]; 2271 struct mtx *blp[2]; 2272 }; 2273 CTASSERT((nitems(((struct celockstate *)0)->vlp) == 3)); 2274 CTASSERT((nitems(((struct celockstate *)0)->blp) == 2)); 2275 2276 static inline void 2277 cache_celockstate_init(struct celockstate *cel) 2278 { 2279 2280 bzero(cel, sizeof(*cel)); 2281 } 2282 2283 static void 2284 cache_lock_vnodes_cel(struct celockstate *cel, struct vnode *vp, 2285 struct vnode *dvp) 2286 { 2287 struct mtx *vlp1, *vlp2; 2288 2289 MPASS(cel->vlp[0] == NULL); 2290 MPASS(cel->vlp[1] == NULL); 2291 MPASS(cel->vlp[2] == NULL); 2292 2293 MPASS(vp != NULL || dvp != NULL); 2294 2295 vlp1 = VP2VNODELOCK(vp); 2296 vlp2 = VP2VNODELOCK(dvp); 2297 cache_sort_vnodes(&vlp1, &vlp2); 2298 2299 if (vlp1 != NULL) { 2300 mtx_lock(vlp1); 2301 cel->vlp[0] = vlp1; 2302 } 2303 mtx_lock(vlp2); 2304 cel->vlp[1] = vlp2; 2305 } 2306 2307 static void 2308 cache_unlock_vnodes_cel(struct celockstate *cel) 2309 { 2310 2311 MPASS(cel->vlp[0] != NULL || cel->vlp[1] != NULL); 2312 2313 if (cel->vlp[0] != NULL) 2314 mtx_unlock(cel->vlp[0]); 2315 if (cel->vlp[1] != NULL) 2316 mtx_unlock(cel->vlp[1]); 2317 if (cel->vlp[2] != NULL) 2318 mtx_unlock(cel->vlp[2]); 2319 } 2320 2321 static bool 2322 cache_lock_vnodes_cel_3(struct celockstate *cel, struct vnode *vp) 2323 { 2324 struct mtx *vlp; 2325 bool ret; 2326 2327 cache_assert_vlp_locked(cel->vlp[0]); 2328 cache_assert_vlp_locked(cel->vlp[1]); 2329 MPASS(cel->vlp[2] == NULL); 2330 2331 MPASS(vp != NULL); 2332 vlp = VP2VNODELOCK(vp); 2333 2334 ret = true; 2335 if (vlp >= cel->vlp[1]) { 2336 mtx_lock(vlp); 2337 } else { 2338 if (mtx_trylock(vlp)) 2339 goto out; 2340 cache_unlock_vnodes_cel(cel); 2341 atomic_add_long(&cache_lock_vnodes_cel_3_failures, 1); 2342 if (vlp < cel->vlp[0]) { 2343 mtx_lock(vlp); 2344 mtx_lock(cel->vlp[0]); 2345 mtx_lock(cel->vlp[1]); 2346 } else { 2347 if (cel->vlp[0] != NULL) 2348 mtx_lock(cel->vlp[0]); 2349 mtx_lock(vlp); 2350 mtx_lock(cel->vlp[1]); 2351 } 2352 ret = false; 2353 } 2354 out: 2355 cel->vlp[2] = vlp; 2356 return (ret); 2357 } 2358 2359 static void 2360 cache_lock_buckets_cel(struct celockstate *cel, struct mtx *blp1, 2361 struct mtx *blp2) 2362 { 2363 2364 MPASS(cel->blp[0] == NULL); 2365 MPASS(cel->blp[1] == NULL); 2366 2367 cache_sort_vnodes(&blp1, &blp2); 2368 2369 if (blp1 != NULL) { 2370 mtx_lock(blp1); 2371 cel->blp[0] = blp1; 2372 } 2373 mtx_lock(blp2); 2374 cel->blp[1] = blp2; 2375 } 2376 2377 static void 2378 cache_unlock_buckets_cel(struct celockstate *cel) 2379 { 2380 2381 if (cel->blp[0] != NULL) 2382 mtx_unlock(cel->blp[0]); 2383 mtx_unlock(cel->blp[1]); 2384 } 2385 2386 /* 2387 * Lock part of the cache affected by the insertion. 2388 * 2389 * This means vnodelocks for dvp, vp and the relevant bucketlock. 2390 * However, insertion can result in removal of an old entry. In this 2391 * case we have an additional vnode and bucketlock pair to lock. 2392 * 2393 * That is, in the worst case we have to lock 3 vnodes and 2 bucketlocks, while 2394 * preserving the locking order (smaller address first). 2395 */ 2396 static void 2397 cache_enter_lock(struct celockstate *cel, struct vnode *dvp, struct vnode *vp, 2398 uint32_t hash) 2399 { 2400 struct namecache *ncp; 2401 struct mtx *blps[2]; 2402 u_char nc_flag; 2403 2404 blps[0] = HASH2BUCKETLOCK(hash); 2405 for (;;) { 2406 blps[1] = NULL; 2407 cache_lock_vnodes_cel(cel, dvp, vp); 2408 if (vp == NULL || vp->v_type != VDIR) 2409 break; 2410 ncp = atomic_load_consume_ptr(&vp->v_cache_dd); 2411 if (ncp == NULL) 2412 break; 2413 nc_flag = atomic_load_char(&ncp->nc_flag); 2414 if ((nc_flag & NCF_ISDOTDOT) == 0) 2415 break; 2416 MPASS(ncp->nc_dvp == vp); 2417 blps[1] = NCP2BUCKETLOCK(ncp); 2418 if ((nc_flag & NCF_NEGATIVE) != 0) 2419 break; 2420 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp)) 2421 break; 2422 /* 2423 * All vnodes got re-locked. Re-validate the state and if 2424 * nothing changed we are done. Otherwise restart. 2425 */ 2426 if (ncp == vp->v_cache_dd && 2427 (ncp->nc_flag & NCF_ISDOTDOT) != 0 && 2428 blps[1] == NCP2BUCKETLOCK(ncp) && 2429 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2]) 2430 break; 2431 cache_unlock_vnodes_cel(cel); 2432 cel->vlp[0] = NULL; 2433 cel->vlp[1] = NULL; 2434 cel->vlp[2] = NULL; 2435 } 2436 cache_lock_buckets_cel(cel, blps[0], blps[1]); 2437 } 2438 2439 static void 2440 cache_enter_lock_dd(struct celockstate *cel, struct vnode *dvp, struct vnode *vp, 2441 uint32_t hash) 2442 { 2443 struct namecache *ncp; 2444 struct mtx *blps[2]; 2445 u_char nc_flag; 2446 2447 blps[0] = HASH2BUCKETLOCK(hash); 2448 for (;;) { 2449 blps[1] = NULL; 2450 cache_lock_vnodes_cel(cel, dvp, vp); 2451 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd); 2452 if (ncp == NULL) 2453 break; 2454 nc_flag = atomic_load_char(&ncp->nc_flag); 2455 if ((nc_flag & NCF_ISDOTDOT) == 0) 2456 break; 2457 MPASS(ncp->nc_dvp == dvp); 2458 blps[1] = NCP2BUCKETLOCK(ncp); 2459 if ((nc_flag & NCF_NEGATIVE) != 0) 2460 break; 2461 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp)) 2462 break; 2463 if (ncp == dvp->v_cache_dd && 2464 (ncp->nc_flag & NCF_ISDOTDOT) != 0 && 2465 blps[1] == NCP2BUCKETLOCK(ncp) && 2466 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2]) 2467 break; 2468 cache_unlock_vnodes_cel(cel); 2469 cel->vlp[0] = NULL; 2470 cel->vlp[1] = NULL; 2471 cel->vlp[2] = NULL; 2472 } 2473 cache_lock_buckets_cel(cel, blps[0], blps[1]); 2474 } 2475 2476 static void 2477 cache_enter_unlock(struct celockstate *cel) 2478 { 2479 2480 cache_unlock_buckets_cel(cel); 2481 cache_unlock_vnodes_cel(cel); 2482 } 2483 2484 static void __noinline 2485 cache_enter_dotdot_prep(struct vnode *dvp, struct vnode *vp, 2486 struct componentname *cnp) 2487 { 2488 struct celockstate cel; 2489 struct namecache *ncp; 2490 uint32_t hash; 2491 int len; 2492 2493 if (atomic_load_ptr(&dvp->v_cache_dd) == NULL) 2494 return; 2495 len = cnp->cn_namelen; 2496 cache_celockstate_init(&cel); 2497 hash = cache_get_hash(cnp->cn_nameptr, len, dvp); 2498 cache_enter_lock_dd(&cel, dvp, vp, hash); 2499 ncp = dvp->v_cache_dd; 2500 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT)) { 2501 KASSERT(ncp->nc_dvp == dvp, ("wrong isdotdot parent")); 2502 cache_zap_locked(ncp); 2503 } else { 2504 ncp = NULL; 2505 } 2506 atomic_store_ptr(&dvp->v_cache_dd, NULL); 2507 cache_enter_unlock(&cel); 2508 if (ncp != NULL) 2509 cache_free(ncp); 2510 } 2511 2512 /* 2513 * Add an entry to the cache. 2514 */ 2515 void 2516 cache_enter_time(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, 2517 struct timespec *tsp, struct timespec *dtsp) 2518 { 2519 struct celockstate cel; 2520 struct namecache *ncp, *n2, *ndd; 2521 struct namecache_ts *ncp_ts; 2522 uint32_t hash; 2523 int flag; 2524 int len; 2525 2526 KASSERT(cnp->cn_namelen <= NAME_MAX, 2527 ("%s: passed len %ld exceeds NAME_MAX (%d)", __func__, cnp->cn_namelen, 2528 NAME_MAX)); 2529 VNPASS(!VN_IS_DOOMED(dvp), dvp); 2530 VNPASS(dvp->v_type != VNON, dvp); 2531 if (vp != NULL) { 2532 VNPASS(!VN_IS_DOOMED(vp), vp); 2533 VNPASS(vp->v_type != VNON, vp); 2534 } 2535 if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') { 2536 KASSERT(dvp == vp, 2537 ("%s: different vnodes for dot entry (%p; %p)\n", __func__, 2538 dvp, vp)); 2539 } else { 2540 KASSERT(dvp != vp, 2541 ("%s: same vnode for non-dot entry [%s] (%p)\n", __func__, 2542 cnp->cn_nameptr, dvp)); 2543 } 2544 2545 #ifdef DEBUG_CACHE 2546 if (__predict_false(!doingcache)) 2547 return; 2548 #endif 2549 2550 flag = 0; 2551 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 2552 if (cnp->cn_namelen == 1) 2553 return; 2554 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') { 2555 cache_enter_dotdot_prep(dvp, vp, cnp); 2556 flag = NCF_ISDOTDOT; 2557 } 2558 } 2559 2560 ncp = cache_alloc(cnp->cn_namelen, tsp != NULL); 2561 if (ncp == NULL) 2562 return; 2563 2564 cache_celockstate_init(&cel); 2565 ndd = NULL; 2566 ncp_ts = NULL; 2567 2568 /* 2569 * Calculate the hash key and setup as much of the new 2570 * namecache entry as possible before acquiring the lock. 2571 */ 2572 ncp->nc_flag = flag | NCF_WIP; 2573 ncp->nc_vp = vp; 2574 if (vp == NULL) 2575 cache_neg_init(ncp); 2576 ncp->nc_dvp = dvp; 2577 if (tsp != NULL) { 2578 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 2579 ncp_ts->nc_time = *tsp; 2580 ncp_ts->nc_ticks = ticks; 2581 ncp_ts->nc_nc.nc_flag |= NCF_TS; 2582 if (dtsp != NULL) { 2583 ncp_ts->nc_dotdottime = *dtsp; 2584 ncp_ts->nc_nc.nc_flag |= NCF_DTS; 2585 } 2586 } 2587 len = ncp->nc_nlen = cnp->cn_namelen; 2588 hash = cache_get_hash(cnp->cn_nameptr, len, dvp); 2589 memcpy(ncp->nc_name, cnp->cn_nameptr, len); 2590 ncp->nc_name[len] = '\0'; 2591 cache_enter_lock(&cel, dvp, vp, hash); 2592 2593 /* 2594 * See if this vnode or negative entry is already in the cache 2595 * with this name. This can happen with concurrent lookups of 2596 * the same path name. 2597 */ 2598 n2 = cache_ncp_find(dvp, cnp, hash); 2599 if (n2 != NULL) { 2600 MPASS(cache_ncp_canuse(n2)); 2601 if ((n2->nc_flag & NCF_NEGATIVE) != 0) 2602 KASSERT(vp == NULL, 2603 ("%s: found entry pointing to a different vnode " 2604 "(%p != %p); name [%s]", 2605 __func__, NULL, vp, cnp->cn_nameptr)); 2606 else 2607 KASSERT(n2->nc_vp == vp, 2608 ("%s: found entry pointing to a different vnode " 2609 "(%p != %p); name [%s]", 2610 __func__, n2->nc_vp, vp, cnp->cn_nameptr)); 2611 /* 2612 * Entries are supposed to be immutable unless in the 2613 * process of getting destroyed. Accommodating for 2614 * changing timestamps is possible but not worth it. 2615 * This should be harmless in terms of correctness, in 2616 * the worst case resulting in an earlier expiration. 2617 * Alternatively, the found entry can be replaced 2618 * altogether. 2619 */ 2620 MPASS((n2->nc_flag & (NCF_TS | NCF_DTS)) == 2621 (ncp->nc_flag & (NCF_TS | NCF_DTS))); 2622 #if 0 2623 if (tsp != NULL) { 2624 KASSERT((n2->nc_flag & NCF_TS) != 0, 2625 ("no NCF_TS")); 2626 n2_ts = __containerof(n2, struct namecache_ts, nc_nc); 2627 n2_ts->nc_time = ncp_ts->nc_time; 2628 n2_ts->nc_ticks = ncp_ts->nc_ticks; 2629 if (dtsp != NULL) { 2630 n2_ts->nc_dotdottime = ncp_ts->nc_dotdottime; 2631 n2_ts->nc_nc.nc_flag |= NCF_DTS; 2632 } 2633 } 2634 #endif 2635 SDT_PROBE3(vfs, namecache, enter, duplicate, dvp, ncp->nc_name, 2636 vp); 2637 goto out_unlock_free; 2638 } 2639 2640 if (flag == NCF_ISDOTDOT) { 2641 /* 2642 * See if we are trying to add .. entry, but some other lookup 2643 * has populated v_cache_dd pointer already. 2644 */ 2645 if (dvp->v_cache_dd != NULL) 2646 goto out_unlock_free; 2647 KASSERT(vp == NULL || vp->v_type == VDIR, 2648 ("wrong vnode type %p", vp)); 2649 atomic_thread_fence_rel(); 2650 atomic_store_ptr(&dvp->v_cache_dd, ncp); 2651 } else if (vp != NULL) { 2652 /* 2653 * Take the slow path in INOTIFY(). This flag will be lazily 2654 * cleared by cache_vop_inotify() once all directories referring 2655 * to vp are unwatched. 2656 */ 2657 if (__predict_false((vn_irflag_read(dvp) & VIRF_INOTIFY) != 0)) 2658 vn_irflag_set_cond(vp, VIRF_INOTIFY_PARENT); 2659 2660 /* 2661 * For this case, the cache entry maps both the 2662 * directory name in it and the name ".." for the 2663 * directory's parent. 2664 */ 2665 if ((ndd = vp->v_cache_dd) != NULL) { 2666 if ((ndd->nc_flag & NCF_ISDOTDOT) != 0) 2667 cache_zap_locked(ndd); 2668 else 2669 ndd = NULL; 2670 } 2671 atomic_thread_fence_rel(); 2672 atomic_store_ptr(&vp->v_cache_dd, ncp); 2673 } 2674 2675 if (flag != NCF_ISDOTDOT) { 2676 if (LIST_EMPTY(&dvp->v_cache_src)) { 2677 cache_hold_vnode(dvp); 2678 } 2679 LIST_INSERT_HEAD(&dvp->v_cache_src, ncp, nc_src); 2680 } 2681 2682 /* 2683 * If the entry is "negative", we place it into the 2684 * "negative" cache queue, otherwise, we place it into the 2685 * destination vnode's cache entries queue. 2686 */ 2687 if (vp != NULL) { 2688 TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, nc_dst); 2689 SDT_PROBE3(vfs, namecache, enter, done, dvp, ncp->nc_name, 2690 vp); 2691 } else { 2692 if (cnp->cn_flags & ISWHITEOUT) 2693 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_WHITE); 2694 cache_neg_insert(ncp); 2695 SDT_PROBE2(vfs, namecache, enter_negative, done, dvp, 2696 ncp->nc_name); 2697 } 2698 2699 /* 2700 * Insert the new namecache entry into the appropriate chain 2701 * within the cache entries table. 2702 */ 2703 CK_SLIST_INSERT_HEAD(NCHHASH(hash), ncp, nc_hash); 2704 2705 atomic_thread_fence_rel(); 2706 /* 2707 * Mark the entry as fully constructed. 2708 * It is immutable past this point until its removal. 2709 */ 2710 atomic_store_char(&ncp->nc_flag, ncp->nc_flag & ~NCF_WIP); 2711 2712 cache_enter_unlock(&cel); 2713 if (ndd != NULL) 2714 cache_free(ndd); 2715 return; 2716 out_unlock_free: 2717 cache_enter_unlock(&cel); 2718 cache_free(ncp); 2719 return; 2720 } 2721 2722 /* 2723 * A variant of the above accepting flags. 2724 * 2725 * - VFS_CACHE_DROPOLD -- if a conflicting entry is found, drop it. 2726 * 2727 * TODO: this routine is a hack. It blindly removes the old entry, even if it 2728 * happens to match and it is doing it in an inefficient manner. It was added 2729 * to accommodate NFS which runs into a case where the target for a given name 2730 * may change from under it. Note this does nothing to solve the following 2731 * race: 2 callers of cache_enter_time_flags pass a different target vnode for 2732 * the same [dvp, cnp]. It may be argued that code doing this is broken. 