1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Poul-Henning Kamp of the FreeBSD Project.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 #include "opt_ddb.h"
36 #include "opt_ktrace.h"
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/capsicum.h>
41 #include <sys/counter.h>
42 #include <sys/filedesc.h>
43 #include <sys/fnv_hash.h>
44 #include <sys/inotify.h>
45 #include <sys/kernel.h>
46 #include <sys/ktr.h>
47 #include <sys/lock.h>
48 #include <sys/malloc.h>
49 #include <sys/fcntl.h>
50 #include <sys/jail.h>
51 #include <sys/mount.h>
52 #include <sys/namei.h>
53 #include <sys/proc.h>
54 #include <sys/seqc.h>
55 #include <sys/sdt.h>
56 #include <sys/smr.h>
57 #include <sys/smp.h>
58 #include <sys/syscallsubr.h>
59 #include <sys/sysctl.h>
60 #include <sys/sysproto.h>
61 #include <sys/vnode.h>
62 #include <ck_queue.h>
63 #ifdef KTRACE
64 #include <sys/ktrace.h>
65 #endif
66 #ifdef INVARIANTS
67 #include <machine/_inttypes.h>
68 #endif
69
70 #include <security/audit/audit.h>
71 #include <security/mac/mac_framework.h>
72
73 #ifdef DDB
74 #include <ddb/ddb.h>
75 #endif
76
77 #include <vm/uma.h>
78
79 /*
80 * High level overview of name caching in the VFS layer.
81 *
82 * Originally caching was implemented as part of UFS, later extracted to allow
83 * use by other filesystems. A decision was made to make it optional and
84 * completely detached from the rest of the kernel, which comes with limitations
85 * outlined near the end of this comment block.
86 *
87 * This fundamental choice needs to be revisited. In the meantime, the current
88 * state is described below. Significance of all notable routines is explained
89 * in comments placed above their implementation. Scattered thoroughout the
90 * file are TODO comments indicating shortcomings which can be fixed without
91 * reworking everything (most of the fixes will likely be reusable). Various
92 * details are omitted from this explanation to not clutter the overview, they
93 * have to be checked by reading the code and associated commentary.
94 *
95 * Keep in mind that it's individual path components which are cached, not full
96 * paths. That is, for a fully cached path "foo/bar/baz" there are 3 entries,
97 * one for each name.
98 *
99 * I. Data organization
100 *
101 * Entries are described by "struct namecache" objects and stored in a hash
102 * table. See cache_get_hash for more information.
103 *
104 * "struct vnode" contains pointers to source entries (names which can be found
105 * when traversing through said vnode), destination entries (names of that
106 * vnode (see "Limitations" for a breakdown on the subject) and a pointer to
107 * the parent vnode.
108 *
109 * The (directory vnode; name) tuple reliably determines the target entry if
110 * it exists.
111 *
112 * Since there are no small locks at this time (all are 32 bytes in size on
113 * LP64), the code works around the problem by introducing lock arrays to
114 * protect hash buckets and vnode lists.
115 *
116 * II. Filesystem integration
117 *
118 * Filesystems participating in name caching do the following:
119 * - set vop_lookup routine to vfs_cache_lookup
120 * - set vop_cachedlookup to whatever can perform the lookup if the above fails
121 * - if they support lockless lookup (see below), vop_fplookup_vexec and
122 * vop_fplookup_symlink are set along with the MNTK_FPLOOKUP flag on the
123 * mount point
124 * - call cache_purge or cache_vop_* routines to eliminate stale entries as
125 * applicable
126 * - call cache_enter to add entries depending on the MAKEENTRY flag
127 *
128 * With the above in mind, there are 2 entry points when doing lookups:
129 * - ... -> namei -> cache_fplookup -- this is the default
130 * - ... -> VOP_LOOKUP -> vfs_cache_lookup -- normally only called by namei
131 * should the above fail
132 *
133 * Example code flow how an entry is added:
134 * ... -> namei -> cache_fplookup -> cache_fplookup_noentry -> VOP_LOOKUP ->
135 * vfs_cache_lookup -> VOP_CACHEDLOOKUP -> ufs_lookup_ino -> cache_enter
136 *
137 * III. Performance considerations
138 *
139 * For lockless case forward lookup avoids any writes to shared areas apart
140 * from the terminal path component. In other words non-modifying lookups of
141 * different files don't suffer any scalability problems in the namecache.
142 * Looking up the same file is limited by VFS and goes beyond the scope of this
143 * file.
144 *
145 * At least on amd64 the single-threaded bottleneck for long paths is hashing
146 * (see cache_get_hash). There are cases where the code issues acquire fence
147 * multiple times, they can be combined on architectures which suffer from it.
148 *
149 * For locked case each encountered vnode has to be referenced and locked in
150 * order to be handed out to the caller (normally that's namei). This
151 * introduces significant hit single-threaded and serialization multi-threaded.
152 *
153 * Reverse lookup (e.g., "getcwd") fully scales provided it is fully cached --
154 * avoids any writes to shared areas to any components.
155 *
156 * Unrelated insertions are partially serialized on updating the global entry
157 * counter and possibly serialized on colliding bucket or vnode locks.
158 *
159 * IV. Observability
160 *
161 * Note not everything has an explicit dtrace probe nor it should have, thus
162 * some of the one-liners below depend on implementation details.
163 *
164 * Examples:
165 *
166 * # Check what lookups failed to be handled in a lockless manner. Column 1 is
167 * # line number, column 2 is status code (see cache_fpl_status)
168 * dtrace -n 'vfs:fplookup:lookup:done { @[arg1, arg2] = count(); }'
169 *
170 * # Lengths of names added by binary name
171 * dtrace -n 'fbt::cache_enter_time:entry { @[execname] = quantize(args[2]->cn_namelen); }'
172 *
173 * # Same as above but only those which exceed 64 characters
174 * dtrace -n 'fbt::cache_enter_time:entry /args[2]->cn_namelen > 64/ { @[execname] = quantize(args[2]->cn_namelen); }'
175 *
176 * # Who is performing lookups with spurious slashes (e.g., "foo//bar") and what
177 * # path is it
178 * dtrace -n 'fbt::cache_fplookup_skip_slashes:entry { @[execname, stringof(args[0]->cnp->cn_pnbuf)] = count(); }'
179 *
180 * V. Limitations and implementation defects
181 *
182 * - since it is possible there is no entry for an open file, tools like
183 * "procstat" may fail to resolve fd -> vnode -> path to anything
184 * - even if a filesystem adds an entry, it may get purged (e.g., due to memory
185 * shortage) in which case the above problem applies
186 * - hardlinks are not tracked, thus if a vnode is reachable in more than one
187 * way, resolving a name may return a different path than the one used to
188 * open it (even if said path is still valid)
189 * - by default entries are not added for newly created files
190 * - adding an entry may need to evict negative entry first, which happens in 2
191 * distinct places (evicting on lookup, adding in a later VOP) making it
192 * impossible to simply reuse it
193 * - there is a simple scheme to evict negative entries as the cache is approaching
194 * its capacity, but it is very unclear if doing so is a good idea to begin with
195 * - vnodes are subject to being recycled even if target inode is left in memory,
196 * which loses the name cache entries when it perhaps should not. in case of tmpfs
197 * names get duplicated -- kept by filesystem itself and namecache separately
198 * - struct namecache has a fixed size and comes in 2 variants, often wasting
199 * space. now hard to replace with malloc due to dependence on SMR, which
200 * requires UMA zones to opt in
201 * - lack of better integration with the kernel also turns nullfs into a layered
202 * filesystem instead of something which can take advantage of caching
203 *
204 * Appendix A: where is the time lost, expanding on paragraph III
205 *
206 * While some care went into optimizing lookups, there is still plenty of
207 * performance left on the table, most notably from single-threaded standpoint.
208 * Below is a woefully incomplete list of changes which can help. Ideas are
209 * mostly sketched out, no claim is made all kinks or prerequisites are laid
210 * out.
211 *
212 * Note there is performance lost all over VFS.
213 *
214 * === SMR-only lookup
215 *
216 * For commonly used ops like stat(2), when the terminal vnode *is* cached,
217 * lockless lookup could refrain from refing/locking the found vnode and
218 * instead return while within the SMR section. Then a call to, say,
219 * vop_stat_smr could do the work (or fail with EAGAIN), finally the result
220 * would be validated with seqc not changing. This would be faster
221 * single-threaded as it dodges atomics and would provide full scalability for
222 * multicore uses. This would *not* work for open(2) or other calls which need
223 * the vnode to hang around for the long haul, but would work for aforementioned
224 * stat(2) but also access(2), readlink(2), realpathat(2) and probably more.
225 *
226 * === hotpatching for sdt probes
227 *
228 * They result in *tons* of branches all over with rather regrettable codegen
229 * at times. Removing sdt probes altogether gives over 2% boost in lookup rate.
230 * Reworking the code to patch itself at runtime with asm goto would solve it.
231 * asm goto is fully supported by gcc and clang.
232 *
233 * === copyinstr
234 *
235 * On all architectures it operates one byte at a time, while it could be
236 * word-sized instead thanks to the Mycroft trick.
237 *
238 * API itself is rather pessimal for path lookup, accepting arbitrary sizes and
239 * *optionally* filling in the length parameter.
240 *
241 * Instead a new routine (copyinpath?) could be introduced, demanding a buffer
242 * size which is a multiply of the word (and never zero), with the length
243 * always returned. On top of it the routine could be allowed to transform the
244 * buffer in arbitrary ways, most notably writing past the found length (not to
245 * be confused with writing past buffer size) -- this would allow word-sized
246 * movs while checking for '\0' later.
247 *
248 * === detour through namei
249 *
250 * Currently one suffers being called from namei, which then has to check if
251 * things worked out locklessly. Instead the lockless lookup could be the
252 * actual entry point which calls what is currently namei as a fallback.
253 *
254 * === avoidable branches in cache_can_fplookup
255 *
256 * The cache_fast_lookup_enabled flag check could be hotpatchable (in fact if
257 * this is off, none of fplookup code should execute).
258 *
259 * Both audit and capsicum branches can be combined into one, but it requires
260 * paying off a lot of tech debt first.
261 *
262 * ni_startdir could be indicated with a flag in cn_flags, eliminating the
263 * branch.
264 *
265 * === mount stacks
266 *
267 * Crossing a mount requires checking if perhaps something is mounted on top.
268 * Instead, an additional entry could be added to struct mount with a pointer
269 * to the final mount on the stack. This would be recalculated on each
270 * mount/unmount.
271 *
272 * === root vnodes
273 *
274 * It could become part of the API contract to *always* have a rootvnode set in
275 * mnt_rootvnode. Such vnodes are annotated with VV_ROOT and vnlru would have
276 * to be modified to always skip them.
277 *
278 * === inactive on v_usecount reaching 0
279 *
280 * VOP_NEED_INACTIVE should not exist. Filesystems would indicate need for such
281 * processing with a bit in usecount.
282 *
283 * === v_holdcnt
284 *
285 * Hold count should probably get eliminated, but one can argue it is a useful
286 * feature. Even if so, handling of v_usecount could be decoupled from it --
287 * vnlru et al would consider the vnode not-freeable if has either hold or
288 * usecount on it.
289 *
290 * This would eliminate 2 atomics.
291 */
292
293 static SYSCTL_NODE(_vfs, OID_AUTO, cache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
294 "Name cache");
295
296 SDT_PROVIDER_DECLARE(vfs);
297 SDT_PROBE_DEFINE3(vfs, namecache, enter, done, "struct vnode *", "char *",
298 "struct vnode *");
299 SDT_PROBE_DEFINE3(vfs, namecache, enter, duplicate, "struct vnode *", "char *",
300 "struct vnode *");
301 SDT_PROBE_DEFINE2(vfs, namecache, enter_negative, done, "struct vnode *",
302 "char *");
303 SDT_PROBE_DEFINE2(vfs, namecache, fullpath_smr, hit, "struct vnode *",
304 "const char *");
305 SDT_PROBE_DEFINE4(vfs, namecache, fullpath_smr, miss, "struct vnode *",
306 "struct namecache *", "int", "int");
307 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, entry, "struct vnode *");
308 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, hit, "struct vnode *",
309 "char *", "struct vnode *");
310 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, miss, "struct vnode *");
311 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, return, "int",
312 "struct vnode *", "char *");
313 SDT_PROBE_DEFINE3(vfs, namecache, lookup, hit, "struct vnode *", "char *",
314 "struct vnode *");
315 SDT_PROBE_DEFINE2(vfs, namecache, lookup, hit__negative,
316 "struct vnode *", "char *");
317 SDT_PROBE_DEFINE2(vfs, namecache, lookup, miss, "struct vnode *",
318 "char *");
319 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, hit, "struct vnode *",
320 "struct componentname *");
321 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, miss, "struct vnode *",
322 "struct componentname *");
323 SDT_PROBE_DEFINE3(vfs, namecache, purge, done, "struct vnode *", "size_t", "size_t");
324 SDT_PROBE_DEFINE1(vfs, namecache, purge, batch, "int");
325 SDT_PROBE_DEFINE1(vfs, namecache, purge_negative, done, "struct vnode *");
326 SDT_PROBE_DEFINE1(vfs, namecache, purgevfs, done, "struct mount *");
327 SDT_PROBE_DEFINE3(vfs, namecache, zap, done, "struct vnode *", "char *",
328 "struct vnode *");
329 SDT_PROBE_DEFINE2(vfs, namecache, zap_negative, done, "struct vnode *",
330 "char *");
331 SDT_PROBE_DEFINE2(vfs, namecache, evict_negative, done, "struct vnode *",
332 "char *");
333 SDT_PROBE_DEFINE1(vfs, namecache, symlink, alloc__fail, "size_t");
334
335 SDT_PROBE_DEFINE3(vfs, fplookup, lookup, done, "struct nameidata *", "int",
336 "enum cache_fpl_status");
337 SDT_PROBE_DECLARE(vfs, namei, lookup, entry);
338 SDT_PROBE_DECLARE(vfs, namei, lookup, return);
339
340 static char __read_frequently cache_fast_lookup_enabled = true;
341
342 /*
343 * This structure describes the elements in the cache of recent
344 * names looked up by namei.
345 */
346 struct negstate {
347 u_char neg_flag;
348 u_char neg_hit;
349 };
350 _Static_assert(sizeof(struct negstate) <= sizeof(struct vnode *),
351 "the state must fit in a union with a pointer without growing it");
352
353 struct namecache {
354 LIST_ENTRY(namecache) nc_src; /* source vnode list */
355 TAILQ_ENTRY(namecache) nc_dst; /* destination vnode list */
356 CK_SLIST_ENTRY(namecache) nc_hash;/* hash chain */
357 struct vnode *nc_dvp; /* vnode of parent of name */
358 union {
359 struct vnode *nu_vp; /* vnode the name refers to */
360 struct negstate nu_neg;/* negative entry state */
361 } n_un;
362 u_char nc_flag; /* flag bits */
363 u_char nc_nlen; /* length of name */
364 char nc_name[]; /* segment name + nul */
365 };
366
367 /*
368 * struct namecache_ts repeats struct namecache layout up to the
369 * nc_nlen member.
370 * struct namecache_ts is used in place of struct namecache when time(s) need
371 * to be stored. The nc_dotdottime field is used when a cache entry is mapping
372 * both a non-dotdot directory name plus dotdot for the directory's
373 * parent.
374 *
375 * See below for alignment requirement.
376 */
377 struct namecache_ts {
378 struct timespec nc_time; /* timespec provided by fs */
379 struct timespec nc_dotdottime; /* dotdot timespec provided by fs */
380 int nc_ticks; /* ticks value when entry was added */
381 int nc_pad;
382 struct namecache nc_nc;
383 };
384
385 TAILQ_HEAD(cache_freebatch, namecache);
386
387 /*
388 * At least mips n32 performs 64-bit accesses to timespec as found
389 * in namecache_ts and requires them to be aligned. Since others
390 * may be in the same spot suffer a little bit and enforce the
391 * alignment for everyone. Note this is a nop for 64-bit platforms.
392 */
393 #define CACHE_ZONE_ALIGNMENT UMA_ALIGNOF(time_t)
394
395 /*
396 * TODO: the initial value of CACHE_PATH_CUTOFF was inherited from the
397 * 4.4 BSD codebase. Later on struct namecache was tweaked to become
398 * smaller and the value was bumped to retain the total size, but it
399 * was never re-evaluated for suitability. A simple test counting
400 * lengths during package building shows that the value of 45 covers
401 * about 86% of all added entries, reaching 99% at 65.
402 *
403 * Regardless of the above, use of dedicated zones instead of malloc may be
404 * inducing additional waste. This may be hard to address as said zones are
405 * tied to VFS SMR. Even if retaining them, the current split should be
406 * re-evaluated.
407 */
408 #ifdef __LP64__
409 #define CACHE_PATH_CUTOFF 45
410 #define CACHE_LARGE_PAD 6
411 #else
412 #define CACHE_PATH_CUTOFF 41
413 #define CACHE_LARGE_PAD 2
414 #endif
415
416 #define CACHE_ZONE_SMALL_SIZE (offsetof(struct namecache, nc_name) + CACHE_PATH_CUTOFF + 1)
417 #define CACHE_ZONE_SMALL_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_SMALL_SIZE)
418 #define CACHE_ZONE_LARGE_SIZE (offsetof(struct namecache, nc_name) + NAME_MAX + 1 + CACHE_LARGE_PAD)
419 #define CACHE_ZONE_LARGE_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_LARGE_SIZE)
420
421 _Static_assert((CACHE_ZONE_SMALL_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
422 _Static_assert((CACHE_ZONE_SMALL_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
423 _Static_assert((CACHE_ZONE_LARGE_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
424 _Static_assert((CACHE_ZONE_LARGE_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size");
425
426 #define nc_vp n_un.nu_vp
427 #define nc_neg n_un.nu_neg
428
429 /*
430 * Flags in namecache.nc_flag
431 */
432 #define NCF_WHITE 0x01
433 #define NCF_ISDOTDOT 0x02
434 #define NCF_TS 0x04
435 #define NCF_DTS 0x08
436 #define NCF_DVDROP 0x10
437 #define NCF_NEGATIVE 0x20
438 #define NCF_INVALID 0x40
439 #define NCF_WIP 0x80
440
441 /*
442 * Flags in negstate.neg_flag
443 */
444 #define NEG_HOT 0x01
445
446 static bool cache_neg_evict_cond(u_long lnumcache);
447
448 /*
449 * Mark an entry as invalid.
450 *
451 * This is called before it starts getting deconstructed.
452 */
453 static void
cache_ncp_invalidate(struct namecache * ncp)454 cache_ncp_invalidate(struct namecache *ncp)
455 {
456
457 KASSERT((ncp->nc_flag & NCF_INVALID) == 0,
458 ("%s: entry %p already invalid", __func__, ncp));
459 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_INVALID);
460 atomic_thread_fence_rel();
461 }
462
463 /*
464 * Does this entry match the given directory and name?
465 */
466 static bool
cache_ncp_match(struct namecache * ncp,struct vnode * dvp,struct componentname * cnp)467 cache_ncp_match(struct namecache *ncp, struct vnode *dvp,
468 struct componentname *cnp)
469 {
470 return (ncp->nc_dvp == dvp &&
471 ncp->nc_nlen == cnp->cn_namelen &&
472 bcmp(ncp->nc_name, cnp->cn_nameptr, cnp->cn_namelen) == 0);
473 }
474
475 /*
476 * Check whether the entry can be safely used.
477 *
478 * All places which elide locks are supposed to call this after they are
479 * done with reading from an entry.
480 */
481 #define cache_ncp_canuse(ncp) ({ \
482 struct namecache *_ncp = (ncp); \
483 u_char _nc_flag; \
484 \
485 atomic_thread_fence_acq(); \
486 _nc_flag = atomic_load_char(&_ncp->nc_flag); \
487 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP)) == 0); \
488 })
489
490 /*
491 * Like the above but also checks NCF_WHITE.
492 */
493 #define cache_fpl_neg_ncp_canuse(ncp) ({ \
494 struct namecache *_ncp = (ncp); \
495 u_char _nc_flag; \
496 \
497 atomic_thread_fence_acq(); \
498 _nc_flag = atomic_load_char(&_ncp->nc_flag); \
499 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP | NCF_WHITE)) == 0); \
500 })
501
502 VFS_SMR_DECLARE;
503
504 static SYSCTL_NODE(_vfs_cache, OID_AUTO, param, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
505 "Name cache parameters");
506
507 static u_int __read_mostly ncsize; /* the size as computed on creation or resizing */
508 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, size, CTLFLAG_RD, &ncsize, 0,
509 "Total namecache capacity");
510
511 u_int ncsizefactor = 2;
512 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, sizefactor, CTLFLAG_RW, &ncsizefactor, 0,
513 "Size factor for namecache");
514
515 static u_long __read_mostly ncnegfactor = 5; /* ratio of negative entries */
516 SYSCTL_ULONG(_vfs_cache_param, OID_AUTO, negfactor, CTLFLAG_RW, &ncnegfactor, 0,
517 "Ratio of negative namecache entries");
518
519 /*
520 * Negative entry % of namecache capacity above which automatic eviction is allowed.
521 *
522 * Check cache_neg_evict_cond for details.
523 */
524 static u_int ncnegminpct = 3;
525
526 static u_int __read_mostly neg_min; /* the above recomputed against ncsize */
527 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, negmin, CTLFLAG_RD, &neg_min, 0,
528 "Negative entry count above which automatic eviction is allowed");
529
530 /*
531 * Structures associated with name caching.
532 */
533 #define NCHHASH(hash) \
534 (&nchashtbl[(hash) & nchash])
535 static __read_mostly CK_SLIST_HEAD(nchashhead, namecache) *nchashtbl;/* Hash Table */
536 static u_long __read_mostly nchash; /* size of hash table */
537 SYSCTL_ULONG(_debug, OID_AUTO, nchash, CTLFLAG_RD, &nchash, 0,
538 "Size of namecache hash table");
539 static u_long __exclusive_cache_line numneg; /* number of negative entries allocated */
540 static u_long __exclusive_cache_line numcache;/* number of cache entries allocated */
541
542 struct nchstats nchstats; /* cache effectiveness statistics */
543
544 static u_int __exclusive_cache_line neg_cycle;
545
546 #define ncneghash 3
547 #define numneglists (ncneghash + 1)
548
549 struct neglist {
550 struct mtx nl_evict_lock;
551 struct mtx nl_lock __aligned(CACHE_LINE_SIZE);
552 TAILQ_HEAD(, namecache) nl_list;
553 TAILQ_HEAD(, namecache) nl_hotlist;
554 u_long nl_hotnum;
555 } __aligned(CACHE_LINE_SIZE);
556
557 static struct neglist neglists[numneglists];
558
559 static inline struct neglist *
NCP2NEGLIST(struct namecache * ncp)560 NCP2NEGLIST(struct namecache *ncp)
561 {
562
563 return (&neglists[(((uintptr_t)(ncp) >> 8) & ncneghash)]);
564 }
565
566 static inline struct negstate *
NCP2NEGSTATE(struct namecache * ncp)567 NCP2NEGSTATE(struct namecache *ncp)
568 {
569
570 MPASS(atomic_load_char(&ncp->nc_flag) & NCF_NEGATIVE);
571 return (&ncp->nc_neg);
572 }
573
574 #define numbucketlocks (ncbuckethash + 1)
575 static u_int __read_mostly ncbuckethash;
576 static struct mtx_padalign __read_mostly *bucketlocks;
577 #define HASH2BUCKETLOCK(hash) \
578 ((struct mtx *)(&bucketlocks[((hash) & ncbuckethash)]))
579
580 #define numvnodelocks (ncvnodehash + 1)
581 static u_int __read_mostly ncvnodehash;
582 static struct mtx __read_mostly *vnodelocks;
583 static inline struct mtx *
VP2VNODELOCK(struct vnode * vp)584 VP2VNODELOCK(struct vnode *vp)
585 {
586
587 return (&vnodelocks[(((uintptr_t)(vp) >> 8) & ncvnodehash)]);
588 }
589
590 /*
591 * Search the hash table for a namecache entry. Either the corresponding bucket
592 * must be locked, or the caller must be in an SMR read section.
593 */
594 static struct namecache *
cache_ncp_find(struct vnode * dvp,struct componentname * cnp,uint32_t hash)595 cache_ncp_find(struct vnode *dvp, struct componentname *cnp, uint32_t hash)
596 {
597 struct namecache *ncp;
598
599 KASSERT(mtx_owned(HASH2BUCKETLOCK(hash)) || VFS_SMR_ENTERED(),
600 ("%s: hash %u not locked", __func__, hash));
601 CK_SLIST_FOREACH(ncp, NCHHASH(hash), nc_hash) {
602 if (cache_ncp_match(ncp, dvp, cnp))
603 break;
604 }
605 return (ncp);
606 }
607
608 static void
cache_out_ts(struct namecache * ncp,struct timespec * tsp,int * ticksp)609 cache_out_ts(struct namecache *ncp, struct timespec *tsp, int *ticksp)
610 {
611 struct namecache_ts *ncp_ts;
612
613 KASSERT((ncp->nc_flag & NCF_TS) != 0 ||
614 (tsp == NULL && ticksp == NULL),
615 ("No NCF_TS"));
616
617 if (tsp == NULL)
618 return;
619
620 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
621 *tsp = ncp_ts->nc_time;
622 *ticksp = ncp_ts->nc_ticks;
623 }
624
625 #ifdef DEBUG_CACHE
626 static int __read_mostly doingcache = 1; /* 1 => enable the cache */
627 SYSCTL_INT(_debug, OID_AUTO, vfscache, CTLFLAG_RW, &doingcache, 0,
628 "VFS namecache enabled");
629 #endif
630
631 /* Export size information to userland */
632 SYSCTL_SIZEOF_STRUCT(namecache);
633
634 /*
635 * The new name cache statistics
636 */
637 static SYSCTL_NODE(_vfs_cache, OID_AUTO, stats, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
638 "Name cache statistics");
639
640 #define STATNODE_ULONG(name, varname, descr) \
641 SYSCTL_ULONG(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr);
642 #define STATNODE_COUNTER(name, varname, descr) \
643 static COUNTER_U64_DEFINE_EARLY(varname); \
644 SYSCTL_COUNTER_U64(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, \
645 descr);
646 STATNODE_ULONG(neg, numneg, "Number of negative cache entries");
647 STATNODE_ULONG(count, numcache, "Number of cache entries");
648 STATNODE_COUNTER(heldvnodes, numcachehv, "Number of namecache entries with vnodes held");
649 STATNODE_COUNTER(drops, numdrops, "Number of dropped entries due to reaching the limit");
650 STATNODE_COUNTER(miss, nummiss, "Number of cache misses");
651 STATNODE_COUNTER(misszap, nummisszap, "Number of cache misses we do not want to cache");
652 STATNODE_COUNTER(poszaps, numposzaps,
653 "Number of cache hits (positive) we do not want to cache");
654 STATNODE_COUNTER(poshits, numposhits, "Number of cache hits (positive)");
655 STATNODE_COUNTER(negzaps, numnegzaps,
656 "Number of cache hits (negative) we do not want to cache");
657 STATNODE_COUNTER(neghits, numneghits, "Number of cache hits (negative)");
658 /* These count for vn_getcwd(), too. */
659 STATNODE_COUNTER(fullpathcalls, numfullpathcalls, "Number of fullpath search calls");
660 STATNODE_COUNTER(fullpathfail2, numfullpathfail2,
661 "Number of fullpath search errors (VOP_VPTOCNP failures)");
662 STATNODE_COUNTER(fullpathfail4, numfullpathfail4, "Number of fullpath search errors (ENOMEM)");
663 STATNODE_COUNTER(fullpathfound, numfullpathfound, "Number of successful fullpath calls");
664 STATNODE_COUNTER(symlinktoobig, symlinktoobig, "Number of times symlink did not fit the cache");
665
666 /*
667 * Debug or developer statistics.
668 */
669 static SYSCTL_NODE(_vfs_cache, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
670 "Name cache debugging");
671 #define DEBUGNODE_ULONG(name, varname, descr) \
672 SYSCTL_ULONG(_vfs_cache_debug, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr);
673 static u_long zap_bucket_relock_success;
674 DEBUGNODE_ULONG(zap_bucket_relock_success, zap_bucket_relock_success,
675 "Number of successful removals after relocking");
676 static u_long zap_bucket_fail;
677 DEBUGNODE_ULONG(zap_bucket_fail, zap_bucket_fail, "");
678 static u_long zap_bucket_fail2;
679 DEBUGNODE_ULONG(zap_bucket_fail2, zap_bucket_fail2, "");
680 static u_long cache_lock_vnodes_cel_3_failures;
681 DEBUGNODE_ULONG(vnodes_cel_3_failures, cache_lock_vnodes_cel_3_failures,
682 "Number of times 3-way vnode locking failed");
683
684 static void cache_zap_locked(struct namecache *ncp);
685 static int vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf,
686 char **retbuf, size_t *buflen, size_t addend);
687 static int vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf,
688 char **retbuf, size_t *buflen);
689 static int vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf,
690 char **retbuf, size_t *len, size_t addend);
691
692 static MALLOC_DEFINE(M_VFSCACHE, "vfscache", "VFS name cache entries");
693
694 static inline void
cache_assert_vlp_locked(struct mtx * vlp)695 cache_assert_vlp_locked(struct mtx *vlp)
696 {
697
698 if (vlp != NULL)
699 mtx_assert(vlp, MA_OWNED);
700 }
701
702 static inline void
cache_assert_vnode_locked(struct vnode * vp)703 cache_assert_vnode_locked(struct vnode *vp)
704 {
705 struct mtx *vlp;
706
707 vlp = VP2VNODELOCK(vp);
708 cache_assert_vlp_locked(vlp);
709 }
710
711 /*
712 * Directory vnodes with entries are held for two reasons:
713 * 1. make them less of a target for reclamation in vnlru
714 * 2. suffer smaller performance penalty in locked lookup as requeieing is avoided
715 *
716 * It will be feasible to stop doing it altogether if all filesystems start
717 * supporting lockless lookup.
718 */
719 static void
cache_hold_vnode(struct vnode * vp)720 cache_hold_vnode(struct vnode *vp)
721 {
722
723 cache_assert_vnode_locked(vp);
724 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp);
725 vhold(vp);
726 counter_u64_add(numcachehv, 1);
727 }
728
729 static void
cache_drop_vnode(struct vnode * vp)730 cache_drop_vnode(struct vnode *vp)
731 {
732
733 /*
734 * Called after all locks are dropped, meaning we can't assert
735 * on the state of v_cache_src.
736 */
737 vdrop(vp);
738 counter_u64_add(numcachehv, -1);
739 }
740
741 /*
742 * UMA zones.
743 */
744 static uma_zone_t __read_mostly cache_zone_small;
745 static uma_zone_t __read_mostly cache_zone_small_ts;
746 static uma_zone_t __read_mostly cache_zone_large;
747 static uma_zone_t __read_mostly cache_zone_large_ts;
748
749 char *
cache_symlink_alloc(size_t size,int flags)750 cache_symlink_alloc(size_t size, int flags)
751 {
752
753 if (size < CACHE_ZONE_SMALL_SIZE) {
754 return (uma_zalloc_smr(cache_zone_small, flags));
755 }
756 if (size < CACHE_ZONE_LARGE_SIZE) {
757 return (uma_zalloc_smr(cache_zone_large, flags));
758 }
759 counter_u64_add(symlinktoobig, 1);
760 SDT_PROBE1(vfs, namecache, symlink, alloc__fail, size);
761 return (NULL);
762 }
763
764 void
cache_symlink_free(char * string,size_t size)765 cache_symlink_free(char *string, size_t size)
766 {
767
768 MPASS(string != NULL);
769 KASSERT(size < CACHE_ZONE_LARGE_SIZE,
770 ("%s: size %zu too big", __func__, size));
771
772 if (size < CACHE_ZONE_SMALL_SIZE) {
773 uma_zfree_smr(cache_zone_small, string);
774 return;
775 }
776 if (size < CACHE_ZONE_LARGE_SIZE) {
777 uma_zfree_smr(cache_zone_large, string);
778 return;
779 }
780 __assert_unreachable();
781 }
782
783 static struct namecache *
cache_alloc_uma(int len,bool ts)784 cache_alloc_uma(int len, bool ts)
785 {
786 struct namecache_ts *ncp_ts;
787 struct namecache *ncp;
788
789 if (__predict_false(ts)) {
790 if (len <= CACHE_PATH_CUTOFF)
791 ncp_ts = uma_zalloc_smr(cache_zone_small_ts, M_WAITOK);
792 else
793 ncp_ts = uma_zalloc_smr(cache_zone_large_ts, M_WAITOK);
794 ncp = &ncp_ts->nc_nc;
795 } else {
796 if (len <= CACHE_PATH_CUTOFF)
797 ncp = uma_zalloc_smr(cache_zone_small, M_WAITOK);
798 else
799 ncp = uma_zalloc_smr(cache_zone_large, M_WAITOK);
800 }
801 return (ncp);
802 }
803
804 static void
cache_free_uma(struct namecache * ncp)805 cache_free_uma(struct namecache *ncp)
806 {
807 struct namecache_ts *ncp_ts;
808
809 if (__predict_false(ncp->nc_flag & NCF_TS)) {
810 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
811 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF)
812 uma_zfree_smr(cache_zone_small_ts, ncp_ts);
813 else
814 uma_zfree_smr(cache_zone_large_ts, ncp_ts);
815 } else {
816 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF)
817 uma_zfree_smr(cache_zone_small, ncp);
818 else
819 uma_zfree_smr(cache_zone_large, ncp);
820 }
821 }
822
823 static struct namecache *
cache_alloc(int len,bool ts)824 cache_alloc(int len, bool ts)
825 {
826 u_long lnumcache;
827
828 /*
829 * Avoid blowout in namecache entries.
830 *
831 * Bugs:
832 * 1. filesystems may end up trying to add an already existing entry
833 * (for example this can happen after a cache miss during concurrent
834 * lookup), in which case we will call cache_neg_evict despite not
835 * adding anything.
836 * 2. the routine may fail to free anything and no provisions are made
837 * to make it try harder (see the inside for failure modes)
838 * 3. it only ever looks at negative entries.
839 */
840 lnumcache = atomic_fetchadd_long(&numcache, 1) + 1;
841 if (cache_neg_evict_cond(lnumcache)) {
842 lnumcache = atomic_load_long(&numcache);
843 }
844 if (__predict_false(lnumcache >= ncsize)) {
845 atomic_subtract_long(&numcache, 1);
846 counter_u64_add(numdrops, 1);
847 return (NULL);
848 }
849 return (cache_alloc_uma(len, ts));
850 }
851
852 static void
cache_free(struct namecache * ncp)853 cache_free(struct namecache *ncp)
854 {
855
856 MPASS(ncp != NULL);
857 if ((ncp->nc_flag & NCF_DVDROP) != 0) {
858 cache_drop_vnode(ncp->nc_dvp);
859 }
860 cache_free_uma(ncp);
861 atomic_subtract_long(&numcache, 1);
862 }
863
864 static void
cache_free_batch(struct cache_freebatch * batch)865 cache_free_batch(struct cache_freebatch *batch)
866 {
867 struct namecache *ncp, *nnp;
868 int i;
869
870 i = 0;
871 if (TAILQ_EMPTY(batch))
872 goto out;
873 TAILQ_FOREACH_SAFE(ncp, batch, nc_dst, nnp) {
874 if ((ncp->nc_flag & NCF_DVDROP) != 0) {
875 cache_drop_vnode(ncp->nc_dvp);
876 }
877 cache_free_uma(ncp);
878 i++;
879 }
880 atomic_subtract_long(&numcache, i);
881 out:
882 SDT_PROBE1(vfs, namecache, purge, batch, i);
883 }
884
885 /*
886 * Hashing.
887 *
888 * The code was made to use FNV in 2001 and this choice needs to be revisited.
889 *
890 * Short summary of the difficulty:
891 * The longest name which can be inserted is NAME_MAX characters in length (or
892 * 255 at the time of writing this comment), while majority of names used in
893 * practice are significantly shorter (mostly below 10). More importantly
894 * majority of lookups performed find names are even shorter than that.
895 *
896 * This poses a problem where hashes which do better than FNV past word size
897 * (or so) tend to come with additional overhead when finalizing the result,
898 * making them noticeably slower for the most commonly used range.
899 *
900 * Consider a path like: /usr/obj/usr/src/sys/amd64/GENERIC/vnode_if.c
901 *
902 * When looking it up the most time consuming part by a large margin (at least
903 * on amd64) is hashing. Replacing FNV with something which pessimizes short
904 * input would make the slowest part stand out even more.
905 */
906
907 /*
908 * TODO: With the value stored we can do better than computing the hash based
909 * on the address.
910 */
911 static void
cache_prehash(struct vnode * vp)912 cache_prehash(struct vnode *vp)
913 {
914
915 vp->v_nchash = fnv_32_buf(&vp, sizeof(vp), FNV1_32_INIT);
916 }
917
918 static uint32_t
cache_get_hash(char * name,u_char len,struct vnode * dvp)919 cache_get_hash(char *name, u_char len, struct vnode *dvp)
920 {
921
922 return (fnv_32_buf(name, len, dvp->v_nchash));
923 }
924
925 static uint32_t
cache_get_hash_iter_start(struct vnode * dvp)926 cache_get_hash_iter_start(struct vnode *dvp)
927 {
928
929 return (dvp->v_nchash);
930 }
931
932 static uint32_t
cache_get_hash_iter(char c,uint32_t hash)933 cache_get_hash_iter(char c, uint32_t hash)
934 {
935
936 return (fnv_32_buf(&c, 1, hash));
937 }
938
939 static uint32_t
cache_get_hash_iter_finish(uint32_t hash)940 cache_get_hash_iter_finish(uint32_t hash)
941 {
942
943 return (hash);
944 }
945
946 static inline struct nchashhead *
NCP2BUCKET(struct namecache * ncp)947 NCP2BUCKET(struct namecache *ncp)
948 {
949 uint32_t hash;
950
951 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp);
952 return (NCHHASH(hash));
953 }
954
955 static inline struct mtx *
NCP2BUCKETLOCK(struct namecache * ncp)956 NCP2BUCKETLOCK(struct namecache *ncp)
957 {
958 uint32_t hash;
959
960 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp);
961 return (HASH2BUCKETLOCK(hash));
962 }
963
964 #ifdef INVARIANTS
965 static void
cache_assert_bucket_locked(struct namecache * ncp)966 cache_assert_bucket_locked(struct namecache *ncp)
967 {
968 struct mtx *blp;
969
970 blp = NCP2BUCKETLOCK(ncp);
971 mtx_assert(blp, MA_OWNED);
972 }
973
974 static void
cache_assert_bucket_unlocked(struct namecache * ncp)975 cache_assert_bucket_unlocked(struct namecache *ncp)
976 {
977 struct mtx *blp;
978
979 blp = NCP2BUCKETLOCK(ncp);
980 mtx_assert(blp, MA_NOTOWNED);
981 }
982 #else
983 #define cache_assert_bucket_locked(x) do { } while (0)
984 #define cache_assert_bucket_unlocked(x) do { } while (0)
985 #endif
986
987 #define cache_sort_vnodes(x, y) _cache_sort_vnodes((void **)(x), (void **)(y))
988 static void
_cache_sort_vnodes(void ** p1,void ** p2)989 _cache_sort_vnodes(void **p1, void **p2)
990 {
991 void *tmp;
992
993 MPASS(*p1 != NULL || *p2 != NULL);
994
995 if (*p1 > *p2) {
996 tmp = *p2;
997 *p2 = *p1;
998 *p1 = tmp;
999 }
1000 }
1001
1002 static void
cache_lock_all_buckets(void)1003 cache_lock_all_buckets(void)
1004 {
1005 u_int i;
1006
1007 for (i = 0; i < numbucketlocks; i++)
1008 mtx_lock(&bucketlocks[i]);
1009 }
1010
1011 static void
cache_unlock_all_buckets(void)1012 cache_unlock_all_buckets(void)
1013 {
1014 u_int i;
1015
1016 for (i = 0; i < numbucketlocks; i++)
1017 mtx_unlock(&bucketlocks[i]);
1018 }
1019
1020 static void
cache_lock_all_vnodes(void)1021 cache_lock_all_vnodes(void)
1022 {
1023 u_int i;
1024
1025 for (i = 0; i < numvnodelocks; i++)
1026 mtx_lock(&vnodelocks[i]);
1027 }
1028
1029 static void
cache_unlock_all_vnodes(void)1030 cache_unlock_all_vnodes(void)
1031 {
1032 u_int i;
1033
1034 for (i = 0; i < numvnodelocks; i++)
1035 mtx_unlock(&vnodelocks[i]);
1036 }
1037
1038 static int
cache_trylock_vnodes(struct mtx * vlp1,struct mtx * vlp2)1039 cache_trylock_vnodes(struct mtx *vlp1, struct mtx *vlp2)
1040 {
1041
1042 cache_sort_vnodes(&vlp1, &vlp2);
1043
1044 if (vlp1 != NULL) {
1045 if (!mtx_trylock(vlp1))
1046 return (EAGAIN);
1047 }
1048 if (!mtx_trylock(vlp2)) {
1049 if (vlp1 != NULL)
1050 mtx_unlock(vlp1);
1051 return (EAGAIN);
1052 }
1053
1054 return (0);
1055 }
1056
1057 static void
cache_lock_vnodes(struct mtx * vlp1,struct mtx * vlp2)1058 cache_lock_vnodes(struct mtx *vlp1, struct mtx *vlp2)
1059 {
1060
1061 MPASS(vlp1 != NULL || vlp2 != NULL);
1062 MPASS(vlp1 <= vlp2);
1063
1064 if (vlp1 != NULL)
1065 mtx_lock(vlp1);
1066 if (vlp2 != NULL)
1067 mtx_lock(vlp2);
1068 }
1069
1070 static void
cache_unlock_vnodes(struct mtx * vlp1,struct mtx * vlp2)1071 cache_unlock_vnodes(struct mtx *vlp1, struct mtx *vlp2)
1072 {
1073
1074 MPASS(vlp1 != NULL || vlp2 != NULL);
1075
1076 if (vlp1 != NULL)
1077 mtx_unlock(vlp1);
1078 if (vlp2 != NULL)
1079 mtx_unlock(vlp2);
1080 }
1081
1082 static int
sysctl_nchstats(SYSCTL_HANDLER_ARGS)1083 sysctl_nchstats(SYSCTL_HANDLER_ARGS)
1084 {
1085 struct nchstats snap;
1086
1087 if (req->oldptr == NULL)
1088 return (SYSCTL_OUT(req, 0, sizeof(snap)));
1089
1090 snap = nchstats;
1091 snap.ncs_goodhits = counter_u64_fetch(numposhits);
1092 snap.ncs_neghits = counter_u64_fetch(numneghits);
1093 snap.ncs_badhits = counter_u64_fetch(numposzaps) +
1094 counter_u64_fetch(numnegzaps);
1095 snap.ncs_miss = counter_u64_fetch(nummisszap) +
1096 counter_u64_fetch(nummiss);
1097
1098 return (SYSCTL_OUT(req, &snap, sizeof(snap)));
1099 }
1100 SYSCTL_PROC(_vfs_cache, OID_AUTO, nchstats, CTLTYPE_OPAQUE | CTLFLAG_RD |
1101 CTLFLAG_MPSAFE, 0, 0, sysctl_nchstats, "LU",
1102 "VFS cache effectiveness statistics");
1103
1104 static int
sysctl_hitpct(SYSCTL_HANDLER_ARGS)1105 sysctl_hitpct(SYSCTL_HANDLER_ARGS)
1106 {
1107 long poshits, neghits, miss, total;
1108 long pct;
1109
1110 poshits = counter_u64_fetch(numposhits);
1111 neghits = counter_u64_fetch(numneghits);
1112 miss = counter_u64_fetch(nummiss);
1113 total = poshits + neghits + miss;
1114
1115 pct = 0;
1116 if (total != 0)
1117 pct = ((poshits + neghits) * 100) / total;
1118 return (sysctl_handle_int(oidp, 0, pct, req));
1119 }
1120 SYSCTL_PROC(_vfs_cache_stats, OID_AUTO, hitpct,
1121 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RD, NULL, 0, sysctl_hitpct,
1122 "I", "Percentage of hits");
1123
1124 static void
cache_recalc_neg_min(void)1125 cache_recalc_neg_min(void)
1126 {
1127
1128 neg_min = (ncsize * ncnegminpct) / 100;
1129 }
1130
1131 static int
sysctl_negminpct(SYSCTL_HANDLER_ARGS)1132 sysctl_negminpct(SYSCTL_HANDLER_ARGS)
1133 {
1134 u_int val;
1135 int error;
1136
1137 val = ncnegminpct;
1138 error = sysctl_handle_int(oidp, &val, 0, req);
1139 if (error != 0 || req->newptr == NULL)
1140 return (error);
1141
1142 if (val == ncnegminpct)
1143 return (0);
1144 if (val < 0 || val > 99)
1145 return (EINVAL);
1146 ncnegminpct = val;
1147 cache_recalc_neg_min();
1148 return (0);
1149 }
1150
1151 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, negminpct,
1152 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0, sysctl_negminpct,
1153 "I", "Negative entry \% of namecache capacity above which automatic eviction is allowed");
1154
1155 #ifdef DEBUG_CACHE
1156 /*
1157 * Grab an atomic snapshot of the name cache hash chain lengths
1158 */
1159 static SYSCTL_NODE(_debug, OID_AUTO, hashstat,
1160 CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
1161 "hash table stats");
1162
1163 static int
sysctl_debug_hashstat_rawnchash(SYSCTL_HANDLER_ARGS)1164 sysctl_debug_hashstat_rawnchash(SYSCTL_HANDLER_ARGS)
1165 {
1166 struct nchashhead *ncpp;
1167 struct namecache *ncp;
1168 int i, error, n_nchash, *cntbuf;
1169
1170 retry:
1171 n_nchash = nchash + 1; /* nchash is max index, not count */
1172 if (req->oldptr == NULL)
1173 return SYSCTL_OUT(req, 0, n_nchash * sizeof(int));
1174 cntbuf = malloc(n_nchash * sizeof(int), M_TEMP, M_ZERO | M_WAITOK);
1175 cache_lock_all_buckets();
1176 if (n_nchash != nchash + 1) {
1177 cache_unlock_all_buckets();
1178 free(cntbuf, M_TEMP);
1179 goto retry;
1180 }
1181 /* Scan hash tables counting entries */
1182 for (ncpp = nchashtbl, i = 0; i < n_nchash; ncpp++, i++)
1183 CK_SLIST_FOREACH(ncp, ncpp, nc_hash)
1184 cntbuf[i]++;
1185 cache_unlock_all_buckets();
1186 for (error = 0, i = 0; i < n_nchash; i++)
1187 if ((error = SYSCTL_OUT(req, &cntbuf[i], sizeof(int))) != 0)
1188 break;
1189 free(cntbuf, M_TEMP);
1190 return (error);
1191 }
1192 SYSCTL_PROC(_debug_hashstat, OID_AUTO, rawnchash, CTLTYPE_INT|CTLFLAG_RD|
1193 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_rawnchash, "S,int",
1194 "nchash chain lengths");
1195
1196 static int
sysctl_debug_hashstat_nchash(SYSCTL_HANDLER_ARGS)1197 sysctl_debug_hashstat_nchash(SYSCTL_HANDLER_ARGS)
1198 {
1199 int error;
1200 struct nchashhead *ncpp;
1201 struct namecache *ncp;
1202 int n_nchash;
1203 int count, maxlength, used, pct;
1204
1205 if (!req->oldptr)
1206 return SYSCTL_OUT(req, 0, 4 * sizeof(int));
1207
1208 cache_lock_all_buckets();
1209 n_nchash = nchash + 1; /* nchash is max index, not count */
1210 used = 0;
1211 maxlength = 0;
1212
1213 /* Scan hash tables for applicable entries */
1214 for (ncpp = nchashtbl; n_nchash > 0; n_nchash--, ncpp++) {
1215 count = 0;
1216 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) {
1217 count++;
1218 }
1219 if (count)
1220 used++;
1221 if (maxlength < count)
1222 maxlength = count;
1223 }
1224 n_nchash = nchash + 1;
1225 cache_unlock_all_buckets();
1226 pct = (used * 100) / (n_nchash / 100);
1227 error = SYSCTL_OUT(req, &n_nchash, sizeof(n_nchash));
1228 if (error)
1229 return (error);
1230 error = SYSCTL_OUT(req, &used, sizeof(used));
1231 if (error)
1232 return (error);
1233 error = SYSCTL_OUT(req, &maxlength, sizeof(maxlength));
1234 if (error)
1235 return (error);
1236 error = SYSCTL_OUT(req, &pct, sizeof(pct));
1237 if (error)
1238 return (error);
1239 return (0);
1240 }
1241 SYSCTL_PROC(_debug_hashstat, OID_AUTO, nchash, CTLTYPE_INT|CTLFLAG_RD|
1242 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_nchash, "I",
1243 "nchash statistics (number of total/used buckets, maximum chain length, usage percentage)");
1244 #endif
1245
1246 /*
1247 * Negative entries management
1248 *
1249 * Various workloads create plenty of negative entries and barely use them
1250 * afterwards. Moreover malicious users can keep performing bogus lookups
1251 * adding even more entries. For example "make tinderbox" as of writing this
1252 * comment ends up with 2.6M namecache entries in total, 1.2M of which are
1253 * negative.
1254 *
1255 * As such, a rather aggressive eviction method is needed. The currently
1256 * employed method is a placeholder.
1257 *
1258 * Entries are split over numneglists separate lists, each of which is further
1259 * split into hot and cold entries. Entries get promoted after getting a hit.
1260 * Eviction happens on addition of new entry.
1261 */
1262 static SYSCTL_NODE(_vfs_cache, OID_AUTO, neg, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
1263 "Name cache negative entry statistics");
1264
1265 SYSCTL_ULONG(_vfs_cache_neg, OID_AUTO, count, CTLFLAG_RD, &numneg, 0,
1266 "Number of negative cache entries");
1267
1268 static COUNTER_U64_DEFINE_EARLY(neg_created);
1269 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, created, CTLFLAG_RD, &neg_created,
1270 "Number of created negative entries");
1271
1272 static COUNTER_U64_DEFINE_EARLY(neg_evicted);
1273 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evicted, CTLFLAG_RD, &neg_evicted,
1274 "Number of evicted negative entries");
1275
1276 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_empty);
1277 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_empty, CTLFLAG_RD,
1278 &neg_evict_skipped_empty,
1279 "Number of times evicting failed due to lack of entries");
1280
1281 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_missed);
1282 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_missed, CTLFLAG_RD,
1283 &neg_evict_skipped_missed,
1284 "Number of times evicting failed due to target entry disappearing");
1285
1286 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_contended);
1287 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_contended, CTLFLAG_RD,
1288 &neg_evict_skipped_contended,
1289 "Number of times evicting failed due to contention");
1290
1291 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, hits, CTLFLAG_RD, &numneghits,
1292 "Number of cache hits (negative)");
1293
1294 static int
sysctl_neg_hot(SYSCTL_HANDLER_ARGS)1295 sysctl_neg_hot(SYSCTL_HANDLER_ARGS)
1296 {
1297 int i, out;
1298
1299 out = 0;
1300 for (i = 0; i < numneglists; i++)
1301 out += neglists[i].nl_hotnum;
1302
1303 return (SYSCTL_OUT(req, &out, sizeof(out)));
1304 }
1305 SYSCTL_PROC(_vfs_cache_neg, OID_AUTO, hot, CTLTYPE_INT | CTLFLAG_RD |
1306 CTLFLAG_MPSAFE, 0, 0, sysctl_neg_hot, "I",
1307 "Number of hot negative entries");
1308
1309 static void
cache_neg_init(struct namecache * ncp)1310 cache_neg_init(struct namecache *ncp)
1311 {
1312 struct negstate *ns;
1313
1314 ncp->nc_flag |= NCF_NEGATIVE;
1315 ns = NCP2NEGSTATE(ncp);
1316 ns->neg_flag = 0;
1317 ns->neg_hit = 0;
1318 counter_u64_add(neg_created, 1);
1319 }
1320
1321 #define CACHE_NEG_PROMOTION_THRESH 2
1322
1323 static bool
cache_neg_hit_prep(struct namecache * ncp)1324 cache_neg_hit_prep(struct namecache *ncp)
1325 {
1326 struct negstate *ns;
1327 u_char n;
1328
1329 ns = NCP2NEGSTATE(ncp);
1330 n = atomic_load_char(&ns->neg_hit);
1331 for (;;) {
1332 if (n >= CACHE_NEG_PROMOTION_THRESH)
1333 return (false);
1334 if (atomic_fcmpset_8(&ns->neg_hit, &n, n + 1))
1335 break;
1336 }
1337 return (n + 1 == CACHE_NEG_PROMOTION_THRESH);
1338 }
1339
1340 /*
1341 * Nothing to do here but it is provided for completeness as some
1342 * cache_neg_hit_prep callers may end up returning without even
1343 * trying to promote.
1344 */
1345 #define cache_neg_hit_abort(ncp) do { } while (0)
1346
1347 static void
cache_neg_hit_finish(struct namecache * ncp)1348 cache_neg_hit_finish(struct namecache *ncp)
1349 {
1350
1351 SDT_PROBE2(vfs, namecache, lookup, hit__negative, ncp->nc_dvp, ncp->nc_name);
1352 counter_u64_add(numneghits, 1);
1353 }
1354
1355 /*
1356 * Move a negative entry to the hot list.