2733 */ 2734 void 2735 cache_enter_time_flags(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, 2736 struct timespec *tsp, struct timespec *dtsp, int flags) 2737 { 2738 2739 MPASS((flags & ~(VFS_CACHE_DROPOLD)) == 0); 2740 2741 if (flags & VFS_CACHE_DROPOLD) 2742 cache_remove_cnp(dvp, cnp); 2743 cache_enter_time(dvp, vp, cnp, tsp, dtsp); 2744 } 2745 2746 static u_long 2747 cache_roundup_2(u_long val) 2748 { 2749 u_long res; 2750 2751 for (res = 1; res <= val; res <<= 1) 2752 continue; 2753 2754 return (res); 2755 } 2756 2757 static struct nchashhead * 2758 nchinittbl(u_long elements, u_long *hashmask) 2759 { 2760 struct nchashhead *hashtbl; 2761 u_long hashsize, i; 2762 2763 hashsize = cache_roundup_2(elements) / 2; 2764 2765 hashtbl = malloc(hashsize * sizeof(*hashtbl), M_VFSCACHE, M_WAITOK); 2766 for (i = 0; i < hashsize; i++) 2767 CK_SLIST_INIT(&hashtbl[i]); 2768 *hashmask = hashsize - 1; 2769 return (hashtbl); 2770 } 2771 2772 static void 2773 ncfreetbl(struct nchashhead *hashtbl) 2774 { 2775 2776 free(hashtbl, M_VFSCACHE); 2777 } 2778 2779 /* 2780 * Name cache initialization, from vfs_init() when we are booting 2781 */ 2782 static void 2783 nchinit(void *dummy __unused) 2784 { 2785 u_int i; 2786 2787 cache_zone_small = uma_zcreate("S VFS Cache", CACHE_ZONE_SMALL_SIZE, 2788 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2789 cache_zone_small_ts = uma_zcreate("STS VFS Cache", CACHE_ZONE_SMALL_TS_SIZE, 2790 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2791 cache_zone_large = uma_zcreate("L VFS Cache", CACHE_ZONE_LARGE_SIZE, 2792 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2793 cache_zone_large_ts = uma_zcreate("LTS VFS Cache", CACHE_ZONE_LARGE_TS_SIZE, 2794 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2795 2796 VFS_SMR_ZONE_SET(cache_zone_small); 2797 VFS_SMR_ZONE_SET(cache_zone_small_ts); 2798 VFS_SMR_ZONE_SET(cache_zone_large); 2799 VFS_SMR_ZONE_SET(cache_zone_large_ts); 2800 2801 ncsize = desiredvnodes * ncsizefactor; 2802 cache_recalc_neg_min(); 2803 nchashtbl = nchinittbl(ncsize, &nchash); 2804 ncbuckethash = cache_roundup_2(mp_ncpus * mp_ncpus) - 1; 2805 if (ncbuckethash < 7) /* arbitrarily chosen to avoid having one lock */ 2806 ncbuckethash = 7; 2807 if (ncbuckethash > nchash) 2808 ncbuckethash = nchash; 2809 bucketlocks = malloc(sizeof(*bucketlocks) * numbucketlocks, M_VFSCACHE, 2810 M_WAITOK | M_ZERO); 2811 for (i = 0; i < numbucketlocks; i++) 2812 mtx_init(&bucketlocks[i], "ncbuc", NULL, MTX_DUPOK | MTX_RECURSE); 2813 ncvnodehash = ncbuckethash; 2814 vnodelocks = malloc(sizeof(*vnodelocks) * numvnodelocks, M_VFSCACHE, 2815 M_WAITOK | M_ZERO); 2816 for (i = 0; i < numvnodelocks; i++) 2817 mtx_init(&vnodelocks[i], "ncvn", NULL, MTX_DUPOK | MTX_RECURSE); 2818 2819 for (i = 0; i < numneglists; i++) { 2820 mtx_init(&neglists[i].nl_evict_lock, "ncnege", NULL, MTX_DEF); 2821 mtx_init(&neglists[i].nl_lock, "ncnegl", NULL, MTX_DEF); 2822 TAILQ_INIT(&neglists[i].nl_list); 2823 TAILQ_INIT(&neglists[i].nl_hotlist); 2824 } 2825 } 2826 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nchinit, NULL); 2827 2828 void 2829 cache_vnode_init(struct vnode *vp) 2830 { 2831 2832 LIST_INIT(&vp->v_cache_src); 2833 TAILQ_INIT(&vp->v_cache_dst); 2834 vp->v_cache_dd = NULL; 2835 cache_prehash(vp); 2836 } 2837 2838 /* 2839 * Induce transient cache misses for lockless operation in cache_lookup() by 2840 * using a temporary hash table. 2841 * 2842 * This will force a fs lookup. 2843 * 2844 * Synchronisation is done in 2 steps, calling vfs_smr_synchronize each time 2845 * to observe all CPUs not performing the lookup. 2846 */ 2847 static void 2848 cache_changesize_set_temp(struct nchashhead *temptbl, u_long temphash) 2849 { 2850 2851 MPASS(temphash < nchash); 2852 /* 2853 * Change the size. The new size is smaller and can safely be used 2854 * against the existing table. All lookups which now hash wrong will 2855 * result in a cache miss, which all callers are supposed to know how 2856 * to handle. 2857 */ 2858 atomic_store_long(&nchash, temphash); 2859 atomic_thread_fence_rel(); 2860 vfs_smr_synchronize(); 2861 /* 2862 * At this point everyone sees the updated hash value, but they still 2863 * see the old table. 2864 */ 2865 atomic_store_ptr(&nchashtbl, temptbl); 2866 atomic_thread_fence_rel(); 2867 vfs_smr_synchronize(); 2868 /* 2869 * At this point everyone sees the updated table pointer and size pair. 2870 */ 2871 } 2872 2873 /* 2874 * Set the new hash table. 2875 * 2876 * Similarly to cache_changesize_set_temp(), this has to synchronize against 2877 * lockless operation in cache_lookup(). 2878 */ 2879 static void 2880 cache_changesize_set_new(struct nchashhead *new_tbl, u_long new_hash) 2881 { 2882 2883 MPASS(nchash < new_hash); 2884 /* 2885 * Change the pointer first. This wont result in out of bounds access 2886 * since the temporary table is guaranteed to be smaller. 2887 */ 2888 atomic_store_ptr(&nchashtbl, new_tbl); 2889 atomic_thread_fence_rel(); 2890 vfs_smr_synchronize(); 2891 /* 2892 * At this point everyone sees the updated pointer value, but they 2893 * still see the old size. 2894 */ 2895 atomic_store_long(&nchash, new_hash); 2896 atomic_thread_fence_rel(); 2897 vfs_smr_synchronize(); 2898 /* 2899 * At this point everyone sees the updated table pointer and size pair. 2900 */ 2901 } 2902 2903 void 2904 cache_changesize(u_long newmaxvnodes) 2905 { 2906 struct nchashhead *new_nchashtbl, *old_nchashtbl, *temptbl; 2907 u_long new_nchash, old_nchash, temphash; 2908 struct namecache *ncp; 2909 uint32_t hash; 2910 u_long newncsize; 2911 u_long i; 2912 2913 newncsize = newmaxvnodes * ncsizefactor; 2914 newmaxvnodes = cache_roundup_2(newmaxvnodes * 2); 2915 if (newmaxvnodes < numbucketlocks) 2916 newmaxvnodes = numbucketlocks; 2917 2918 new_nchashtbl = nchinittbl(newmaxvnodes, &new_nchash); 2919 /* If same hash table size, nothing to do */ 2920 if (nchash == new_nchash) { 2921 ncfreetbl(new_nchashtbl); 2922 return; 2923 } 2924 2925 temptbl = nchinittbl(1, &temphash); 2926 2927 /* 2928 * Move everything from the old hash table to the new table. 2929 * None of the namecache entries in the table can be removed 2930 * because to do so, they have to be removed from the hash table. 2931 */ 2932 cache_lock_all_vnodes(); 2933 cache_lock_all_buckets(); 2934 old_nchashtbl = nchashtbl; 2935 old_nchash = nchash; 2936 cache_changesize_set_temp(temptbl, temphash); 2937 for (i = 0; i <= old_nchash; i++) { 2938 while ((ncp = CK_SLIST_FIRST(&old_nchashtbl[i])) != NULL) { 2939 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, 2940 ncp->nc_dvp); 2941 CK_SLIST_REMOVE(&old_nchashtbl[i], ncp, namecache, nc_hash); 2942 CK_SLIST_INSERT_HEAD(&new_nchashtbl[hash & new_nchash], ncp, nc_hash); 2943 } 2944 } 2945 ncsize = newncsize; 2946 cache_recalc_neg_min(); 2947 cache_changesize_set_new(new_nchashtbl, new_nchash); 2948 cache_unlock_all_buckets(); 2949 cache_unlock_all_vnodes(); 2950 ncfreetbl(old_nchashtbl); 2951 ncfreetbl(temptbl); 2952 } 2953 2954 /* 2955 * Remove all entries from and to a particular vnode. 2956 */ 2957 static void 2958 cache_purge_impl(struct vnode *vp) 2959 { 2960 struct cache_freebatch batch; 2961 struct namecache *ncp; 2962 struct mtx *vlp, *vlp2; 2963 2964 TAILQ_INIT(&batch); 2965 vlp = VP2VNODELOCK(vp); 2966 vlp2 = NULL; 2967 mtx_lock(vlp); 2968 retry: 2969 while (!LIST_EMPTY(&vp->v_cache_src)) { 2970 ncp = LIST_FIRST(&vp->v_cache_src); 2971 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2972 goto retry; 2973 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2974 } 2975 while (!TAILQ_EMPTY(&vp->v_cache_dst)) { 2976 ncp = TAILQ_FIRST(&vp->v_cache_dst); 2977 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2978 goto retry; 2979 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2980 } 2981 ncp = vp->v_cache_dd; 2982 if (ncp != NULL) { 2983 KASSERT(ncp->nc_flag & NCF_ISDOTDOT, 2984 ("lost dotdot link")); 2985 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2986 goto retry; 2987 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2988 } 2989 KASSERT(vp->v_cache_dd == NULL, ("incomplete purge")); 2990 mtx_unlock(vlp); 2991 if (vlp2 != NULL) 2992 mtx_unlock(vlp2); 2993 cache_free_batch(&batch); 2994 } 2995 2996 /* 2997 * Opportunistic check to see if there is anything to do. 2998 */ 2999 static bool 3000 cache_has_entries(struct vnode *vp) 3001 { 3002 3003 if (LIST_EMPTY(&vp->v_cache_src) && TAILQ_EMPTY(&vp->v_cache_dst) && 3004 atomic_load_ptr(&vp->v_cache_dd) == NULL) 3005 return (false); 3006 return (true); 3007 } 3008 3009 void 3010 cache_purge(struct vnode *vp) 3011 { 3012 3013 SDT_PROBE1(vfs, namecache, purge, done, vp); 3014 if (!cache_has_entries(vp)) 3015 return; 3016 cache_purge_impl(vp); 3017 } 3018 3019 /* 3020 * Only to be used by vgone. 3021 */ 3022 void 3023 cache_purge_vgone(struct vnode *vp) 3024 { 3025 struct mtx *vlp; 3026 3027 VNPASS(VN_IS_DOOMED(vp), vp); 3028 if (cache_has_entries(vp)) { 3029 cache_purge_impl(vp); 3030 return; 3031 } 3032 3033 /* 3034 * Serialize against a potential thread doing cache_purge. 3035 */ 3036 vlp = VP2VNODELOCK(vp); 3037 mtx_wait_unlocked(vlp); 3038 if (cache_has_entries(vp)) { 3039 cache_purge_impl(vp); 3040 return; 3041 } 3042 return; 3043 } 3044 3045 /* 3046 * Remove all negative entries for a particular directory vnode. 3047 */ 3048 void 3049 cache_purge_negative(struct vnode *vp) 3050 { 3051 struct cache_freebatch batch; 3052 struct namecache *ncp, *nnp; 3053 struct mtx *vlp; 3054 3055 SDT_PROBE1(vfs, namecache, purge_negative, done, vp); 3056 if (LIST_EMPTY(&vp->v_cache_src)) 3057 return; 3058 TAILQ_INIT(&batch); 3059 vlp = VP2VNODELOCK(vp); 3060 mtx_lock(vlp); 3061 LIST_FOREACH_SAFE(ncp, &vp->v_cache_src, nc_src, nnp) { 3062 if (!(ncp->nc_flag & NCF_NEGATIVE)) 3063 continue; 3064 cache_zap_negative_locked_vnode_kl(ncp, vp); 3065 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 3066 } 3067 mtx_unlock(vlp); 3068 cache_free_batch(&batch); 3069 } 3070 3071 /* 3072 * Entry points for modifying VOP operations. 3073 */ 3074 void 3075 cache_vop_rename(struct vnode *fdvp, struct vnode *fvp, struct vnode *tdvp, 3076 struct vnode *tvp, struct componentname *fcnp, struct componentname *tcnp) 3077 { 3078 3079 ASSERT_VOP_IN_SEQC(fdvp); 3080 ASSERT_VOP_IN_SEQC(fvp); 3081 ASSERT_VOP_IN_SEQC(tdvp); 3082 if (tvp != NULL) 3083 ASSERT_VOP_IN_SEQC(tvp); 3084 3085 cache_purge(fvp); 3086 if (tvp != NULL) { 3087 cache_purge(tvp); 3088 KASSERT(!cache_remove_cnp(tdvp, tcnp), 3089 ("%s: lingering negative entry", __func__)); 3090 } else { 3091 cache_remove_cnp(tdvp, tcnp); 3092 } 3093 3094 /* 3095 * TODO 3096 * 3097 * Historically renaming was always purging all revelang entries, 3098 * but that's quite wasteful. In particular turns out that in many cases 3099 * the target file is immediately accessed after rename, inducing a cache 3100 * miss. 3101 * 3102 * Recode this to reduce relocking and reuse the existing entry (if any) 3103 * instead of just removing it above and allocating a new one here. 3104 */ 3105 cache_enter(tdvp, fvp, tcnp); 3106 } 3107 3108 void 3109 cache_vop_rmdir(struct vnode *dvp, struct vnode *vp) 3110 { 3111 3112 ASSERT_VOP_IN_SEQC(dvp); 3113 ASSERT_VOP_IN_SEQC(vp); 3114 cache_purge(vp); 3115 } 3116 3117 #ifdef INVARIANTS 3118 /* 3119 * Validate that if an entry exists it matches. 3120 */ 3121 void 3122 cache_validate(struct vnode *dvp, struct vnode *vp, struct componentname *cnp) 3123 { 3124 struct namecache *ncp; 3125 struct mtx *blp; 3126 uint32_t hash; 3127 3128 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 3129 if (CK_SLIST_EMPTY(NCHHASH(hash))) 3130 return; 3131 blp = HASH2BUCKETLOCK(hash); 3132 mtx_lock(blp); 3133 ncp = cache_ncp_find(dvp, cnp, hash); 3134 if (ncp != NULL && ncp->nc_vp != vp) { 3135 panic("%s: mismatch (%p != %p); ncp %p [%s] dvp %p\n", 3136 __func__, vp, ncp->nc_vp, ncp, ncp->nc_name, ncp->nc_dvp); 3137 } 3138 mtx_unlock(blp); 3139 } 3140 3141 void 3142 cache_assert_no_entries(struct vnode *vp) 3143 { 3144 3145 VNPASS(TAILQ_EMPTY(&vp->v_cache_dst), vp); 3146 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp); 3147 VNPASS(vp->v_cache_dd == NULL, vp); 3148 } 3149 #endif 3150 3151 /* 3152 * Flush all entries referencing a particular filesystem. 3153 */ 3154 void 3155 cache_purgevfs(struct mount *mp) 3156 { 3157 struct vnode *vp, *mvp; 3158 size_t visited __sdt_used, purged __sdt_used; 3159 3160 visited = purged = 0; 3161 /* 3162 * Somewhat wasteful iteration over all vnodes. Would be better to 3163 * support filtering and avoid the interlock to begin with. 3164 */ 3165 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 3166 visited++; 3167 if (!cache_has_entries(vp)) { 3168 VI_UNLOCK(vp); 3169 continue; 3170 } 3171 vholdl(vp); 3172 VI_UNLOCK(vp); 3173 cache_purge(vp); 3174 purged++; 3175 vdrop(vp); 3176 } 3177 3178 SDT_PROBE3(vfs, namecache, purgevfs, done, mp, visited, purged); 3179 } 3180 3181 /* 3182 * Perform canonical checks and cache lookup and pass on to filesystem 3183 * through the vop_cachedlookup only if needed. 3184 */ 3185 3186 int 3187 vfs_cache_lookup(struct vop_lookup_args *ap) 3188 { 3189 struct vnode *dvp; 3190 int error; 3191 struct vnode **vpp = ap->a_vpp; 3192 struct componentname *cnp = ap->a_cnp; 3193 int flags = cnp->cn_flags; 3194 3195 *vpp = NULL; 3196 dvp = ap->a_dvp; 3197 3198 if (dvp->v_type != VDIR) 3199 return (ENOTDIR); 3200 3201 if ((flags & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && 3202 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 3203 return (EROFS); 3204 3205 error = vn_dir_check_exec(dvp, cnp); 3206 if (error != 0) 3207 return (error); 3208 3209 error = cache_lookup(dvp, vpp, cnp, NULL, NULL); 3210 if (error == 0) 3211 return (VOP_CACHEDLOOKUP(dvp, vpp, cnp)); 3212 if (error == -1) 3213 return (0); 3214 return (error); 3215 } 3216 3217 /* Implementation of the getcwd syscall. */ 3218 int 3219 sys___getcwd(struct thread *td, struct __getcwd_args *uap) 3220 { 3221 char *buf, *retbuf; 3222 size_t buflen; 3223 int error; 3224 3225 buflen = uap->buflen; 3226 if (__predict_false(buflen < 2)) 3227 return (EINVAL); 3228 if (buflen > MAXPATHLEN) 3229 buflen = MAXPATHLEN; 3230 3231 buf = uma_zalloc(namei_zone, M_WAITOK); 3232 error = vn_getcwd(buf, &retbuf, &buflen); 3233 if (error == 0) 3234 error = copyout(retbuf, uap->buf, buflen); 3235 uma_zfree(namei_zone, buf); 3236 return (error); 3237 } 3238 3239 int 3240 vn_getcwd(char *buf, char **retbuf, size_t *buflen) 3241 { 3242 struct pwd *pwd; 3243 int error; 3244 3245 vfs_smr_enter(); 3246 pwd = pwd_get_smr(); 3247 error = vn_fullpath_any_smr(pwd->pwd_cdir, pwd->pwd_rdir, buf, retbuf, 3248 buflen, 0); 3249 VFS_SMR_ASSERT_NOT_ENTERED(); 3250 if (error < 0) { 3251 pwd = pwd_hold(curthread); 3252 error = vn_fullpath_any(pwd->pwd_cdir, pwd->pwd_rdir, buf, 3253 retbuf, buflen); 3254 pwd_drop(pwd); 3255 } 3256 3257 #ifdef KTRACE 3258 if (KTRPOINT(curthread, KTR_NAMEI) && error == 0) 3259 ktrnamei(*retbuf); 3260 #endif 3261 return (error); 3262 } 3263 3264 /* 3265 * Canonicalize a path by walking it forward and back. 3266 * 3267 * BUGS: 3268 * - Nothing guarantees the integrity of the entire chain. Consider the case 3269 * where the path "foo/bar/baz/qux" is passed, but "bar" is moved out of 3270 * "foo" into "quux" during the backwards walk. The result will be 3271 * "quux/bar/baz/qux", which could not have been obtained by an incremental 3272 * walk in userspace. Moreover, the path we return is inaccessible if the 3273 * calling thread lacks permission to traverse "quux". 3274 */ 3275 static int 3276 kern___realpathat(struct thread *td, int fd, const char *path, char *buf, 3277 size_t size, int flags, enum uio_seg pathseg) 3278 { 3279 struct nameidata nd; 3280 char *retbuf, *freebuf; 3281 int error; 3282 3283 if (flags != 0) 3284 return (EINVAL); 3285 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | WANTPARENT | AUDITVNODE1, 3286 pathseg, path, fd, &cap_fstat_rights); 3287 if ((error = namei(&nd)) != 0) 3288 return (error); 3289 3290 if (nd.ni_vp->v_type == VREG && nd.ni_dvp->v_type != VDIR && 3291 (nd.ni_vp->v_vflag & VV_ROOT) != 0) { 3292 struct vnode *covered_vp; 3293 3294 /* 3295 * This happens if vp is a file mount. The call to 3296 * vn_fullpath_hardlink can panic if path resolution can't be 3297 * handled without the directory. 3298 * 3299 * To resolve this, we find the vnode which was mounted on - 3300 * this should have a unique global path since we disallow 3301 * mounting on linked files. 3302 */ 3303 error = vn_lock(nd.ni_vp, LK_SHARED); 3304 if (error != 0) 3305 goto out; 3306 covered_vp = nd.ni_vp->v_mount->mnt_vnodecovered; 3307 vref(covered_vp); 3308 VOP_UNLOCK(nd.ni_vp); 3309 error = vn_fullpath(covered_vp, &retbuf, &freebuf); 3310 vrele(covered_vp); 3311 } else { 3312 error = vn_fullpath_hardlink(nd.ni_vp, nd.ni_dvp, 3313 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, &retbuf, 3314 &freebuf, &size); 3315 } 3316 if (error == 0) { 3317 size_t len; 3318 3319 len = strlen(retbuf) + 1; 3320 if (size < len) 3321 error = ENAMETOOLONG; 3322 else if (pathseg == UIO_USERSPACE) 3323 error = copyout(retbuf, buf, len); 3324 else 3325 memcpy(buf, retbuf, len); 3326 free(freebuf, M_TEMP); 3327 } 3328 out: 3329 vrele(nd.ni_vp); 3330 vrele(nd.ni_dvp); 3331 NDFREE_PNBUF(&nd); 3332 return (error); 3333 } 3334 3335 int 3336 sys___realpathat(struct thread *td, struct __realpathat_args *uap) 3337 { 3338 3339 return (kern___realpathat(td, uap->fd, uap->path, uap->buf, uap->size, 3340 uap->flags, UIO_USERSPACE)); 3341 } 3342 3343 static int 3344 vn_fullpath_up_to_pwd_vnode(struct vnode *vp, 3345 struct vnode *(*const get_pwd_vnode)(const struct pwd *), 3346 char **retbuf, char **freebuf) 3347 { 3348 struct pwd *pwd; 3349 char *buf; 3350 size_t buflen; 3351 int error; 3352 3353 if (__predict_false(vp == NULL)) 3354 return (EINVAL); 3355 3356 buflen = MAXPATHLEN; 3357 buf = malloc(buflen, M_TEMP, M_WAITOK); 3358 vfs_smr_enter(); 3359 pwd = pwd_get_smr(); 3360 error = vn_fullpath_any_smr(vp, get_pwd_vnode(pwd), buf, retbuf, 3361 &buflen, 0); 3362 VFS_SMR_ASSERT_NOT_ENTERED(); 3363 if (error < 0) { 3364 pwd = pwd_hold(curthread); 3365 error = vn_fullpath_any(vp, get_pwd_vnode(pwd), buf, retbuf, 3366 &buflen); 3367 pwd_drop(pwd); 3368 } 3369 if (error == 0) 3370 *freebuf = buf; 3371 else 3372 free(buf, M_TEMP); 3373 return (error); 3374 } 3375 3376 static inline struct vnode * 3377 get_rdir(const struct pwd *pwd) 3378 { 3379 return (pwd->pwd_rdir); 3380 } 3381 3382 /* 3383 * Produce a filesystem path that starts from the current chroot directory and 3384 * corresponds to the passed vnode, using the name cache (if available). 3385 */ 3386 int 3387 vn_fullpath(struct vnode *vp, char **retbuf, char **freebuf) 3388 { 3389 return (vn_fullpath_up_to_pwd_vnode(vp, get_rdir, retbuf, freebuf)); 3390 } 3391 3392 static inline struct vnode * 3393 get_jdir(const struct pwd *pwd) 3394 { 3395 return (pwd->pwd_jdir); 3396 } 3397 3398 /* 3399 * Produce a filesystem path that starts from the current jail's root directory 3400 * and corresponds to the passed vnode, using the name cache (if available). 3401 * 3402 * This function allows to ignore chroots done inside a jail (or the host), 3403 * allowing path checks to remain unaffected by privileged or unprivileged 3404 * chroot calls. 3405 */ 3406 int 3407 vn_fullpath_jail(struct vnode *vp, char **retbuf, char **freebuf) 3408 { 3409 return (vn_fullpath_up_to_pwd_vnode(vp, get_jdir, retbuf, freebuf)); 3410 } 3411 3412 /* 3413 * This function is similar to vn_fullpath, but it attempts to lookup the 3414 * pathname relative to the global root mount point. This is required for the 3415 * auditing sub-system, as audited pathnames must be absolute, relative to the 3416 * global root mount point. 3417 */ 3418 int 3419 vn_fullpath_global(struct vnode *vp, char **retbuf, char **freebuf) 3420 { 3421 char *buf; 3422 size_t buflen; 3423 int error; 3424 3425 if (__predict_false(vp == NULL)) 3426 return (EINVAL); 3427 buflen = MAXPATHLEN; 3428 buf = malloc(buflen, M_TEMP, M_WAITOK); 3429 vfs_smr_enter(); 3430 error = vn_fullpath_any_smr(vp, rootvnode, buf, retbuf, &buflen, 0); 3431 VFS_SMR_ASSERT_NOT_ENTERED(); 3432 if (error < 0) { 3433 error = vn_fullpath_any(vp, rootvnode, buf, retbuf, &buflen); 3434 } 3435 if (error == 0) 3436 *freebuf = buf; 3437 else 3438 free(buf, M_TEMP); 3439 return (error); 3440 } 3441 3442 static struct namecache * 3443 vn_dd_from_dst(struct vnode *vp) 3444 { 3445 struct namecache *ncp; 3446 3447 cache_assert_vnode_locked(vp); 3448 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) { 3449 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0) 3450 return (ncp); 3451 } 3452 return (NULL); 3453 } 3454 3455 int 3456 vn_vptocnp(struct vnode **vp, char *buf, size_t *buflen) 3457 { 3458 struct vnode *dvp; 3459 struct namecache *ncp; 3460 struct mtx *vlp; 3461 int error; 3462 3463 vlp = VP2VNODELOCK(*vp); 3464 mtx_lock(vlp); 3465 ncp = (*vp)->v_cache_dd; 3466 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT) == 0) { 3467 KASSERT(ncp == vn_dd_from_dst(*vp), 3468 ("%s: mismatch for dd entry (%p != %p)", __func__, 3469 ncp, vn_dd_from_dst(*vp))); 3470 } else { 3471 ncp = vn_dd_from_dst(*vp); 3472 } 3473 if (ncp != NULL) { 3474 if (*buflen < ncp->nc_nlen) { 3475 mtx_unlock(vlp); 3476 vrele(*vp); 3477 counter_u64_add(numfullpathfail4, 1); 3478 error = ENOMEM; 3479 SDT_PROBE3(vfs, namecache, fullpath, return, error, 3480 vp, NULL); 3481 return (error); 3482 } 3483 *buflen -= ncp->nc_nlen; 3484 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen); 3485 SDT_PROBE3(vfs, namecache, fullpath, hit, ncp->nc_dvp, 3486 ncp->nc_name, vp); 3487 dvp = *vp; 3488 *vp = ncp->nc_dvp; 3489 vref(*vp); 3490 mtx_unlock(vlp); 3491 vrele(dvp); 3492 return (0); 3493 } 3494 SDT_PROBE1(vfs, namecache, fullpath, miss, vp); 3495 3496 mtx_unlock(vlp); 3497 vn_lock(*vp, LK_SHARED | LK_RETRY); 3498 error = VOP_VPTOCNP(*vp, &dvp, buf, buflen); 3499 vput(*vp); 3500 if (error) { 3501 counter_u64_add(numfullpathfail2, 1); 3502 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL); 3503 return (error); 3504 } 3505 3506 *vp = dvp; 3507 if (VN_IS_DOOMED(dvp)) { 3508 /* forced unmount */ 3509 vrele(dvp); 3510 error = ENOENT; 3511 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL); 3512 return (error); 3513 } 3514 /* 3515 * *vp has its use count incremented still. 3516 */ 3517 3518 return (0); 3519 } 3520 3521 /* 3522 * Resolve a directory to a pathname. 3523 * 3524 * The name of the directory can always be found in the namecache or fetched 3525 * from the filesystem. There is also guaranteed to be only one parent, meaning 3526 * we can just follow vnodes up until we find the root. 3527 * 3528 * The vnode must be referenced. 3529 */ 3530 static int 3531 vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf, 3532 size_t *len, size_t addend) 3533 { 3534 #ifdef KDTRACE_HOOKS 3535 struct vnode *startvp = vp; 3536 #endif 3537 struct vnode *vp1; 3538 size_t buflen; 3539 int error; 3540 bool slash_prefixed; 3541 3542 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp); 3543 VNPASS(vp->v_usecount > 0, vp); 3544 3545 buflen = *len; 3546 3547 slash_prefixed = true; 3548 if (addend == 0) { 3549 MPASS(*len >= 2); 3550 buflen--; 3551 buf[buflen] = '\0'; 3552 slash_prefixed = false; 3553 } 3554 3555 error = 0; 3556 3557 SDT_PROBE1(vfs, namecache, fullpath, entry, vp); 3558 counter_u64_add(numfullpathcalls, 1); 3559 while (vp != rdir && vp != rootvnode) { 3560 /* 3561 * The vp vnode must be already fully constructed, 3562 * since it is either found in namecache or obtained 3563 * from VOP_VPTOCNP(). We may test for VV_ROOT safely 3564 * without obtaining the vnode lock. 3565 */ 3566 if ((vp->v_vflag & VV_ROOT) != 0) { 3567 vn_lock(vp, LK_RETRY | LK_SHARED); 3568 3569 /* 3570 * With the vnode locked, check for races with 3571 * unmount, forced or not. Note that we 3572 * already verified that vp is not equal to 3573 * the root vnode, which means that 3574 * mnt_vnodecovered can be NULL only for the 3575 * case of unmount. 3576 */ 3577 if (VN_IS_DOOMED(vp) || 3578 (vp1 = vp->v_mount->mnt_vnodecovered) == NULL || 3579 vp1->v_mountedhere != vp->v_mount) { 3580 vput(vp); 3581 error = ENOENT; 3582 SDT_PROBE3(vfs, namecache, fullpath, return, 3583 error, vp, NULL); 3584 break; 3585 } 3586 3587 vref(vp1); 3588 vput(vp); 3589 vp = vp1; 3590 continue; 3591 } 3592 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp); 3593 error = vn_vptocnp(&vp, buf, &buflen); 3594 if (error) 3595 break; 3596 if (buflen == 0) { 3597 vrele(vp); 3598 error = ENOMEM; 3599 SDT_PROBE3(vfs, namecache, fullpath, return, error, 3600 startvp, NULL); 3601 break; 3602 } 3603 buf[--buflen] = '/'; 3604 slash_prefixed = true; 3605 } 3606 if (error) 3607 return (error); 3608 if (!slash_prefixed) { 3609 if (buflen == 0) { 3610 vrele(vp); 3611 counter_u64_add(numfullpathfail4, 1); 3612 SDT_PROBE3(vfs, namecache, fullpath, return, ENOMEM, 3613 startvp, NULL); 3614 return (ENOMEM); 3615 } 3616 buf[--buflen] = '/'; 3617 } 3618 counter_u64_add(numfullpathfound, 1); 3619 vrele(vp); 3620 3621 *retbuf = buf + buflen; 3622 SDT_PROBE3(vfs, namecache, fullpath, return, 0, startvp, *retbuf); 3623 *len -= buflen; 3624 *len += addend; 3625 return (0); 3626 } 3627 3628 /* 3629 * Resolve an arbitrary vnode to a pathname. 3630 * 3631 * Note 2 caveats: 3632 * - hardlinks are not tracked, thus if the vnode is not a directory this can 3633 * resolve to a different path than the one used to find it 3634 * - namecache is not mandatory, meaning names are not guaranteed to be added 3635 * (in which case resolving fails) 3636 */ 3637 static void __inline 3638 cache_rev_failed_impl(int *reason, int line) 3639 { 3640 3641 *reason = line; 3642 } 3643 #define cache_rev_failed(var) cache_rev_failed_impl((var), __LINE__) 3644 3645 static int 3646 vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf, 3647 char **retbuf, size_t *buflen, size_t addend) 3648 { 3649 #ifdef KDTRACE_HOOKS 3650 struct vnode *startvp = vp; 3651 #endif 3652 struct vnode *tvp; 3653 struct mount *mp; 3654 struct namecache *ncp; 3655 size_t orig_buflen; 3656 int reason; 3657 int error; 3658 #ifdef KDTRACE_HOOKS 3659 int i; 3660 #endif 3661 seqc_t vp_seqc, tvp_seqc; 3662 u_char nc_flag; 3663 3664 VFS_SMR_ASSERT_ENTERED(); 3665 3666 if (!atomic_load_char(&cache_fast_lookup_enabled)) { 3667 vfs_smr_exit(); 3668 return (-1); 3669 } 3670 3671 orig_buflen = *buflen; 3672 3673 if (addend == 0) { 3674 MPASS(*buflen >= 2); 3675 *buflen -= 1; 3676 buf[*buflen] = '\0'; 3677 } 3678 3679 if (vp == rdir || vp == rootvnode) { 3680 if (addend == 0) { 3681 *buflen -= 1; 3682 buf[*buflen] = '/'; 3683 } 3684 goto out_ok; 3685 } 3686 3687 #ifdef KDTRACE_HOOKS 3688 i = 0; 3689 #endif 3690 error = -1; 3691 ncp = NULL; /* for sdt probe down below */ 3692 vp_seqc = vn_seqc_read_any(vp); 3693 if (seqc_in_modify(vp_seqc)) { 3694 cache_rev_failed(&reason); 3695 goto out_abort; 3696 } 3697 3698 for (;;) { 3699 #ifdef KDTRACE_HOOKS 3700 i++; 3701 #endif 3702 if ((vp->v_vflag & VV_ROOT) != 0) { 3703 mp = atomic_load_ptr(&vp->v_mount); 3704 if (mp == NULL) { 3705 cache_rev_failed(&reason); 3706 goto out_abort; 3707 } 3708 tvp = atomic_load_ptr(&mp->mnt_vnodecovered); 3709 tvp_seqc = vn_seqc_read_any(tvp); 3710 if (seqc_in_modify(tvp_seqc)) { 3711 cache_rev_failed(&reason); 3712 goto out_abort; 3713 } 3714 if (!vn_seqc_consistent(vp, vp_seqc)) { 3715 cache_rev_failed(&reason); 3716 goto out_abort; 3717 } 3718 vp = tvp; 3719 vp_seqc = tvp_seqc; 3720 continue; 3721 } 3722 ncp = atomic_load_consume_ptr(&vp->v_cache_dd); 3723 if (ncp == NULL) { 3724 cache_rev_failed(&reason); 3725 goto out_abort; 3726 } 3727 nc_flag = atomic_load_char(&ncp->nc_flag); 3728 if ((nc_flag & NCF_ISDOTDOT) != 0) { 3729 cache_rev_failed(&reason); 3730 goto out_abort; 3731 } 3732 if (ncp->nc_nlen >= *buflen) { 3733 cache_rev_failed(&reason); 3734 error = ENOMEM; 3735 goto out_abort; 3736 } 3737 *buflen -= ncp->nc_nlen; 3738 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen); 3739 *buflen -= 1; 3740 buf[*buflen] = '/'; 3741 tvp = ncp->nc_dvp; 3742 tvp_seqc = vn_seqc_read_any(tvp); 3743 if (seqc_in_modify(tvp_seqc)) { 3744 cache_rev_failed(&reason); 3745 goto out_abort; 3746 } 3747 if (!vn_seqc_consistent(vp, vp_seqc)) { 3748 cache_rev_failed(&reason); 3749 goto out_abort; 3750 } 3751 /* 3752 * Acquire fence provided by vn_seqc_read_any above. 3753 */ 3754 if (__predict_false(atomic_load_ptr(&vp->v_cache_dd) != ncp)) { 3755 cache_rev_failed(&reason); 3756 goto out_abort; 3757 } 3758 if (!cache_ncp_canuse(ncp)) { 3759 cache_rev_failed(&reason); 3760 goto out_abort; 3761 } 3762 vp = tvp; 3763 vp_seqc = tvp_seqc; 3764 if (vp == rdir || vp == rootvnode) 3765 break; 3766 } 3767 out_ok: 3768 vfs_smr_exit(); 3769 *retbuf = buf + *buflen; 3770 *buflen = orig_buflen - *buflen + addend; 3771 SDT_PROBE2(vfs, namecache, fullpath_smr, hit, startvp, *retbuf); 3772 return (0); 3773 3774 out_abort: 3775 *buflen = orig_buflen; 3776 SDT_PROBE4(vfs, namecache, fullpath_smr, miss, startvp, ncp, reason, i); 3777 vfs_smr_exit(); 3778 return (error); 3779 } 3780 3781 static int 3782 vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf, 3783 size_t *buflen) 3784 { 3785 size_t orig_buflen, addend; 3786 int error; 3787 3788 if (*buflen < 2) 3789 return (EINVAL); 3790 3791 orig_buflen = *buflen; 3792 3793 vref(vp); 3794 addend = 0; 3795 if (vp->v_type != VDIR) { 3796 *buflen -= 1; 3797 buf[*buflen] = '\0'; 3798 error = vn_vptocnp(&vp, buf, buflen); 3799 if (error) 3800 return (error); 3801 if (*buflen == 0) { 3802 vrele(vp); 3803 return (ENOMEM); 3804 } 3805 *buflen -= 1; 3806 buf[*buflen] = '/'; 3807 addend = orig_buflen - *buflen; 3808 } 3809 3810 return (vn_fullpath_dir(vp, rdir, buf, retbuf, buflen, addend)); 3811 } 3812 3813 /* 3814 * Resolve an arbitrary vnode to a pathname (taking care of hardlinks). 3815 * 3816 * Since the namecache does not track hardlinks, the caller is expected to 3817 * first look up the target vnode with WANTPARENT flag passed to namei to get 3818 * dvp and vp. 3819 * 3820 * Then we have 2 cases: 3821 * - if the found vnode is a directory, the path can be constructed just by 3822 * following names up the chain 3823 * - otherwise we populate the buffer with the saved name and start resolving 3824 * from the parent 3825 */ 3826 int 3827 vn_fullpath_hardlink(struct vnode *vp, struct vnode *dvp, 3828 const char *hrdl_name, size_t hrdl_name_length, 3829 char **retbuf, char **freebuf, size_t *buflen) 3830 { 3831 char *buf, *tmpbuf; 3832 struct pwd *pwd; 3833 size_t addend; 3834 int error; 3835 __enum_uint8(vtype) type; 3836 3837 if (*buflen < 2) 3838 return (EINVAL); 3839 if (*buflen > MAXPATHLEN) 3840 *buflen = MAXPATHLEN; 3841 3842 buf = malloc(*buflen, M_TEMP, M_WAITOK); 3843 3844 addend = 0; 3845 3846 /* 3847 * Check for VBAD to work around the vp_crossmp bug in lookup(). 3848 * 3849 * For example consider tmpfs on /tmp and realpath /tmp. ni_vp will be 3850 * set to mount point's root vnode while ni_dvp will be vp_crossmp. 