1357 */
1358 static void
cache_neg_promote_locked(struct namecache * ncp)1359 cache_neg_promote_locked(struct namecache *ncp)
1360 {
1361 struct neglist *nl;
1362 struct negstate *ns;
1363
1364 ns = NCP2NEGSTATE(ncp);
1365 nl = NCP2NEGLIST(ncp);
1366 mtx_assert(&nl->nl_lock, MA_OWNED);
1367 if ((ns->neg_flag & NEG_HOT) == 0) {
1368 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst);
1369 TAILQ_INSERT_TAIL(&nl->nl_hotlist, ncp, nc_dst);
1370 nl->nl_hotnum++;
1371 ns->neg_flag |= NEG_HOT;
1372 }
1373 }
1374
1375 /*
1376 * Move a hot negative entry to the cold list.
1377 */
1378 static void
cache_neg_demote_locked(struct namecache * ncp)1379 cache_neg_demote_locked(struct namecache *ncp)
1380 {
1381 struct neglist *nl;
1382 struct negstate *ns;
1383
1384 ns = NCP2NEGSTATE(ncp);
1385 nl = NCP2NEGLIST(ncp);
1386 mtx_assert(&nl->nl_lock, MA_OWNED);
1387 MPASS(ns->neg_flag & NEG_HOT);
1388 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst);
1389 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst);
1390 nl->nl_hotnum--;
1391 ns->neg_flag &= ~NEG_HOT;
1392 atomic_store_char(&ns->neg_hit, 0);
1393 }
1394
1395 /*
1396 * Move a negative entry to the hot list if it matches the lookup.
1397 *
1398 * We have to take locks, but they may be contended and in the worst
1399 * case we may need to go off CPU. We don't want to spin within the
1400 * smr section and we can't block with it. Exiting the section means
1401 * the found entry could have been evicted. We are going to look it
1402 * up again.
1403 */
1404 static bool
cache_neg_promote_cond(struct vnode * dvp,struct componentname * cnp,struct namecache * oncp,uint32_t hash)1405 cache_neg_promote_cond(struct vnode *dvp, struct componentname *cnp,
1406 struct namecache *oncp, uint32_t hash)
1407 {
1408 struct namecache *ncp;
1409 struct neglist *nl;
1410 u_char nc_flag;
1411
1412 nl = NCP2NEGLIST(oncp);
1413
1414 mtx_lock(&nl->nl_lock);
1415 /*
1416 * For hash iteration.
1417 */
1418 vfs_smr_enter();
1419
1420 /*
1421 * Avoid all surprises by only succeeding if we got the same entry and
1422 * bailing completely otherwise.
1423 * XXX There are no provisions to keep the vnode around, meaning we may
1424 * end up promoting a negative entry for a *new* vnode and returning
1425 * ENOENT on its account. This is the error we want to return anyway
1426 * and promotion is harmless.
1427 *
1428 * In particular at this point there can be a new ncp which matches the
1429 * search but hashes to a different neglist.
1430 */
1431 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) {
1432 if (ncp == oncp)
1433 break;
1434 }
1435
1436 /*
1437 * No match to begin with.
1438 */
1439 if (__predict_false(ncp == NULL)) {
1440 goto out_abort;
1441 }
1442
1443 /*
1444 * The newly found entry may be something different...
1445 */
1446 if (!cache_ncp_match(ncp, dvp, cnp)) {
1447 goto out_abort;
1448 }
1449
1450 /*
1451 * ... and not even negative.
1452 */
1453 nc_flag = atomic_load_char(&ncp->nc_flag);
1454 if ((nc_flag & NCF_NEGATIVE) == 0) {
1455 goto out_abort;
1456 }
1457
1458 if (!cache_ncp_canuse(ncp)) {
1459 goto out_abort;
1460 }
1461
1462 cache_neg_promote_locked(ncp);
1463 cache_neg_hit_finish(ncp);
1464 vfs_smr_exit();
1465 mtx_unlock(&nl->nl_lock);
1466 return (true);
1467 out_abort:
1468 vfs_smr_exit();
1469 mtx_unlock(&nl->nl_lock);
1470 return (false);
1471 }
1472
1473 static void
cache_neg_promote(struct namecache * ncp)1474 cache_neg_promote(struct namecache *ncp)
1475 {
1476 struct neglist *nl;
1477
1478 nl = NCP2NEGLIST(ncp);
1479 mtx_lock(&nl->nl_lock);
1480 cache_neg_promote_locked(ncp);
1481 mtx_unlock(&nl->nl_lock);
1482 }
1483
1484 static void
cache_neg_insert(struct namecache * ncp)1485 cache_neg_insert(struct namecache *ncp)
1486 {
1487 struct neglist *nl;
1488
1489 MPASS(ncp->nc_flag & NCF_NEGATIVE);
1490 cache_assert_bucket_locked(ncp);
1491 nl = NCP2NEGLIST(ncp);
1492 mtx_lock(&nl->nl_lock);
1493 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst);
1494 mtx_unlock(&nl->nl_lock);
1495 atomic_add_long(&numneg, 1);
1496 }
1497
1498 static void
cache_neg_remove(struct namecache * ncp)1499 cache_neg_remove(struct namecache *ncp)
1500 {
1501 struct neglist *nl;
1502 struct negstate *ns;
1503
1504 cache_assert_bucket_locked(ncp);
1505 nl = NCP2NEGLIST(ncp);
1506 ns = NCP2NEGSTATE(ncp);
1507 mtx_lock(&nl->nl_lock);
1508 if ((ns->neg_flag & NEG_HOT) != 0) {
1509 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst);
1510 nl->nl_hotnum--;
1511 } else {
1512 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst);
1513 }
1514 mtx_unlock(&nl->nl_lock);
1515 atomic_subtract_long(&numneg, 1);
1516 }
1517
1518 static struct neglist *
cache_neg_evict_select_list(void)1519 cache_neg_evict_select_list(void)
1520 {
1521 struct neglist *nl;
1522 u_int c;
1523
1524 c = atomic_fetchadd_int(&neg_cycle, 1) + 1;
1525 nl = &neglists[c % numneglists];
1526 if (!mtx_trylock(&nl->nl_evict_lock)) {
1527 counter_u64_add(neg_evict_skipped_contended, 1);
1528 return (NULL);
1529 }
1530 return (nl);
1531 }
1532
1533 static struct namecache *
cache_neg_evict_select_entry(struct neglist * nl)1534 cache_neg_evict_select_entry(struct neglist *nl)
1535 {
1536 struct namecache *ncp, *lncp;
1537 struct negstate *ns, *lns;
1538 int i;
1539
1540 mtx_assert(&nl->nl_evict_lock, MA_OWNED);
1541 mtx_assert(&nl->nl_lock, MA_OWNED);
1542 ncp = TAILQ_FIRST(&nl->nl_list);
1543 if (ncp == NULL)
1544 return (NULL);
1545 lncp = ncp;
1546 lns = NCP2NEGSTATE(lncp);
1547 for (i = 1; i < 4; i++) {
1548 ncp = TAILQ_NEXT(ncp, nc_dst);
1549 if (ncp == NULL)
1550 break;
1551 ns = NCP2NEGSTATE(ncp);
1552 if (ns->neg_hit < lns->neg_hit) {
1553 lncp = ncp;
1554 lns = ns;
1555 }
1556 }
1557 return (lncp);
1558 }
1559
1560 static bool
cache_neg_evict(void)1561 cache_neg_evict(void)
1562 {
1563 struct namecache *ncp, *ncp2;
1564 struct neglist *nl;
1565 struct vnode *dvp;
1566 struct mtx *dvlp;
1567 struct mtx *blp;
1568 uint32_t hash;
1569 u_char nlen;
1570 bool evicted;
1571
1572 nl = cache_neg_evict_select_list();
1573 if (nl == NULL) {
1574 return (false);
1575 }
1576
1577 mtx_lock(&nl->nl_lock);
1578 ncp = TAILQ_FIRST(&nl->nl_hotlist);
1579 if (ncp != NULL) {
1580 cache_neg_demote_locked(ncp);
1581 }
1582 ncp = cache_neg_evict_select_entry(nl);
1583 if (ncp == NULL) {
1584 counter_u64_add(neg_evict_skipped_empty, 1);
1585 mtx_unlock(&nl->nl_lock);
1586 mtx_unlock(&nl->nl_evict_lock);
1587 return (false);
1588 }
1589 nlen = ncp->nc_nlen;
1590 dvp = ncp->nc_dvp;
1591 hash = cache_get_hash(ncp->nc_name, nlen, dvp);
1592 dvlp = VP2VNODELOCK(dvp);
1593 blp = HASH2BUCKETLOCK(hash);
1594 mtx_unlock(&nl->nl_lock);
1595 mtx_unlock(&nl->nl_evict_lock);
1596 mtx_lock(dvlp);
1597 mtx_lock(blp);
1598 /*
1599 * Note that since all locks were dropped above, the entry may be
1600 * gone or reallocated to be something else.
1601 */
1602 CK_SLIST_FOREACH(ncp2, (NCHHASH(hash)), nc_hash) {
1603 if (ncp2 == ncp && ncp2->nc_dvp == dvp &&
1604 ncp2->nc_nlen == nlen && (ncp2->nc_flag & NCF_NEGATIVE) != 0)
1605 break;
1606 }
1607 if (ncp2 == NULL) {
1608 counter_u64_add(neg_evict_skipped_missed, 1);
1609 ncp = NULL;
1610 evicted = false;
1611 } else {
1612 MPASS(dvlp == VP2VNODELOCK(ncp->nc_dvp));
1613 MPASS(blp == NCP2BUCKETLOCK(ncp));
1614 SDT_PROBE2(vfs, namecache, evict_negative, done, ncp->nc_dvp,
1615 ncp->nc_name);
1616 cache_zap_locked(ncp);
1617 counter_u64_add(neg_evicted, 1);
1618 evicted = true;
1619 }
1620 mtx_unlock(blp);
1621 mtx_unlock(dvlp);
1622 if (ncp != NULL)
1623 cache_free(ncp);
1624 return (evicted);
1625 }
1626
1627 /*
1628 * Maybe evict a negative entry to create more room.
1629 *
1630 * The ncnegfactor parameter limits what fraction of the total count
1631 * can comprise of negative entries. However, if the cache is just
1632 * warming up this leads to excessive evictions. As such, ncnegminpct
1633 * (recomputed to neg_min) dictates whether the above should be
1634 * applied.
1635 *
1636 * Try evicting if the cache is close to full capacity regardless of
1637 * other considerations.
1638 */
1639 static bool
cache_neg_evict_cond(u_long lnumcache)1640 cache_neg_evict_cond(u_long lnumcache)
1641 {
1642 u_long lnumneg;
1643
1644 if (ncsize - 1000 < lnumcache)
1645 goto out_evict;
1646 lnumneg = atomic_load_long(&numneg);
1647 if (lnumneg < neg_min)
1648 return (false);
1649 if (lnumneg * ncnegfactor < lnumcache)
1650 return (false);
1651 out_evict:
1652 return (cache_neg_evict());
1653 }
1654
1655 /*
1656 * cache_zap_locked():
1657 *
1658 * Removes a namecache entry from cache, whether it contains an actual
1659 * pointer to a vnode or if it is just a negative cache entry.
1660 */
1661 static void
cache_zap_locked(struct namecache * ncp)1662 cache_zap_locked(struct namecache *ncp)
1663 {
1664 struct nchashhead *ncpp;
1665 struct vnode *dvp, *vp;
1666
1667 dvp = ncp->nc_dvp;
1668 vp = ncp->nc_vp;
1669
1670 if (!(ncp->nc_flag & NCF_NEGATIVE))
1671 cache_assert_vnode_locked(vp);
1672 cache_assert_vnode_locked(dvp);
1673 cache_assert_bucket_locked(ncp);
1674
1675 cache_ncp_invalidate(ncp);
1676
1677 ncpp = NCP2BUCKET(ncp);
1678 CK_SLIST_REMOVE(ncpp, ncp, namecache, nc_hash);
1679 if (!(ncp->nc_flag & NCF_NEGATIVE)) {
1680 SDT_PROBE3(vfs, namecache, zap, done, dvp, ncp->nc_name, vp);
1681 TAILQ_REMOVE(&vp->v_cache_dst, ncp, nc_dst);
1682 if (ncp == vp->v_cache_dd) {
1683 atomic_store_ptr(&vp->v_cache_dd, NULL);
1684 }
1685 } else {
1686 SDT_PROBE2(vfs, namecache, zap_negative, done, dvp, ncp->nc_name);
1687 cache_neg_remove(ncp);
1688 }
1689 if (ncp->nc_flag & NCF_ISDOTDOT) {
1690 if (ncp == dvp->v_cache_dd) {
1691 atomic_store_ptr(&dvp->v_cache_dd, NULL);
1692 }
1693 } else {
1694 LIST_REMOVE(ncp, nc_src);
1695 if (LIST_EMPTY(&dvp->v_cache_src)) {
1696 ncp->nc_flag |= NCF_DVDROP;
1697 }
1698 }
1699 }
1700
1701 static void
cache_zap_negative_locked_vnode_kl(struct namecache * ncp,struct vnode * vp)1702 cache_zap_negative_locked_vnode_kl(struct namecache *ncp, struct vnode *vp)
1703 {
1704 struct mtx *blp;
1705
1706 MPASS(ncp->nc_dvp == vp);
1707 MPASS(ncp->nc_flag & NCF_NEGATIVE);
1708 cache_assert_vnode_locked(vp);
1709
1710 blp = NCP2BUCKETLOCK(ncp);
1711 mtx_lock(blp);
1712 cache_zap_locked(ncp);
1713 mtx_unlock(blp);
1714 }
1715
1716 static bool
cache_zap_locked_vnode_kl2(struct namecache * ncp,struct vnode * vp,struct mtx ** vlpp)1717 cache_zap_locked_vnode_kl2(struct namecache *ncp, struct vnode *vp,
1718 struct mtx **vlpp)
1719 {
1720 struct mtx *pvlp, *vlp1, *vlp2, *to_unlock;
1721 struct mtx *blp;
1722
1723 MPASS(vp == ncp->nc_dvp || vp == ncp->nc_vp);
1724 cache_assert_vnode_locked(vp);
1725
1726 if (ncp->nc_flag & NCF_NEGATIVE) {
1727 if (*vlpp != NULL) {
1728 mtx_unlock(*vlpp);
1729 *vlpp = NULL;
1730 }
1731 cache_zap_negative_locked_vnode_kl(ncp, vp);
1732 return (true);
1733 }
1734
1735 pvlp = VP2VNODELOCK(vp);
1736 blp = NCP2BUCKETLOCK(ncp);
1737 vlp1 = VP2VNODELOCK(ncp->nc_dvp);
1738 vlp2 = VP2VNODELOCK(ncp->nc_vp);
1739
1740 if (*vlpp == vlp1 || *vlpp == vlp2) {
1741 to_unlock = *vlpp;
1742 *vlpp = NULL;
1743 } else {
1744 if (*vlpp != NULL) {
1745 mtx_unlock(*vlpp);
1746 *vlpp = NULL;
1747 }
1748 cache_sort_vnodes(&vlp1, &vlp2);
1749 if (vlp1 == pvlp) {
1750 mtx_lock(vlp2);
1751 to_unlock = vlp2;
1752 } else {
1753 if (!mtx_trylock(vlp1))
1754 goto out_relock;
1755 to_unlock = vlp1;
1756 }
1757 }
1758 mtx_lock(blp);
1759 cache_zap_locked(ncp);
1760 mtx_unlock(blp);
1761 if (to_unlock != NULL)
1762 mtx_unlock(to_unlock);
1763 return (true);
1764
1765 out_relock:
1766 mtx_unlock(vlp2);
1767 mtx_lock(vlp1);
1768 mtx_lock(vlp2);
1769 MPASS(*vlpp == NULL);
1770 *vlpp = vlp1;
1771 return (false);
1772 }
1773
1774 /*
1775 * If trylocking failed we can get here. We know enough to take all needed locks
1776 * in the right order and re-lookup the entry.
1777 */
1778 static int
cache_zap_unlocked_bucket(struct namecache * ncp,struct componentname * cnp,struct vnode * dvp,struct mtx * dvlp,struct mtx * vlp,uint32_t hash,struct mtx * blp)1779 cache_zap_unlocked_bucket(struct namecache *ncp, struct componentname *cnp,
1780 struct vnode *dvp, struct mtx *dvlp, struct mtx *vlp, uint32_t hash,
1781 struct mtx *blp)
1782 {
1783 struct namecache *rncp;
1784 struct mtx *rvlp;
1785
1786 cache_assert_bucket_unlocked(ncp);
1787
1788 cache_sort_vnodes(&dvlp, &vlp);
1789 cache_lock_vnodes(dvlp, vlp);
1790 mtx_lock(blp);
1791 CK_SLIST_FOREACH(rncp, (NCHHASH(hash)), nc_hash) {
1792 if (rncp == ncp && cache_ncp_match(rncp, dvp, cnp))
1793 break;
1794 }
1795 if (rncp == NULL)
1796 goto out_mismatch;
1797
1798 if (!(ncp->nc_flag & NCF_NEGATIVE))
1799 rvlp = VP2VNODELOCK(rncp->nc_vp);
1800 else
1801 rvlp = NULL;
1802 if (rvlp != vlp)
1803 goto out_mismatch;
1804
1805 cache_zap_locked(rncp);
1806 mtx_unlock(blp);
1807 cache_unlock_vnodes(dvlp, vlp);
1808 atomic_add_long(&zap_bucket_relock_success, 1);
1809 return (0);
1810
1811 out_mismatch:
1812 mtx_unlock(blp);
1813 cache_unlock_vnodes(dvlp, vlp);
1814 return (EAGAIN);
1815 }
1816
1817 static int __noinline
cache_zap_locked_bucket(struct namecache * ncp,struct componentname * cnp,uint32_t hash,struct mtx * blp)1818 cache_zap_locked_bucket(struct namecache *ncp, struct componentname *cnp,
1819 uint32_t hash, struct mtx *blp)
1820 {
1821 struct mtx *dvlp, *vlp;
1822 struct vnode *dvp;
1823
1824 cache_assert_bucket_locked(ncp);
1825
1826 dvlp = VP2VNODELOCK(ncp->nc_dvp);
1827 vlp = NULL;
1828 if (!(ncp->nc_flag & NCF_NEGATIVE))
1829 vlp = VP2VNODELOCK(ncp->nc_vp);
1830 if (cache_trylock_vnodes(dvlp, vlp) == 0) {
1831 cache_zap_locked(ncp);
1832 mtx_unlock(blp);
1833 cache_unlock_vnodes(dvlp, vlp);
1834 return (0);
1835 }
1836
1837 dvp = ncp->nc_dvp;
1838 mtx_unlock(blp);
1839 return (cache_zap_unlocked_bucket(ncp, cnp, dvp, dvlp, vlp, hash, blp));
1840 }
1841
1842 static __noinline int
cache_remove_cnp(struct vnode * dvp,struct componentname * cnp)1843 cache_remove_cnp(struct vnode *dvp, struct componentname *cnp)
1844 {
1845 struct namecache *ncp;
1846 struct mtx *blp;
1847 struct mtx *dvlp, *dvlp2;
1848 uint32_t hash;
1849 int error;
1850
1851 if (cnp->cn_namelen == 2 &&
1852 cnp->cn_nameptr[0] == '.' && cnp->cn_nameptr[1] == '.') {
1853 dvlp = VP2VNODELOCK(dvp);
1854 dvlp2 = NULL;
1855 mtx_lock(dvlp);
1856 retry_dotdot:
1857 ncp = dvp->v_cache_dd;
1858 if (ncp == NULL) {
1859 mtx_unlock(dvlp);
1860 if (dvlp2 != NULL)
1861 mtx_unlock(dvlp2);
1862 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp);
1863 return (0);
1864 }
1865 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) {
1866 if (!cache_zap_locked_vnode_kl2(ncp, dvp, &dvlp2))
1867 goto retry_dotdot;
1868 MPASS(dvp->v_cache_dd == NULL);
1869 mtx_unlock(dvlp);
1870 if (dvlp2 != NULL)
1871 mtx_unlock(dvlp2);
1872 cache_free(ncp);
1873 } else {
1874 atomic_store_ptr(&dvp->v_cache_dd, NULL);
1875 mtx_unlock(dvlp);
1876 if (dvlp2 != NULL)
1877 mtx_unlock(dvlp2);
1878 }
1879 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp);
1880 return (1);
1881 }
1882
1883 /*
1884 * XXX note that access here is completely unlocked with no provisions
1885 * to keep the hash allocated. If one is sufficiently unlucky a
1886 * parallel cache resize can reallocate the hash, unmap backing pages
1887 * and cause the empty check below to fault.
1888 *
1889 * Fixing this has epsilon priority, but can be done with no overhead
1890 * for this codepath with sufficient effort.
1891 */
1892 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
1893 blp = HASH2BUCKETLOCK(hash);
1894 retry:
1895 if (CK_SLIST_EMPTY(NCHHASH(hash)))
1896 goto out_no_entry;
1897
1898 mtx_lock(blp);
1899 ncp = cache_ncp_find(dvp, cnp, hash);
1900 if (ncp == NULL) {
1901 mtx_unlock(blp);
1902 goto out_no_entry;
1903 }
1904
1905 error = cache_zap_locked_bucket(ncp, cnp, hash, blp);
1906 if (__predict_false(error != 0)) {
1907 atomic_add_long(&zap_bucket_fail, 1);
1908 goto retry;
1909 }
1910 counter_u64_add(numposzaps, 1);
1911 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp);
1912 cache_free(ncp);
1913 return (1);
1914 out_no_entry:
1915 counter_u64_add(nummisszap, 1);
1916 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp);
1917 return (0);
1918 }
1919
1920 static int __noinline
cache_lookup_dot(struct vnode * dvp,struct vnode ** vpp,struct componentname * cnp,struct timespec * tsp,int * ticksp)1921 cache_lookup_dot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
1922 struct timespec *tsp, int *ticksp)
1923 {
1924 int ltype;
1925
1926 *vpp = dvp;
1927 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ".", *vpp);
1928 if (tsp != NULL)
1929 timespecclear(tsp);
1930 if (ticksp != NULL)
1931 *ticksp = ticks;
1932 vrefact(*vpp);
1933 /*
1934 * When we lookup "." we still can be asked to lock it
1935 * differently...
1936 */
1937 ltype = cnp->cn_lkflags & LK_TYPE_MASK;
1938 if (ltype != VOP_ISLOCKED(*vpp)) {
1939 if (ltype == LK_EXCLUSIVE) {
1940 vn_lock(*vpp, LK_UPGRADE | LK_RETRY);
1941 if (VN_IS_DOOMED((*vpp))) {
1942 /* forced unmount */
1943 vrele(*vpp);
1944 *vpp = NULL;
1945 return (ENOENT);
1946 }
1947 } else
1948 vn_lock(*vpp, LK_DOWNGRADE | LK_RETRY);
1949 }
1950 return (-1);
1951 }
1952
1953 static int __noinline
cache_lookup_dotdot(struct vnode * dvp,struct vnode ** vpp,struct componentname * cnp,struct timespec * tsp,int * ticksp)1954 cache_lookup_dotdot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
1955 struct timespec *tsp, int *ticksp)
1956 {
1957 struct namecache_ts *ncp_ts;
1958 struct namecache *ncp;
1959 struct mtx *dvlp;
1960 enum vgetstate vs;
1961 int error, ltype;
1962 bool whiteout;
1963
1964 MPASS((cnp->cn_flags & ISDOTDOT) != 0);
1965
1966 if ((cnp->cn_flags & MAKEENTRY) == 0) {
1967 cache_remove_cnp(dvp, cnp);
1968 return (0);
1969 }
1970
1971 retry:
1972 dvlp = VP2VNODELOCK(dvp);
1973 mtx_lock(dvlp);
1974 ncp = dvp->v_cache_dd;
1975 if (ncp == NULL) {
1976 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, "..");
1977 mtx_unlock(dvlp);
1978 return (0);
1979 }
1980 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) {
1981 if (ncp->nc_flag & NCF_NEGATIVE)
1982 *vpp = NULL;
1983 else
1984 *vpp = ncp->nc_vp;
1985 } else
1986 *vpp = ncp->nc_dvp;
1987 if (*vpp == NULL)
1988 goto negative_success;
1989 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, "..", *vpp);
1990 cache_out_ts(ncp, tsp, ticksp);
1991 if ((ncp->nc_flag & (NCF_ISDOTDOT | NCF_DTS)) ==
1992 NCF_DTS && tsp != NULL) {
1993 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
1994 *tsp = ncp_ts->nc_dotdottime;
1995 }
1996
1997 MPASS(dvp != *vpp);
1998 ltype = VOP_ISLOCKED(dvp);
1999 VOP_UNLOCK(dvp);
2000 vs = vget_prep(*vpp);
2001 mtx_unlock(dvlp);
2002 error = vget_finish(*vpp, cnp->cn_lkflags, vs);
2003 vn_lock(dvp, ltype | LK_RETRY);
2004 if (VN_IS_DOOMED(dvp)) {
2005 if (error == 0)
2006 vput(*vpp);
2007 *vpp = NULL;
2008 return (ENOENT);
2009 }
2010 if (error) {
2011 *vpp = NULL;
2012 goto retry;
2013 }
2014 return (-1);
2015 negative_success:
2016 if (__predict_false(cnp->cn_nameiop == CREATE)) {
2017 if (cnp->cn_flags & ISLASTCN) {
2018 counter_u64_add(numnegzaps, 1);
2019 cache_zap_negative_locked_vnode_kl(ncp, dvp);
2020 mtx_unlock(dvlp);
2021 cache_free(ncp);
2022 return (0);
2023 }
2024 }
2025
2026 whiteout = (ncp->nc_flag & NCF_WHITE);
2027 cache_out_ts(ncp, tsp, ticksp);
2028 if (cache_neg_hit_prep(ncp))
2029 cache_neg_promote(ncp);
2030 else
2031 cache_neg_hit_finish(ncp);
2032 mtx_unlock(dvlp);
2033 if (whiteout)
2034 cnp->cn_flags |= ISWHITEOUT;
2035 return (ENOENT);
2036 }
2037
2038 /**
2039 * Lookup a name in the name cache
2040 *
2041 * # Arguments
2042 *
2043 * - dvp: Parent directory in which to search.
2044 * - vpp: Return argument. Will contain desired vnode on cache hit.
2045 * - cnp: Parameters of the name search. The most interesting bits of
2046 * the cn_flags field have the following meanings:
2047 * - MAKEENTRY: If clear, free an entry from the cache rather than look
2048 * it up.
2049 * - ISDOTDOT: Must be set if and only if cn_nameptr == ".."
2050 * - tsp: Return storage for cache timestamp. On a successful (positive
2051 * or negative) lookup, tsp will be filled with any timespec that
2052 * was stored when this cache entry was created. However, it will
2053 * be clear for "." entries.
2054 * - ticks: Return storage for alternate cache timestamp. On a successful
2055 * (positive or negative) lookup, it will contain the ticks value
2056 * that was current when the cache entry was created, unless cnp
2057 * was ".".
2058 *
2059 * Either both tsp and ticks have to be provided or neither of them.