3851 * If the type is VDIR (like in this very case) we can skip looking 3852 * at ni_dvp in the first place. However, since vnodes get passed here 3853 * unlocked the target may transition to doomed state (type == VBAD) 3854 * before we get to evaluate the condition. If this happens, we will 3855 * populate part of the buffer and descend to vn_fullpath_dir with 3856 * vp == vp_crossmp. Prevent the problem by checking for VBAD. 3857 */ 3858 type = atomic_load_8(&vp->v_type); 3859 if (type == VBAD) { 3860 error = ENOENT; 3861 goto out_bad; 3862 } 3863 if (type != VDIR) { 3864 addend = hrdl_name_length + 2; 3865 if (*buflen < addend) { 3866 error = ENOMEM; 3867 goto out_bad; 3868 } 3869 *buflen -= addend; 3870 tmpbuf = buf + *buflen; 3871 tmpbuf[0] = '/'; 3872 memcpy(&tmpbuf[1], hrdl_name, hrdl_name_length); 3873 tmpbuf[addend - 1] = '\0'; 3874 vp = dvp; 3875 } 3876 3877 vfs_smr_enter(); 3878 pwd = pwd_get_smr(); 3879 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, buflen, 3880 addend); 3881 VFS_SMR_ASSERT_NOT_ENTERED(); 3882 if (error < 0) { 3883 pwd = pwd_hold(curthread); 3884 vref(vp); 3885 error = vn_fullpath_dir(vp, pwd->pwd_rdir, buf, retbuf, buflen, 3886 addend); 3887 pwd_drop(pwd); 3888 } 3889 if (error != 0) 3890 goto out_bad; 3891 3892 *freebuf = buf; 3893 3894 return (0); 3895 out_bad: 3896 free(buf, M_TEMP); 3897 return (error); 3898 } 3899 3900 struct vnode * 3901 vn_dir_dd_ino(struct vnode *vp) 3902 { 3903 struct namecache *ncp; 3904 struct vnode *ddvp; 3905 struct mtx *vlp; 3906 enum vgetstate vs; 3907 3908 ASSERT_VOP_LOCKED(vp, "vn_dir_dd_ino"); 3909 vlp = VP2VNODELOCK(vp); 3910 mtx_lock(vlp); 3911 TAILQ_FOREACH(ncp, &(vp->v_cache_dst), nc_dst) { 3912 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) 3913 continue; 3914 ddvp = ncp->nc_dvp; 3915 vs = vget_prep(ddvp); 3916 mtx_unlock(vlp); 3917 if (vget_finish(ddvp, LK_SHARED | LK_NOWAIT, vs)) 3918 return (NULL); 3919 return (ddvp); 3920 } 3921 mtx_unlock(vlp); 3922 return (NULL); 3923 } 3924 3925 int 3926 vn_commname(struct vnode *vp, char *buf, u_int buflen) 3927 { 3928 struct namecache *ncp; 3929 struct mtx *vlp; 3930 int l; 3931 3932 vlp = VP2VNODELOCK(vp); 3933 mtx_lock(vlp); 3934 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) 3935 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0) 3936 break; 3937 if (ncp == NULL) { 3938 mtx_unlock(vlp); 3939 return (ENOENT); 3940 } 3941 l = min(ncp->nc_nlen, buflen - 1); 3942 memcpy(buf, ncp->nc_name, l); 3943 mtx_unlock(vlp); 3944 buf[l] = '\0'; 3945 return (0); 3946 } 3947 3948 /* 3949 * This function updates path string to vnode's full global path 3950 * and checks the size of the new path string against the pathlen argument. 3951 * 3952 * Requires a locked, referenced vnode. 3953 * Vnode is re-locked on success or ENODEV, otherwise unlocked. 3954 * 3955 * If vp is a directory, the call to vn_fullpath_global() always succeeds 3956 * because it falls back to the ".." lookup if the namecache lookup fails. 3957 */ 3958 int 3959 vn_path_to_global_path(struct thread *td, struct vnode *vp, char *path, 3960 u_int pathlen) 3961 { 3962 struct nameidata nd; 3963 struct vnode *vp1; 3964 char *rpath, *fbuf; 3965 int error; 3966 3967 ASSERT_VOP_ELOCKED(vp, __func__); 3968 3969 /* Construct global filesystem path from vp. */ 3970 VOP_UNLOCK(vp); 3971 error = vn_fullpath_global(vp, &rpath, &fbuf); 3972 3973 if (error != 0) { 3974 vrele(vp); 3975 return (error); 3976 } 3977 3978 if (strlen(rpath) >= pathlen) { 3979 vrele(vp); 3980 error = ENAMETOOLONG; 3981 goto out; 3982 } 3983 3984 /* 3985 * Re-lookup the vnode by path to detect a possible rename. 3986 * As a side effect, the vnode is relocked. 3987 * If vnode was renamed, return ENOENT. 3988 */ 3989 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path); 3990 error = namei(&nd); 3991 if (error != 0) { 3992 vrele(vp); 3993 goto out; 3994 } 3995 NDFREE_PNBUF(&nd); 3996 vp1 = nd.ni_vp; 3997 vrele(vp); 3998 if (vp1 == vp) 3999 strcpy(path, rpath); 4000 else { 4001 vput(vp1); 4002 error = ENOENT; 4003 } 4004 4005 out: 4006 free(fbuf, M_TEMP); 4007 return (error); 4008 } 4009 4010 /* 4011 * This is similar to vn_path_to_global_path but allows for regular 4012 * files which may not be present in the cache. 4013 * 4014 * Requires a locked, referenced vnode. 4015 * Vnode is re-locked on success or ENODEV, otherwise unlocked. 4016 */ 4017 int 4018 vn_path_to_global_path_hardlink(struct thread *td, struct vnode *vp, 4019 struct vnode *dvp, char *path, u_int pathlen, const char *leaf_name, 4020 size_t leaf_length) 4021 { 4022 struct nameidata nd; 4023 struct vnode *vp1; 4024 char *rpath, *fbuf; 4025 size_t len; 4026 int error; 4027 4028 ASSERT_VOP_ELOCKED(vp, __func__); 4029 4030 /* 4031 * Construct global filesystem path from dvp, vp and leaf 4032 * name. 4033 */ 4034 VOP_UNLOCK(vp); 4035 len = pathlen; 4036 error = vn_fullpath_hardlink(vp, dvp, leaf_name, leaf_length, 4037 &rpath, &fbuf, &len); 4038 4039 if (error != 0) { 4040 vrele(vp); 4041 return (error); 4042 } 4043 4044 if (strlen(rpath) >= pathlen) { 4045 vrele(vp); 4046 error = ENAMETOOLONG; 4047 goto out; 4048 } 4049 4050 /* 4051 * Re-lookup the vnode by path to detect a possible rename. 4052 * As a side effect, the vnode is relocked. 4053 * If vnode was renamed, return ENOENT. 4054 */ 4055 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path); 4056 error = namei(&nd); 4057 if (error != 0) { 4058 vrele(vp); 4059 goto out; 4060 } 4061 NDFREE_PNBUF(&nd); 4062 vp1 = nd.ni_vp; 4063 vrele(vp); 4064 if (vp1 == vp) 4065 strcpy(path, rpath); 4066 else { 4067 vput(vp1); 4068 error = ENOENT; 4069 } 4070 4071 out: 4072 free(fbuf, M_TEMP); 4073 return (error); 4074 } 4075 4076 void 4077 cache_vop_inotify(struct vnode *vp, int event, uint32_t cookie) 4078 { 4079 struct mtx *vlp; 4080 struct namecache *ncp; 4081 int isdir; 4082 bool logged, self; 4083 4084 isdir = vp->v_type == VDIR ? IN_ISDIR : 0; 4085 self = (vn_irflag_read(vp) & VIRF_INOTIFY) != 0 && 4086 (vp->v_type != VDIR || (event & ~_IN_DIR_EVENTS) != 0); 4087 4088 if (self) { 4089 int selfevent; 4090 4091 if (event == _IN_ATTRIB_LINKCOUNT) 4092 selfevent = IN_ATTRIB; 4093 else 4094 selfevent = event; 4095 inotify_log(vp, NULL, 0, selfevent | isdir, cookie); 4096 } 4097 if ((event & IN_ALL_EVENTS) == 0) 4098 return; 4099 4100 logged = false; 4101 vlp = VP2VNODELOCK(vp); 4102 mtx_lock(vlp); 4103 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) { 4104 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) 4105 continue; 4106 if ((vn_irflag_read(ncp->nc_dvp) & VIRF_INOTIFY) != 0) { 4107 /* 4108 * XXX-MJ if the vnode has two links in the same 4109 * dir, we'll log the same event twice. 4110 */ 4111 inotify_log(ncp->nc_dvp, ncp->nc_name, ncp->nc_nlen, 4112 event | isdir, cookie); 4113 logged = true; 4114 } 4115 } 4116 if (!logged && (vn_irflag_read(vp) & VIRF_INOTIFY_PARENT) != 0) { 4117 /* 4118 * We didn't find a watched directory that contains this vnode, 4119 * so stop calling VOP_INOTIFY for operations on the vnode. 4120 */ 4121 vn_irflag_unset(vp, VIRF_INOTIFY_PARENT); 4122 } 4123 mtx_unlock(vlp); 4124 } 4125 4126 #ifdef DDB 4127 static void 4128 db_print_vpath(struct vnode *vp) 4129 { 4130 4131 while (vp != NULL) { 4132 db_printf("%p: ", vp); 4133 if (vp == rootvnode) { 4134 db_printf("/"); 4135 vp = NULL; 4136 } else { 4137 if (vp->v_vflag & VV_ROOT) { 4138 db_printf("<mount point>"); 4139 vp = vp->v_mount->mnt_vnodecovered; 4140 } else { 4141 struct namecache *ncp; 4142 char *ncn; 4143 int i; 4144 4145 ncp = TAILQ_FIRST(&vp->v_cache_dst); 4146 if (ncp != NULL) { 4147 ncn = ncp->nc_name; 4148 for (i = 0; i < ncp->nc_nlen; i++) 4149 db_printf("%c", *ncn++); 4150 vp = ncp->nc_dvp; 4151 } else { 4152 vp = NULL; 4153 } 4154 } 4155 } 4156 db_printf("\n"); 4157 } 4158 4159 return; 4160 } 4161 4162 DB_SHOW_COMMAND(vpath, db_show_vpath) 4163 { 4164 struct vnode *vp; 4165 4166 if (!have_addr) { 4167 db_printf("usage: show vpath <struct vnode *>\n"); 4168 return; 4169 } 4170 4171 vp = (struct vnode *)addr; 4172 db_print_vpath(vp); 4173 } 4174 4175 #endif 4176 4177 static int cache_fast_lookup = 1; 4178 4179 #define CACHE_FPL_FAILED -2020 4180 4181 static int 4182 cache_vop_bad_vexec(struct vop_fplookup_vexec_args *v) 4183 { 4184 vn_printf(v->a_vp, "no proper vop_fplookup_vexec\n"); 4185 panic("no proper vop_fplookup_vexec"); 4186 } 4187 4188 static int 4189 cache_vop_bad_symlink(struct vop_fplookup_symlink_args *v) 4190 { 4191 vn_printf(v->a_vp, "no proper vop_fplookup_symlink\n"); 4192 panic("no proper vop_fplookup_symlink"); 4193 } 4194 4195 void 4196 cache_vop_vector_register(struct vop_vector *v) 4197 { 4198 size_t ops; 4199 4200 ops = 0; 4201 if (v->vop_fplookup_vexec != NULL) { 4202 ops++; 4203 } 4204 if (v->vop_fplookup_symlink != NULL) { 4205 ops++; 4206 } 4207 4208 if (ops == 2) { 4209 return; 4210 } 4211 4212 if (ops == 0) { 4213 v->vop_fplookup_vexec = cache_vop_bad_vexec; 4214 v->vop_fplookup_symlink = cache_vop_bad_symlink; 4215 return; 4216 } 4217 4218 printf("%s: invalid vop vector %p -- either all or none fplookup vops " 4219 "need to be provided", __func__, v); 4220 if (v->vop_fplookup_vexec == NULL) { 4221 printf("%s: missing vop_fplookup_vexec\n", __func__); 4222 } 4223 if (v->vop_fplookup_symlink == NULL) { 4224 printf("%s: missing vop_fplookup_symlink\n", __func__); 4225 } 4226 panic("bad vop vector %p", v); 4227 } 4228 4229 #ifdef INVARIANTS 4230 void 4231 cache_validate_vop_vector(struct mount *mp, struct vop_vector *vops) 4232 { 4233 if (mp == NULL) 4234 return; 4235 4236 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0) 4237 return; 4238 4239 if (vops->vop_fplookup_vexec == NULL || 4240 vops->vop_fplookup_vexec == cache_vop_bad_vexec) 4241 panic("bad vop_fplookup_vexec on vector %p for filesystem %s", 4242 vops, mp->mnt_vfc->vfc_name); 4243 4244 if (vops->vop_fplookup_symlink == NULL || 4245 vops->vop_fplookup_symlink == cache_vop_bad_symlink) 4246 panic("bad vop_fplookup_symlink on vector %p for filesystem %s", 4247 vops, mp->mnt_vfc->vfc_name); 4248 } 4249 #endif 4250 4251 void 4252 cache_fast_lookup_enabled_recalc(void) 4253 { 4254 int lookup_flag; 4255 int mac_on; 4256 4257 #ifdef MAC 4258 mac_on = mac_vnode_check_lookup_enabled(); 4259 mac_on |= mac_vnode_check_readlink_enabled(); 4260 #else 4261 mac_on = 0; 4262 #endif 4263 4264 lookup_flag = atomic_load_int(&cache_fast_lookup); 4265 if (lookup_flag && !mac_on) { 4266 atomic_store_char(&cache_fast_lookup_enabled, true); 4267 } else { 4268 atomic_store_char(&cache_fast_lookup_enabled, false); 4269 } 4270 } 4271 4272 static int 4273 syscal_vfs_cache_fast_lookup(SYSCTL_HANDLER_ARGS) 4274 { 4275 int error, old; 4276 4277 old = atomic_load_int(&cache_fast_lookup); 4278 error = sysctl_handle_int(oidp, arg1, arg2, req); 4279 if (error == 0 && req->newptr && old != atomic_load_int(&cache_fast_lookup)) 4280 cache_fast_lookup_enabled_recalc(); 4281 return (error); 4282 } 4283 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, fast_lookup, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, 4284 &cache_fast_lookup, 0, syscal_vfs_cache_fast_lookup, "IU", ""); 4285 4286 /* 4287 * Components of nameidata (or objects it can point to) which may 4288 * need restoring in case fast path lookup fails. 4289 */ 4290 struct nameidata_outer { 4291 size_t ni_pathlen; 4292 uint64_t cn_flags; 4293 }; 4294 4295 struct nameidata_saved { 4296 #ifdef INVARIANTS 4297 char *cn_nameptr; 4298 size_t ni_pathlen; 4299 #endif 4300 }; 4301 4302 #ifdef INVARIANTS 4303 struct cache_fpl_debug { 4304 size_t ni_pathlen; 4305 }; 4306 #endif 4307 4308 struct cache_fpl { 4309 struct nameidata *ndp; 4310 struct componentname *cnp; 4311 char *nulchar; 4312 struct vnode *dvp; 4313 struct vnode *tvp; 4314 seqc_t dvp_seqc; 4315 seqc_t tvp_seqc; 4316 uint32_t hash; 4317 struct nameidata_saved snd; 4318 struct nameidata_outer snd_outer; 4319 int line; 4320 enum cache_fpl_status status:8; 4321 bool in_smr; 4322 bool fsearch; 4323 struct pwd **pwd; 4324 #ifdef INVARIANTS 4325 struct cache_fpl_debug debug; 4326 #endif 4327 }; 4328 4329 static bool cache_fplookup_mp_supported(struct mount *mp); 4330 static bool cache_fplookup_is_mp(struct cache_fpl *fpl); 4331 static int cache_fplookup_cross_mount(struct cache_fpl *fpl); 4332 static int cache_fplookup_partial_setup(struct cache_fpl *fpl); 4333 static int cache_fplookup_skip_slashes(struct cache_fpl *fpl); 4334 static int cache_fplookup_trailingslash(struct cache_fpl *fpl); 4335 static void cache_fpl_pathlen_dec(struct cache_fpl *fpl); 4336 static void cache_fpl_pathlen_inc(struct cache_fpl *fpl); 4337 static void cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n); 4338 static void cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n); 4339 4340 static void 4341 cache_fpl_cleanup_cnp(struct componentname *cnp) 4342 { 4343 4344 uma_zfree(namei_zone, cnp->cn_pnbuf); 4345 cnp->cn_pnbuf = NULL; 4346 cnp->cn_nameptr = NULL; 4347 } 4348 4349 static struct vnode * 4350 cache_fpl_handle_root(struct cache_fpl *fpl) 4351 { 4352 struct nameidata *ndp; 4353 struct componentname *cnp; 4354 4355 ndp = fpl->ndp; 4356 cnp = fpl->cnp; 4357 4358 MPASS(*(cnp->cn_nameptr) == '/'); 4359 cnp->cn_nameptr++; 4360 cache_fpl_pathlen_dec(fpl); 4361 4362 if (__predict_false(*(cnp->cn_nameptr) == '/')) { 4363 do { 4364 cnp->cn_nameptr++; 4365 cache_fpl_pathlen_dec(fpl); 4366 } while (*(cnp->cn_nameptr) == '/'); 4367 } 4368 4369 return (ndp->ni_rootdir); 4370 } 4371 4372 static void 4373 cache_fpl_checkpoint_outer(struct cache_fpl *fpl) 4374 { 4375 4376 fpl->snd_outer.ni_pathlen = fpl->ndp->ni_pathlen; 4377 fpl->snd_outer.cn_flags = fpl->ndp->ni_cnd.cn_flags; 4378 } 4379 4380 static void 4381 cache_fpl_checkpoint(struct cache_fpl *fpl) 4382 { 4383 4384 #ifdef INVARIANTS 4385 fpl->snd.cn_nameptr = fpl->ndp->ni_cnd.cn_nameptr; 4386 fpl->snd.ni_pathlen = fpl->debug.ni_pathlen; 4387 #endif 4388 } 4389 4390 static void 4391 cache_fpl_restore_partial(struct cache_fpl *fpl) 4392 { 4393 4394 fpl->ndp->ni_cnd.cn_flags = fpl->snd_outer.cn_flags; 4395 #ifdef INVARIANTS 4396 fpl->debug.ni_pathlen = fpl->snd.ni_pathlen; 4397 #endif 4398 } 4399 4400 static void 4401 cache_fpl_restore_abort(struct cache_fpl *fpl) 4402 { 4403 4404 cache_fpl_restore_partial(fpl); 4405 /* 4406 * It is 0 on entry by API contract. 4407 */ 4408 fpl->ndp->ni_resflags = 0; 4409 fpl->ndp->ni_cnd.cn_nameptr = fpl->ndp->ni_cnd.cn_pnbuf; 4410 fpl->ndp->ni_pathlen = fpl->snd_outer.ni_pathlen; 4411 } 4412 4413 #ifdef INVARIANTS 4414 #define cache_fpl_smr_assert_entered(fpl) ({ \ 4415 struct cache_fpl *_fpl = (fpl); \ 4416 MPASS(_fpl->in_smr == true); \ 4417 VFS_SMR_ASSERT_ENTERED(); \ 4418 }) 4419 #define cache_fpl_smr_assert_not_entered(fpl) ({ \ 4420 struct cache_fpl *_fpl = (fpl); \ 4421 MPASS(_fpl->in_smr == false); \ 4422 VFS_SMR_ASSERT_NOT_ENTERED(); \ 4423 }) 4424 static void 4425 cache_fpl_assert_status(struct cache_fpl *fpl) 4426 { 4427 4428 switch (fpl->status) { 4429 case CACHE_FPL_STATUS_UNSET: 4430 __assert_unreachable(); 4431 break; 4432 case CACHE_FPL_STATUS_DESTROYED: 4433 case CACHE_FPL_STATUS_ABORTED: 4434 case CACHE_FPL_STATUS_PARTIAL: 4435 case CACHE_FPL_STATUS_HANDLED: 4436 break; 4437 } 4438 } 4439 #else 4440 #define cache_fpl_smr_assert_entered(fpl) do { } while (0) 4441 #define cache_fpl_smr_assert_not_entered(fpl) do { } while (0) 4442 #define cache_fpl_assert_status(fpl) do { } while (0) 4443 #endif 4444 4445 #define cache_fpl_smr_enter_initial(fpl) ({ \ 4446 struct cache_fpl *_fpl = (fpl); \ 4447 vfs_smr_enter(); \ 4448 _fpl->in_smr = true; \ 4449 }) 4450 4451 #define cache_fpl_smr_enter(fpl) ({ \ 4452 struct cache_fpl *_fpl = (fpl); \ 4453 MPASS(_fpl->in_smr == false); \ 4454 vfs_smr_enter(); \ 4455 _fpl->in_smr = true; \ 4456 }) 4457 4458 #define cache_fpl_smr_exit(fpl) ({ \ 4459 struct cache_fpl *_fpl = (fpl); \ 4460 MPASS(_fpl->in_smr == true); \ 4461 vfs_smr_exit(); \ 4462 _fpl->in_smr = false; \ 4463 }) 4464 4465 static int 4466 cache_fpl_aborted_early_impl(struct cache_fpl *fpl, int line) 4467 { 4468 4469 if (fpl->status != CACHE_FPL_STATUS_UNSET) { 4470 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL, 4471 ("%s: converting to abort from %d at %d, set at %d\n", 4472 __func__, fpl->status, line, fpl->line)); 4473 } 4474 cache_fpl_smr_assert_not_entered(fpl); 4475 fpl->status = CACHE_FPL_STATUS_ABORTED; 4476 fpl->line = line; 4477 return (CACHE_FPL_FAILED); 4478 } 4479 4480 #define cache_fpl_aborted_early(x) cache_fpl_aborted_early_impl((x), __LINE__) 4481 4482 static int __noinline 4483 cache_fpl_aborted_impl(struct cache_fpl *fpl, int line) 4484 { 4485 struct nameidata *ndp; 4486 struct componentname *cnp; 4487 4488 ndp = fpl->ndp; 4489 cnp = fpl->cnp; 4490 4491 if (fpl->status != CACHE_FPL_STATUS_UNSET) { 4492 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL, 4493 ("%s: converting to abort from %d at %d, set at %d\n", 4494 __func__, fpl->status, line, fpl->line)); 4495 } 4496 fpl->status = CACHE_FPL_STATUS_ABORTED; 4497 fpl->line = line; 4498 if (fpl->in_smr) 4499 cache_fpl_smr_exit(fpl); 4500 cache_fpl_restore_abort(fpl); 4501 /* 4502 * Resolving symlinks overwrites data passed by the caller. 4503 * Let namei know. 4504 */ 4505 if (ndp->ni_loopcnt > 0) { 4506 fpl->status = CACHE_FPL_STATUS_DESTROYED; 4507 cache_fpl_cleanup_cnp(cnp); 4508 } 4509 return (CACHE_FPL_FAILED); 4510 } 4511 4512 #define cache_fpl_aborted(x) cache_fpl_aborted_impl((x), __LINE__) 4513 4514 static int __noinline 4515 cache_fpl_partial_impl(struct cache_fpl *fpl, int line) 4516 { 4517 4518 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4519 ("%s: setting to partial at %d, but already set to %d at %d\n", 4520 __func__, line, fpl->status, fpl->line)); 4521 cache_fpl_smr_assert_entered(fpl); 4522 fpl->status = CACHE_FPL_STATUS_PARTIAL; 4523 fpl->line = line; 4524 return (cache_fplookup_partial_setup(fpl)); 4525 } 4526 4527 #define cache_fpl_partial(x) cache_fpl_partial_impl((x), __LINE__) 4528 4529 static int 4530 cache_fpl_handled_impl(struct cache_fpl *fpl, int line) 4531 { 4532 4533 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4534 ("%s: setting to handled at %d, but already set to %d at %d\n", 4535 __func__, line, fpl->status, fpl->line)); 4536 cache_fpl_smr_assert_not_entered(fpl); 4537 fpl->status = CACHE_FPL_STATUS_HANDLED; 4538 fpl->line = line; 4539 return (0); 4540 } 4541 4542 #define cache_fpl_handled(x) cache_fpl_handled_impl((x), __LINE__) 4543 4544 static int 4545 cache_fpl_handled_error_impl(struct cache_fpl *fpl, int error, int line) 4546 { 4547 4548 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4549 ("%s: setting to handled at %d, but already set to %d at %d\n", 4550 __func__, line, fpl->status, fpl->line)); 4551 MPASS(error != 0); 4552 MPASS(error != CACHE_FPL_FAILED); 4553 cache_fpl_smr_assert_not_entered(fpl); 4554 fpl->status = CACHE_FPL_STATUS_HANDLED; 4555 fpl->line = line; 4556 fpl->dvp = NULL; 4557 fpl->tvp = NULL; 4558 return (error); 4559 } 4560 4561 #define cache_fpl_handled_error(x, e) cache_fpl_handled_error_impl((x), (e), __LINE__) 4562 4563 static bool 4564 cache_fpl_terminated(struct cache_fpl *fpl) 4565 { 4566 4567 return (fpl->status != CACHE_FPL_STATUS_UNSET); 4568 } 4569 4570 #define CACHE_FPL_SUPPORTED_CN_FLAGS \ 4571 (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \ 4572 FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | ISRESTARTED | WILLBEDIR | \ 4573 ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | OPENREAD | \ 4574 OPENWRITE | WANTIOCTLCAPS | NAMEILOOKUP) 4575 4576 #define CACHE_FPL_INTERNAL_CN_FLAGS \ 4577 (ISDOTDOT | MAKEENTRY | ISLASTCN) 4578 4579 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & CACHE_FPL_INTERNAL_CN_FLAGS) == 0, 4580 "supported and internal flags overlap"); 4581 4582 static bool 4583 cache_fpl_islastcn(struct nameidata *ndp) 4584 { 4585 4586 return (*ndp->ni_next == 0); 4587 } 4588 4589 static bool 4590 cache_fpl_istrailingslash(struct cache_fpl *fpl) 4591 { 4592 4593 MPASS(fpl->nulchar > fpl->cnp->cn_pnbuf); 4594 return (*(fpl->nulchar - 1) == '/'); 4595 } 4596 4597 static bool 4598 cache_fpl_isdotdot(struct componentname *cnp) 4599 { 4600 4601 if (cnp->cn_namelen == 2 && 4602 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 4603 return (true); 4604 return (false); 4605 } 4606 4607 static bool 4608 cache_can_fplookup(struct cache_fpl *fpl) 4609 { 4610 struct nameidata *ndp; 4611 struct componentname *cnp; 4612 struct thread *td; 4613 4614 ndp = fpl->ndp; 4615 cnp = fpl->cnp; 4616 td = curthread; 4617 4618 if (!atomic_load_char(&cache_fast_lookup_enabled)) { 4619 cache_fpl_aborted_early(fpl); 4620 return (false); 4621 } 4622 if ((cnp->cn_flags & ~CACHE_FPL_SUPPORTED_CN_FLAGS) != 0) { 4623 cache_fpl_aborted_early(fpl); 4624 return (false); 4625 } 4626 if (IN_CAPABILITY_MODE(td) || CAP_TRACING(td)) { 4627 cache_fpl_aborted_early(fpl); 4628 return (false); 4629 } 4630 if (AUDITING_TD(td)) { 4631 cache_fpl_aborted_early(fpl); 4632 return (false); 4633 } 4634 if (ndp->ni_startdir != NULL) { 4635 cache_fpl_aborted_early(fpl); 4636 return (false); 4637 } 4638 return (true); 4639 } 4640 4641 static int __noinline 4642 cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp) 4643 { 4644 struct nameidata *ndp; 4645 struct componentname *cnp; 4646 int error, flags; 4647 4648 ndp = fpl->ndp; 4649 cnp = fpl->cnp; 4650 4651 error = fgetvp_lookup_smr(ndp, vpp, &flags); 4652 if (__predict_false(error != 0)) { 4653 return (cache_fpl_aborted(fpl)); 4654 } 4655 if (__predict_false((flags & O_RESOLVE_BENEATH) != 0)) { 4656 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & RBENEATH) == 0, 4657 "RBENEATH supported by fplookup"); 4658 cache_fpl_smr_exit(fpl); 4659 cache_fpl_aborted(fpl); 4660 return (EOPNOTSUPP); 4661 } 4662 fpl->fsearch = (flags & FSEARCH) != 0; 4663 if ((*vpp)->v_type != VDIR) { 4664 if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) { 4665 cache_fpl_smr_exit(fpl); 4666 return (cache_fpl_handled_error(fpl, ENOTDIR)); 4667 } 4668 } 4669 return (0); 4670 } 4671 4672 static int __noinline 4673 cache_fplookup_negative_promote(struct cache_fpl *fpl, struct namecache *oncp, 4674 uint32_t hash) 4675 { 4676 struct componentname *cnp; 4677 struct vnode *dvp; 4678 4679 cnp = fpl->cnp; 4680 dvp = fpl->dvp; 4681 4682 cache_fpl_smr_exit(fpl); 4683 if (cache_neg_promote_cond(dvp, cnp, oncp, hash)) 4684 return (cache_fpl_handled_error(fpl, ENOENT)); 4685 else 4686 return (cache_fpl_aborted(fpl)); 4687 } 4688 4689 /* 4690 * Prepare fallback to the locked lookup while trying to retain the progress. 4691 */ 4692 static int __noinline 4693 cache_fplookup_partial_setup(struct cache_fpl *fpl) 4694 { 4695 struct nameidata *ndp; 4696 struct componentname *cnp; 4697 enum vgetstate dvs; 4698 struct vnode *dvp; 4699 struct pwd *pwd; 4700 seqc_t dvp_seqc; 4701 4702 ndp = fpl->ndp; 4703 cnp = fpl->cnp; 4704 pwd = *(fpl->pwd); 4705 dvp = fpl->dvp; 4706 dvp_seqc = fpl->dvp_seqc; 4707 4708 if (!pwd_hold_smr(pwd)) { 4709 return (cache_fpl_aborted(fpl)); 4710 } 4711 4712 /* 4713 * Note that seqc is checked before the vnode is locked, so by 4714 * the time regular lookup gets to it it may have moved. 4715 * 4716 * Ultimately this does not affect correctness, any lookup errors 4717 * are userspace racing with itself. It is guaranteed that any 4718 * path which ultimately gets found could also have been found 4719 * by regular lookup going all the way in absence of concurrent 4720 * modifications. 4721 */ 4722 dvs = vget_prep_smr(dvp); 4723 cache_fpl_smr_exit(fpl); 4724 if (__predict_false(dvs == VGET_NONE)) { 4725 pwd_drop(pwd); 4726 return (cache_fpl_aborted(fpl)); 4727 } 4728 4729 vget_finish_ref(dvp, dvs); 4730 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4731 vrele(dvp); 4732 pwd_drop(pwd); 4733 return (cache_fpl_aborted(fpl)); 4734 } 4735 4736 cache_fpl_restore_partial(fpl); 4737 #ifdef INVARIANTS 4738 if (cnp->cn_nameptr != fpl->snd.cn_nameptr) { 4739 panic("%s: cn_nameptr mismatch (%p != %p) full [%s]\n", __func__, 4740 cnp->cn_nameptr, fpl->snd.cn_nameptr, cnp->cn_pnbuf); 4741 } 4742 #endif 4743 4744 ndp->ni_startdir = dvp; 4745 cnp->cn_flags |= MAKEENTRY; 4746 if (cache_fpl_islastcn(ndp)) 4747 cnp->cn_flags |= ISLASTCN; 4748 if (cache_fpl_isdotdot(cnp)) 4749 cnp->cn_flags |= ISDOTDOT; 4750 4751 /* 4752 * Skip potential extra slashes parsing did not take care of. 4753 * cache_fplookup_skip_slashes explains the mechanism. 4754 */ 4755 if (__predict_false(*(cnp->cn_nameptr) == '/')) { 4756 do { 4757 cnp->cn_nameptr++; 4758 cache_fpl_pathlen_dec(fpl); 4759 } while (*(cnp->cn_nameptr) == '/'); 4760 } 4761 4762 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1; 4763 #ifdef INVARIANTS 4764 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) { 4765 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 4766 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 4767 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 4768 } 4769 #endif 4770 return (0); 4771 } 4772 4773 static int 4774 cache_fplookup_final_child(struct cache_fpl *fpl, enum vgetstate tvs) 4775 { 4776 struct componentname *cnp; 4777 struct vnode *tvp; 4778 seqc_t tvp_seqc; 4779 int error, lkflags; 4780 4781 cnp = fpl->cnp; 4782 tvp = fpl->tvp; 4783 tvp_seqc = fpl->tvp_seqc; 4784 4785 if ((cnp->cn_flags & LOCKLEAF) != 0) { 4786 lkflags = LK_SHARED; 4787 if ((cnp->cn_flags & LOCKSHARED) == 0) 4788 lkflags = LK_EXCLUSIVE; 4789 error = vget_finish(tvp, lkflags, tvs); 4790 if (__predict_false(error != 0)) { 4791 return (cache_fpl_aborted(fpl)); 4792 } 4793 } else { 4794 vget_finish_ref(tvp, tvs); 4795 } 4796 4797 if (!vn_seqc_consistent(tvp, tvp_seqc)) { 4798 if ((cnp->cn_flags & LOCKLEAF) != 0) 4799 vput(tvp); 4800 else 4801 vrele(tvp); 4802 return (cache_fpl_aborted(fpl)); 4803 } 4804 4805 return (cache_fpl_handled(fpl)); 4806 } 4807 4808 /* 4809 * They want to possibly modify the state of the namecache. 4810 */ 4811 static int __noinline 4812 cache_fplookup_final_modifying(struct cache_fpl *fpl) 4813 { 4814 struct nameidata *ndp __diagused; 4815 struct componentname *cnp; 4816 enum vgetstate dvs; 4817 struct vnode *dvp, *tvp; 4818 struct mount *mp; 4819 seqc_t dvp_seqc; 4820 int error; 4821 bool docache; 4822 4823 ndp = fpl->ndp; 4824 cnp = fpl->cnp; 4825 dvp = fpl->dvp; 4826 dvp_seqc = fpl->dvp_seqc; 4827 4828 MPASS(*(cnp->cn_nameptr) != '/'); 4829 MPASS(cache_fpl_islastcn(ndp)); 4830 if ((cnp->cn_flags & LOCKPARENT) == 0) 4831 MPASS((cnp->cn_flags & WANTPARENT) != 0); 4832 MPASS((cnp->cn_flags & TRAILINGSLASH) == 0); 4833 MPASS(cnp->cn_nameiop == CREATE || cnp->cn_nameiop == DELETE || 4834 cnp->cn_nameiop == RENAME); 4835 MPASS((cnp->cn_flags & MAKEENTRY) == 0); 4836 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 4837 4838 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 4839 if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME) 4840 docache = false; 4841 4842 /* 4843 * Regular lookup nulifies the slash, which we don't do here. 4844 * Don't take chances with filesystem routines seeing it for 4845 * the last entry. 4846 */ 4847 if (cache_fpl_istrailingslash(fpl)) { 4848 return (cache_fpl_partial(fpl)); 4849 } 4850 4851 mp = atomic_load_ptr(&dvp->v_mount); 4852 if (__predict_false(mp == NULL)) { 4853 return (cache_fpl_aborted(fpl)); 4854 } 4855 4856 if (__predict_false(mp->mnt_flag & MNT_RDONLY)) { 4857 cache_fpl_smr_exit(fpl); 4858 /* 4859 * Original code keeps not checking for CREATE which 4860 * might be a bug. For now let the old lookup decide. 4861 */ 4862 if (cnp->cn_nameiop == CREATE) { 4863 return (cache_fpl_aborted(fpl)); 4864 } 4865 return (cache_fpl_handled_error(fpl, EROFS)); 4866 } 4867 4868 if (fpl->tvp != NULL && (cnp->cn_flags & FAILIFEXISTS) != 0) { 4869 cache_fpl_smr_exit(fpl); 4870 return (cache_fpl_handled_error(fpl, EEXIST)); 4871 } 4872 4873 /* 4874 * Secure access to dvp; check cache_fplookup_partial_setup for 4875 * reasoning. 4876 * 4877 * XXX At least UFS requires its lookup routine to be called for 4878 * the last path component, which leads to some level of complication 4879 * and inefficiency: 4880 * - the target routine always locks the target vnode, but our caller 4881 * may not need it locked 4882 * - some of the VOP machinery asserts that the parent is locked, which 4883 * once more may be not required 4884 * 4885 * TODO: add a flag for filesystems which don't need this. 4886 */ 4887 dvs = vget_prep_smr(dvp); 4888 cache_fpl_smr_exit(fpl); 4889 if (__predict_false(dvs == VGET_NONE)) { 4890 return (cache_fpl_aborted(fpl)); 4891 } 4892 4893 vget_finish_ref(dvp, dvs); 4894 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4895 vrele(dvp); 4896 return (cache_fpl_aborted(fpl)); 4897 } 4898 4899 error = vn_lock(dvp, LK_EXCLUSIVE); 4900 if (__predict_false(error != 0)) { 4901 vrele(dvp); 4902 return (cache_fpl_aborted(fpl)); 4903 } 4904 4905 tvp = NULL; 4906 cnp->cn_flags |= ISLASTCN; 4907 if (docache) 4908 cnp->cn_flags |= MAKEENTRY; 4909 if (cache_fpl_isdotdot(cnp)) 4910 cnp->cn_flags |= ISDOTDOT; 4911 cnp->cn_lkflags = LK_EXCLUSIVE; 4912 error = VOP_LOOKUP(dvp, &tvp, cnp); 4913 switch (error) { 4914 case EJUSTRETURN: 4915 case 0: 4916 break; 4917 case ENOTDIR: 4918 case ENOENT: 4919 vput(dvp); 4920 return (cache_fpl_handled_error(fpl, error)); 4921 default: 4922 vput(dvp); 4923 return (cache_fpl_aborted(fpl)); 4924 } 4925 4926 fpl->tvp = tvp; 4927 4928 if (tvp == NULL) { 4929 MPASS(error == EJUSTRETURN); 4930 if ((cnp->cn_flags & LOCKPARENT) == 0) { 4931 VOP_UNLOCK(dvp); 4932 } 4933 return (cache_fpl_handled(fpl)); 4934 } 4935 4936 /* 4937 * There are very hairy corner cases concerning various flag combinations 4938 * and locking state. In particular here we only hold one lock instead of 4939 * two. 4940 * 4941 * Skip the complexity as it is of no significance for normal workloads. 4942 */ 4943 if (__predict_false(tvp == dvp)) { 4944 vput(dvp); 4945 vrele(tvp); 4946 return (cache_fpl_aborted(fpl)); 4947 } 4948 4949 /* 4950 * If they want the symlink itself we are fine, but if they want to 4951 * follow it regular lookup has to be engaged. 4952 */ 4953 if (tvp->v_type == VLNK) { 4954 if ((cnp->cn_flags & FOLLOW) != 0) { 4955 vput(dvp); 4956 vput(tvp); 4957 return (cache_fpl_aborted(fpl)); 4958 } 4959 } 4960 4961 /* 4962 * Since we expect this to be the terminal vnode it should almost never 4963 * be a mount point. 