2060 *
2061 * # Returns
2062 *
2063 * - -1: A positive cache hit. vpp will contain the desired vnode.
2064 * - ENOENT: A negative cache hit, or dvp was recycled out from under us due
2065 * to a forced unmount. vpp will not be modified. If the entry
2066 * is a whiteout, then the ISWHITEOUT flag will be set in
2067 * cnp->cn_flags.
2068 * - 0: A cache miss. vpp will not be modified.
2069 *
2070 * # Locking
2071 *
2072 * On a cache hit, vpp will be returned locked and ref'd. If we're looking up
2073 * .., dvp is unlocked. If we're looking up . an extra ref is taken, but the
2074 * lock is not recursively acquired.
2075 */
2076 static int __noinline
cache_lookup_fallback(struct vnode * dvp,struct vnode ** vpp,struct componentname * cnp,struct timespec * tsp,int * ticksp)2077 cache_lookup_fallback(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
2078 struct timespec *tsp, int *ticksp)
2079 {
2080 struct namecache *ncp;
2081 struct mtx *blp;
2082 uint32_t hash;
2083 enum vgetstate vs;
2084 int error;
2085 bool whiteout;
2086
2087 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
2088 MPASS((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) != 0);
2089
2090 retry:
2091 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
2092 blp = HASH2BUCKETLOCK(hash);
2093 mtx_lock(blp);
2094
2095 ncp = cache_ncp_find(dvp, cnp, hash);
2096 if (__predict_false(ncp == NULL)) {
2097 mtx_unlock(blp);
2098 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr);
2099 counter_u64_add(nummiss, 1);
2100 return (0);
2101 }
2102
2103 if (ncp->nc_flag & NCF_NEGATIVE)
2104 goto negative_success;
2105
2106 counter_u64_add(numposhits, 1);
2107 *vpp = ncp->nc_vp;
2108 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp);
2109 cache_out_ts(ncp, tsp, ticksp);
2110 MPASS(dvp != *vpp);
2111 vs = vget_prep(*vpp);
2112 mtx_unlock(blp);
2113 error = vget_finish(*vpp, cnp->cn_lkflags, vs);
2114 if (error) {
2115 *vpp = NULL;
2116 goto retry;
2117 }
2118 return (-1);
2119 negative_success:
2120 /*
2121 * We don't get here with regular lookup apart from corner cases.
2122 */
2123 if (__predict_true(cnp->cn_nameiop == CREATE)) {
2124 if (cnp->cn_flags & ISLASTCN) {
2125 counter_u64_add(numnegzaps, 1);
2126 error = cache_zap_locked_bucket(ncp, cnp, hash, blp);
2127 if (__predict_false(error != 0)) {
2128 atomic_add_long(&zap_bucket_fail2, 1);
2129 goto retry;
2130 }
2131 cache_free(ncp);
2132 return (0);
2133 }
2134 }
2135
2136 whiteout = (ncp->nc_flag & NCF_WHITE);
2137 cache_out_ts(ncp, tsp, ticksp);
2138 if (cache_neg_hit_prep(ncp))
2139 cache_neg_promote(ncp);
2140 else
2141 cache_neg_hit_finish(ncp);
2142 mtx_unlock(blp);
2143 if (whiteout)
2144 cnp->cn_flags |= ISWHITEOUT;
2145 return (ENOENT);
2146 }
2147
2148 int
cache_lookup(struct vnode * dvp,struct vnode ** vpp,struct componentname * cnp,struct timespec * tsp,int * ticksp)2149 cache_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp,
2150 struct timespec *tsp, int *ticksp)
2151 {
2152 struct namecache *ncp;
2153 uint32_t hash;
2154 enum vgetstate vs;
2155 int error;
2156 bool whiteout, neg_promote;
2157 u_short nc_flag;
2158
2159 MPASS((tsp == NULL && ticksp == NULL) || (tsp != NULL && ticksp != NULL));
2160
2161 #ifdef DEBUG_CACHE
2162 if (__predict_false(!doingcache)) {
2163 cnp->cn_flags &= ~MAKEENTRY;
2164 return (0);
2165 }
2166 #endif
2167
2168 if (__predict_false(cnp->cn_nameptr[0] == '.')) {
2169 if (cnp->cn_namelen == 1)
2170 return (cache_lookup_dot(dvp, vpp, cnp, tsp, ticksp));
2171 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.')
2172 return (cache_lookup_dotdot(dvp, vpp, cnp, tsp, ticksp));
2173 }
2174
2175 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
2176
2177 if ((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) == 0) {
2178 cache_remove_cnp(dvp, cnp);
2179 return (0);
2180 }
2181
2182 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
2183 vfs_smr_enter();
2184
2185 ncp = cache_ncp_find(dvp, cnp, hash);
2186 if (__predict_false(ncp == NULL)) {
2187 vfs_smr_exit();
2188 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr);
2189 counter_u64_add(nummiss, 1);
2190 return (0);
2191 }
2192
2193 nc_flag = atomic_load_char(&ncp->nc_flag);
2194 if (nc_flag & NCF_NEGATIVE)
2195 goto negative_success;
2196
2197 counter_u64_add(numposhits, 1);
2198 *vpp = ncp->nc_vp;
2199 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp);
2200 cache_out_ts(ncp, tsp, ticksp);
2201 MPASS(dvp != *vpp);
2202 if (!cache_ncp_canuse(ncp)) {
2203 vfs_smr_exit();
2204 *vpp = NULL;
2205 goto out_fallback;
2206 }
2207 vs = vget_prep_smr(*vpp);
2208 vfs_smr_exit();
2209 if (__predict_false(vs == VGET_NONE)) {
2210 *vpp = NULL;
2211 goto out_fallback;
2212 }
2213 error = vget_finish(*vpp, cnp->cn_lkflags, vs);
2214 if (error) {
2215 *vpp = NULL;
2216 goto out_fallback;
2217 }
2218 return (-1);
2219 negative_success:
2220 if (cnp->cn_nameiop == CREATE) {
2221 if (cnp->cn_flags & ISLASTCN) {
2222 vfs_smr_exit();
2223 goto out_fallback;
2224 }
2225 }
2226
2227 cache_out_ts(ncp, tsp, ticksp);
2228 whiteout = (atomic_load_char(&ncp->nc_flag) & NCF_WHITE);
2229 neg_promote = cache_neg_hit_prep(ncp);
2230 if (!cache_ncp_canuse(ncp)) {
2231 cache_neg_hit_abort(ncp);
2232 vfs_smr_exit();
2233 goto out_fallback;
2234 }
2235 if (neg_promote) {
2236 vfs_smr_exit();
2237 if (!cache_neg_promote_cond(dvp, cnp, ncp, hash))
2238 goto out_fallback;
2239 } else {
2240 cache_neg_hit_finish(ncp);
2241 vfs_smr_exit();
2242 }
2243 if (whiteout)
2244 cnp->cn_flags |= ISWHITEOUT;
2245 return (ENOENT);
2246 out_fallback:
2247 return (cache_lookup_fallback(dvp, vpp, cnp, tsp, ticksp));
2248 }
2249
2250 struct celockstate {
2251 struct mtx *vlp[3];
2252 struct mtx *blp[2];
2253 };
2254 CTASSERT((nitems(((struct celockstate *)0)->vlp) == 3));
2255 CTASSERT((nitems(((struct celockstate *)0)->blp) == 2));
2256
2257 static inline void
cache_celockstate_init(struct celockstate * cel)2258 cache_celockstate_init(struct celockstate *cel)
2259 {
2260
2261 bzero(cel, sizeof(*cel));
2262 }
2263
2264 static void
cache_lock_vnodes_cel(struct celockstate * cel,struct vnode * vp,struct vnode * dvp)2265 cache_lock_vnodes_cel(struct celockstate *cel, struct vnode *vp,
2266 struct vnode *dvp)
2267 {
2268 struct mtx *vlp1, *vlp2;
2269
2270 MPASS(cel->vlp[0] == NULL);
2271 MPASS(cel->vlp[1] == NULL);
2272 MPASS(cel->vlp[2] == NULL);
2273
2274 MPASS(vp != NULL || dvp != NULL);
2275
2276 vlp1 = VP2VNODELOCK(vp);
2277 vlp2 = VP2VNODELOCK(dvp);
2278 cache_sort_vnodes(&vlp1, &vlp2);
2279
2280 if (vlp1 != NULL) {
2281 mtx_lock(vlp1);
2282 cel->vlp[0] = vlp1;
2283 }
2284 mtx_lock(vlp2);
2285 cel->vlp[1] = vlp2;
2286 }
2287
2288 static void
cache_unlock_vnodes_cel(struct celockstate * cel)2289 cache_unlock_vnodes_cel(struct celockstate *cel)
2290 {
2291
2292 MPASS(cel->vlp[0] != NULL || cel->vlp[1] != NULL);
2293
2294 if (cel->vlp[0] != NULL)
2295 mtx_unlock(cel->vlp[0]);
2296 if (cel->vlp[1] != NULL)
2297 mtx_unlock(cel->vlp[1]);
2298 if (cel->vlp[2] != NULL)
2299 mtx_unlock(cel->vlp[2]);
2300 }
2301
2302 static bool
cache_lock_vnodes_cel_3(struct celockstate * cel,struct vnode * vp)2303 cache_lock_vnodes_cel_3(struct celockstate *cel, struct vnode *vp)
2304 {
2305 struct mtx *vlp;
2306 bool ret;
2307
2308 cache_assert_vlp_locked(cel->vlp[0]);
2309 cache_assert_vlp_locked(cel->vlp[1]);
2310 MPASS(cel->vlp[2] == NULL);
2311
2312 MPASS(vp != NULL);
2313 vlp = VP2VNODELOCK(vp);
2314
2315 ret = true;
2316 if (vlp >= cel->vlp[1]) {
2317 mtx_lock(vlp);
2318 } else {
2319 if (mtx_trylock(vlp))
2320 goto out;
2321 cache_unlock_vnodes_cel(cel);
2322 atomic_add_long(&cache_lock_vnodes_cel_3_failures, 1);
2323 if (vlp < cel->vlp[0]) {
2324 mtx_lock(vlp);
2325 mtx_lock(cel->vlp[0]);
2326 mtx_lock(cel->vlp[1]);
2327 } else {
2328 if (cel->vlp[0] != NULL)
2329 mtx_lock(cel->vlp[0]);
2330 mtx_lock(vlp);
2331 mtx_lock(cel->vlp[1]);
2332 }
2333 ret = false;
2334 }
2335 out:
2336 cel->vlp[2] = vlp;
2337 return (ret);
2338 }
2339
2340 static void
cache_lock_buckets_cel(struct celockstate * cel,struct mtx * blp1,struct mtx * blp2)2341 cache_lock_buckets_cel(struct celockstate *cel, struct mtx *blp1,
2342 struct mtx *blp2)
2343 {
2344
2345 MPASS(cel->blp[0] == NULL);
2346 MPASS(cel->blp[1] == NULL);
2347
2348 cache_sort_vnodes(&blp1, &blp2);
2349
2350 if (blp1 != NULL) {
2351 mtx_lock(blp1);
2352 cel->blp[0] = blp1;
2353 }
2354 mtx_lock(blp2);
2355 cel->blp[1] = blp2;
2356 }
2357
2358 static void
cache_unlock_buckets_cel(struct celockstate * cel)2359 cache_unlock_buckets_cel(struct celockstate *cel)
2360 {
2361
2362 if (cel->blp[0] != NULL)
2363 mtx_unlock(cel->blp[0]);
2364 mtx_unlock(cel->blp[1]);
2365 }
2366
2367 /*
2368 * Lock part of the cache affected by the insertion.
2369 *
2370 * This means vnodelocks for dvp, vp and the relevant bucketlock.
2371 * However, insertion can result in removal of an old entry. In this
2372 * case we have an additional vnode and bucketlock pair to lock.
2373 *
2374 * That is, in the worst case we have to lock 3 vnodes and 2 bucketlocks, while
2375 * preserving the locking order (smaller address first).
2376 */
2377 static void
cache_enter_lock(struct celockstate * cel,struct vnode * dvp,struct vnode * vp,uint32_t hash)2378 cache_enter_lock(struct celockstate *cel, struct vnode *dvp, struct vnode *vp,
2379 uint32_t hash)
2380 {
2381 struct namecache *ncp;
2382 struct mtx *blps[2];
2383 u_char nc_flag;
2384
2385 blps[0] = HASH2BUCKETLOCK(hash);
2386 for (;;) {
2387 blps[1] = NULL;
2388 cache_lock_vnodes_cel(cel, dvp, vp);
2389 if (vp == NULL || vp->v_type != VDIR)
2390 break;
2391 ncp = atomic_load_consume_ptr(&vp->v_cache_dd);
2392 if (ncp == NULL)
2393 break;
2394 nc_flag = atomic_load_char(&ncp->nc_flag);
2395 if ((nc_flag & NCF_ISDOTDOT) == 0)
2396 break;
2397 MPASS(ncp->nc_dvp == vp);
2398 blps[1] = NCP2BUCKETLOCK(ncp);
2399 if ((nc_flag & NCF_NEGATIVE) != 0)
2400 break;
2401 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp))
2402 break;
2403 /*
2404 * All vnodes got re-locked. Re-validate the state and if
2405 * nothing changed we are done. Otherwise restart.
2406 */
2407 if (ncp == vp->v_cache_dd &&
2408 (ncp->nc_flag & NCF_ISDOTDOT) != 0 &&
2409 blps[1] == NCP2BUCKETLOCK(ncp) &&
2410 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2])
2411 break;
2412 cache_unlock_vnodes_cel(cel);
2413 cel->vlp[0] = NULL;
2414 cel->vlp[1] = NULL;
2415 cel->vlp[2] = NULL;
2416 }
2417 cache_lock_buckets_cel(cel, blps[0], blps[1]);
2418 }
2419
2420 static void
cache_enter_lock_dd(struct celockstate * cel,struct vnode * dvp,struct vnode * vp,uint32_t hash)2421 cache_enter_lock_dd(struct celockstate *cel, struct vnode *dvp, struct vnode *vp,
2422 uint32_t hash)
2423 {
2424 struct namecache *ncp;
2425 struct mtx *blps[2];
2426 u_char nc_flag;
2427
2428 blps[0] = HASH2BUCKETLOCK(hash);
2429 for (;;) {
2430 blps[1] = NULL;
2431 cache_lock_vnodes_cel(cel, dvp, vp);
2432 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd);
2433 if (ncp == NULL)
2434 break;
2435 nc_flag = atomic_load_char(&ncp->nc_flag);
2436 if ((nc_flag & NCF_ISDOTDOT) == 0)
2437 break;
2438 MPASS(ncp->nc_dvp == dvp);
2439 blps[1] = NCP2BUCKETLOCK(ncp);
2440 if ((nc_flag & NCF_NEGATIVE) != 0)
2441 break;
2442 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp))
2443 break;
2444 if (ncp == dvp->v_cache_dd &&
2445 (ncp->nc_flag & NCF_ISDOTDOT) != 0 &&
2446 blps[1] == NCP2BUCKETLOCK(ncp) &&
2447 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2])
2448 break;
2449 cache_unlock_vnodes_cel(cel);
2450 cel->vlp[0] = NULL;
2451 cel->vlp[1] = NULL;
2452 cel->vlp[2] = NULL;
2453 }
2454 cache_lock_buckets_cel(cel, blps[0], blps[1]);
2455 }
2456
2457 static void
cache_enter_unlock(struct celockstate * cel)2458 cache_enter_unlock(struct celockstate *cel)
2459 {
2460
2461 cache_unlock_buckets_cel(cel);
2462 cache_unlock_vnodes_cel(cel);
2463 }
2464
2465 static void __noinline
cache_enter_dotdot_prep(struct vnode * dvp,struct vnode * vp,struct componentname * cnp)2466 cache_enter_dotdot_prep(struct vnode *dvp, struct vnode *vp,
2467 struct componentname *cnp)
2468 {
2469 struct celockstate cel;
2470 struct namecache *ncp;
2471 uint32_t hash;
2472 int len;
2473
2474 if (atomic_load_ptr(&dvp->v_cache_dd) == NULL)
2475 return;
2476 len = cnp->cn_namelen;
2477 cache_celockstate_init(&cel);
2478 hash = cache_get_hash(cnp->cn_nameptr, len, dvp);
2479 cache_enter_lock_dd(&cel, dvp, vp, hash);
2480 ncp = dvp->v_cache_dd;
2481 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT)) {
2482 KASSERT(ncp->nc_dvp == dvp, ("wrong isdotdot parent"));
2483 cache_zap_locked(ncp);
2484 } else {
2485 ncp = NULL;
2486 }
2487 atomic_store_ptr(&dvp->v_cache_dd, NULL);
2488 cache_enter_unlock(&cel);
2489 if (ncp != NULL)
2490 cache_free(ncp);
2491 }
2492
2493 /*
2494 * Add an entry to the cache.
2495 */
2496 void
cache_enter_time(struct vnode * dvp,struct vnode * vp,struct componentname * cnp,struct timespec * tsp,struct timespec * dtsp)2497 cache_enter_time(struct vnode *dvp, struct vnode *vp, struct componentname *cnp,
2498 struct timespec *tsp, struct timespec *dtsp)
2499 {
2500 struct celockstate cel;
2501 struct namecache *ncp, *n2, *ndd;
2502 struct namecache_ts *ncp_ts;
2503 uint32_t hash;
2504 int flag;
2505 int len;
2506
2507 KASSERT(cnp->cn_namelen <= NAME_MAX,
2508 ("%s: passed len %ld exceeds NAME_MAX (%d)", __func__, cnp->cn_namelen,
2509 NAME_MAX));
2510 VNPASS(!VN_IS_DOOMED(dvp), dvp);
2511 VNPASS(dvp->v_type != VNON, dvp);
2512 if (vp != NULL) {
2513 VNPASS(!VN_IS_DOOMED(vp), vp);
2514 VNPASS(vp->v_type != VNON, vp);
2515 }
2516 if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') {
2517 KASSERT(dvp == vp,
2518 ("%s: different vnodes for dot entry (%p; %p)\n", __func__,
2519 dvp, vp));
2520 } else {
2521 KASSERT(dvp != vp,
2522 ("%s: same vnode for non-dot entry [%s] (%p)\n", __func__,
2523 cnp->cn_nameptr, dvp));
2524 }
2525
2526 #ifdef DEBUG_CACHE
2527 if (__predict_false(!doingcache))
2528 return;
2529 #endif
2530
2531 flag = 0;
2532 if (__predict_false(cnp->cn_nameptr[0] == '.')) {
2533 if (cnp->cn_namelen == 1)
2534 return;
2535 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') {
2536 cache_enter_dotdot_prep(dvp, vp, cnp);
2537 flag = NCF_ISDOTDOT;
2538 }
2539 }
2540
2541 ncp = cache_alloc(cnp->cn_namelen, tsp != NULL);
2542 if (ncp == NULL)
2543 return;
2544
2545 cache_celockstate_init(&cel);
2546 ndd = NULL;
2547 ncp_ts = NULL;
2548
2549 /*
2550 * Calculate the hash key and setup as much of the new
2551 * namecache entry as possible before acquiring the lock.
2552 */
2553 ncp->nc_flag = flag | NCF_WIP;
2554 ncp->nc_vp = vp;
2555 if (vp == NULL)
2556 cache_neg_init(ncp);
2557 ncp->nc_dvp = dvp;
2558 if (tsp != NULL) {
2559 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc);
2560 ncp_ts->nc_time = *tsp;
2561 ncp_ts->nc_ticks = ticks;
2562 ncp_ts->nc_nc.nc_flag |= NCF_TS;
2563 if (dtsp != NULL) {
2564 ncp_ts->nc_dotdottime = *dtsp;
2565 ncp_ts->nc_nc.nc_flag |= NCF_DTS;
2566 }
2567 }
2568 len = ncp->nc_nlen = cnp->cn_namelen;
2569 hash = cache_get_hash(cnp->cn_nameptr, len, dvp);
2570 memcpy(ncp->nc_name, cnp->cn_nameptr, len);
2571 ncp->nc_name[len] = '\0';
2572 cache_enter_lock(&cel, dvp, vp, hash);
2573
2574 /*
2575 * See if this vnode or negative entry is already in the cache
2576 * with this name. This can happen with concurrent lookups of
2577 * the same path name.
2578 */
2579 n2 = cache_ncp_find(dvp, cnp, hash);
2580 if (n2 != NULL) {
2581 MPASS(cache_ncp_canuse(n2));
2582 if ((n2->nc_flag & NCF_NEGATIVE) != 0)
2583 KASSERT(vp == NULL,
2584 ("%s: found entry pointing to a different vnode "
2585 "(%p != %p); name [%s]",
2586 __func__, NULL, vp, cnp->cn_nameptr));
2587 else
2588 KASSERT(n2->nc_vp == vp,
2589 ("%s: found entry pointing to a different vnode "
2590 "(%p != %p); name [%s]",
2591 __func__, n2->nc_vp, vp, cnp->cn_nameptr));
2592 /*
2593 * Entries are supposed to be immutable unless in the
2594 * process of getting destroyed. Accommodating for
2595 * changing timestamps is possible but not worth it.
2596 * This should be harmless in terms of correctness, in
2597 * the worst case resulting in an earlier expiration.
2598 * Alternatively, the found entry can be replaced
2599 * altogether.
2600 */
2601 MPASS((n2->nc_flag & (NCF_TS | NCF_DTS)) ==
2602 (ncp->nc_flag & (NCF_TS | NCF_DTS)));
2603 #if 0
2604 if (tsp != NULL) {
2605 KASSERT((n2->nc_flag & NCF_TS) != 0,
2606 ("no NCF_TS"));
2607 n2_ts = __containerof(n2, struct namecache_ts, nc_nc);
2608 n2_ts->nc_time = ncp_ts->nc_time;
2609 n2_ts->nc_ticks = ncp_ts->nc_ticks;
2610 if (dtsp != NULL) {
2611 n2_ts->nc_dotdottime = ncp_ts->nc_dotdottime;
2612 n2_ts->nc_nc.nc_flag |= NCF_DTS;
2613 }
2614 }
2615 #endif
2616 SDT_PROBE3(vfs, namecache, enter, duplicate, dvp, ncp->nc_name,
2617 vp);
2618 goto out_unlock_free;
2619 }
2620
2621 if (flag == NCF_ISDOTDOT) {
2622 /*
2623 * See if we are trying to add .. entry, but some other lookup
2624 * has populated v_cache_dd pointer already.
2625 */
2626 if (dvp->v_cache_dd != NULL)
2627 goto out_unlock_free;
2628 KASSERT(vp == NULL || vp->v_type == VDIR,
2629 ("wrong vnode type %p", vp));
2630 atomic_thread_fence_rel();
2631 atomic_store_ptr(&dvp->v_cache_dd, ncp);
2632 } else if (vp != NULL) {
2633 /*
2634 * Take the slow path in INOTIFY(). This flag will be lazily
2635 * cleared by cache_vop_inotify() once all directories referring
2636 * to vp are unwatched.
2637 */
2638 if (__predict_false((vn_irflag_read(dvp) & VIRF_INOTIFY) != 0))
2639 vn_irflag_set_cond(vp, VIRF_INOTIFY_PARENT);
2640
2641 /*
2642 * For this case, the cache entry maps both the
2643 * directory name in it and the name ".." for the
2644 * directory's parent.
2645 */
2646 if ((ndd = vp->v_cache_dd) != NULL) {
2647 if ((ndd->nc_flag & NCF_ISDOTDOT) != 0)
2648 cache_zap_locked(ndd);
2649 else
2650 ndd = NULL;
2651 }
2652 atomic_thread_fence_rel();
2653 atomic_store_ptr(&vp->v_cache_dd, ncp);
2654 }
2655
2656 if (flag != NCF_ISDOTDOT) {
2657 if (LIST_EMPTY(&dvp->v_cache_src)) {
2658 cache_hold_vnode(dvp);
2659 }
2660 LIST_INSERT_HEAD(&dvp->v_cache_src, ncp, nc_src);
2661 }
2662
2663 /*
2664 * If the entry is "negative", we place it into the
2665 * "negative" cache queue, otherwise, we place it into the
2666 * destination vnode's cache entries queue.
2667 */
2668 if (vp != NULL) {
2669 TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, nc_dst);
2670 SDT_PROBE3(vfs, namecache, enter, done, dvp, ncp->nc_name,
2671 vp);
2672 } else {
2673 if (cnp->cn_flags & ISWHITEOUT)
2674 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_WHITE);
2675 cache_neg_insert(ncp);
2676 SDT_PROBE2(vfs, namecache, enter_negative, done, dvp,
2677 ncp->nc_name);
2678 }
2679
2680 /*
2681 * Insert the new namecache entry into the appropriate chain
2682 * within the cache entries table.
2683 */
2684 CK_SLIST_INSERT_HEAD(NCHHASH(hash), ncp, nc_hash);
2685
2686 atomic_thread_fence_rel();
2687 /*
2688 * Mark the entry as fully constructed.
2689 * It is immutable past this point until its removal.
2690 */
2691 atomic_store_char(&ncp->nc_flag, ncp->nc_flag & ~NCF_WIP);
2692
2693 cache_enter_unlock(&cel);
2694 if (ndd != NULL)
2695 cache_free(ndd);
2696 return;
2697 out_unlock_free:
2698 cache_enter_unlock(&cel);
2699 cache_free(ncp);
2700 return;
2701 }
2702
2703 /*
2704 * A variant of the above accepting flags.
2705 *
2706 * - VFS_CACHE_DROPOLD -- if a conflicting entry is found, drop it.
2707 *
2708 * TODO: this routine is a hack. It blindly removes the old entry, even if it
2709 * happens to match and it is doing it in an inefficient manner. It was added
2710 * to accommodate NFS which runs into a case where the target for a given name
2711 * may change from under it. Note this does nothing to solve the following
2712 * race: 2 callers of cache_enter_time_flags pass a different target vnode for
2713 * the same [dvp, cnp]. It may be argued that code doing this is broken.