4964 */ 4965 if (__predict_false(cache_fplookup_is_mp(fpl))) { 4966 vput(dvp); 4967 vput(tvp); 4968 return (cache_fpl_aborted(fpl)); 4969 } 4970 4971 if ((cnp->cn_flags & FAILIFEXISTS) != 0) { 4972 vput(dvp); 4973 vput(tvp); 4974 return (cache_fpl_handled_error(fpl, EEXIST)); 4975 } 4976 4977 if ((cnp->cn_flags & LOCKLEAF) == 0) { 4978 VOP_UNLOCK(tvp); 4979 } 4980 4981 if ((cnp->cn_flags & LOCKPARENT) == 0) { 4982 VOP_UNLOCK(dvp); 4983 } 4984 4985 return (cache_fpl_handled(fpl)); 4986 } 4987 4988 static int __noinline 4989 cache_fplookup_modifying(struct cache_fpl *fpl) 4990 { 4991 struct nameidata *ndp; 4992 4993 ndp = fpl->ndp; 4994 4995 if (!cache_fpl_islastcn(ndp)) { 4996 return (cache_fpl_partial(fpl)); 4997 } 4998 return (cache_fplookup_final_modifying(fpl)); 4999 } 5000 5001 static int __noinline 5002 cache_fplookup_final_withparent(struct cache_fpl *fpl) 5003 { 5004 struct componentname *cnp; 5005 enum vgetstate dvs, tvs; 5006 struct vnode *dvp, *tvp; 5007 seqc_t dvp_seqc; 5008 int error; 5009 5010 cnp = fpl->cnp; 5011 dvp = fpl->dvp; 5012 dvp_seqc = fpl->dvp_seqc; 5013 tvp = fpl->tvp; 5014 5015 MPASS((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0); 5016 5017 /* 5018 * This is less efficient than it can be for simplicity. 5019 */ 5020 dvs = vget_prep_smr(dvp); 5021 if (__predict_false(dvs == VGET_NONE)) { 5022 return (cache_fpl_aborted(fpl)); 5023 } 5024 tvs = vget_prep_smr(tvp); 5025 if (__predict_false(tvs == VGET_NONE)) { 5026 cache_fpl_smr_exit(fpl); 5027 vget_abort(dvp, dvs); 5028 return (cache_fpl_aborted(fpl)); 5029 } 5030 5031 cache_fpl_smr_exit(fpl); 5032 5033 if ((cnp->cn_flags & LOCKPARENT) != 0) { 5034 error = vget_finish(dvp, LK_EXCLUSIVE, dvs); 5035 if (__predict_false(error != 0)) { 5036 vget_abort(tvp, tvs); 5037 return (cache_fpl_aborted(fpl)); 5038 } 5039 } else { 5040 vget_finish_ref(dvp, dvs); 5041 } 5042 5043 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5044 vget_abort(tvp, tvs); 5045 if ((cnp->cn_flags & LOCKPARENT) != 0) 5046 vput(dvp); 5047 else 5048 vrele(dvp); 5049 return (cache_fpl_aborted(fpl)); 5050 } 5051 5052 error = cache_fplookup_final_child(fpl, tvs); 5053 if (__predict_false(error != 0)) { 5054 MPASS(fpl->status == CACHE_FPL_STATUS_ABORTED || 5055 fpl->status == CACHE_FPL_STATUS_DESTROYED); 5056 if ((cnp->cn_flags & LOCKPARENT) != 0) 5057 vput(dvp); 5058 else 5059 vrele(dvp); 5060 return (error); 5061 } 5062 5063 MPASS(fpl->status == CACHE_FPL_STATUS_HANDLED); 5064 return (0); 5065 } 5066 5067 static int 5068 cache_fplookup_final(struct cache_fpl *fpl) 5069 { 5070 struct componentname *cnp; 5071 enum vgetstate tvs; 5072 struct vnode *dvp, *tvp; 5073 seqc_t dvp_seqc; 5074 5075 cnp = fpl->cnp; 5076 dvp = fpl->dvp; 5077 dvp_seqc = fpl->dvp_seqc; 5078 tvp = fpl->tvp; 5079 5080 MPASS(*(cnp->cn_nameptr) != '/'); 5081 5082 if (cnp->cn_nameiop != LOOKUP) { 5083 return (cache_fplookup_final_modifying(fpl)); 5084 } 5085 5086 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) 5087 return (cache_fplookup_final_withparent(fpl)); 5088 5089 tvs = vget_prep_smr(tvp); 5090 if (__predict_false(tvs == VGET_NONE)) { 5091 return (cache_fpl_partial(fpl)); 5092 } 5093 5094 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5095 cache_fpl_smr_exit(fpl); 5096 vget_abort(tvp, tvs); 5097 return (cache_fpl_aborted(fpl)); 5098 } 5099 5100 cache_fpl_smr_exit(fpl); 5101 return (cache_fplookup_final_child(fpl, tvs)); 5102 } 5103 5104 /* 5105 * Comment from locked lookup: 5106 * Check for degenerate name (e.g. / or "") which is a way of talking about a 5107 * directory, e.g. like "/." or ".". 5108 */ 5109 static int __noinline 5110 cache_fplookup_degenerate(struct cache_fpl *fpl) 5111 { 5112 struct componentname *cnp; 5113 struct vnode *dvp; 5114 enum vgetstate dvs; 5115 int error, lkflags; 5116 #ifdef INVARIANTS 5117 char *cp; 5118 #endif 5119 5120 fpl->tvp = fpl->dvp; 5121 fpl->tvp_seqc = fpl->dvp_seqc; 5122 5123 cnp = fpl->cnp; 5124 dvp = fpl->dvp; 5125 5126 #ifdef INVARIANTS 5127 for (cp = cnp->cn_pnbuf; *cp != '\0'; cp++) { 5128 KASSERT(*cp == '/', 5129 ("%s: encountered non-slash; string [%s]\n", __func__, 5130 cnp->cn_pnbuf)); 5131 } 5132 #endif 5133 5134 if (__predict_false(cnp->cn_nameiop != LOOKUP)) { 5135 cache_fpl_smr_exit(fpl); 5136 return (cache_fpl_handled_error(fpl, EISDIR)); 5137 } 5138 5139 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) { 5140 return (cache_fplookup_final_withparent(fpl)); 5141 } 5142 5143 dvs = vget_prep_smr(dvp); 5144 cache_fpl_smr_exit(fpl); 5145 if (__predict_false(dvs == VGET_NONE)) { 5146 return (cache_fpl_aborted(fpl)); 5147 } 5148 5149 if ((cnp->cn_flags & LOCKLEAF) != 0) { 5150 lkflags = LK_SHARED; 5151 if ((cnp->cn_flags & LOCKSHARED) == 0) 5152 lkflags = LK_EXCLUSIVE; 5153 error = vget_finish(dvp, lkflags, dvs); 5154 if (__predict_false(error != 0)) { 5155 return (cache_fpl_aborted(fpl)); 5156 } 5157 } else { 5158 vget_finish_ref(dvp, dvs); 5159 } 5160 return (cache_fpl_handled(fpl)); 5161 } 5162 5163 static int __noinline 5164 cache_fplookup_emptypath(struct cache_fpl *fpl) 5165 { 5166 struct nameidata *ndp; 5167 struct componentname *cnp; 5168 enum vgetstate tvs; 5169 struct vnode *tvp; 5170 int error, lkflags; 5171 5172 fpl->tvp = fpl->dvp; 5173 fpl->tvp_seqc = fpl->dvp_seqc; 5174 5175 ndp = fpl->ndp; 5176 cnp = fpl->cnp; 5177 tvp = fpl->tvp; 5178 5179 MPASS(*cnp->cn_pnbuf == '\0'); 5180 5181 if (__predict_false((cnp->cn_flags & EMPTYPATH) == 0)) { 5182 cache_fpl_smr_exit(fpl); 5183 return (cache_fpl_handled_error(fpl, ENOENT)); 5184 } 5185 5186 MPASS((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0); 5187 5188 tvs = vget_prep_smr(tvp); 5189 cache_fpl_smr_exit(fpl); 5190 if (__predict_false(tvs == VGET_NONE)) { 5191 return (cache_fpl_aborted(fpl)); 5192 } 5193 5194 if ((cnp->cn_flags & LOCKLEAF) != 0) { 5195 lkflags = LK_SHARED; 5196 if ((cnp->cn_flags & LOCKSHARED) == 0) 5197 lkflags = LK_EXCLUSIVE; 5198 error = vget_finish(tvp, lkflags, tvs); 5199 if (__predict_false(error != 0)) { 5200 return (cache_fpl_aborted(fpl)); 5201 } 5202 } else { 5203 vget_finish_ref(tvp, tvs); 5204 } 5205 5206 ndp->ni_resflags |= NIRES_EMPTYPATH; 5207 return (cache_fpl_handled(fpl)); 5208 } 5209 5210 static int __noinline 5211 cache_fplookup_noentry(struct cache_fpl *fpl) 5212 { 5213 struct nameidata *ndp; 5214 struct componentname *cnp; 5215 enum vgetstate dvs; 5216 struct vnode *dvp, *tvp; 5217 seqc_t dvp_seqc; 5218 int error; 5219 5220 ndp = fpl->ndp; 5221 cnp = fpl->cnp; 5222 dvp = fpl->dvp; 5223 dvp_seqc = fpl->dvp_seqc; 5224 5225 MPASS((cnp->cn_flags & MAKEENTRY) == 0); 5226 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 5227 if (cnp->cn_nameiop == LOOKUP) 5228 MPASS((cnp->cn_flags & NOCACHE) == 0); 5229 MPASS(!cache_fpl_isdotdot(cnp)); 5230 5231 /* 5232 * Hack: delayed name len checking. 5233 */ 5234 if (__predict_false(cnp->cn_namelen > NAME_MAX)) { 5235 cache_fpl_smr_exit(fpl); 5236 return (cache_fpl_handled_error(fpl, ENAMETOOLONG)); 5237 } 5238 5239 if (cnp->cn_nameptr[0] == '/') { 5240 return (cache_fplookup_skip_slashes(fpl)); 5241 } 5242 5243 if (cnp->cn_pnbuf[0] == '\0') { 5244 return (cache_fplookup_emptypath(fpl)); 5245 } 5246 5247 if (cnp->cn_nameptr[0] == '\0') { 5248 if (fpl->tvp == NULL) { 5249 return (cache_fplookup_degenerate(fpl)); 5250 } 5251 return (cache_fplookup_trailingslash(fpl)); 5252 } 5253 5254 if (cnp->cn_nameiop != LOOKUP) { 5255 fpl->tvp = NULL; 5256 return (cache_fplookup_modifying(fpl)); 5257 } 5258 5259 /* 5260 * Only try to fill in the component if it is the last one, 5261 * otherwise not only there may be several to handle but the 5262 * walk may be complicated. 5263 */ 5264 if (!cache_fpl_islastcn(ndp)) { 5265 return (cache_fpl_partial(fpl)); 5266 } 5267 5268 /* 5269 * Regular lookup nulifies the slash, which we don't do here. 5270 * Don't take chances with filesystem routines seeing it for 5271 * the last entry. 5272 */ 5273 if (cache_fpl_istrailingslash(fpl)) { 5274 return (cache_fpl_partial(fpl)); 5275 } 5276 5277 /* 5278 * Secure access to dvp; check cache_fplookup_partial_setup for 5279 * reasoning. 5280 */ 5281 dvs = vget_prep_smr(dvp); 5282 cache_fpl_smr_exit(fpl); 5283 if (__predict_false(dvs == VGET_NONE)) { 5284 return (cache_fpl_aborted(fpl)); 5285 } 5286 5287 vget_finish_ref(dvp, dvs); 5288 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5289 vrele(dvp); 5290 return (cache_fpl_aborted(fpl)); 5291 } 5292 5293 error = vn_lock(dvp, LK_SHARED); 5294 if (__predict_false(error != 0)) { 5295 vrele(dvp); 5296 return (cache_fpl_aborted(fpl)); 5297 } 5298 5299 tvp = NULL; 5300 /* 5301 * TODO: provide variants which don't require locking either vnode. 5302 */ 5303 cnp->cn_flags |= ISLASTCN | MAKEENTRY; 5304 cnp->cn_lkflags = LK_SHARED; 5305 if ((cnp->cn_flags & LOCKSHARED) == 0) { 5306 cnp->cn_lkflags = LK_EXCLUSIVE; 5307 } 5308 error = VOP_LOOKUP(dvp, &tvp, cnp); 5309 switch (error) { 5310 case EJUSTRETURN: 5311 case 0: 5312 break; 5313 case ENOTDIR: 5314 case ENOENT: 5315 vput(dvp); 5316 return (cache_fpl_handled_error(fpl, error)); 5317 default: 5318 vput(dvp); 5319 return (cache_fpl_aborted(fpl)); 5320 } 5321 5322 fpl->tvp = tvp; 5323 5324 if (tvp == NULL) { 5325 MPASS(error == EJUSTRETURN); 5326 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) { 5327 vput(dvp); 5328 } else if ((cnp->cn_flags & LOCKPARENT) == 0) { 5329 VOP_UNLOCK(dvp); 5330 } 5331 return (cache_fpl_handled(fpl)); 5332 } 5333 5334 if (tvp->v_type == VLNK) { 5335 if ((cnp->cn_flags & FOLLOW) != 0) { 5336 vput(dvp); 5337 vput(tvp); 5338 return (cache_fpl_aborted(fpl)); 5339 } 5340 } 5341 5342 if (__predict_false(cache_fplookup_is_mp(fpl))) { 5343 vput(dvp); 5344 vput(tvp); 5345 return (cache_fpl_aborted(fpl)); 5346 } 5347 5348 if ((cnp->cn_flags & LOCKLEAF) == 0) { 5349 VOP_UNLOCK(tvp); 5350 } 5351 5352 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) { 5353 vput(dvp); 5354 } else if ((cnp->cn_flags & LOCKPARENT) == 0) { 5355 VOP_UNLOCK(dvp); 5356 } 5357 return (cache_fpl_handled(fpl)); 5358 } 5359 5360 static int __noinline 5361 cache_fplookup_dot(struct cache_fpl *fpl) 5362 { 5363 int error; 5364 5365 MPASS(!seqc_in_modify(fpl->dvp_seqc)); 5366 5367 if (__predict_false(fpl->dvp->v_type != VDIR)) { 5368 cache_fpl_smr_exit(fpl); 5369 return (cache_fpl_handled_error(fpl, ENOTDIR)); 5370 } 5371 5372 /* 5373 * Just re-assign the value. seqc will be checked later for the first 5374 * non-dot path component in line and/or before deciding to return the 5375 * vnode. 5376 */ 5377 fpl->tvp = fpl->dvp; 5378 fpl->tvp_seqc = fpl->dvp_seqc; 5379 5380 SDT_PROBE3(vfs, namecache, lookup, hit, fpl->dvp, ".", fpl->dvp); 5381 5382 error = 0; 5383 if (cache_fplookup_is_mp(fpl)) { 5384 error = cache_fplookup_cross_mount(fpl); 5385 } 5386 return (error); 5387 } 5388 5389 static int __noinline 5390 cache_fplookup_dotdot(struct cache_fpl *fpl) 5391 { 5392 struct nameidata *ndp; 5393 struct namecache *ncp; 5394 struct vnode *dvp; 5395 u_char nc_flag; 5396 5397 ndp = fpl->ndp; 5398 dvp = fpl->dvp; 5399 5400 MPASS(cache_fpl_isdotdot(fpl->cnp)); 5401 5402 /* 5403 * XXX this is racy the same way regular lookup is 5404 */ 5405 if (vfs_lookup_isroot(ndp, dvp)) { 5406 fpl->tvp = dvp; 5407 fpl->tvp_seqc = vn_seqc_read_any(dvp); 5408 if (seqc_in_modify(fpl->tvp_seqc)) { 5409 return (cache_fpl_aborted(fpl)); 5410 } 5411 return (0); 5412 } 5413 5414 if ((dvp->v_vflag & VV_ROOT) != 0) { 5415 /* 5416 * TODO 5417 * The opposite of climb mount is needed here. 5418 */ 5419 return (cache_fpl_partial(fpl)); 5420 } 5421 5422 if (__predict_false(dvp->v_type != VDIR)) { 5423 cache_fpl_smr_exit(fpl); 5424 return (cache_fpl_handled_error(fpl, ENOTDIR)); 5425 } 5426 5427 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd); 5428 if (ncp == NULL) { 5429 return (cache_fpl_aborted(fpl)); 5430 } 5431 5432 nc_flag = atomic_load_char(&ncp->nc_flag); 5433 if ((nc_flag & NCF_ISDOTDOT) != 0) { 5434 if ((nc_flag & NCF_NEGATIVE) != 0) 5435 return (cache_fpl_aborted(fpl)); 5436 fpl->tvp = ncp->nc_vp; 5437 } else { 5438 fpl->tvp = ncp->nc_dvp; 5439 } 5440 5441 fpl->tvp_seqc = vn_seqc_read_any(fpl->tvp); 5442 if (seqc_in_modify(fpl->tvp_seqc)) { 5443 return (cache_fpl_partial(fpl)); 5444 } 5445 5446 /* 5447 * Acquire fence provided by vn_seqc_read_any above. 5448 */ 5449 if (__predict_false(atomic_load_ptr(&dvp->v_cache_dd) != ncp)) { 5450 return (cache_fpl_aborted(fpl)); 5451 } 5452 5453 if (!cache_ncp_canuse(ncp)) { 5454 return (cache_fpl_aborted(fpl)); 5455 } 5456 5457 return (0); 5458 } 5459 5460 static int __noinline 5461 cache_fplookup_neg(struct cache_fpl *fpl, struct namecache *ncp, uint32_t hash) 5462 { 5463 u_char nc_flag __diagused; 5464 bool neg_promote; 5465 5466 #ifdef INVARIANTS 5467 nc_flag = atomic_load_char(&ncp->nc_flag); 5468 MPASS((nc_flag & NCF_NEGATIVE) != 0); 5469 #endif 5470 /* 5471 * If they want to create an entry we need to replace this one. 5472 */ 5473 if (__predict_false(fpl->cnp->cn_nameiop != LOOKUP)) { 5474 fpl->tvp = NULL; 5475 return (cache_fplookup_modifying(fpl)); 5476 } 5477 neg_promote = cache_neg_hit_prep(ncp); 5478 if (!cache_fpl_neg_ncp_canuse(ncp)) { 5479 cache_neg_hit_abort(ncp); 5480 return (cache_fpl_partial(fpl)); 5481 } 5482 if (neg_promote) { 5483 return (cache_fplookup_negative_promote(fpl, ncp, hash)); 5484 } 5485 cache_neg_hit_finish(ncp); 5486 cache_fpl_smr_exit(fpl); 5487 return (cache_fpl_handled_error(fpl, ENOENT)); 5488 } 5489 5490 /* 5491 * Resolve a symlink. Called by filesystem-specific routines. 5492 * 5493 * Code flow is: 5494 * ... -> cache_fplookup_symlink -> VOP_FPLOOKUP_SYMLINK -> cache_symlink_resolve 5495 */ 5496 int 5497 cache_symlink_resolve(struct cache_fpl *fpl, const char *string, size_t len) 5498 { 5499 struct nameidata *ndp; 5500 struct componentname *cnp; 5501 size_t adjust; 5502 5503 ndp = fpl->ndp; 5504 cnp = fpl->cnp; 5505 5506 if (__predict_false(len == 0)) { 5507 return (ENOENT); 5508 } 5509 5510 if (__predict_false(len > MAXPATHLEN - 2)) { 5511 if (cache_fpl_istrailingslash(fpl)) { 5512 return (EAGAIN); 5513 } 5514 } 5515 5516 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr - cnp->cn_namelen + 1; 5517 #ifdef INVARIANTS 5518 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) { 5519 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 5520 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 5521 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 5522 } 5523 #endif 5524 5525 if (__predict_false(len + ndp->ni_pathlen > MAXPATHLEN)) { 5526 return (ENAMETOOLONG); 5527 } 5528 5529 if (__predict_false(ndp->ni_loopcnt++ >= MAXSYMLINKS)) { 5530 return (ELOOP); 5531 } 5532 5533 adjust = len; 5534 if (ndp->ni_pathlen > 1) { 5535 bcopy(ndp->ni_next, cnp->cn_pnbuf + len, ndp->ni_pathlen); 5536 } else { 5537 if (cache_fpl_istrailingslash(fpl)) { 5538 adjust = len + 1; 5539 cnp->cn_pnbuf[len] = '/'; 5540 cnp->cn_pnbuf[len + 1] = '\0'; 5541 } else { 5542 cnp->cn_pnbuf[len] = '\0'; 5543 } 5544 } 5545 bcopy(string, cnp->cn_pnbuf, len); 5546 5547 ndp->ni_pathlen += adjust; 5548 cache_fpl_pathlen_add(fpl, adjust); 5549 cnp->cn_nameptr = cnp->cn_pnbuf; 5550 fpl->nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1]; 5551 fpl->tvp = NULL; 5552 return (0); 5553 } 5554 5555 static int __noinline 5556 cache_fplookup_symlink(struct cache_fpl *fpl) 5557 { 5558 struct mount *mp; 5559 struct nameidata *ndp; 5560 struct componentname *cnp; 5561 struct vnode *dvp, *tvp; 5562 struct pwd *pwd; 5563 int error; 5564 5565 ndp = fpl->ndp; 5566 cnp = fpl->cnp; 5567 dvp = fpl->dvp; 5568 tvp = fpl->tvp; 5569 pwd = *(fpl->pwd); 5570 5571 if (cache_fpl_islastcn(ndp)) { 5572 if ((cnp->cn_flags & FOLLOW) == 0) { 5573 return (cache_fplookup_final(fpl)); 5574 } 5575 } 5576 5577 mp = atomic_load_ptr(&dvp->v_mount); 5578 if (__predict_false(mp == NULL)) { 5579 return (cache_fpl_aborted(fpl)); 5580 } 5581 5582 /* 5583 * Note this check races against setting the flag just like regular 5584 * lookup. 