2714 */
2715 void
cache_enter_time_flags(struct vnode * dvp,struct vnode * vp,struct componentname * cnp,struct timespec * tsp,struct timespec * dtsp,int flags)2716 cache_enter_time_flags(struct vnode *dvp, struct vnode *vp, struct componentname *cnp,
2717 struct timespec *tsp, struct timespec *dtsp, int flags)
2718 {
2719
2720 MPASS((flags & ~(VFS_CACHE_DROPOLD)) == 0);
2721
2722 if (flags & VFS_CACHE_DROPOLD)
2723 cache_remove_cnp(dvp, cnp);
2724 cache_enter_time(dvp, vp, cnp, tsp, dtsp);
2725 }
2726
2727 static u_long
cache_roundup_2(u_long val)2728 cache_roundup_2(u_long val)
2729 {
2730 u_long res;
2731
2732 for (res = 1; res <= val; res <<= 1)
2733 continue;
2734
2735 return (res);
2736 }
2737
2738 static struct nchashhead *
nchinittbl(u_long elements,u_long * hashmask)2739 nchinittbl(u_long elements, u_long *hashmask)
2740 {
2741 struct nchashhead *hashtbl;
2742 u_long hashsize, i;
2743
2744 hashsize = cache_roundup_2(elements) / 2;
2745
2746 hashtbl = malloc(hashsize * sizeof(*hashtbl), M_VFSCACHE, M_WAITOK);
2747 for (i = 0; i < hashsize; i++)
2748 CK_SLIST_INIT(&hashtbl[i]);
2749 *hashmask = hashsize - 1;
2750 return (hashtbl);
2751 }
2752
2753 static void
ncfreetbl(struct nchashhead * hashtbl)2754 ncfreetbl(struct nchashhead *hashtbl)
2755 {
2756
2757 free(hashtbl, M_VFSCACHE);
2758 }
2759
2760 /*
2761 * Name cache initialization, from vfs_init() when we are booting
2762 */
2763 static void
nchinit(void * dummy __unused)2764 nchinit(void *dummy __unused)
2765 {
2766 u_int i;
2767
2768 cache_zone_small = uma_zcreate("S VFS Cache", CACHE_ZONE_SMALL_SIZE,
2769 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2770 cache_zone_small_ts = uma_zcreate("STS VFS Cache", CACHE_ZONE_SMALL_TS_SIZE,
2771 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2772 cache_zone_large = uma_zcreate("L VFS Cache", CACHE_ZONE_LARGE_SIZE,
2773 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2774 cache_zone_large_ts = uma_zcreate("LTS VFS Cache", CACHE_ZONE_LARGE_TS_SIZE,
2775 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT);
2776
2777 VFS_SMR_ZONE_SET(cache_zone_small);
2778 VFS_SMR_ZONE_SET(cache_zone_small_ts);
2779 VFS_SMR_ZONE_SET(cache_zone_large);
2780 VFS_SMR_ZONE_SET(cache_zone_large_ts);
2781
2782 ncsize = desiredvnodes * ncsizefactor;
2783 cache_recalc_neg_min();
2784 nchashtbl = nchinittbl(ncsize, &nchash);
2785 ncbuckethash = cache_roundup_2(mp_ncpus * mp_ncpus) - 1;
2786 if (ncbuckethash < 7) /* arbitrarily chosen to avoid having one lock */
2787 ncbuckethash = 7;
2788 if (ncbuckethash > nchash)
2789 ncbuckethash = nchash;
2790 bucketlocks = malloc(sizeof(*bucketlocks) * numbucketlocks, M_VFSCACHE,
2791 M_WAITOK | M_ZERO);
2792 for (i = 0; i < numbucketlocks; i++)
2793 mtx_init(&bucketlocks[i], "ncbuc", NULL, MTX_DUPOK | MTX_RECURSE);
2794 ncvnodehash = ncbuckethash;
2795 vnodelocks = malloc(sizeof(*vnodelocks) * numvnodelocks, M_VFSCACHE,
2796 M_WAITOK | M_ZERO);
2797 for (i = 0; i < numvnodelocks; i++)
2798 mtx_init(&vnodelocks[i], "ncvn", NULL, MTX_DUPOK | MTX_RECURSE);
2799
2800 for (i = 0; i < numneglists; i++) {
2801 mtx_init(&neglists[i].nl_evict_lock, "ncnege", NULL, MTX_DEF);
2802 mtx_init(&neglists[i].nl_lock, "ncnegl", NULL, MTX_DEF);
2803 TAILQ_INIT(&neglists[i].nl_list);
2804 TAILQ_INIT(&neglists[i].nl_hotlist);
2805 }
2806 }
2807 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nchinit, NULL);
2808
2809 void
cache_vnode_init(struct vnode * vp)2810 cache_vnode_init(struct vnode *vp)
2811 {
2812
2813 LIST_INIT(&vp->v_cache_src);
2814 TAILQ_INIT(&vp->v_cache_dst);
2815 vp->v_cache_dd = NULL;
2816 cache_prehash(vp);
2817 }
2818
2819 /*
2820 * Induce transient cache misses for lockless operation in cache_lookup() by
2821 * using a temporary hash table.
2822 *
2823 * This will force a fs lookup.
2824 *
2825 * Synchronisation is done in 2 steps, calling vfs_smr_synchronize each time
2826 * to observe all CPUs not performing the lookup.
2827 */
2828 static void
cache_changesize_set_temp(struct nchashhead * temptbl,u_long temphash)2829 cache_changesize_set_temp(struct nchashhead *temptbl, u_long temphash)
2830 {
2831
2832 MPASS(temphash < nchash);
2833 /*
2834 * Change the size. The new size is smaller and can safely be used
2835 * against the existing table. All lookups which now hash wrong will
2836 * result in a cache miss, which all callers are supposed to know how
2837 * to handle.
2838 */
2839 atomic_store_long(&nchash, temphash);
2840 atomic_thread_fence_rel();
2841 vfs_smr_synchronize();
2842 /*
2843 * At this point everyone sees the updated hash value, but they still
2844 * see the old table.
2845 */
2846 atomic_store_ptr(&nchashtbl, temptbl);
2847 atomic_thread_fence_rel();
2848 vfs_smr_synchronize();
2849 /*
2850 * At this point everyone sees the updated table pointer and size pair.
2851 */
2852 }
2853
2854 /*
2855 * Set the new hash table.
2856 *
2857 * Similarly to cache_changesize_set_temp(), this has to synchronize against
2858 * lockless operation in cache_lookup().
2859 */
2860 static void
cache_changesize_set_new(struct nchashhead * new_tbl,u_long new_hash)2861 cache_changesize_set_new(struct nchashhead *new_tbl, u_long new_hash)
2862 {
2863
2864 MPASS(nchash < new_hash);
2865 /*
2866 * Change the pointer first. This wont result in out of bounds access
2867 * since the temporary table is guaranteed to be smaller.
2868 */
2869 atomic_store_ptr(&nchashtbl, new_tbl);
2870 atomic_thread_fence_rel();
2871 vfs_smr_synchronize();
2872 /*
2873 * At this point everyone sees the updated pointer value, but they
2874 * still see the old size.
2875 */
2876 atomic_store_long(&nchash, new_hash);
2877 atomic_thread_fence_rel();
2878 vfs_smr_synchronize();
2879 /*
2880 * At this point everyone sees the updated table pointer and size pair.
2881 */
2882 }
2883
2884 void
cache_changesize(u_long newmaxvnodes)2885 cache_changesize(u_long newmaxvnodes)
2886 {
2887 struct nchashhead *new_nchashtbl, *old_nchashtbl, *temptbl;
2888 u_long new_nchash, old_nchash, temphash;
2889 struct namecache *ncp;
2890 uint32_t hash;
2891 u_long newncsize;
2892 u_long i;
2893
2894 newncsize = newmaxvnodes * ncsizefactor;
2895 newmaxvnodes = cache_roundup_2(newmaxvnodes * 2);
2896 if (newmaxvnodes < numbucketlocks)
2897 newmaxvnodes = numbucketlocks;
2898
2899 new_nchashtbl = nchinittbl(newmaxvnodes, &new_nchash);
2900 /* If same hash table size, nothing to do */
2901 if (nchash == new_nchash) {
2902 ncfreetbl(new_nchashtbl);
2903 return;
2904 }
2905
2906 temptbl = nchinittbl(1, &temphash);
2907
2908 /*
2909 * Move everything from the old hash table to the new table.
2910 * None of the namecache entries in the table can be removed
2911 * because to do so, they have to be removed from the hash table.
2912 */
2913 cache_lock_all_vnodes();
2914 cache_lock_all_buckets();
2915 old_nchashtbl = nchashtbl;
2916 old_nchash = nchash;
2917 cache_changesize_set_temp(temptbl, temphash);
2918 for (i = 0; i <= old_nchash; i++) {
2919 while ((ncp = CK_SLIST_FIRST(&old_nchashtbl[i])) != NULL) {
2920 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen,
2921 ncp->nc_dvp);
2922 CK_SLIST_REMOVE(&old_nchashtbl[i], ncp, namecache, nc_hash);
2923 CK_SLIST_INSERT_HEAD(&new_nchashtbl[hash & new_nchash], ncp, nc_hash);
2924 }
2925 }
2926 ncsize = newncsize;
2927 cache_recalc_neg_min();
2928 cache_changesize_set_new(new_nchashtbl, new_nchash);
2929 cache_unlock_all_buckets();
2930 cache_unlock_all_vnodes();
2931 ncfreetbl(old_nchashtbl);
2932 ncfreetbl(temptbl);
2933 }
2934
2935 /*
2936 * Remove all entries from and to a particular vnode.
2937 */
2938 static void
cache_purge_impl(struct vnode * vp)2939 cache_purge_impl(struct vnode *vp)
2940 {
2941 struct cache_freebatch batch;
2942 struct namecache *ncp;
2943 struct mtx *vlp, *vlp2;
2944
2945 TAILQ_INIT(&batch);
2946 vlp = VP2VNODELOCK(vp);
2947 vlp2 = NULL;
2948 mtx_lock(vlp);
2949 retry:
2950 while (!LIST_EMPTY(&vp->v_cache_src)) {
2951 ncp = LIST_FIRST(&vp->v_cache_src);
2952 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2))
2953 goto retry;
2954 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2955 }
2956 while (!TAILQ_EMPTY(&vp->v_cache_dst)) {
2957 ncp = TAILQ_FIRST(&vp->v_cache_dst);
2958 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2))
2959 goto retry;
2960 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2961 }
2962 ncp = vp->v_cache_dd;
2963 if (ncp != NULL) {
2964 KASSERT(ncp->nc_flag & NCF_ISDOTDOT,
2965 ("lost dotdot link"));
2966 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2))
2967 goto retry;
2968 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
2969 }
2970 KASSERT(vp->v_cache_dd == NULL, ("incomplete purge"));
2971 mtx_unlock(vlp);
2972 if (vlp2 != NULL)
2973 mtx_unlock(vlp2);
2974 cache_free_batch(&batch);
2975 }
2976
2977 /*
2978 * Opportunistic check to see if there is anything to do.
2979 */
2980 static bool
cache_has_entries(struct vnode * vp)2981 cache_has_entries(struct vnode *vp)
2982 {
2983
2984 if (LIST_EMPTY(&vp->v_cache_src) && TAILQ_EMPTY(&vp->v_cache_dst) &&
2985 atomic_load_ptr(&vp->v_cache_dd) == NULL)
2986 return (false);
2987 return (true);
2988 }
2989
2990 void
cache_purge(struct vnode * vp)2991 cache_purge(struct vnode *vp)
2992 {
2993
2994 SDT_PROBE1(vfs, namecache, purge, done, vp);
2995 if (!cache_has_entries(vp))
2996 return;
2997 cache_purge_impl(vp);
2998 }
2999
3000 /*
3001 * Only to be used by vgone.
3002 */
3003 void
cache_purge_vgone(struct vnode * vp)3004 cache_purge_vgone(struct vnode *vp)
3005 {
3006 struct mtx *vlp;
3007
3008 VNPASS(VN_IS_DOOMED(vp), vp);
3009 if (cache_has_entries(vp)) {
3010 cache_purge_impl(vp);
3011 return;
3012 }
3013
3014 /*
3015 * Serialize against a potential thread doing cache_purge.
3016 */
3017 vlp = VP2VNODELOCK(vp);
3018 mtx_wait_unlocked(vlp);
3019 if (cache_has_entries(vp)) {
3020 cache_purge_impl(vp);
3021 return;
3022 }
3023 return;
3024 }
3025
3026 /*
3027 * Remove all negative entries for a particular directory vnode.
3028 */
3029 void
cache_purge_negative(struct vnode * vp)3030 cache_purge_negative(struct vnode *vp)
3031 {
3032 struct cache_freebatch batch;
3033 struct namecache *ncp, *nnp;
3034 struct mtx *vlp;
3035
3036 SDT_PROBE1(vfs, namecache, purge_negative, done, vp);
3037 if (LIST_EMPTY(&vp->v_cache_src))
3038 return;
3039 TAILQ_INIT(&batch);
3040 vlp = VP2VNODELOCK(vp);
3041 mtx_lock(vlp);
3042 LIST_FOREACH_SAFE(ncp, &vp->v_cache_src, nc_src, nnp) {
3043 if (!(ncp->nc_flag & NCF_NEGATIVE))
3044 continue;
3045 cache_zap_negative_locked_vnode_kl(ncp, vp);
3046 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst);
3047 }
3048 mtx_unlock(vlp);
3049 cache_free_batch(&batch);
3050 }
3051
3052 /*
3053 * Entry points for modifying VOP operations.
3054 */
3055 void
cache_vop_rename(struct vnode * fdvp,struct vnode * fvp,struct vnode * tdvp,struct vnode * tvp,struct componentname * fcnp,struct componentname * tcnp)3056 cache_vop_rename(struct vnode *fdvp, struct vnode *fvp, struct vnode *tdvp,
3057 struct vnode *tvp, struct componentname *fcnp, struct componentname *tcnp)
3058 {
3059
3060 ASSERT_VOP_IN_SEQC(fdvp);
3061 ASSERT_VOP_IN_SEQC(fvp);
3062 ASSERT_VOP_IN_SEQC(tdvp);
3063 if (tvp != NULL)
3064 ASSERT_VOP_IN_SEQC(tvp);
3065
3066 cache_purge(fvp);
3067 if (tvp != NULL) {
3068 cache_purge(tvp);
3069 KASSERT(!cache_remove_cnp(tdvp, tcnp),
3070 ("%s: lingering negative entry", __func__));
3071 } else {
3072 cache_remove_cnp(tdvp, tcnp);
3073 }
3074
3075 /*
3076 * TODO
3077 *
3078 * Historically renaming was always purging all revelang entries,
3079 * but that's quite wasteful. In particular turns out that in many cases
3080 * the target file is immediately accessed after rename, inducing a cache
3081 * miss.
3082 *
3083 * Recode this to reduce relocking and reuse the existing entry (if any)
3084 * instead of just removing it above and allocating a new one here.
3085 */
3086 cache_enter(tdvp, fvp, tcnp);
3087 }
3088
3089 void
cache_vop_rmdir(struct vnode * dvp,struct vnode * vp)3090 cache_vop_rmdir(struct vnode *dvp, struct vnode *vp)
3091 {
3092
3093 ASSERT_VOP_IN_SEQC(dvp);
3094 ASSERT_VOP_IN_SEQC(vp);
3095 cache_purge(vp);
3096 }
3097
3098 #ifdef INVARIANTS
3099 /*
3100 * Validate that if an entry exists it matches.
3101 */
3102 void
cache_validate(struct vnode * dvp,struct vnode * vp,struct componentname * cnp)3103 cache_validate(struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
3104 {
3105 struct namecache *ncp;
3106 struct mtx *blp;
3107 uint32_t hash;
3108
3109 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp);
3110 if (CK_SLIST_EMPTY(NCHHASH(hash)))
3111 return;
3112 blp = HASH2BUCKETLOCK(hash);
3113 mtx_lock(blp);
3114 ncp = cache_ncp_find(dvp, cnp, hash);
3115 if (ncp != NULL && ncp->nc_vp != vp) {
3116 panic("%s: mismatch (%p != %p); ncp %p [%s] dvp %p\n",
3117 __func__, vp, ncp->nc_vp, ncp, ncp->nc_name, ncp->nc_dvp);
3118 }
3119 mtx_unlock(blp);
3120 }
3121
3122 void
cache_assert_no_entries(struct vnode * vp)3123 cache_assert_no_entries(struct vnode *vp)
3124 {
3125
3126 VNPASS(TAILQ_EMPTY(&vp->v_cache_dst), vp);
3127 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp);
3128 VNPASS(vp->v_cache_dd == NULL, vp);
3129 }
3130 #endif
3131
3132 /*
3133 * Flush all entries referencing a particular filesystem.
3134 */
3135 void
cache_purgevfs(struct mount * mp)3136 cache_purgevfs(struct mount *mp)
3137 {
3138 struct vnode *vp, *mvp;
3139 size_t visited __sdt_used, purged __sdt_used;
3140
3141 visited = purged = 0;
3142 /*
3143 * Somewhat wasteful iteration over all vnodes. Would be better to
3144 * support filtering and avoid the interlock to begin with.
3145 */
3146 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
3147 visited++;
3148 if (!cache_has_entries(vp)) {
3149 VI_UNLOCK(vp);
3150 continue;
3151 }
3152 vholdl(vp);
3153 VI_UNLOCK(vp);
3154 cache_purge(vp);
3155 purged++;
3156 vdrop(vp);
3157 }
3158
3159 SDT_PROBE3(vfs, namecache, purgevfs, done, mp, visited, purged);
3160 }
3161
3162 /*
3163 * Perform canonical checks and cache lookup and pass on to filesystem
3164 * through the vop_cachedlookup only if needed.
3165 */
3166
3167 int
vfs_cache_lookup(struct vop_lookup_args * ap)3168 vfs_cache_lookup(struct vop_lookup_args *ap)
3169 {
3170 struct vnode *dvp;
3171 int error;
3172 struct vnode **vpp = ap->a_vpp;
3173 struct componentname *cnp = ap->a_cnp;
3174 int flags = cnp->cn_flags;
3175
3176 *vpp = NULL;
3177 dvp = ap->a_dvp;
3178
3179 if (dvp->v_type != VDIR)
3180 return (ENOTDIR);
3181
3182 if ((flags & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) &&
3183 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME))
3184 return (EROFS);
3185
3186 error = vn_dir_check_exec(dvp, cnp);
3187 if (error != 0)
3188 return (error);
3189
3190 error = cache_lookup(dvp, vpp, cnp, NULL, NULL);
3191 if (error == 0)
3192 return (VOP_CACHEDLOOKUP(dvp, vpp, cnp));
3193 if (error == -1)
3194 return (0);
3195 return (error);
3196 }
3197
3198 /* Implementation of the getcwd syscall. */
3199 int
sys___getcwd(struct thread * td,struct __getcwd_args * uap)3200 sys___getcwd(struct thread *td, struct __getcwd_args *uap)
3201 {
3202 char *buf, *retbuf;
3203 size_t buflen;
3204 int error;
3205
3206 buflen = uap->buflen;
3207 if (__predict_false(buflen < 2))
3208 return (EINVAL);
3209 if (buflen > MAXPATHLEN)
3210 buflen = MAXPATHLEN;
3211
3212 buf = uma_zalloc(namei_zone, M_WAITOK);
3213 error = vn_getcwd(buf, &retbuf, &buflen);
3214 if (error == 0)
3215 error = copyout(retbuf, uap->buf, buflen);
3216 uma_zfree(namei_zone, buf);
3217 return (error);
3218 }
3219
3220 int
vn_getcwd(char * buf,char ** retbuf,size_t * buflen)3221 vn_getcwd(char *buf, char **retbuf, size_t *buflen)
3222 {
3223 struct pwd *pwd;
3224 int error;
3225
3226 vfs_smr_enter();
3227 pwd = pwd_get_smr();
3228 error = vn_fullpath_any_smr(pwd->pwd_cdir, pwd->pwd_rdir, buf, retbuf,
3229 buflen, 0);
3230 VFS_SMR_ASSERT_NOT_ENTERED();
3231 if (error < 0) {
3232 pwd = pwd_hold(curthread);
3233 error = vn_fullpath_any(pwd->pwd_cdir, pwd->pwd_rdir, buf,
3234 retbuf, buflen);
3235 pwd_drop(pwd);
3236 }
3237
3238 #ifdef KTRACE
3239 if (KTRPOINT(curthread, KTR_NAMEI) && error == 0)
3240 ktrnamei(*retbuf);
3241 #endif
3242 return (error);
3243 }
3244
3245 /*
3246 * Canonicalize a path by walking it forward and back.
3247 *
3248 * BUGS:
3249 * - Nothing guarantees the integrity of the entire chain. Consider the case
3250 * where the path "foo/bar/baz/qux" is passed, but "bar" is moved out of
3251 * "foo" into "quux" during the backwards walk. The result will be
3252 * "quux/bar/baz/qux", which could not have been obtained by an incremental
3253 * walk in userspace. Moreover, the path we return is inaccessible if the
3254 * calling thread lacks permission to traverse "quux".
3255 */
3256 static int
kern___realpathat(struct thread * td,int fd,const char * path,char * buf,size_t size,int flags,enum uio_seg pathseg)3257 kern___realpathat(struct thread *td, int fd, const char *path, char *buf,
3258 size_t size, int flags, enum uio_seg pathseg)
3259 {
3260 struct nameidata nd;
3261 char *retbuf, *freebuf;
3262 int error;
3263
3264 if (flags != 0)
3265 return (EINVAL);
3266 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | WANTPARENT | AUDITVNODE1,
3267 pathseg, path, fd, &cap_fstat_rights);
3268 if ((error = namei(&nd)) != 0)
3269 return (error);
3270
3271 if (nd.ni_vp->v_type == VREG && nd.ni_dvp->v_type != VDIR &&
3272 (nd.ni_vp->v_vflag & VV_ROOT) != 0) {
3273 struct vnode *covered_vp;
3274
3275 /*
3276 * This happens if vp is a file mount. The call to
3277 * vn_fullpath_hardlink can panic if path resolution can't be
3278 * handled without the directory.
3279 *
3280 * To resolve this, we find the vnode which was mounted on -
3281 * this should have a unique global path since we disallow
3282 * mounting on linked files.
3283 */
3284 error = vn_lock(nd.ni_vp, LK_SHARED);
3285 if (error != 0)
3286 goto out;
3287 covered_vp = nd.ni_vp->v_mount->mnt_vnodecovered;
3288 vref(covered_vp);
3289 VOP_UNLOCK(nd.ni_vp);
3290 error = vn_fullpath(covered_vp, &retbuf, &freebuf);
3291 vrele(covered_vp);
3292 } else {
3293 error = vn_fullpath_hardlink(nd.ni_vp, nd.ni_dvp,
3294 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, &retbuf,
3295 &freebuf, &size);
3296 }
3297 if (error == 0) {
3298 size_t len;
3299
3300 len = strlen(retbuf) + 1;
3301 if (size < len)
3302 error = ENAMETOOLONG;
3303 else if (pathseg == UIO_USERSPACE)
3304 error = copyout(retbuf, buf, len);
3305 else
3306 memcpy(buf, retbuf, len);
3307 free(freebuf, M_TEMP);
3308 }
3309 out:
3310 vrele(nd.ni_vp);
3311 vrele(nd.ni_dvp);
3312 NDFREE_PNBUF(&nd);
3313 return (error);
3314 }
3315
3316 int
sys___realpathat(struct thread * td,struct __realpathat_args * uap)3317 sys___realpathat(struct thread *td, struct __realpathat_args *uap)
3318 {
3319
3320 return (kern___realpathat(td, uap->fd, uap->path, uap->buf, uap->size,
3321 uap->flags, UIO_USERSPACE));
3322 }
3323
3324 /*
3325 * Retrieve the full filesystem path that correspond to a vnode from the name
3326 * cache (if available)
3327 */
3328 int
vn_fullpath(struct vnode * vp,char ** retbuf,char ** freebuf)3329 vn_fullpath(struct vnode *vp, char **retbuf, char **freebuf)
3330 {
3331 struct pwd *pwd;
3332 char *buf;
3333 size_t buflen;
3334 int error;
3335
3336 if (__predict_false(vp == NULL))
3337 return (EINVAL);
3338
3339 buflen = MAXPATHLEN;
3340 buf = malloc(buflen, M_TEMP, M_WAITOK);
3341 vfs_smr_enter();
3342 pwd = pwd_get_smr();
3343 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, &buflen, 0);
3344 VFS_SMR_ASSERT_NOT_ENTERED();
3345 if (error < 0) {
3346 pwd = pwd_hold(curthread);
3347 error = vn_fullpath_any(vp, pwd->pwd_rdir, buf, retbuf, &buflen);
3348 pwd_drop(pwd);
3349 }
3350 if (error == 0)
3351 *freebuf = buf;
3352 else
3353 free(buf, M_TEMP);
3354 return (error);
3355 }
3356
3357 /*
3358 * This function is similar to vn_fullpath, but it attempts to lookup the
3359 * pathname relative to the global root mount point. This is required for the
3360 * auditing sub-system, as audited pathnames must be absolute, relative to the
3361 * global root mount point.
3362 */
3363 int
vn_fullpath_global(struct vnode * vp,char ** retbuf,char ** freebuf)3364 vn_fullpath_global(struct vnode *vp, char **retbuf, char **freebuf)
3365 {
3366 char *buf;
3367 size_t buflen;
3368 int error;
3369
3370 if (__predict_false(vp == NULL))
3371 return (EINVAL);
3372 buflen = MAXPATHLEN;
3373 buf = malloc(buflen, M_TEMP, M_WAITOK);
3374 vfs_smr_enter();
3375 error = vn_fullpath_any_smr(vp, rootvnode, buf, retbuf, &buflen, 0);
3376 VFS_SMR_ASSERT_NOT_ENTERED();
3377 if (error < 0) {
3378 error = vn_fullpath_any(vp, rootvnode, buf, retbuf, &buflen);
3379 }
3380 if (error == 0)
3381 *freebuf = buf;
3382 else
3383 free(buf, M_TEMP);
3384 return (error);
3385 }
3386
3387 static struct namecache *
vn_dd_from_dst(struct vnode * vp)3388 vn_dd_from_dst(struct vnode *vp)
3389 {
3390 struct namecache *ncp;
3391
3392 cache_assert_vnode_locked(vp);
3393 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) {
3394 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0)
3395 return (ncp);
3396 }
3397 return (NULL);
3398 }
3399
3400 int
vn_vptocnp(struct vnode ** vp,char * buf,size_t * buflen)3401 vn_vptocnp(struct vnode **vp, char *buf, size_t *buflen)
3402 {
3403 struct vnode *dvp;
3404 struct namecache *ncp;
3405 struct mtx *vlp;
3406 int error;
3407
3408 vlp = VP2VNODELOCK(*vp);
3409 mtx_lock(vlp);
3410 ncp = (*vp)->v_cache_dd;
3411 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT) == 0) {
3412 KASSERT(ncp == vn_dd_from_dst(*vp),
3413 ("%s: mismatch for dd entry (%p != %p)", __func__,
3414 ncp, vn_dd_from_dst(*vp)));
3415 } else {
3416 ncp = vn_dd_from_dst(*vp);
3417 }
3418 if (ncp != NULL) {
3419 if (*buflen < ncp->nc_nlen) {
3420 mtx_unlock(vlp);
3421 vrele(*vp);
3422 counter_u64_add(numfullpathfail4, 1);
3423 error = ENOMEM;
3424 SDT_PROBE3(vfs, namecache, fullpath, return, error,
3425 vp, NULL);
3426 return (error);
3427 }
3428 *buflen -= ncp->nc_nlen;
3429 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen);
3430 SDT_PROBE3(vfs, namecache, fullpath, hit, ncp->nc_dvp,
3431 ncp->nc_name, vp);
3432 dvp = *vp;
3433 *vp = ncp->nc_dvp;
3434 vref(*vp);
3435 mtx_unlock(vlp);
3436 vrele(dvp);
3437 return (0);
3438 }
3439 SDT_PROBE1(vfs, namecache, fullpath, miss, vp);
3440
3441 mtx_unlock(vlp);
3442 vn_lock(*vp, LK_SHARED | LK_RETRY);
3443 error = VOP_VPTOCNP(*vp, &dvp, buf, buflen);
3444 vput(*vp);
3445 if (error) {
3446 counter_u64_add(numfullpathfail2, 1);
3447 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL);
3448 return (error);
3449 }
3450
3451 *vp = dvp;
3452 if (VN_IS_DOOMED(dvp)) {
3453 /* forced unmount */
3454 vrele(dvp);
3455 error = ENOENT;
3456 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL);
3457 return (error);
3458 }
3459 /*
3460 * *vp has its use count incremented still.