5585 */ 5586 if (__predict_false((mp->mnt_flag & MNT_NOSYMFOLLOW) != 0)) { 5587 cache_fpl_smr_exit(fpl); 5588 return (cache_fpl_handled_error(fpl, EACCES)); 5589 } 5590 5591 error = VOP_FPLOOKUP_SYMLINK(tvp, fpl); 5592 if (__predict_false(error != 0)) { 5593 switch (error) { 5594 case EAGAIN: 5595 return (cache_fpl_partial(fpl)); 5596 case ENOENT: 5597 case ENAMETOOLONG: 5598 case ELOOP: 5599 cache_fpl_smr_exit(fpl); 5600 return (cache_fpl_handled_error(fpl, error)); 5601 default: 5602 return (cache_fpl_aborted(fpl)); 5603 } 5604 } 5605 5606 if (*(cnp->cn_nameptr) == '/') { 5607 fpl->dvp = cache_fpl_handle_root(fpl); 5608 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp); 5609 if (seqc_in_modify(fpl->dvp_seqc)) { 5610 return (cache_fpl_aborted(fpl)); 5611 } 5612 /* 5613 * The main loop assumes that ->dvp points to a vnode belonging 5614 * to a filesystem which can do lockless lookup, but the absolute 5615 * symlink can be wandering off to one which does not. 5616 */ 5617 mp = atomic_load_ptr(&fpl->dvp->v_mount); 5618 if (__predict_false(mp == NULL)) { 5619 return (cache_fpl_aborted(fpl)); 5620 } 5621 if (!cache_fplookup_mp_supported(mp)) { 5622 cache_fpl_checkpoint(fpl); 5623 return (cache_fpl_partial(fpl)); 5624 } 5625 if (__predict_false(pwd->pwd_adir != pwd->pwd_rdir)) { 5626 return (cache_fpl_aborted(fpl)); 5627 } 5628 } 5629 return (0); 5630 } 5631 5632 static int 5633 cache_fplookup_next(struct cache_fpl *fpl) 5634 { 5635 struct componentname *cnp; 5636 struct namecache *ncp; 5637 struct vnode *dvp, *tvp; 5638 u_char nc_flag; 5639 uint32_t hash; 5640 int error; 5641 5642 cnp = fpl->cnp; 5643 dvp = fpl->dvp; 5644 hash = fpl->hash; 5645 5646 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 5647 if (cnp->cn_namelen == 1) { 5648 return (cache_fplookup_dot(fpl)); 5649 } 5650 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') { 5651 return (cache_fplookup_dotdot(fpl)); 5652 } 5653 } 5654 5655 MPASS(!cache_fpl_isdotdot(cnp)); 5656 5657 ncp = cache_ncp_find(dvp, cnp, hash); 5658 if (__predict_false(ncp == NULL)) { 5659 return (cache_fplookup_noentry(fpl)); 5660 } 5661 5662 tvp = atomic_load_ptr(&ncp->nc_vp); 5663 nc_flag = atomic_load_char(&ncp->nc_flag); 5664 if ((nc_flag & NCF_NEGATIVE) != 0) { 5665 return (cache_fplookup_neg(fpl, ncp, hash)); 5666 } 5667 5668 if (!cache_ncp_canuse(ncp)) { 5669 return (cache_fpl_partial(fpl)); 5670 } 5671 5672 fpl->tvp = tvp; 5673 fpl->tvp_seqc = vn_seqc_read_any(tvp); 5674 if (seqc_in_modify(fpl->tvp_seqc)) { 5675 return (cache_fpl_partial(fpl)); 5676 } 5677 5678 counter_u64_add(numposhits, 1); 5679 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, tvp); 5680 5681 error = 0; 5682 if (cache_fplookup_is_mp(fpl)) { 5683 error = cache_fplookup_cross_mount(fpl); 5684 } 5685 return (error); 5686 } 5687 5688 static bool 5689 cache_fplookup_mp_supported(struct mount *mp) 5690 { 5691 5692 MPASS(mp != NULL); 5693 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0) 5694 return (false); 5695 return (true); 5696 } 5697 5698 /* 5699 * Walk up the mount stack (if any). 5700 * 5701 * Correctness is provided in the following ways: 5702 * - all vnodes are protected from freeing with SMR 5703 * - struct mount objects are type stable making them always safe to access 5704 * - stability of the particular mount is provided by busying it 5705 * - relationship between the vnode which is mounted on and the mount is 5706 * verified with the vnode sequence counter after busying 5707 * - association between root vnode of the mount and the mount is protected 5708 * by busy 5709 * 5710 * From that point on we can read the sequence counter of the root vnode 5711 * and get the next mount on the stack (if any) using the same protection. 5712 * 5713 * By the end of successful walk we are guaranteed the reached state was 5714 * indeed present at least at some point which matches the regular lookup. 5715 */ 5716 static int __noinline 5717 cache_fplookup_climb_mount(struct cache_fpl *fpl) 5718 { 5719 struct mount *mp, *prev_mp; 5720 struct mount_pcpu *mpcpu, *prev_mpcpu; 5721 struct vnode *vp; 5722 seqc_t vp_seqc; 5723 5724 vp = fpl->tvp; 5725 vp_seqc = fpl->tvp_seqc; 5726 5727 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp); 5728 mp = atomic_load_ptr(&vp->v_mountedhere); 5729 if (__predict_false(mp == NULL)) { 5730 return (0); 5731 } 5732 5733 prev_mp = NULL; 5734 for (;;) { 5735 if (!vfs_op_thread_enter_crit(mp, mpcpu)) { 5736 if (prev_mp != NULL) 5737 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5738 return (cache_fpl_partial(fpl)); 5739 } 5740 if (prev_mp != NULL) 5741 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5742 if (!vn_seqc_consistent(vp, vp_seqc)) { 5743 vfs_op_thread_exit_crit(mp, mpcpu); 5744 return (cache_fpl_partial(fpl)); 5745 } 5746 if (!cache_fplookup_mp_supported(mp)) { 5747 vfs_op_thread_exit_crit(mp, mpcpu); 5748 return (cache_fpl_partial(fpl)); 5749 } 5750 vp = atomic_load_ptr(&mp->mnt_rootvnode); 5751 if (vp == NULL) { 5752 vfs_op_thread_exit_crit(mp, mpcpu); 5753 return (cache_fpl_partial(fpl)); 5754 } 5755 vp_seqc = vn_seqc_read_any(vp); 5756 if (seqc_in_modify(vp_seqc)) { 5757 vfs_op_thread_exit_crit(mp, mpcpu); 5758 return (cache_fpl_partial(fpl)); 5759 } 5760 prev_mp = mp; 5761 prev_mpcpu = mpcpu; 5762 mp = atomic_load_ptr(&vp->v_mountedhere); 5763 if (mp == NULL) 5764 break; 5765 } 5766 5767 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5768 fpl->tvp = vp; 5769 fpl->tvp_seqc = vp_seqc; 5770 return (0); 5771 } 5772 5773 static int __noinline 5774 cache_fplookup_cross_mount(struct cache_fpl *fpl) 5775 { 5776 struct mount *mp; 5777 struct mount_pcpu *mpcpu; 5778 struct vnode *vp; 5779 seqc_t vp_seqc; 5780 5781 vp = fpl->tvp; 5782 vp_seqc = fpl->tvp_seqc; 5783 5784 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp); 5785 mp = atomic_load_ptr(&vp->v_mountedhere); 5786 if (__predict_false(mp == NULL)) { 5787 return (0); 5788 } 5789 5790 if (!vfs_op_thread_enter_crit(mp, mpcpu)) { 5791 return (cache_fpl_partial(fpl)); 5792 } 5793 if (!vn_seqc_consistent(vp, vp_seqc)) { 5794 vfs_op_thread_exit_crit(mp, mpcpu); 5795 return (cache_fpl_partial(fpl)); 5796 } 5797 if (!cache_fplookup_mp_supported(mp)) { 5798 vfs_op_thread_exit_crit(mp, mpcpu); 5799 return (cache_fpl_partial(fpl)); 5800 } 5801 vp = atomic_load_ptr(&mp->mnt_rootvnode); 5802 if (__predict_false(vp == NULL)) { 5803 vfs_op_thread_exit_crit(mp, mpcpu); 5804 return (cache_fpl_partial(fpl)); 5805 } 5806 vp_seqc = vn_seqc_read_any(vp); 5807 vfs_op_thread_exit_crit(mp, mpcpu); 5808 if (seqc_in_modify(vp_seqc)) { 5809 return (cache_fpl_partial(fpl)); 5810 } 5811 mp = atomic_load_ptr(&vp->v_mountedhere); 5812 if (__predict_false(mp != NULL)) { 5813 /* 5814 * There are possibly more mount points on top. 5815 * Normally this does not happen so for simplicity just start 5816 * over. 5817 */ 5818 return (cache_fplookup_climb_mount(fpl)); 5819 } 5820 5821 fpl->tvp = vp; 5822 fpl->tvp_seqc = vp_seqc; 5823 return (0); 5824 } 5825 5826 /* 5827 * Check if a vnode is mounted on. 5828 */ 5829 static bool 5830 cache_fplookup_is_mp(struct cache_fpl *fpl) 5831 { 5832 struct vnode *vp; 5833 5834 vp = fpl->tvp; 5835 return ((vn_irflag_read(vp) & VIRF_MOUNTPOINT) != 0); 5836 } 5837 5838 /* 5839 * Parse the path. 5840 * 5841 * The code was originally copy-pasted from regular lookup and despite 5842 * clean ups leaves performance on the table. Any modifications here 5843 * must take into account that in case off fallback the resulting 5844 * nameidata state has to be compatible with the original. 5845 */ 5846 5847 /* 5848 * Debug ni_pathlen tracking. 5849 */ 5850 #ifdef INVARIANTS 5851 static void 5852 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n) 5853 { 5854 5855 fpl->debug.ni_pathlen += n; 5856 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX, 5857 ("%s: pathlen overflow to %zd\n", __func__, fpl->debug.ni_pathlen)); 5858 } 5859 5860 static void 5861 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n) 5862 { 5863 5864 fpl->debug.ni_pathlen -= n; 5865 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX, 5866 ("%s: pathlen underflow to %zd\n", __func__, fpl->debug.ni_pathlen)); 5867 } 5868 5869 static void 5870 cache_fpl_pathlen_inc(struct cache_fpl *fpl) 5871 { 5872 5873 cache_fpl_pathlen_add(fpl, 1); 5874 } 5875 5876 static void 5877 cache_fpl_pathlen_dec(struct cache_fpl *fpl) 5878 { 5879 5880 cache_fpl_pathlen_sub(fpl, 1); 5881 } 5882 #else 5883 static void 5884 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n) 5885 { 5886 } 5887 5888 static void 5889 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n) 5890 { 5891 } 5892 5893 static void 5894 cache_fpl_pathlen_inc(struct cache_fpl *fpl) 5895 { 5896 } 5897 5898 static void 5899 cache_fpl_pathlen_dec(struct cache_fpl *fpl) 5900 { 5901 } 5902 #endif 5903 5904 static void 5905 cache_fplookup_parse(struct cache_fpl *fpl) 5906 { 5907 struct nameidata *ndp; 5908 struct componentname *cnp; 5909 struct vnode *dvp; 5910 char *cp; 5911 uint32_t hash; 5912 5913 ndp = fpl->ndp; 5914 cnp = fpl->cnp; 5915 dvp = fpl->dvp; 5916 5917 /* 5918 * Find the end of this path component, it is either / or nul. 5919 * 5920 * Store / as a temporary sentinel so that we only have one character 5921 * to test for. Pathnames tend to be short so this should not be 5922 * resulting in cache misses. 5923 * 5924 * TODO: fix this to be word-sized. 5925 */ 5926 MPASS(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] >= cnp->cn_pnbuf); 5927 KASSERT(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] == fpl->nulchar, 5928 ("%s: mismatch between pathlen (%zu) and nulchar (%p != %p), string [%s]\n", 5929 __func__, fpl->debug.ni_pathlen, &cnp->cn_nameptr[fpl->debug.ni_pathlen - 1], 5930 fpl->nulchar, cnp->cn_pnbuf)); 5931 KASSERT(*fpl->nulchar == '\0', 5932 ("%s: expected nul at %p; string [%s]\n", __func__, fpl->nulchar, 5933 cnp->cn_pnbuf)); 5934 hash = cache_get_hash_iter_start(dvp); 5935 *fpl->nulchar = '/'; 5936 for (cp = cnp->cn_nameptr; *cp != '/'; cp++) { 5937 KASSERT(*cp != '\0', 5938 ("%s: encountered unexpected nul; string [%s]\n", __func__, 5939 cnp->cn_nameptr)); 5940 hash = cache_get_hash_iter(*cp, hash); 5941 continue; 5942 } 5943 *fpl->nulchar = '\0'; 5944 fpl->hash = cache_get_hash_iter_finish(hash); 5945 5946 cnp->cn_namelen = cp - cnp->cn_nameptr; 5947 cache_fpl_pathlen_sub(fpl, cnp->cn_namelen); 5948 5949 #ifdef INVARIANTS 5950 /* 5951 * cache_get_hash only accepts lengths up to NAME_MAX. This is fine since 5952 * we are going to fail this lookup with ENAMETOOLONG (see below). 5953 */ 5954 if (cnp->cn_namelen <= NAME_MAX) { 5955 if (fpl->hash != cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp)) { 5956 panic("%s: mismatched hash for [%s] len %ld", __func__, 5957 cnp->cn_nameptr, cnp->cn_namelen); 5958 } 5959 } 5960 #endif 5961 5962 /* 5963 * Hack: we have to check if the found path component's length exceeds 5964 * NAME_MAX. However, the condition is very rarely true and check can 5965 * be elided in the common case -- if an entry was found in the cache, 5966 * then it could not have been too long to begin with. 5967 */ 5968 ndp->ni_next = cp; 5969 } 5970 5971 static void 5972 cache_fplookup_parse_advance(struct cache_fpl *fpl) 5973 { 5974 struct nameidata *ndp; 5975 struct componentname *cnp; 5976 5977 ndp = fpl->ndp; 5978 cnp = fpl->cnp; 5979 5980 cnp->cn_nameptr = ndp->ni_next; 5981 KASSERT(*(cnp->cn_nameptr) == '/', 5982 ("%s: should have seen slash at %p ; buf %p [%s]\n", __func__, 5983 cnp->cn_nameptr, cnp->cn_pnbuf, cnp->cn_pnbuf)); 5984 cnp->cn_nameptr++; 5985 cache_fpl_pathlen_dec(fpl); 5986 } 5987 5988 /* 5989 * Skip spurious slashes in a pathname (e.g., "foo///bar") and retry. 5990 * 5991 * Lockless lookup tries to elide checking for spurious slashes and should they 5992 * be present is guaranteed to fail to find an entry. In this case the caller 5993 * must check if the name starts with a slash and call this routine. It is 5994 * going to fast forward across the spurious slashes and set the state up for 5995 * retry. 5996 */ 5997 static int __noinline 5998 cache_fplookup_skip_slashes(struct cache_fpl *fpl) 5999 { 6000 struct nameidata *ndp; 6001 struct componentname *cnp; 6002 6003 ndp = fpl->ndp; 6004 cnp = fpl->cnp; 6005 6006 MPASS(*(cnp->cn_nameptr) == '/'); 6007 do { 6008 cnp->cn_nameptr++; 6009 cache_fpl_pathlen_dec(fpl); 6010 } while (*(cnp->cn_nameptr) == '/'); 6011 6012 /* 6013 * Go back to one slash so that cache_fplookup_parse_advance has 6014 * something to skip. 6015 */ 6016 cnp->cn_nameptr--; 6017 cache_fpl_pathlen_inc(fpl); 6018 6019 /* 6020 * cache_fplookup_parse_advance starts from ndp->ni_next 6021 */ 6022 ndp->ni_next = cnp->cn_nameptr; 6023 6024 /* 6025 * See cache_fplookup_dot. 6026 */ 6027 fpl->tvp = fpl->dvp; 6028 fpl->tvp_seqc = fpl->dvp_seqc; 6029 6030 return (0); 6031 } 6032 6033 /* 6034 * Handle trailing slashes (e.g., "foo/"). 6035 * 6036 * If a trailing slash is found the terminal vnode must be a directory. 6037 * Regular lookup shortens the path by nulifying the first trailing slash and 6038 * sets the TRAILINGSLASH flag to denote this took place. There are several 6039 * checks on it performed later. 6040 * 6041 * Similarly to spurious slashes, lockless lookup handles this in a speculative 6042 * manner relying on an invariant that a non-directory vnode will get a miss. 6043 * In this case cn_nameptr[0] == '\0' and cn_namelen == 0. 6044 * 6045 * Thus for a path like "foo/bar/" the code unwinds the state back to "bar/" 6046 * and denotes this is the last path component, which avoids looping back. 6047 * 6048 * Only plain lookups are supported for now to restrict corner cases to handle. 6049 */ 6050 static int __noinline 6051 cache_fplookup_trailingslash(struct cache_fpl *fpl) 6052 { 6053 #ifdef INVARIANTS 6054 size_t ni_pathlen; 6055 #endif 6056 struct nameidata *ndp; 6057 struct componentname *cnp; 6058 struct namecache *ncp; 6059 struct vnode *tvp; 6060 char *cn_nameptr_orig, *cn_nameptr_slash; 6061 seqc_t tvp_seqc; 6062 u_char nc_flag; 6063 6064 ndp = fpl->ndp; 6065 cnp = fpl->cnp; 6066 tvp = fpl->tvp; 6067 tvp_seqc = fpl->tvp_seqc; 6068 6069 MPASS(fpl->dvp == fpl->tvp); 6070 KASSERT(cache_fpl_istrailingslash(fpl), 6071 ("%s: expected trailing slash at %p; string [%s]\n", __func__, fpl->nulchar - 1, 6072 cnp->cn_pnbuf)); 6073 KASSERT(cnp->cn_nameptr[0] == '\0', 6074 ("%s: expected nul char at %p; string [%s]\n", __func__, &cnp->cn_nameptr[0], 6075 cnp->cn_pnbuf)); 6076 KASSERT(cnp->cn_namelen == 0, 6077 ("%s: namelen 0 but got %ld; string [%s]\n", __func__, cnp->cn_namelen, 6078 cnp->cn_pnbuf)); 6079 MPASS(cnp->cn_nameptr > cnp->cn_pnbuf); 6080 6081 if (cnp->cn_nameiop != LOOKUP) { 6082 return (cache_fpl_aborted(fpl)); 6083 } 6084 6085 if (__predict_false(tvp->v_type != VDIR)) { 6086 if (!vn_seqc_consistent(tvp, tvp_seqc)) { 6087 return (cache_fpl_aborted(fpl)); 6088 } 6089 cache_fpl_smr_exit(fpl); 6090 return (cache_fpl_handled_error(fpl, ENOTDIR)); 6091 } 6092 6093 /* 6094 * Denote the last component. 6095 */ 6096 ndp->ni_next = &cnp->cn_nameptr[0]; 6097 MPASS(cache_fpl_islastcn(ndp)); 6098 6099 /* 6100 * Unwind trailing slashes. 6101 */ 6102 cn_nameptr_orig = cnp->cn_nameptr; 6103 while (cnp->cn_nameptr >= cnp->cn_pnbuf) { 6104 cnp->cn_nameptr--; 6105 if (cnp->cn_nameptr[0] != '/') { 6106 break; 6107 } 6108 } 6109 6110 /* 6111 * Unwind to the beginning of the path component. 6112 * 6113 * Note the path may or may not have started with a slash. 6114 */ 6115 cn_nameptr_slash = cnp->cn_nameptr; 6116 while (cnp->cn_nameptr > cnp->cn_pnbuf) { 6117 cnp->cn_nameptr--; 6118 if (cnp->cn_nameptr[0] == '/') { 6119 break; 6120 } 6121 } 6122 if (cnp->cn_nameptr[0] == '/') { 6123 cnp->cn_nameptr++; 6124 } 6125 6126 cnp->cn_namelen = cn_nameptr_slash - cnp->cn_nameptr + 1; 6127 cache_fpl_pathlen_add(fpl, cn_nameptr_orig - cnp->cn_nameptr); 6128 cache_fpl_checkpoint(fpl); 6129 6130 #ifdef INVARIANTS 6131 ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1; 6132 if (ni_pathlen != fpl->debug.ni_pathlen) { 6133 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 6134 __func__, ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 6135 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 6136 } 6137 #endif 6138 6139 /* 6140 * If this was a "./" lookup the parent directory is already correct. 6141 */ 6142 if (cnp->cn_nameptr[0] == '.' && cnp->cn_namelen == 1) { 6143 return (0); 6144 } 6145 6146 /* 6147 * Otherwise we need to look it up. 6148 */ 6149 tvp = fpl->tvp; 6150 ncp = atomic_load_consume_ptr(&tvp->v_cache_dd); 6151 if (__predict_false(ncp == NULL)) { 6152 return (cache_fpl_aborted(fpl)); 6153 } 6154 nc_flag = atomic_load_char(&ncp->nc_flag); 6155 if ((nc_flag & NCF_ISDOTDOT) != 0) { 6156 return (cache_fpl_aborted(fpl)); 6157 } 6158 fpl->dvp = ncp->nc_dvp; 6159 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp); 6160 if (seqc_in_modify(fpl->dvp_seqc)) { 6161 return (cache_fpl_aborted(fpl)); 6162 } 6163 return (0); 6164 } 6165 6166 /* 6167 * See the API contract for VOP_FPLOOKUP_VEXEC. 6168 */ 6169 static int __noinline 6170 cache_fplookup_failed_vexec(struct cache_fpl *fpl, int error) 6171 { 6172 struct componentname *cnp; 6173 struct vnode *dvp; 6174 seqc_t dvp_seqc; 6175 6176 cnp = fpl->cnp; 6177 dvp = fpl->dvp; 6178 dvp_seqc = fpl->dvp_seqc; 6179 6180 /* 6181 * Hack: delayed empty path checking. 6182 */ 6183 if (cnp->cn_pnbuf[0] == '\0') { 6184 return (cache_fplookup_emptypath(fpl)); 6185 } 6186 6187 /* 6188 * TODO: Due to ignoring trailing slashes lookup will perform a 6189 * permission check on the last dir when it should not be doing it. It 6190 * may fail, but said failure should be ignored. It is possible to fix 6191 * it up fully without resorting to regular lookup, but for now just 6192 * abort. 6193 */ 6194 if (cache_fpl_istrailingslash(fpl)) { 6195 return (cache_fpl_aborted(fpl)); 6196 } 6197 6198 /* 6199 * Hack: delayed degenerate path checking. 6200 */ 6201 if (cnp->cn_nameptr[0] == '\0' && fpl->tvp == NULL) { 6202 return (cache_fplookup_degenerate(fpl)); 6203 } 6204 6205 /* 6206 * Hack: delayed name len checking. 6207 */ 6208 if (__predict_false(cnp->cn_namelen > NAME_MAX)) { 6209 cache_fpl_smr_exit(fpl); 6210 return (cache_fpl_handled_error(fpl, ENAMETOOLONG)); 6211 } 6212 6213 /* 6214 * Hack: they may be looking up foo/bar, where foo is not a directory. 6215 * In such a case we need to return ENOTDIR, but we may happen to get 6216 * here with a different error. 6217 */ 6218 if (dvp->v_type != VDIR) { 6219 error = ENOTDIR; 6220 } 6221 6222 /* 6223 * Hack: handle O_SEARCH. 6224 * 6225 * Open Group Base Specifications Issue 7, 2018 edition states: 6226 * <quote> 6227 * If the access mode of the open file description associated with the 6228 * file descriptor is not O_SEARCH, the function shall check whether 6229 * directory searches are permitted using the current permissions of 6230 * the directory underlying the file descriptor. If the access mode is 6231 * O_SEARCH, the function shall not perform the check. 6232 * </quote> 6233 * 6234 * Regular lookup tests for the NOEXECCHECK flag for every path 6235 * component to decide whether to do the permission check. However, 6236 * since most lookups never have the flag (and when they do it is only 6237 * present for the first path component), lockless lookup only acts on 6238 * it if there is a permission problem. Here the flag is represented 6239 * with a boolean so that we don't have to clear it on the way out. 6240 * 6241 * For simplicity this always aborts. 6242 * TODO: check if this is the first lookup and ignore the permission 6243 * problem. Note the flag has to survive fallback (if it happens to be 6244 * performed). 6245 */ 6246 if (fpl->fsearch) { 6247 return (cache_fpl_aborted(fpl)); 6248 } 6249 6250 switch (error) { 6251 case EAGAIN: 6252 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 6253 error = cache_fpl_aborted(fpl); 6254 } else { 6255 cache_fpl_partial(fpl); 6256 } 6257 break; 6258 default: 6259 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 6260 error = cache_fpl_aborted(fpl); 6261 } else { 6262 cache_fpl_smr_exit(fpl); 6263 cache_fpl_handled_error(fpl, error); 6264 } 6265 break; 6266 } 6267 return (error); 6268 } 6269 6270 static int 6271 cache_fplookup_impl(struct vnode *dvp, struct cache_fpl *fpl) 6272 { 6273 struct nameidata *ndp; 6274 struct componentname *cnp; 6275 struct mount *mp; 6276 int error; 6277 6278 ndp = fpl->ndp; 6279 cnp = fpl->cnp; 6280 6281 cache_fpl_checkpoint(fpl); 6282 6283 /* 6284 * The vnode at hand is almost always stable, skip checking for it. 6285 * Worst case this postpones the check towards the end of the iteration 6286 * of the main loop. 6287 */ 6288 fpl->dvp = dvp; 6289 fpl->dvp_seqc = vn_seqc_read_notmodify(fpl->dvp); 6290 6291 mp = atomic_load_ptr(&dvp->v_mount); 6292 if (__predict_false(mp == NULL || !cache_fplookup_mp_supported(mp))) { 6293 return (cache_fpl_aborted(fpl)); 6294 } 6295 6296 MPASS(fpl->tvp == NULL); 6297 6298 for (;;) { 6299 cache_fplookup_parse(fpl); 6300 6301 error = VOP_FPLOOKUP_VEXEC(fpl->dvp, cnp->cn_cred); 6302 if (__predict_false(error != 0)) { 6303 error = cache_fplookup_failed_vexec(fpl, error); 6304 break; 6305 } 6306 6307 error = cache_fplookup_next(fpl); 6308 if (__predict_false(cache_fpl_terminated(fpl))) { 6309 break; 6310 } 6311 6312 VNPASS(!seqc_in_modify(fpl->tvp_seqc), fpl->tvp); 6313 6314 if (fpl->tvp->v_type == VLNK) { 6315 error = cache_fplookup_symlink(fpl); 6316 if (cache_fpl_terminated(fpl)) { 6317 break; 6318 } 6319 } else { 6320 if (cache_fpl_islastcn(ndp)) { 6321 error = cache_fplookup_final(fpl); 6322 break; 6323 } 6324 6325 if (!vn_seqc_consistent(fpl->dvp, fpl->dvp_seqc)) { 6326 error = cache_fpl_aborted(fpl); 6327 break; 6328 } 6329 6330 fpl->dvp = fpl->tvp; 6331 fpl->dvp_seqc = fpl->tvp_seqc; 6332 cache_fplookup_parse_advance(fpl); 6333 } 6334 6335 cache_fpl_checkpoint(fpl); 6336 } 6337 6338 return (error); 6339 } 6340 6341 /* 6342 * Fast path lookup protected with SMR and sequence counters. 6343 * 6344 * Note: all VOP_FPLOOKUP_VEXEC routines have a comment referencing this one. 6345 * 6346 * Filesystems can opt in by setting the MNTK_FPLOOKUP flag and meeting criteria 6347 * outlined at the end. 6348 * 6349 * Traversing from one vnode to another requires atomicity with regard to 6350 * permissions, mount points and of course their relative placement (if you are 6351 * looking up "bar" in "foo" and you found it, it better be in that directory 6352 * at the time). 6353 * 6354 * Normally this is accomplished with locking, but it comes with a significant 6355 * performance hit and is untenable as a fast path even in a moderate core 6356 * count environment (at the time of writing this comment this would be a 6357 * little south of 100). 6358 * 6359 * The same guarantee can be provided with a combination of safe memory 6360 * reclamation and sequence counters instead. If all operations which affect 6361 * the relationship between the current vnode and the one we are looking for 6362 * also modify the counter, we can verify whether all the conditions held as 6363 * we made the jump. 6364 * 6365 * See places which issue vn_seqc_write_begin()/vn_seqc_write_end() for 6366 * operations affected. 6367 * 6368 * Suppose the variable "cnp" contains lookup metadata (the path etc.), then 6369 * locked lookup conceptually looks like this: 6370 * 6371 * // lock the current directory 6372 * vn_lock(dvp); 6373 * for (;;) { 6374 * // permission check 6375 * if (!canlookup(dvp, cnp)) 6376 * abort(); 6377 * // look for the target name inside dvp 6378 * tvp = findnext(dvp, cnp); 6379 * vn_lock(tvp); 6380 * // tvp is still guaranteed to be inside of dvp because of the lock on dvp 6381 * vn_unlock(dvp); 6382 * // dvp is unlocked. its state is now arbitrary, but that's fine as we 6383 * // made the jump while everything relevant was correct, continue with tvp 6384 * // as the directory to look up names in 6385 * tvp = dvp; 6386 * if (last) 6387 * break; 6388 * // if not last loop back and continue until done 6389 * } 6390 * vget(tvp); 6391 * return (tvp); 6392 * 6393 * Lockless lookup replaces locking with sequence counter checks: 6394 * 6395 * vfs_smr_enter(); 6396 * dvp_seqc = seqc_read_any(dvp); 6397 * // fail if someone is altering the directory vnode 6398 * if (seqc_in_modify(dvp_seqc)) 6399 * abort(); 6400 * for (;;) { 6401 * // permission check. note it can race, but we will validate the outcome 6402 * // with a seqc 6403 * if (!canlookup_smr(dvp, cnp)) { 6404 * // has dvp changed from under us? if so, the denial may be invalid 6405 * if (!seqc_consistent(dvp, dvp_seqc) 6406 * fallback_to_locked(); 6407 * // nothing changed, lookup denial is valid 6408 * fail(); 6409 * } 6410 * // look for the target name inside dvp 6411 * tvp = findnext(dvp, cnp); 6412 * tvp_seqc = seqc_read_any(tvp); 6413 * // bail if someone is altering the target vnode 6414 * if (seqc_in_modify(tvp_seqc)) 6415 * fallback_to_locked(); 6416 * // bail if someone is altering the directory vnode 6417 * if (!seqc_consistent(dvp, dvp_seqc) 6418 * fallback_to_locked(); 6419 * // we confirmed neither dvp nor tvp changed while we were making the 6420 * // jump to the next component, thus the result is the same as if we 6421 * // held the lock on dvp and tvp the entire time, continue with tvp 6422 * // as the directory to look up names in 6423 * dvp = tvp; 6424 * dvp_seqc = tvp_seqc; 6425 * if (last) 6426 * break; 6427 * } 6428 * vget(); // secure the vnode 6429 * if (!seqc_consistent(tvp, tvp_seqc) // final check 6430 * fallback_to_locked(); 6431 * // at this point we know nothing has changed for any parent<->child pair 6432 * // as they were crossed during the lookup, meaning we matched the guarantee 6433 * // of the locked variant 6434 * return (tvp); 6435 * 6436 * The API contract for VOP_FPLOOKUP_VEXEC routines is as follows: 6437 * - they are called while within vfs_smr protection which they must never exit 6438 * - EAGAIN can be returned to denote checking could not be performed, it is 6439 * always valid to return it 6440 * - if the sequence counter has not changed the result must be valid 6441 * - if the sequence counter has changed both false positives and false negatives 6442 * are permitted (since the result will be rejected later) 6443 * - for simple cases of unix permission checks vaccess_vexec_smr can be used 6444 * 6445 * Caveats to watch out for: 6446 * - vnodes are passed unlocked and unreferenced with nothing stopping 6447 * VOP_RECLAIM, in turn meaning that ->v_data can become NULL. It is advised 6448 * to use atomic_load_ptr to fetch it. 6449 * - the aforementioned object can also get freed, meaning absent other means it 6450 * should be protected with vfs_smr 6451 * - either safely checking permissions as they are modified or guaranteeing 6452 * their stability is left to the routine 6453 */ 6454 int 6455 cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status, 6456 struct pwd **pwdp) 6457 { 6458 struct cache_fpl fpl; 6459 struct pwd *pwd; 6460 struct vnode *dvp; 6461 struct componentname *cnp; 6462 int error; 6463 6464 fpl.status = CACHE_FPL_STATUS_UNSET; 6465 fpl.in_smr = false; 6466 fpl.ndp = ndp; 6467 fpl.cnp = cnp = &ndp->ni_cnd; 6468 MPASS(ndp->ni_lcf == 0); 6469 KASSERT ((cnp->cn_flags & CACHE_FPL_INTERNAL_CN_FLAGS) == 0, 6470 ("%s: internal flags found in cn_flags %" PRIx64, __func__, 6471 cnp->cn_flags)); 6472 MPASS(cnp->cn_nameptr == cnp->cn_pnbuf); 6473 MPASS(ndp->ni_resflags == 0); 6474 6475 if (__predict_false(!cache_can_fplookup(&fpl))) { 6476 *status = fpl.status; 6477 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status); 6478 return (EOPNOTSUPP); 6479 } 6480 6481 cache_fpl_checkpoint_outer(&fpl); 6482 6483 cache_fpl_smr_enter_initial(&fpl); 6484 #ifdef INVARIANTS 6485 fpl.debug.ni_pathlen = ndp->ni_pathlen; 6486 #endif 6487 fpl.nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1]; 6488 fpl.fsearch = false; 6489 fpl.tvp = NULL; /* for degenerate path handling */ 6490 fpl.pwd = pwdp; 6491 pwd = pwd_get_smr(); 6492 *(fpl.pwd) = pwd; 6493 namei_setup_rootdir(ndp, cnp, pwd); 6494 ndp->ni_topdir = pwd->pwd_jdir; 6495 6496 if (cnp->cn_pnbuf[0] == '/') { 6497 dvp = cache_fpl_handle_root(&fpl); 6498 ndp->ni_resflags = NIRES_ABS; 6499 } else { 6500 if (ndp->ni_dirfd == AT_FDCWD) { 6501 dvp = pwd->pwd_cdir; 6502 } else { 6503 error = cache_fplookup_dirfd(&fpl, &dvp); 6504 if (__predict_false(error != 0)) { 6505 goto out; 6506 } 6507 } 6508 } 6509 6510 SDT_PROBE4(vfs, namei, lookup, entry, dvp, cnp->cn_pnbuf, cnp->cn_flags, true); 6511 error = cache_fplookup_impl(dvp, &fpl); 6512 out: 6513 cache_fpl_smr_assert_not_entered(&fpl); 6514 cache_fpl_assert_status(&fpl); 6515 *status = fpl.status; 6516 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status); 6517 if (__predict_true(fpl.status == CACHE_FPL_STATUS_HANDLED)) { 6518 MPASS(error != CACHE_FPL_FAILED); 6519 SDT_PROBE4(vfs, namei, lookup, return, error, ndp->ni_vp, true, 6520 ndp); 6521 if (error != 0) { 6522 cache_fpl_cleanup_cnp(fpl.cnp); 6523 MPASS(fpl.dvp == NULL); 6524 MPASS(fpl.tvp == NULL); 6525 } 6526 ndp->ni_dvp = fpl.dvp; 6527 ndp->ni_vp = fpl.tvp; 6528 } 6529 return (error); 6530 } 6531