3461 */
3462
3463 return (0);
3464 }
3465
3466 /*
3467 * Resolve a directory to a pathname.
3468 *
3469 * The name of the directory can always be found in the namecache or fetched
3470 * from the filesystem. There is also guaranteed to be only one parent, meaning
3471 * we can just follow vnodes up until we find the root.
3472 *
3473 * The vnode must be referenced.
3474 */
3475 static int
vn_fullpath_dir(struct vnode * vp,struct vnode * rdir,char * buf,char ** retbuf,size_t * len,size_t addend)3476 vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf,
3477 size_t *len, size_t addend)
3478 {
3479 #ifdef KDTRACE_HOOKS
3480 struct vnode *startvp = vp;
3481 #endif
3482 struct vnode *vp1;
3483 size_t buflen;
3484 int error;
3485 bool slash_prefixed;
3486
3487 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp);
3488 VNPASS(vp->v_usecount > 0, vp);
3489
3490 buflen = *len;
3491
3492 slash_prefixed = true;
3493 if (addend == 0) {
3494 MPASS(*len >= 2);
3495 buflen--;
3496 buf[buflen] = '\0';
3497 slash_prefixed = false;
3498 }
3499
3500 error = 0;
3501
3502 SDT_PROBE1(vfs, namecache, fullpath, entry, vp);
3503 counter_u64_add(numfullpathcalls, 1);
3504 while (vp != rdir && vp != rootvnode) {
3505 /*
3506 * The vp vnode must be already fully constructed,
3507 * since it is either found in namecache or obtained
3508 * from VOP_VPTOCNP(). We may test for VV_ROOT safely
3509 * without obtaining the vnode lock.
3510 */
3511 if ((vp->v_vflag & VV_ROOT) != 0) {
3512 vn_lock(vp, LK_RETRY | LK_SHARED);
3513
3514 /*
3515 * With the vnode locked, check for races with
3516 * unmount, forced or not. Note that we
3517 * already verified that vp is not equal to
3518 * the root vnode, which means that
3519 * mnt_vnodecovered can be NULL only for the
3520 * case of unmount.
3521 */
3522 if (VN_IS_DOOMED(vp) ||
3523 (vp1 = vp->v_mount->mnt_vnodecovered) == NULL ||
3524 vp1->v_mountedhere != vp->v_mount) {
3525 vput(vp);
3526 error = ENOENT;
3527 SDT_PROBE3(vfs, namecache, fullpath, return,
3528 error, vp, NULL);
3529 break;
3530 }
3531
3532 vref(vp1);
3533 vput(vp);
3534 vp = vp1;
3535 continue;
3536 }
3537 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp);
3538 error = vn_vptocnp(&vp, buf, &buflen);
3539 if (error)
3540 break;
3541 if (buflen == 0) {
3542 vrele(vp);
3543 error = ENOMEM;
3544 SDT_PROBE3(vfs, namecache, fullpath, return, error,
3545 startvp, NULL);
3546 break;
3547 }
3548 buf[--buflen] = '/';
3549 slash_prefixed = true;
3550 }
3551 if (error)
3552 return (error);
3553 if (!slash_prefixed) {
3554 if (buflen == 0) {
3555 vrele(vp);
3556 counter_u64_add(numfullpathfail4, 1);
3557 SDT_PROBE3(vfs, namecache, fullpath, return, ENOMEM,
3558 startvp, NULL);
3559 return (ENOMEM);
3560 }
3561 buf[--buflen] = '/';
3562 }
3563 counter_u64_add(numfullpathfound, 1);
3564 vrele(vp);
3565
3566 *retbuf = buf + buflen;
3567 SDT_PROBE3(vfs, namecache, fullpath, return, 0, startvp, *retbuf);
3568 *len -= buflen;
3569 *len += addend;
3570 return (0);
3571 }
3572
3573 /*
3574 * Resolve an arbitrary vnode to a pathname.
3575 *
3576 * Note 2 caveats:
3577 * - hardlinks are not tracked, thus if the vnode is not a directory this can
3578 * resolve to a different path than the one used to find it
3579 * - namecache is not mandatory, meaning names are not guaranteed to be added
3580 * (in which case resolving fails)
3581 */
3582 static void __inline
cache_rev_failed_impl(int * reason,int line)3583 cache_rev_failed_impl(int *reason, int line)
3584 {
3585
3586 *reason = line;
3587 }
3588 #define cache_rev_failed(var) cache_rev_failed_impl((var), __LINE__)
3589
3590 static int
vn_fullpath_any_smr(struct vnode * vp,struct vnode * rdir,char * buf,char ** retbuf,size_t * buflen,size_t addend)3591 vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf,
3592 char **retbuf, size_t *buflen, size_t addend)
3593 {
3594 #ifdef KDTRACE_HOOKS
3595 struct vnode *startvp = vp;
3596 #endif
3597 struct vnode *tvp;
3598 struct mount *mp;
3599 struct namecache *ncp;
3600 size_t orig_buflen;
3601 int reason;
3602 int error;
3603 #ifdef KDTRACE_HOOKS
3604 int i;
3605 #endif
3606 seqc_t vp_seqc, tvp_seqc;
3607 u_char nc_flag;
3608
3609 VFS_SMR_ASSERT_ENTERED();
3610
3611 if (!atomic_load_char(&cache_fast_lookup_enabled)) {
3612 vfs_smr_exit();
3613 return (-1);
3614 }
3615
3616 orig_buflen = *buflen;
3617
3618 if (addend == 0) {
3619 MPASS(*buflen >= 2);
3620 *buflen -= 1;
3621 buf[*buflen] = '\0';
3622 }
3623
3624 if (vp == rdir || vp == rootvnode) {
3625 if (addend == 0) {
3626 *buflen -= 1;
3627 buf[*buflen] = '/';
3628 }
3629 goto out_ok;
3630 }
3631
3632 #ifdef KDTRACE_HOOKS
3633 i = 0;
3634 #endif
3635 error = -1;
3636 ncp = NULL; /* for sdt probe down below */
3637 vp_seqc = vn_seqc_read_any(vp);
3638 if (seqc_in_modify(vp_seqc)) {
3639 cache_rev_failed(&reason);
3640 goto out_abort;
3641 }
3642
3643 for (;;) {
3644 #ifdef KDTRACE_HOOKS
3645 i++;
3646 #endif
3647 if ((vp->v_vflag & VV_ROOT) != 0) {
3648 mp = atomic_load_ptr(&vp->v_mount);
3649 if (mp == NULL) {
3650 cache_rev_failed(&reason);
3651 goto out_abort;
3652 }
3653 tvp = atomic_load_ptr(&mp->mnt_vnodecovered);
3654 tvp_seqc = vn_seqc_read_any(tvp);
3655 if (seqc_in_modify(tvp_seqc)) {
3656 cache_rev_failed(&reason);
3657 goto out_abort;
3658 }
3659 if (!vn_seqc_consistent(vp, vp_seqc)) {
3660 cache_rev_failed(&reason);
3661 goto out_abort;
3662 }
3663 vp = tvp;
3664 vp_seqc = tvp_seqc;
3665 continue;
3666 }
3667 ncp = atomic_load_consume_ptr(&vp->v_cache_dd);
3668 if (ncp == NULL) {
3669 cache_rev_failed(&reason);
3670 goto out_abort;
3671 }
3672 nc_flag = atomic_load_char(&ncp->nc_flag);
3673 if ((nc_flag & NCF_ISDOTDOT) != 0) {
3674 cache_rev_failed(&reason);
3675 goto out_abort;
3676 }
3677 if (ncp->nc_nlen >= *buflen) {
3678 cache_rev_failed(&reason);
3679 error = ENOMEM;
3680 goto out_abort;
3681 }
3682 *buflen -= ncp->nc_nlen;
3683 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen);
3684 *buflen -= 1;
3685 buf[*buflen] = '/';
3686 tvp = ncp->nc_dvp;
3687 tvp_seqc = vn_seqc_read_any(tvp);
3688 if (seqc_in_modify(tvp_seqc)) {
3689 cache_rev_failed(&reason);
3690 goto out_abort;
3691 }
3692 if (!vn_seqc_consistent(vp, vp_seqc)) {
3693 cache_rev_failed(&reason);
3694 goto out_abort;
3695 }
3696 /*
3697 * Acquire fence provided by vn_seqc_read_any above.
3698 */
3699 if (__predict_false(atomic_load_ptr(&vp->v_cache_dd) != ncp)) {
3700 cache_rev_failed(&reason);
3701 goto out_abort;
3702 }
3703 if (!cache_ncp_canuse(ncp)) {
3704 cache_rev_failed(&reason);
3705 goto out_abort;
3706 }
3707 vp = tvp;
3708 vp_seqc = tvp_seqc;
3709 if (vp == rdir || vp == rootvnode)
3710 break;
3711 }
3712 out_ok:
3713 vfs_smr_exit();
3714 *retbuf = buf + *buflen;
3715 *buflen = orig_buflen - *buflen + addend;
3716 SDT_PROBE2(vfs, namecache, fullpath_smr, hit, startvp, *retbuf);
3717 return (0);
3718
3719 out_abort:
3720 *buflen = orig_buflen;
3721 SDT_PROBE4(vfs, namecache, fullpath_smr, miss, startvp, ncp, reason, i);
3722 vfs_smr_exit();
3723 return (error);
3724 }
3725
3726 static int
vn_fullpath_any(struct vnode * vp,struct vnode * rdir,char * buf,char ** retbuf,size_t * buflen)3727 vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf,
3728 size_t *buflen)
3729 {
3730 size_t orig_buflen, addend;
3731 int error;
3732
3733 if (*buflen < 2)
3734 return (EINVAL);
3735
3736 orig_buflen = *buflen;
3737
3738 vref(vp);
3739 addend = 0;
3740 if (vp->v_type != VDIR) {
3741 *buflen -= 1;
3742 buf[*buflen] = '\0';
3743 error = vn_vptocnp(&vp, buf, buflen);
3744 if (error)
3745 return (error);
3746 if (*buflen == 0) {
3747 vrele(vp);
3748 return (ENOMEM);
3749 }
3750 *buflen -= 1;
3751 buf[*buflen] = '/';
3752 addend = orig_buflen - *buflen;
3753 }
3754
3755 return (vn_fullpath_dir(vp, rdir, buf, retbuf, buflen, addend));
3756 }
3757
3758 /*
3759 * Resolve an arbitrary vnode to a pathname (taking care of hardlinks).
3760 *
3761 * Since the namecache does not track hardlinks, the caller is expected to
3762 * first look up the target vnode with WANTPARENT flag passed to namei to get
3763 * dvp and vp.
3764 *
3765 * Then we have 2 cases:
3766 * - if the found vnode is a directory, the path can be constructed just by
3767 * following names up the chain
3768 * - otherwise we populate the buffer with the saved name and start resolving
3769 * from the parent
3770 */
3771 int
vn_fullpath_hardlink(struct vnode * vp,struct vnode * dvp,const char * hrdl_name,size_t hrdl_name_length,char ** retbuf,char ** freebuf,size_t * buflen)3772 vn_fullpath_hardlink(struct vnode *vp, struct vnode *dvp,
3773 const char *hrdl_name, size_t hrdl_name_length,
3774 char **retbuf, char **freebuf, size_t *buflen)
3775 {
3776 char *buf, *tmpbuf;
3777 struct pwd *pwd;
3778 size_t addend;
3779 int error;
3780 __enum_uint8(vtype) type;
3781
3782 if (*buflen < 2)
3783 return (EINVAL);
3784 if (*buflen > MAXPATHLEN)
3785 *buflen = MAXPATHLEN;
3786
3787 buf = malloc(*buflen, M_TEMP, M_WAITOK);
3788
3789 addend = 0;
3790
3791 /*
3792 * Check for VBAD to work around the vp_crossmp bug in lookup().
3793 *
3794 * For example consider tmpfs on /tmp and realpath /tmp. ni_vp will be
3795 * set to mount point's root vnode while ni_dvp will be vp_crossmp.
3796 * If the type is VDIR (like in this very case) we can skip looking
3797 * at ni_dvp in the first place. However, since vnodes get passed here
3798 * unlocked the target may transition to doomed state (type == VBAD)
3799 * before we get to evaluate the condition. If this happens, we will
3800 * populate part of the buffer and descend to vn_fullpath_dir with
3801 * vp == vp_crossmp. Prevent the problem by checking for VBAD.
3802 */
3803 type = atomic_load_8(&vp->v_type);
3804 if (type == VBAD) {
3805 error = ENOENT;
3806 goto out_bad;
3807 }
3808 if (type != VDIR) {
3809 addend = hrdl_name_length + 2;
3810 if (*buflen < addend) {
3811 error = ENOMEM;
3812 goto out_bad;
3813 }
3814 *buflen -= addend;
3815 tmpbuf = buf + *buflen;
3816 tmpbuf[0] = '/';
3817 memcpy(&tmpbuf[1], hrdl_name, hrdl_name_length);
3818 tmpbuf[addend - 1] = '\0';
3819 vp = dvp;
3820 }
3821
3822 vfs_smr_enter();
3823 pwd = pwd_get_smr();
3824 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, buflen,
3825 addend);
3826 VFS_SMR_ASSERT_NOT_ENTERED();
3827 if (error < 0) {
3828 pwd = pwd_hold(curthread);
3829 vref(vp);
3830 error = vn_fullpath_dir(vp, pwd->pwd_rdir, buf, retbuf, buflen,
3831 addend);
3832 pwd_drop(pwd);
3833 }
3834 if (error != 0)
3835 goto out_bad;
3836
3837 *freebuf = buf;
3838
3839 return (0);
3840 out_bad:
3841 free(buf, M_TEMP);
3842 return (error);
3843 }
3844
3845 struct vnode *
vn_dir_dd_ino(struct vnode * vp)3846 vn_dir_dd_ino(struct vnode *vp)
3847 {
3848 struct namecache *ncp;
3849 struct vnode *ddvp;
3850 struct mtx *vlp;
3851 enum vgetstate vs;
3852
3853 ASSERT_VOP_LOCKED(vp, "vn_dir_dd_ino");
3854 vlp = VP2VNODELOCK(vp);
3855 mtx_lock(vlp);
3856 TAILQ_FOREACH(ncp, &(vp->v_cache_dst), nc_dst) {
3857 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0)
3858 continue;
3859 ddvp = ncp->nc_dvp;
3860 vs = vget_prep(ddvp);
3861 mtx_unlock(vlp);
3862 if (vget_finish(ddvp, LK_SHARED | LK_NOWAIT, vs))
3863 return (NULL);
3864 return (ddvp);
3865 }
3866 mtx_unlock(vlp);
3867 return (NULL);
3868 }
3869
3870 int
vn_commname(struct vnode * vp,char * buf,u_int buflen)3871 vn_commname(struct vnode *vp, char *buf, u_int buflen)
3872 {
3873 struct namecache *ncp;
3874 struct mtx *vlp;
3875 int l;
3876
3877 vlp = VP2VNODELOCK(vp);
3878 mtx_lock(vlp);
3879 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst)
3880 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0)
3881 break;
3882 if (ncp == NULL) {
3883 mtx_unlock(vlp);
3884 return (ENOENT);
3885 }
3886 l = min(ncp->nc_nlen, buflen - 1);
3887 memcpy(buf, ncp->nc_name, l);
3888 mtx_unlock(vlp);
3889 buf[l] = '\0';
3890 return (0);
3891 }
3892
3893 /*
3894 * This function updates path string to vnode's full global path
3895 * and checks the size of the new path string against the pathlen argument.
3896 *
3897 * Requires a locked, referenced vnode.
3898 * Vnode is re-locked on success or ENODEV, otherwise unlocked.
3899 *
3900 * If vp is a directory, the call to vn_fullpath_global() always succeeds
3901 * because it falls back to the ".." lookup if the namecache lookup fails.
3902 */
3903 int
vn_path_to_global_path(struct thread * td,struct vnode * vp,char * path,u_int pathlen)3904 vn_path_to_global_path(struct thread *td, struct vnode *vp, char *path,
3905 u_int pathlen)
3906 {
3907 struct nameidata nd;
3908 struct vnode *vp1;
3909 char *rpath, *fbuf;
3910 int error;
3911
3912 ASSERT_VOP_ELOCKED(vp, __func__);
3913
3914 /* Construct global filesystem path from vp. */
3915 VOP_UNLOCK(vp);
3916 error = vn_fullpath_global(vp, &rpath, &fbuf);
3917
3918 if (error != 0) {
3919 vrele(vp);
3920 return (error);
3921 }
3922
3923 if (strlen(rpath) >= pathlen) {
3924 vrele(vp);
3925 error = ENAMETOOLONG;
3926 goto out;
3927 }
3928
3929 /*
3930 * Re-lookup the vnode by path to detect a possible rename.
3931 * As a side effect, the vnode is relocked.
3932 * If vnode was renamed, return ENOENT.
3933 */
3934 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path);
3935 error = namei(&nd);
3936 if (error != 0) {
3937 vrele(vp);
3938 goto out;
3939 }
3940 NDFREE_PNBUF(&nd);
3941 vp1 = nd.ni_vp;
3942 vrele(vp);
3943 if (vp1 == vp)
3944 strcpy(path, rpath);
3945 else {
3946 vput(vp1);
3947 error = ENOENT;
3948 }
3949
3950 out:
3951 free(fbuf, M_TEMP);
3952 return (error);
3953 }
3954
3955 /*
3956 * This is similar to vn_path_to_global_path but allows for regular
3957 * files which may not be present in the cache.
3958 *
3959 * Requires a locked, referenced vnode.
3960 * Vnode is re-locked on success or ENODEV, otherwise unlocked.
3961 */
3962 int
vn_path_to_global_path_hardlink(struct thread * td,struct vnode * vp,struct vnode * dvp,char * path,u_int pathlen,const char * leaf_name,size_t leaf_length)3963 vn_path_to_global_path_hardlink(struct thread *td, struct vnode *vp,
3964 struct vnode *dvp, char *path, u_int pathlen, const char *leaf_name,
3965 size_t leaf_length)
3966 {
3967 struct nameidata nd;
3968 struct vnode *vp1;
3969 char *rpath, *fbuf;
3970 size_t len;
3971 int error;
3972
3973 ASSERT_VOP_ELOCKED(vp, __func__);
3974
3975 /*
3976 * Construct global filesystem path from dvp, vp and leaf
3977 * name.
3978 */
3979 VOP_UNLOCK(vp);
3980 len = pathlen;
3981 error = vn_fullpath_hardlink(vp, dvp, leaf_name, leaf_length,
3982 &rpath, &fbuf, &len);
3983
3984 if (error != 0) {
3985 vrele(vp);
3986 return (error);
3987 }
3988
3989 if (strlen(rpath) >= pathlen) {
3990 vrele(vp);
3991 error = ENAMETOOLONG;
3992 goto out;
3993 }
3994
3995 /*
3996 * Re-lookup the vnode by path to detect a possible rename.
3997 * As a side effect, the vnode is relocked.
3998 * If vnode was renamed, return ENOENT.
3999 */
4000 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path);
4001 error = namei(&nd);
4002 if (error != 0) {
4003 vrele(vp);
4004 goto out;
4005 }
4006 NDFREE_PNBUF(&nd);
4007 vp1 = nd.ni_vp;
4008 vrele(vp);
4009 if (vp1 == vp)
4010 strcpy(path, rpath);
4011 else {
4012 vput(vp1);
4013 error = ENOENT;
4014 }
4015
4016 out:
4017 free(fbuf, M_TEMP);
4018 return (error);
4019 }
4020
4021 void
cache_vop_inotify(struct vnode * vp,int event,uint32_t cookie)4022 cache_vop_inotify(struct vnode *vp, int event, uint32_t cookie)
4023 {
4024 struct mtx *vlp;
4025 struct namecache *ncp;
4026 int isdir;
4027 bool logged, self;
4028
4029 isdir = vp->v_type == VDIR ? IN_ISDIR : 0;
4030 self = (vn_irflag_read(vp) & VIRF_INOTIFY) != 0 &&
4031 (vp->v_type != VDIR || (event & ~_IN_DIR_EVENTS) != 0);
4032
4033 if (self) {
4034 int selfevent;
4035
4036 if (event == _IN_ATTRIB_LINKCOUNT)
4037 selfevent = IN_ATTRIB;
4038 else
4039 selfevent = event;
4040 inotify_log(vp, NULL, 0, selfevent | isdir, cookie);
4041 }
4042 if ((event & IN_ALL_EVENTS) == 0)
4043 return;
4044
4045 logged = false;
4046 vlp = VP2VNODELOCK(vp);
4047 mtx_lock(vlp);
4048 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) {
4049 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0)
4050 continue;
4051 if ((vn_irflag_read(ncp->nc_dvp) & VIRF_INOTIFY) != 0) {
4052 /*
4053 * XXX-MJ if the vnode has two links in the same
4054 * dir, we'll log the same event twice.
4055 */
4056 inotify_log(ncp->nc_dvp, ncp->nc_name, ncp->nc_nlen,
4057 event | isdir, cookie);
4058 logged = true;
4059 }
4060 }
4061 if (!logged && (vn_irflag_read(vp) & VIRF_INOTIFY_PARENT) != 0) {
4062 /*
4063 * We didn't find a watched directory that contains this vnode,
4064 * so stop calling VOP_INOTIFY for operations on the vnode.
4065 */
4066 vn_irflag_unset(vp, VIRF_INOTIFY_PARENT);
4067 }
4068 mtx_unlock(vlp);
4069 }
4070
4071 #ifdef DDB
4072 static void
db_print_vpath(struct vnode * vp)4073 db_print_vpath(struct vnode *vp)
4074 {
4075
4076 while (vp != NULL) {
4077 db_printf("%p: ", vp);
4078 if (vp == rootvnode) {
4079 db_printf("/");
4080 vp = NULL;
4081 } else {
4082 if (vp->v_vflag & VV_ROOT) {
4083 db_printf("<mount point>");
4084 vp = vp->v_mount->mnt_vnodecovered;
4085 } else {
4086 struct namecache *ncp;
4087 char *ncn;
4088 int i;
4089
4090 ncp = TAILQ_FIRST(&vp->v_cache_dst);
4091 if (ncp != NULL) {
4092 ncn = ncp->nc_name;
4093 for (i = 0; i < ncp->nc_nlen; i++)
4094 db_printf("%c", *ncn++);
4095 vp = ncp->nc_dvp;
4096 } else {
4097 vp = NULL;
4098 }
4099 }
4100 }
4101 db_printf("\n");
4102 }
4103
4104 return;
4105 }
4106
DB_SHOW_COMMAND(vpath,db_show_vpath)4107 DB_SHOW_COMMAND(vpath, db_show_vpath)
4108 {
4109 struct vnode *vp;
4110
4111 if (!have_addr) {
4112 db_printf("usage: show vpath <struct vnode *>\n");
4113 return;
4114 }
4115
4116 vp = (struct vnode *)addr;
4117 db_print_vpath(vp);
4118 }
4119
4120 #endif
4121
4122 static int cache_fast_lookup = 1;
4123
4124 #define CACHE_FPL_FAILED -2020
4125
4126 static int
cache_vop_bad_vexec(struct vop_fplookup_vexec_args * v)4127 cache_vop_bad_vexec(struct vop_fplookup_vexec_args *v)
4128 {
4129 vn_printf(v->a_vp, "no proper vop_fplookup_vexec\n");
4130 panic("no proper vop_fplookup_vexec");
4131 }
4132
4133 static int
cache_vop_bad_symlink(struct vop_fplookup_symlink_args * v)4134 cache_vop_bad_symlink(struct vop_fplookup_symlink_args *v)
4135 {
4136 vn_printf(v->a_vp, "no proper vop_fplookup_symlink\n");
4137 panic("no proper vop_fplookup_symlink");
4138 }
4139
4140 void
cache_vop_vector_register(struct vop_vector * v)4141 cache_vop_vector_register(struct vop_vector *v)
4142 {
4143 size_t ops;
4144
4145 ops = 0;
4146 if (v->vop_fplookup_vexec != NULL) {
4147 ops++;
4148 }
4149 if (v->vop_fplookup_symlink != NULL) {
4150 ops++;
4151 }
4152
4153 if (ops == 2) {
4154 return;
4155 }
4156
4157 if (ops == 0) {
4158 v->vop_fplookup_vexec = cache_vop_bad_vexec;
4159 v->vop_fplookup_symlink = cache_vop_bad_symlink;
4160 return;
4161 }
4162
4163 printf("%s: invalid vop vector %p -- either all or none fplookup vops "
4164 "need to be provided", __func__, v);
4165 if (v->vop_fplookup_vexec == NULL) {
4166 printf("%s: missing vop_fplookup_vexec\n", __func__);
4167 }
4168 if (v->vop_fplookup_symlink == NULL) {
4169 printf("%s: missing vop_fplookup_symlink\n", __func__);
4170 }
4171 panic("bad vop vector %p", v);
4172 }
4173
4174 #ifdef INVARIANTS
4175 void
cache_validate_vop_vector(struct mount * mp,struct vop_vector * vops)4176 cache_validate_vop_vector(struct mount *mp, struct vop_vector *vops)
4177 {
4178 if (mp == NULL)
4179 return;
4180
4181 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0)
4182 return;
4183
4184 if (vops->vop_fplookup_vexec == NULL ||
4185 vops->vop_fplookup_vexec == cache_vop_bad_vexec)
4186 panic("bad vop_fplookup_vexec on vector %p for filesystem %s",
4187 vops, mp->mnt_vfc->vfc_name);
4188
4189 if (vops->vop_fplookup_symlink == NULL ||
4190 vops->vop_fplookup_symlink == cache_vop_bad_symlink)
4191 panic("bad vop_fplookup_symlink on vector %p for filesystem %s",
4192 vops, mp->mnt_vfc->vfc_name);
4193 }
4194 #endif
4195
4196 void
cache_fast_lookup_enabled_recalc(void)4197 cache_fast_lookup_enabled_recalc(void)
4198 {
4199 int lookup_flag;
4200 int mac_on;
4201
4202 #ifdef MAC
4203 mac_on = mac_vnode_check_lookup_enabled();
4204 mac_on |= mac_vnode_check_readlink_enabled();
4205 #else
4206 mac_on = 0;
4207 #endif
4208
4209 lookup_flag = atomic_load_int(&cache_fast_lookup);
4210 if (lookup_flag && !mac_on) {
4211 atomic_store_char(&cache_fast_lookup_enabled, true);
4212 } else {
4213 atomic_store_char(&cache_fast_lookup_enabled, false);
4214 }
4215 }
4216
4217 static int
syscal_vfs_cache_fast_lookup(SYSCTL_HANDLER_ARGS)4218 syscal_vfs_cache_fast_lookup(SYSCTL_HANDLER_ARGS)
4219 {
4220 int error, old;
4221
4222 old = atomic_load_int(&cache_fast_lookup);
4223 error = sysctl_handle_int(oidp, arg1, arg2, req);
4224 if (error == 0 && req->newptr && old != atomic_load_int(&cache_fast_lookup))
4225 cache_fast_lookup_enabled_recalc();
4226 return (error);
4227 }
4228 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, fast_lookup, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE,
4229 &cache_fast_lookup, 0, syscal_vfs_cache_fast_lookup, "IU", "");
4230
4231 /*
4232 * Components of nameidata (or objects it can point to) which may
4233 * need restoring in case fast path lookup fails.
4234 */
4235 struct nameidata_outer {
4236 size_t ni_pathlen;
4237 uint64_t cn_flags;
4238 };
4239
4240 struct nameidata_saved {
4241 #ifdef INVARIANTS
4242 char *cn_nameptr;
4243 size_t ni_pathlen;
4244 #endif
4245 };
4246
4247 #ifdef INVARIANTS
4248 struct cache_fpl_debug {
4249 size_t ni_pathlen;
4250 };
4251 #endif
4252
4253 struct cache_fpl {
4254 struct nameidata *ndp;
4255 struct componentname *cnp;
4256 char *nulchar;
4257 struct vnode *dvp;
4258 struct vnode *tvp;
4259 seqc_t dvp_seqc;
4260 seqc_t tvp_seqc;
4261 uint32_t hash;
4262 struct nameidata_saved snd;
4263 struct nameidata_outer snd_outer;
4264 int line;
4265 enum cache_fpl_status status:8;
4266 bool in_smr;
4267 bool fsearch;
4268 struct pwd **pwd;
4269 #ifdef INVARIANTS
4270 struct cache_fpl_debug debug;
4271 #endif
4272 };
4273
4274 static bool cache_fplookup_mp_supported(struct mount *mp);
4275 static bool cache_fplookup_is_mp(struct cache_fpl *fpl);
4276 static int cache_fplookup_cross_mount(struct cache_fpl *fpl);
4277 static int cache_fplookup_partial_setup(struct cache_fpl *fpl);
4278 static int cache_fplookup_skip_slashes(struct cache_fpl *fpl);
4279 static int cache_fplookup_trailingslash(struct cache_fpl *fpl);
4280 static void cache_fpl_pathlen_dec(struct cache_fpl *fpl);
4281 static void cache_fpl_pathlen_inc(struct cache_fpl *fpl);
4282 static void cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n);
4283 static void cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n);
4284
4285 static void
cache_fpl_cleanup_cnp(struct componentname * cnp)4286 cache_fpl_cleanup_cnp(struct componentname *cnp)
4287 {
4288
4289 uma_zfree(namei_zone, cnp->cn_pnbuf);
4290 cnp->cn_pnbuf = NULL;
4291 cnp->cn_nameptr = NULL;
4292 }
4293
4294 static struct vnode *
cache_fpl_handle_root(struct cache_fpl * fpl)4295 cache_fpl_handle_root(struct cache_fpl *fpl)
4296 {
4297 struct nameidata *ndp;
4298 struct componentname *cnp;
4299
4300 ndp = fpl->ndp;
4301 cnp = fpl->cnp;
4302
4303 MPASS(*(cnp->cn_nameptr) == '/');
4304 cnp->cn_nameptr++;
4305 cache_fpl_pathlen_dec(fpl);
4306
4307 if (__predict_false(*(cnp->cn_nameptr) == '/')) {
4308 do {
4309 cnp->cn_nameptr++;
4310 cache_fpl_pathlen_dec(fpl);
4311 } while (*(cnp->cn_nameptr) == '/');
4312 }
4313
4314 return (ndp->ni_rootdir);
4315 }
4316
4317 static void
cache_fpl_checkpoint_outer(struct cache_fpl * fpl)4318 cache_fpl_checkpoint_outer(struct cache_fpl *fpl)
4319 {
4320
4321 fpl->snd_outer.ni_pathlen = fpl->ndp->ni_pathlen;
4322 fpl->snd_outer.cn_flags = fpl->ndp->ni_cnd.cn_flags;
4323 }
4324
4325 static void
cache_fpl_checkpoint(struct cache_fpl * fpl)4326 cache_fpl_checkpoint(struct cache_fpl *fpl)
4327 {
4328
4329 #ifdef INVARIANTS
4330 fpl->snd.cn_nameptr = fpl->ndp->ni_cnd.cn_nameptr;
4331 fpl->snd.ni_pathlen = fpl->debug.ni_pathlen;
4332 #endif
4333 }
4334
4335 static void
cache_fpl_restore_partial(struct cache_fpl * fpl)4336 cache_fpl_restore_partial(struct cache_fpl *fpl)
4337 {
4338
4339 fpl->ndp->ni_cnd.cn_flags = fpl->snd_outer.cn_flags;
4340 #ifdef INVARIANTS
4341 fpl->debug.ni_pathlen = fpl->snd.ni_pathlen;
4342 #endif
4343 }
4344
4345 static void
cache_fpl_restore_abort(struct cache_fpl * fpl)4346 cache_fpl_restore_abort(struct cache_fpl *fpl)
4347 {
4348
4349 cache_fpl_restore_partial(fpl);
4350 /*
4351 * It is 0 on entry by API contract.
4352 */
4353 fpl->ndp->ni_resflags = 0;
4354 fpl->ndp->ni_cnd.cn_nameptr = fpl->ndp->ni_cnd.cn_pnbuf;
4355 fpl->ndp->ni_pathlen = fpl->snd_outer.ni_pathlen;
4356 }
4357
4358 #ifdef INVARIANTS
4359 #define cache_fpl_smr_assert_entered(fpl) ({ \
4360 struct cache_fpl *_fpl = (fpl); \
4361 MPASS(_fpl->in_smr == true); \
4362 VFS_SMR_ASSERT_ENTERED(); \
4363 })
4364 #define cache_fpl_smr_assert_not_entered(fpl) ({ \
4365 struct cache_fpl *_fpl = (fpl); \
4366 MPASS(_fpl->in_smr == false); \
4367 VFS_SMR_ASSERT_NOT_ENTERED(); \
4368 })
4369 static void
cache_fpl_assert_status(struct cache_fpl * fpl)4370 cache_fpl_assert_status(struct cache_fpl *fpl)
4371 {
4372
4373 switch (fpl->status) {
4374 case CACHE_FPL_STATUS_UNSET:
4375 __assert_unreachable();
4376 break;
4377 case CACHE_FPL_STATUS_DESTROYED:
4378 case CACHE_FPL_STATUS_ABORTED:
4379 case CACHE_FPL_STATUS_PARTIAL:
4380 case CACHE_FPL_STATUS_HANDLED:
4381 break;
4382 }
4383 }
4384 #else
4385 #define cache_fpl_smr_assert_entered(fpl) do { } while (0)
4386 #define cache_fpl_smr_assert_not_entered(fpl) do { } while (0)
4387 #define cache_fpl_assert_status(fpl) do { } while (0)
4388 #endif
4389
4390 #define cache_fpl_smr_enter_initial(fpl) ({ \
4391 struct cache_fpl *_fpl = (fpl); \
4392 vfs_smr_enter(); \
4393 _fpl->in_smr = true; \
4394 })
4395
4396 #define cache_fpl_smr_enter(fpl) ({ \
4397 struct cache_fpl *_fpl = (fpl); \
4398 MPASS(_fpl->in_smr == false); \
4399 vfs_smr_enter(); \
4400 _fpl->in_smr = true; \
4401 })
4402
4403 #define cache_fpl_smr_exit(fpl) ({ \
4404 struct cache_fpl *_fpl = (fpl); \
4405 MPASS(_fpl->in_smr == true); \
4406 vfs_smr_exit(); \
4407 _fpl->in_smr = false; \
4408 })
4409
4410 static int
cache_fpl_aborted_early_impl(struct cache_fpl * fpl,int line)4411 cache_fpl_aborted_early_impl(struct cache_fpl *fpl, int line)
4412 {
4413
4414 if (fpl->status != CACHE_FPL_STATUS_UNSET) {
4415 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL,
4416 ("%s: converting to abort from %d at %d, set at %d\n",
4417 __func__, fpl->status, line, fpl->line));
4418 }
4419 cache_fpl_smr_assert_not_entered(fpl);
4420 fpl->status = CACHE_FPL_STATUS_ABORTED;
4421 fpl->line = line;
4422 return (CACHE_FPL_FAILED);
4423 }
4424
4425 #define cache_fpl_aborted_early(x) cache_fpl_aborted_early_impl((x), __LINE__)
4426
4427 static int __noinline
cache_fpl_aborted_impl(struct cache_fpl * fpl,int line)4428 cache_fpl_aborted_impl(struct cache_fpl *fpl, int line)
4429 {
4430 struct nameidata *ndp;
4431 struct componentname *cnp;
4432
4433 ndp = fpl->ndp;
4434 cnp = fpl->cnp;
4435
4436 if (fpl->status != CACHE_FPL_STATUS_UNSET) {
4437 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL,
4438 ("%s: converting to abort from %d at %d, set at %d\n",
4439 __func__, fpl->status, line, fpl->line));
4440 }
4441 fpl->status = CACHE_FPL_STATUS_ABORTED;
4442 fpl->line = line;
4443 if (fpl->in_smr)
4444 cache_fpl_smr_exit(fpl);
4445 cache_fpl_restore_abort(fpl);
4446 /*
4447 * Resolving symlinks overwrites data passed by the caller.
4448 * Let namei know.
4449 */
4450 if (ndp->ni_loopcnt > 0) {
4451 fpl->status = CACHE_FPL_STATUS_DESTROYED;
4452 cache_fpl_cleanup_cnp(cnp);
4453 }
4454 return (CACHE_FPL_FAILED);
4455 }
4456
4457 #define cache_fpl_aborted(x) cache_fpl_aborted_impl((x), __LINE__)
4458
4459 static int __noinline
cache_fpl_partial_impl(struct cache_fpl * fpl,int line)4460 cache_fpl_partial_impl(struct cache_fpl *fpl, int line)
4461 {
4462
4463 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET,
4464 ("%s: setting to partial at %d, but already set to %d at %d\n",
4465 __func__, line, fpl->status, fpl->line));
4466 cache_fpl_smr_assert_entered(fpl);
4467 fpl->status = CACHE_FPL_STATUS_PARTIAL;
4468 fpl->line = line;
4469 return (cache_fplookup_partial_setup(fpl));
4470 }
4471
4472 #define cache_fpl_partial(x) cache_fpl_partial_impl((x), __LINE__)
4473
4474 static int
cache_fpl_handled_impl(struct cache_fpl * fpl,int line)4475 cache_fpl_handled_impl(struct cache_fpl *fpl, int line)
4476 {
4477
4478 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET,
4479 ("%s: setting to handled at %d, but already set to %d at %d\n",
4480 __func__, line, fpl->status, fpl->line));
4481 cache_fpl_smr_assert_not_entered(fpl);
4482 fpl->status = CACHE_FPL_STATUS_HANDLED;
4483 fpl->line = line;
4484 return (0);
4485 }
4486
4487 #define cache_fpl_handled(x) cache_fpl_handled_impl((x), __LINE__)
4488
4489 static int
cache_fpl_handled_error_impl(struct cache_fpl * fpl,int error,int line)4490 cache_fpl_handled_error_impl(struct cache_fpl *fpl, int error, int line)
4491 {
4492
4493 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET,
4494 ("%s: setting to handled at %d, but already set to %d at %d\n",
4495 __func__, line, fpl->status, fpl->line));
4496 MPASS(error != 0);
4497 MPASS(error != CACHE_FPL_FAILED);
4498 cache_fpl_smr_assert_not_entered(fpl);
4499 fpl->status = CACHE_FPL_STATUS_HANDLED;
4500 fpl->line = line;
4501 fpl->dvp = NULL;
4502 fpl->tvp = NULL;
4503 return (error);
4504 }
4505
4506 #define cache_fpl_handled_error(x, e) cache_fpl_handled_error_impl((x), (e), __LINE__)
4507
4508 static bool
cache_fpl_terminated(struct cache_fpl * fpl)4509 cache_fpl_terminated(struct cache_fpl *fpl)
4510 {
4511
4512 return (fpl->status != CACHE_FPL_STATUS_UNSET);
4513 }
4514
4515 #define CACHE_FPL_SUPPORTED_CN_FLAGS \
4516 (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \
4517 FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | ISRESTARTED | WILLBEDIR | \
4518 ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | OPENREAD | \
4519 OPENWRITE | WANTIOCTLCAPS | NAMEILOOKUP)
4520
4521 #define CACHE_FPL_INTERNAL_CN_FLAGS \
4522 (ISDOTDOT | MAKEENTRY | ISLASTCN)
4523
4524 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & CACHE_FPL_INTERNAL_CN_FLAGS) == 0,
4525 "supported and internal flags overlap");
4526
4527 static bool
cache_fpl_islastcn(struct nameidata * ndp)4528 cache_fpl_islastcn(struct nameidata *ndp)
4529 {
4530
4531 return (*ndp->ni_next == 0);
4532 }
4533
4534 static bool
cache_fpl_istrailingslash(struct cache_fpl * fpl)4535 cache_fpl_istrailingslash(struct cache_fpl *fpl)
4536 {
4537
4538 MPASS(fpl->nulchar > fpl->cnp->cn_pnbuf);
4539 return (*(fpl->nulchar - 1) == '/');
4540 }
4541
4542 static bool
cache_fpl_isdotdot(struct componentname * cnp)4543 cache_fpl_isdotdot(struct componentname *cnp)
4544 {
4545
4546 if (cnp->cn_namelen == 2 &&
4547 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.')
4548 return (true);
4549 return (false);
4550 }
4551
4552 static bool
cache_can_fplookup(struct cache_fpl * fpl)4553 cache_can_fplookup(struct cache_fpl *fpl)
4554 {
4555 struct nameidata *ndp;
4556 struct componentname *cnp;
4557 struct thread *td;
4558
4559 ndp = fpl->ndp;
4560 cnp = fpl->cnp;
4561 td = curthread;
4562
4563 if (!atomic_load_char(&cache_fast_lookup_enabled)) {
4564 cache_fpl_aborted_early(fpl);
4565 return (false);
4566 }
4567 if ((cnp->cn_flags & ~CACHE_FPL_SUPPORTED_CN_FLAGS) != 0) {
4568 cache_fpl_aborted_early(fpl);
4569 return (false);
4570 }
4571 if (IN_CAPABILITY_MODE(td) || CAP_TRACING(td)) {
4572 cache_fpl_aborted_early(fpl);
4573 return (false);
4574 }
4575 if (AUDITING_TD(td)) {
4576 cache_fpl_aborted_early(fpl);
4577 return (false);
4578 }
4579 if (ndp->ni_startdir != NULL) {
4580 cache_fpl_aborted_early(fpl);
4581 return (false);
4582 }
4583 return (true);
4584 }
4585
4586 static int __noinline
cache_fplookup_dirfd(struct cache_fpl * fpl,struct vnode ** vpp)4587 cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp)
4588 {
4589 struct nameidata *ndp;
4590 struct componentname *cnp;
4591 int error, flags;
4592
4593 ndp = fpl->ndp;
4594 cnp = fpl->cnp;
4595
4596 error = fgetvp_lookup_smr(ndp, vpp, &flags);
4597 if (__predict_false(error != 0)) {
4598 return (cache_fpl_aborted(fpl));
4599 }
4600 if (__predict_false((flags & O_RESOLVE_BENEATH) != 0)) {
4601 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & RBENEATH) == 0,
4602 "RBENEATH supported by fplookup");
4603 cache_fpl_smr_exit(fpl);
4604 cache_fpl_aborted(fpl);
4605 return (EOPNOTSUPP);
4606 }
4607 fpl->fsearch = (flags & FSEARCH) != 0;
4608 if ((*vpp)->v_type != VDIR) {
4609 if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
4610 cache_fpl_smr_exit(fpl);
4611 return (cache_fpl_handled_error(fpl, ENOTDIR));
4612 }
4613 }
4614 return (0);
4615 }
4616
4617 static int __noinline
cache_fplookup_negative_promote(struct cache_fpl * fpl,struct namecache * oncp,uint32_t hash)4618 cache_fplookup_negative_promote(struct cache_fpl *fpl, struct namecache *oncp,
4619 uint32_t hash)
4620 {
4621 struct componentname *cnp;
4622 struct vnode *dvp;
4623
4624 cnp = fpl->cnp;
4625 dvp = fpl->dvp;
4626
4627 cache_fpl_smr_exit(fpl);
4628 if (cache_neg_promote_cond(dvp, cnp, oncp, hash))
4629 return (cache_fpl_handled_error(fpl, ENOENT));
4630 else
4631 return (cache_fpl_aborted(fpl));
4632 }
4633
4634 /*
4635 * The target vnode is not supported, prepare for the slow path to take over.
4636 */
4637 static int __noinline
cache_fplookup_partial_setup(struct cache_fpl * fpl)4638 cache_fplookup_partial_setup(struct cache_fpl *fpl)
4639 {
4640 struct nameidata *ndp;
4641 struct componentname *cnp;
4642 enum vgetstate dvs;
4643 struct vnode *dvp;
4644 struct pwd *pwd;
4645 seqc_t dvp_seqc;
4646
4647 ndp = fpl->ndp;
4648 cnp = fpl->cnp;
4649 pwd = *(fpl->pwd);
4650 dvp = fpl->dvp;
4651 dvp_seqc = fpl->dvp_seqc;
4652
4653 if (!pwd_hold_smr(pwd)) {
4654 return (cache_fpl_aborted(fpl));
4655 }
4656
4657 /*
4658 * Note that seqc is checked before the vnode is locked, so by
4659 * the time regular lookup gets to it it may have moved.
4660 *
4661 * Ultimately this does not affect correctness, any lookup errors
4662 * are userspace racing with itself. It is guaranteed that any
4663 * path which ultimately gets found could also have been found
4664 * by regular lookup going all the way in absence of concurrent
4665 * modifications.
4666 */
4667 dvs = vget_prep_smr(dvp);
4668 cache_fpl_smr_exit(fpl);
4669 if (__predict_false(dvs == VGET_NONE)) {
4670 pwd_drop(pwd);
4671 return (cache_fpl_aborted(fpl));
4672 }
4673
4674 vget_finish_ref(dvp, dvs);
4675 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4676 vrele(dvp);
4677 pwd_drop(pwd);
4678 return (cache_fpl_aborted(fpl));
4679 }
4680
4681 cache_fpl_restore_partial(fpl);
4682 #ifdef INVARIANTS
4683 if (cnp->cn_nameptr != fpl->snd.cn_nameptr) {
4684 panic("%s: cn_nameptr mismatch (%p != %p) full [%s]\n", __func__,
4685 cnp->cn_nameptr, fpl->snd.cn_nameptr, cnp->cn_pnbuf);
4686 }
4687 #endif
4688
4689 ndp->ni_startdir = dvp;
4690 cnp->cn_flags |= MAKEENTRY;
4691 if (cache_fpl_islastcn(ndp))
4692 cnp->cn_flags |= ISLASTCN;
4693 if (cache_fpl_isdotdot(cnp))
4694 cnp->cn_flags |= ISDOTDOT;
4695
4696 /*
4697 * Skip potential extra slashes parsing did not take care of.
4698 * cache_fplookup_skip_slashes explains the mechanism.
4699 */
4700 if (__predict_false(*(cnp->cn_nameptr) == '/')) {
4701 do {
4702 cnp->cn_nameptr++;
4703 cache_fpl_pathlen_dec(fpl);
4704 } while (*(cnp->cn_nameptr) == '/');
4705 }
4706
4707 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1;
4708 #ifdef INVARIANTS
4709 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) {
4710 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n",
4711 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar,
4712 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf);
4713 }
4714 #endif
4715 return (0);
4716 }
4717
4718 static int
cache_fplookup_final_child(struct cache_fpl * fpl,enum vgetstate tvs)4719 cache_fplookup_final_child(struct cache_fpl *fpl, enum vgetstate tvs)
4720 {
4721 struct componentname *cnp;
4722 struct vnode *tvp;
4723 seqc_t tvp_seqc;
4724 int error, lkflags;
4725
4726 cnp = fpl->cnp;
4727 tvp = fpl->tvp;
4728 tvp_seqc = fpl->tvp_seqc;
4729
4730 if ((cnp->cn_flags & LOCKLEAF) != 0) {
4731 lkflags = LK_SHARED;
4732 if ((cnp->cn_flags & LOCKSHARED) == 0)
4733 lkflags = LK_EXCLUSIVE;
4734 error = vget_finish(tvp, lkflags, tvs);
4735 if (__predict_false(error != 0)) {
4736 return (cache_fpl_aborted(fpl));
4737 }
4738 } else {
4739 vget_finish_ref(tvp, tvs);
4740 }
4741
4742 if (!vn_seqc_consistent(tvp, tvp_seqc)) {
4743 if ((cnp->cn_flags & LOCKLEAF) != 0)
4744 vput(tvp);
4745 else
4746 vrele(tvp);
4747 return (cache_fpl_aborted(fpl));
4748 }
4749
4750 return (cache_fpl_handled(fpl));
4751 }
4752
4753 /*
4754 * They want to possibly modify the state of the namecache.
4755 */
4756 static int __noinline
cache_fplookup_final_modifying(struct cache_fpl * fpl)4757 cache_fplookup_final_modifying(struct cache_fpl *fpl)
4758 {
4759 struct nameidata *ndp __diagused;
4760 struct componentname *cnp;
4761 enum vgetstate dvs;
4762 struct vnode *dvp, *tvp;
4763 struct mount *mp;
4764 seqc_t dvp_seqc;
4765 int error;
4766 bool docache;
4767
4768 ndp = fpl->ndp;
4769 cnp = fpl->cnp;
4770 dvp = fpl->dvp;
4771 dvp_seqc = fpl->dvp_seqc;
4772
4773 MPASS(*(cnp->cn_nameptr) != '/');
4774 MPASS(cache_fpl_islastcn(ndp));
4775 if ((cnp->cn_flags & LOCKPARENT) == 0)
4776 MPASS((cnp->cn_flags & WANTPARENT) != 0);
4777 MPASS((cnp->cn_flags & TRAILINGSLASH) == 0);
4778 MPASS(cnp->cn_nameiop == CREATE || cnp->cn_nameiop == DELETE ||
4779 cnp->cn_nameiop == RENAME);
4780 MPASS((cnp->cn_flags & MAKEENTRY) == 0);
4781 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
4782
4783 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE;
4784 if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)
4785 docache = false;
4786
4787 /*
4788 * Regular lookup nulifies the slash, which we don't do here.
4789 * Don't take chances with filesystem routines seeing it for
4790 * the last entry.
4791 */
4792 if (cache_fpl_istrailingslash(fpl)) {
4793 return (cache_fpl_partial(fpl));
4794 }
4795
4796 mp = atomic_load_ptr(&dvp->v_mount);
4797 if (__predict_false(mp == NULL)) {
4798 return (cache_fpl_aborted(fpl));
4799 }
4800
4801 if (__predict_false(mp->mnt_flag & MNT_RDONLY)) {
4802 cache_fpl_smr_exit(fpl);
4803 /*
4804 * Original code keeps not checking for CREATE which
4805 * might be a bug. For now let the old lookup decide.
4806 */
4807 if (cnp->cn_nameiop == CREATE) {
4808 return (cache_fpl_aborted(fpl));
4809 }
4810 return (cache_fpl_handled_error(fpl, EROFS));
4811 }
4812
4813 if (fpl->tvp != NULL && (cnp->cn_flags & FAILIFEXISTS) != 0) {
4814 cache_fpl_smr_exit(fpl);
4815 return (cache_fpl_handled_error(fpl, EEXIST));
4816 }
4817
4818 /*
4819 * Secure access to dvp; check cache_fplookup_partial_setup for
4820 * reasoning.
4821 *
4822 * XXX At least UFS requires its lookup routine to be called for
4823 * the last path component, which leads to some level of complication
4824 * and inefficiency:
4825 * - the target routine always locks the target vnode, but our caller
4826 * may not need it locked
4827 * - some of the VOP machinery asserts that the parent is locked, which
4828 * once more may be not required
4829 *
4830 * TODO: add a flag for filesystems which don't need this.
4831 */
4832 dvs = vget_prep_smr(dvp);
4833 cache_fpl_smr_exit(fpl);
4834 if (__predict_false(dvs == VGET_NONE)) {
4835 return (cache_fpl_aborted(fpl));
4836 }
4837
4838 vget_finish_ref(dvp, dvs);
4839 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4840 vrele(dvp);
4841 return (cache_fpl_aborted(fpl));
4842 }
4843
4844 error = vn_lock(dvp, LK_EXCLUSIVE);
4845 if (__predict_false(error != 0)) {
4846 vrele(dvp);
4847 return (cache_fpl_aborted(fpl));
4848 }
4849
4850 tvp = NULL;
4851 cnp->cn_flags |= ISLASTCN;
4852 if (docache)
4853 cnp->cn_flags |= MAKEENTRY;
4854 if (cache_fpl_isdotdot(cnp))
4855 cnp->cn_flags |= ISDOTDOT;
4856 cnp->cn_lkflags = LK_EXCLUSIVE;
4857 error = VOP_LOOKUP(dvp, &tvp, cnp);
4858 switch (error) {
4859 case EJUSTRETURN:
4860 case 0:
4861 break;
4862 case ENOTDIR:
4863 case ENOENT:
4864 vput(dvp);
4865 return (cache_fpl_handled_error(fpl, error));
4866 default:
4867 vput(dvp);
4868 return (cache_fpl_aborted(fpl));
4869 }
4870
4871 fpl->tvp = tvp;
4872
4873 if (tvp == NULL) {
4874 MPASS(error == EJUSTRETURN);
4875 if ((cnp->cn_flags & LOCKPARENT) == 0) {
4876 VOP_UNLOCK(dvp);
4877 }
4878 return (cache_fpl_handled(fpl));
4879 }
4880
4881 /*
4882 * There are very hairy corner cases concerning various flag combinations
4883 * and locking state. In particular here we only hold one lock instead of
4884 * two.
4885 *
4886 * Skip the complexity as it is of no significance for normal workloads.
4887 */
4888 if (__predict_false(tvp == dvp)) {
4889 vput(dvp);
4890 vrele(tvp);
4891 return (cache_fpl_aborted(fpl));
4892 }
4893
4894 /*
4895 * If they want the symlink itself we are fine, but if they want to
4896 * follow it regular lookup has to be engaged.
4897 */
4898 if (tvp->v_type == VLNK) {
4899 if ((cnp->cn_flags & FOLLOW) != 0) {
4900 vput(dvp);
4901 vput(tvp);
4902 return (cache_fpl_aborted(fpl));
4903 }
4904 }
4905
4906 /*
4907 * Since we expect this to be the terminal vnode it should almost never
4908 * be a mount point.
4909 */
4910 if (__predict_false(cache_fplookup_is_mp(fpl))) {
4911 vput(dvp);
4912 vput(tvp);
4913 return (cache_fpl_aborted(fpl));
4914 }
4915
4916 if ((cnp->cn_flags & FAILIFEXISTS) != 0) {
4917 vput(dvp);
4918 vput(tvp);
4919 return (cache_fpl_handled_error(fpl, EEXIST));
4920 }
4921
4922 if ((cnp->cn_flags & LOCKLEAF) == 0) {
4923 VOP_UNLOCK(tvp);
4924 }
4925
4926 if ((cnp->cn_flags & LOCKPARENT) == 0) {
4927 VOP_UNLOCK(dvp);
4928 }
4929
4930 return (cache_fpl_handled(fpl));
4931 }
4932
4933 static int __noinline
cache_fplookup_modifying(struct cache_fpl * fpl)4934 cache_fplookup_modifying(struct cache_fpl *fpl)
4935 {
4936 struct nameidata *ndp;
4937
4938 ndp = fpl->ndp;
4939
4940 if (!cache_fpl_islastcn(ndp)) {
4941 return (cache_fpl_partial(fpl));
4942 }
4943 return (cache_fplookup_final_modifying(fpl));
4944 }
4945
4946 static int __noinline
cache_fplookup_final_withparent(struct cache_fpl * fpl)4947 cache_fplookup_final_withparent(struct cache_fpl *fpl)
4948 {
4949 struct componentname *cnp;
4950 enum vgetstate dvs, tvs;
4951 struct vnode *dvp, *tvp;
4952 seqc_t dvp_seqc;
4953 int error;
4954
4955 cnp = fpl->cnp;
4956 dvp = fpl->dvp;
4957 dvp_seqc = fpl->dvp_seqc;
4958 tvp = fpl->tvp;
4959
4960 MPASS((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0);
4961
4962 /*
4963 * This is less efficient than it can be for simplicity.
4964 */
4965 dvs = vget_prep_smr(dvp);
4966 if (__predict_false(dvs == VGET_NONE)) {
4967 return (cache_fpl_aborted(fpl));
4968 }
4969 tvs = vget_prep_smr(tvp);
4970 if (__predict_false(tvs == VGET_NONE)) {
4971 cache_fpl_smr_exit(fpl);
4972 vget_abort(dvp, dvs);
4973 return (cache_fpl_aborted(fpl));
4974 }
4975
4976 cache_fpl_smr_exit(fpl);
4977
4978 if ((cnp->cn_flags & LOCKPARENT) != 0) {
4979 error = vget_finish(dvp, LK_EXCLUSIVE, dvs);
4980 if (__predict_false(error != 0)) {
4981 vget_abort(tvp, tvs);
4982 return (cache_fpl_aborted(fpl));
4983 }
4984 } else {
4985 vget_finish_ref(dvp, dvs);
4986 }
4987
4988 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
4989 vget_abort(tvp, tvs);
4990 if ((cnp->cn_flags & LOCKPARENT) != 0)
4991 vput(dvp);
4992 else
4993 vrele(dvp);
4994 return (cache_fpl_aborted(fpl));
4995 }
4996
4997 error = cache_fplookup_final_child(fpl, tvs);
4998 if (__predict_false(error != 0)) {
4999 MPASS(fpl->status == CACHE_FPL_STATUS_ABORTED ||
5000 fpl->status == CACHE_FPL_STATUS_DESTROYED);
5001 if ((cnp->cn_flags & LOCKPARENT) != 0)
5002 vput(dvp);
5003 else
5004 vrele(dvp);
5005 return (error);
5006 }
5007
5008 MPASS(fpl->status == CACHE_FPL_STATUS_HANDLED);
5009 return (0);
5010 }
5011
5012 static int
cache_fplookup_final(struct cache_fpl * fpl)5013 cache_fplookup_final(struct cache_fpl *fpl)
5014 {
5015 struct componentname *cnp;
5016 enum vgetstate tvs;
5017 struct vnode *dvp, *tvp;
5018 seqc_t dvp_seqc;
5019
5020 cnp = fpl->cnp;
5021 dvp = fpl->dvp;
5022 dvp_seqc = fpl->dvp_seqc;
5023 tvp = fpl->tvp;
5024
5025 MPASS(*(cnp->cn_nameptr) != '/');
5026
5027 if (cnp->cn_nameiop != LOOKUP) {
5028 return (cache_fplookup_final_modifying(fpl));
5029 }
5030
5031 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0)
5032 return (cache_fplookup_final_withparent(fpl));
5033
5034 tvs = vget_prep_smr(tvp);
5035 if (__predict_false(tvs == VGET_NONE)) {
5036 return (cache_fpl_partial(fpl));
5037 }
5038
5039 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
5040 cache_fpl_smr_exit(fpl);
5041 vget_abort(tvp, tvs);
5042 return (cache_fpl_aborted(fpl));
5043 }
5044
5045 cache_fpl_smr_exit(fpl);
5046 return (cache_fplookup_final_child(fpl, tvs));
5047 }
5048
5049 /*
5050 * Comment from locked lookup:
5051 * Check for degenerate name (e.g. / or "") which is a way of talking about a
5052 * directory, e.g. like "/." or ".".
5053 */
5054 static int __noinline
cache_fplookup_degenerate(struct cache_fpl * fpl)5055 cache_fplookup_degenerate(struct cache_fpl *fpl)
5056 {
5057 struct componentname *cnp;
5058 struct vnode *dvp;
5059 enum vgetstate dvs;
5060 int error, lkflags;
5061 #ifdef INVARIANTS
5062 char *cp;
5063 #endif
5064
5065 fpl->tvp = fpl->dvp;
5066 fpl->tvp_seqc = fpl->dvp_seqc;
5067
5068 cnp = fpl->cnp;
5069 dvp = fpl->dvp;
5070
5071 #ifdef INVARIANTS
5072 for (cp = cnp->cn_pnbuf; *cp != '\0'; cp++) {
5073 KASSERT(*cp == '/',
5074 ("%s: encountered non-slash; string [%s]\n", __func__,
5075 cnp->cn_pnbuf));
5076 }
5077 #endif
5078
5079 if (__predict_false(cnp->cn_nameiop != LOOKUP)) {
5080 cache_fpl_smr_exit(fpl);
5081 return (cache_fpl_handled_error(fpl, EISDIR));
5082 }
5083
5084 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) {
5085 return (cache_fplookup_final_withparent(fpl));
5086 }
5087
5088 dvs = vget_prep_smr(dvp);
5089 cache_fpl_smr_exit(fpl);
5090 if (__predict_false(dvs == VGET_NONE)) {
5091 return (cache_fpl_aborted(fpl));
5092 }
5093
5094 if ((cnp->cn_flags & LOCKLEAF) != 0) {
5095 lkflags = LK_SHARED;
5096 if ((cnp->cn_flags & LOCKSHARED) == 0)
5097 lkflags = LK_EXCLUSIVE;
5098 error = vget_finish(dvp, lkflags, dvs);
5099 if (__predict_false(error != 0)) {
5100 return (cache_fpl_aborted(fpl));
5101 }
5102 } else {
5103 vget_finish_ref(dvp, dvs);
5104 }
5105 return (cache_fpl_handled(fpl));
5106 }
5107
5108 static int __noinline
cache_fplookup_emptypath(struct cache_fpl * fpl)5109 cache_fplookup_emptypath(struct cache_fpl *fpl)
5110 {
5111 struct nameidata *ndp;
5112 struct componentname *cnp;
5113 enum vgetstate tvs;
5114 struct vnode *tvp;
5115 int error, lkflags;
5116
5117 fpl->tvp = fpl->dvp;
5118 fpl->tvp_seqc = fpl->dvp_seqc;
5119
5120 ndp = fpl->ndp;
5121 cnp = fpl->cnp;
5122 tvp = fpl->tvp;
5123
5124 MPASS(*cnp->cn_pnbuf == '\0');
5125
5126 if (__predict_false((cnp->cn_flags & EMPTYPATH) == 0)) {
5127 cache_fpl_smr_exit(fpl);
5128 return (cache_fpl_handled_error(fpl, ENOENT));
5129 }
5130
5131 MPASS((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0);
5132
5133 tvs = vget_prep_smr(tvp);
5134 cache_fpl_smr_exit(fpl);
5135 if (__predict_false(tvs == VGET_NONE)) {
5136 return (cache_fpl_aborted(fpl));
5137 }
5138
5139 if ((cnp->cn_flags & LOCKLEAF) != 0) {
5140 lkflags = LK_SHARED;
5141 if ((cnp->cn_flags & LOCKSHARED) == 0)
5142 lkflags = LK_EXCLUSIVE;
5143 error = vget_finish(tvp, lkflags, tvs);
5144 if (__predict_false(error != 0)) {
5145 return (cache_fpl_aborted(fpl));
5146 }
5147 } else {
5148 vget_finish_ref(tvp, tvs);
5149 }
5150
5151 ndp->ni_resflags |= NIRES_EMPTYPATH;
5152 return (cache_fpl_handled(fpl));
5153 }
5154
5155 static int __noinline
cache_fplookup_noentry(struct cache_fpl * fpl)5156 cache_fplookup_noentry(struct cache_fpl *fpl)
5157 {
5158 struct nameidata *ndp;
5159 struct componentname *cnp;
5160 enum vgetstate dvs;
5161 struct vnode *dvp, *tvp;
5162 seqc_t dvp_seqc;
5163 int error;
5164
5165 ndp = fpl->ndp;
5166 cnp = fpl->cnp;
5167 dvp = fpl->dvp;
5168 dvp_seqc = fpl->dvp_seqc;
5169
5170 MPASS((cnp->cn_flags & MAKEENTRY) == 0);
5171 MPASS((cnp->cn_flags & ISDOTDOT) == 0);
5172 if (cnp->cn_nameiop == LOOKUP)
5173 MPASS((cnp->cn_flags & NOCACHE) == 0);
5174 MPASS(!cache_fpl_isdotdot(cnp));
5175
5176 /*
5177 * Hack: delayed name len checking.
5178 */
5179 if (__predict_false(cnp->cn_namelen > NAME_MAX)) {
5180 cache_fpl_smr_exit(fpl);
5181 return (cache_fpl_handled_error(fpl, ENAMETOOLONG));
5182 }
5183
5184 if (cnp->cn_nameptr[0] == '/') {
5185 return (cache_fplookup_skip_slashes(fpl));
5186 }
5187
5188 if (cnp->cn_pnbuf[0] == '\0') {
5189 return (cache_fplookup_emptypath(fpl));
5190 }
5191
5192 if (cnp->cn_nameptr[0] == '\0') {
5193 if (fpl->tvp == NULL) {
5194 return (cache_fplookup_degenerate(fpl));
5195 }
5196 return (cache_fplookup_trailingslash(fpl));
5197 }
5198
5199 if (cnp->cn_nameiop != LOOKUP) {
5200 fpl->tvp = NULL;
5201 return (cache_fplookup_modifying(fpl));
5202 }
5203
5204 /*
5205 * Only try to fill in the component if it is the last one,
5206 * otherwise not only there may be several to handle but the
5207 * walk may be complicated.
5208 */
5209 if (!cache_fpl_islastcn(ndp)) {
5210 return (cache_fpl_partial(fpl));
5211 }
5212
5213 /*
5214 * Regular lookup nulifies the slash, which we don't do here.
5215 * Don't take chances with filesystem routines seeing it for
5216 * the last entry.
5217 */
5218 if (cache_fpl_istrailingslash(fpl)) {
5219 return (cache_fpl_partial(fpl));
5220 }
5221
5222 /*
5223 * Secure access to dvp; check cache_fplookup_partial_setup for
5224 * reasoning.
5225 */
5226 dvs = vget_prep_smr(dvp);
5227 cache_fpl_smr_exit(fpl);
5228 if (__predict_false(dvs == VGET_NONE)) {
5229 return (cache_fpl_aborted(fpl));
5230 }
5231
5232 vget_finish_ref(dvp, dvs);
5233 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
5234 vrele(dvp);
5235 return (cache_fpl_aborted(fpl));
5236 }
5237
5238 error = vn_lock(dvp, LK_SHARED);
5239 if (__predict_false(error != 0)) {
5240 vrele(dvp);
5241 return (cache_fpl_aborted(fpl));
5242 }
5243
5244 tvp = NULL;
5245 /*
5246 * TODO: provide variants which don't require locking either vnode.
5247 */
5248 cnp->cn_flags |= ISLASTCN | MAKEENTRY;
5249 cnp->cn_lkflags = LK_SHARED;
5250 if ((cnp->cn_flags & LOCKSHARED) == 0) {
5251 cnp->cn_lkflags = LK_EXCLUSIVE;
5252 }
5253 error = VOP_LOOKUP(dvp, &tvp, cnp);
5254 switch (error) {
5255 case EJUSTRETURN:
5256 case 0:
5257 break;
5258 case ENOTDIR:
5259 case ENOENT:
5260 vput(dvp);
5261 return (cache_fpl_handled_error(fpl, error));
5262 default:
5263 vput(dvp);
5264 return (cache_fpl_aborted(fpl));
5265 }
5266
5267 fpl->tvp = tvp;
5268
5269 if (tvp == NULL) {
5270 MPASS(error == EJUSTRETURN);
5271 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) {
5272 vput(dvp);
5273 } else if ((cnp->cn_flags & LOCKPARENT) == 0) {
5274 VOP_UNLOCK(dvp);
5275 }
5276 return (cache_fpl_handled(fpl));
5277 }
5278
5279 if (tvp->v_type == VLNK) {
5280 if ((cnp->cn_flags & FOLLOW) != 0) {
5281 vput(dvp);
5282 vput(tvp);
5283 return (cache_fpl_aborted(fpl));
5284 }
5285 }
5286
5287 if (__predict_false(cache_fplookup_is_mp(fpl))) {
5288 vput(dvp);
5289 vput(tvp);
5290 return (cache_fpl_aborted(fpl));
5291 }
5292
5293 if ((cnp->cn_flags & LOCKLEAF) == 0) {
5294 VOP_UNLOCK(tvp);
5295 }
5296
5297 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) {
5298 vput(dvp);
5299 } else if ((cnp->cn_flags & LOCKPARENT) == 0) {
5300 VOP_UNLOCK(dvp);
5301 }
5302 return (cache_fpl_handled(fpl));
5303 }
5304
5305 static int __noinline
cache_fplookup_dot(struct cache_fpl * fpl)5306 cache_fplookup_dot(struct cache_fpl *fpl)
5307 {
5308 int error;
5309
5310 MPASS(!seqc_in_modify(fpl->dvp_seqc));
5311
5312 if (__predict_false(fpl->dvp->v_type != VDIR)) {
5313 cache_fpl_smr_exit(fpl);
5314 return (cache_fpl_handled_error(fpl, ENOTDIR));
5315 }
5316
5317 /*
5318 * Just re-assign the value. seqc will be checked later for the first
5319 * non-dot path component in line and/or before deciding to return the
5320 * vnode.
5321 */
5322 fpl->tvp = fpl->dvp;
5323 fpl->tvp_seqc = fpl->dvp_seqc;
5324
5325 SDT_PROBE3(vfs, namecache, lookup, hit, fpl->dvp, ".", fpl->dvp);
5326
5327 error = 0;
5328 if (cache_fplookup_is_mp(fpl)) {
5329 error = cache_fplookup_cross_mount(fpl);
5330 }
5331 return (error);
5332 }
5333
5334 static int __noinline
cache_fplookup_dotdot(struct cache_fpl * fpl)5335 cache_fplookup_dotdot(struct cache_fpl *fpl)
5336 {
5337 struct nameidata *ndp;
5338 struct namecache *ncp;
5339 struct vnode *dvp;
5340 u_char nc_flag;
5341
5342 ndp = fpl->ndp;
5343 dvp = fpl->dvp;
5344
5345 MPASS(cache_fpl_isdotdot(fpl->cnp));
5346
5347 /*
5348 * XXX this is racy the same way regular lookup is
5349 */
5350 if (vfs_lookup_isroot(ndp, dvp)) {
5351 fpl->tvp = dvp;
5352 fpl->tvp_seqc = vn_seqc_read_any(dvp);
5353 if (seqc_in_modify(fpl->tvp_seqc)) {
5354 return (cache_fpl_aborted(fpl));
5355 }
5356 return (0);
5357 }
5358
5359 if ((dvp->v_vflag & VV_ROOT) != 0) {
5360 /*
5361 * TODO
5362 * The opposite of climb mount is needed here.
5363 */
5364 return (cache_fpl_partial(fpl));
5365 }
5366
5367 if (__predict_false(dvp->v_type != VDIR)) {
5368 cache_fpl_smr_exit(fpl);
5369 return (cache_fpl_handled_error(fpl, ENOTDIR));
5370 }
5371
5372 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd);
5373 if (ncp == NULL) {
5374 return (cache_fpl_aborted(fpl));
5375 }
5376
5377 nc_flag = atomic_load_char(&ncp->nc_flag);
5378 if ((nc_flag & NCF_ISDOTDOT) != 0) {
5379 if ((nc_flag & NCF_NEGATIVE) != 0)
5380 return (cache_fpl_aborted(fpl));
5381 fpl->tvp = ncp->nc_vp;
5382 } else {
5383 fpl->tvp = ncp->nc_dvp;
5384 }
5385
5386 fpl->tvp_seqc = vn_seqc_read_any(fpl->tvp);
5387 if (seqc_in_modify(fpl->tvp_seqc)) {
5388 return (cache_fpl_partial(fpl));
5389 }
5390
5391 /*
5392 * Acquire fence provided by vn_seqc_read_any above.
5393 */
5394 if (__predict_false(atomic_load_ptr(&dvp->v_cache_dd) != ncp)) {
5395 return (cache_fpl_aborted(fpl));
5396 }
5397
5398 if (!cache_ncp_canuse(ncp)) {
5399 return (cache_fpl_aborted(fpl));
5400 }
5401
5402 return (0);
5403 }
5404
5405 static int __noinline
cache_fplookup_neg(struct cache_fpl * fpl,struct namecache * ncp,uint32_t hash)5406 cache_fplookup_neg(struct cache_fpl *fpl, struct namecache *ncp, uint32_t hash)
5407 {
5408 u_char nc_flag __diagused;
5409 bool neg_promote;
5410
5411 #ifdef INVARIANTS
5412 nc_flag = atomic_load_char(&ncp->nc_flag);
5413 MPASS((nc_flag & NCF_NEGATIVE) != 0);
5414 #endif
5415 /*
5416 * If they want to create an entry we need to replace this one.
5417 */
5418 if (__predict_false(fpl->cnp->cn_nameiop != LOOKUP)) {
5419 fpl->tvp = NULL;
5420 return (cache_fplookup_modifying(fpl));
5421 }
5422 neg_promote = cache_neg_hit_prep(ncp);
5423 if (!cache_fpl_neg_ncp_canuse(ncp)) {
5424 cache_neg_hit_abort(ncp);
5425 return (cache_fpl_partial(fpl));
5426 }
5427 if (neg_promote) {
5428 return (cache_fplookup_negative_promote(fpl, ncp, hash));
5429 }
5430 cache_neg_hit_finish(ncp);
5431 cache_fpl_smr_exit(fpl);
5432 return (cache_fpl_handled_error(fpl, ENOENT));
5433 }
5434
5435 /*
5436 * Resolve a symlink. Called by filesystem-specific routines.
5437 *
5438 * Code flow is:
5439 * ... -> cache_fplookup_symlink -> VOP_FPLOOKUP_SYMLINK -> cache_symlink_resolve
5440 */
5441 int
cache_symlink_resolve(struct cache_fpl * fpl,const char * string,size_t len)5442 cache_symlink_resolve(struct cache_fpl *fpl, const char *string, size_t len)
5443 {
5444 struct nameidata *ndp;
5445 struct componentname *cnp;
5446 size_t adjust;
5447
5448 ndp = fpl->ndp;
5449 cnp = fpl->cnp;
5450
5451 if (__predict_false(len == 0)) {
5452 return (ENOENT);
5453 }
5454
5455 if (__predict_false(len > MAXPATHLEN - 2)) {
5456 if (cache_fpl_istrailingslash(fpl)) {
5457 return (EAGAIN);
5458 }
5459 }
5460
5461 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr - cnp->cn_namelen + 1;
5462 #ifdef INVARIANTS
5463 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) {
5464 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n",
5465 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar,
5466 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf);
5467 }
5468 #endif
5469
5470 if (__predict_false(len + ndp->ni_pathlen > MAXPATHLEN)) {
5471 return (ENAMETOOLONG);
5472 }
5473
5474 if (__predict_false(ndp->ni_loopcnt++ >= MAXSYMLINKS)) {
5475 return (ELOOP);
5476 }
5477
5478 adjust = len;
5479 if (ndp->ni_pathlen > 1) {
5480 bcopy(ndp->ni_next, cnp->cn_pnbuf + len, ndp->ni_pathlen);
5481 } else {
5482 if (cache_fpl_istrailingslash(fpl)) {
5483 adjust = len + 1;
5484 cnp->cn_pnbuf[len] = '/';
5485 cnp->cn_pnbuf[len + 1] = '\0';
5486 } else {
5487 cnp->cn_pnbuf[len] = '\0';
5488 }
5489 }
5490 bcopy(string, cnp->cn_pnbuf, len);
5491
5492 ndp->ni_pathlen += adjust;
5493 cache_fpl_pathlen_add(fpl, adjust);
5494 cnp->cn_nameptr = cnp->cn_pnbuf;
5495 fpl->nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1];
5496 fpl->tvp = NULL;
5497 return (0);
5498 }
5499
5500 static int __noinline
cache_fplookup_symlink(struct cache_fpl * fpl)5501 cache_fplookup_symlink(struct cache_fpl *fpl)
5502 {
5503 struct mount *mp;
5504 struct nameidata *ndp;
5505 struct componentname *cnp;
5506 struct vnode *dvp, *tvp;
5507 struct pwd *pwd;
5508 int error;
5509
5510 ndp = fpl->ndp;
5511 cnp = fpl->cnp;
5512 dvp = fpl->dvp;
5513 tvp = fpl->tvp;
5514 pwd = *(fpl->pwd);
5515
5516 if (cache_fpl_islastcn(ndp)) {
5517 if ((cnp->cn_flags & FOLLOW) == 0) {
5518 return (cache_fplookup_final(fpl));
5519 }
5520 }
5521
5522 mp = atomic_load_ptr(&dvp->v_mount);
5523 if (__predict_false(mp == NULL)) {
5524 return (cache_fpl_aborted(fpl));
5525 }
5526
5527 /*
5528 * Note this check races against setting the flag just like regular
5529 * lookup.
5530 */
5531 if (__predict_false((mp->mnt_flag & MNT_NOSYMFOLLOW) != 0)) {
5532 cache_fpl_smr_exit(fpl);
5533 return (cache_fpl_handled_error(fpl, EACCES));
5534 }
5535
5536 error = VOP_FPLOOKUP_SYMLINK(tvp, fpl);
5537 if (__predict_false(error != 0)) {
5538 switch (error) {
5539 case EAGAIN:
5540 return (cache_fpl_partial(fpl));
5541 case ENOENT:
5542 case ENAMETOOLONG:
5543 case ELOOP:
5544 cache_fpl_smr_exit(fpl);
5545 return (cache_fpl_handled_error(fpl, error));
5546 default:
5547 return (cache_fpl_aborted(fpl));
5548 }
5549 }
5550
5551 if (*(cnp->cn_nameptr) == '/') {
5552 fpl->dvp = cache_fpl_handle_root(fpl);
5553 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp);
5554 if (seqc_in_modify(fpl->dvp_seqc)) {
5555 return (cache_fpl_aborted(fpl));
5556 }
5557 /*
5558 * The main loop assumes that ->dvp points to a vnode belonging
5559 * to a filesystem which can do lockless lookup, but the absolute
5560 * symlink can be wandering off to one which does not.
5561 */
5562 mp = atomic_load_ptr(&fpl->dvp->v_mount);
5563 if (__predict_false(mp == NULL)) {
5564 return (cache_fpl_aborted(fpl));
5565 }
5566 if (!cache_fplookup_mp_supported(mp)) {
5567 cache_fpl_checkpoint(fpl);
5568 return (cache_fpl_partial(fpl));
5569 }
5570 if (__predict_false(pwd->pwd_adir != pwd->pwd_rdir)) {
5571 return (cache_fpl_aborted(fpl));
5572 }
5573 }
5574 return (0);
5575 }
5576
5577 static int
cache_fplookup_next(struct cache_fpl * fpl)5578 cache_fplookup_next(struct cache_fpl *fpl)
5579 {
5580 struct componentname *cnp;
5581 struct namecache *ncp;
5582 struct vnode *dvp, *tvp;
5583 u_char nc_flag;
5584 uint32_t hash;
5585 int error;
5586
5587 cnp = fpl->cnp;
5588 dvp = fpl->dvp;
5589 hash = fpl->hash;
5590
5591 if (__predict_false(cnp->cn_nameptr[0] == '.')) {
5592 if (cnp->cn_namelen == 1) {
5593 return (cache_fplookup_dot(fpl));
5594 }
5595 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') {
5596 return (cache_fplookup_dotdot(fpl));
5597 }
5598 }
5599
5600 MPASS(!cache_fpl_isdotdot(cnp));
5601
5602 ncp = cache_ncp_find(dvp, cnp, hash);
5603 if (__predict_false(ncp == NULL)) {
5604 return (cache_fplookup_noentry(fpl));
5605 }
5606
5607 tvp = atomic_load_ptr(&ncp->nc_vp);
5608 nc_flag = atomic_load_char(&ncp->nc_flag);
5609 if ((nc_flag & NCF_NEGATIVE) != 0) {
5610 return (cache_fplookup_neg(fpl, ncp, hash));
5611 }
5612
5613 if (!cache_ncp_canuse(ncp)) {
5614 return (cache_fpl_partial(fpl));
5615 }
5616
5617 fpl->tvp = tvp;
5618 fpl->tvp_seqc = vn_seqc_read_any(tvp);
5619 if (seqc_in_modify(fpl->tvp_seqc)) {
5620 return (cache_fpl_partial(fpl));
5621 }
5622
5623 counter_u64_add(numposhits, 1);
5624 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, tvp);
5625
5626 error = 0;
5627 if (cache_fplookup_is_mp(fpl)) {
5628 error = cache_fplookup_cross_mount(fpl);
5629 }
5630 return (error);
5631 }
5632
5633 static bool
cache_fplookup_mp_supported(struct mount * mp)5634 cache_fplookup_mp_supported(struct mount *mp)
5635 {
5636
5637 MPASS(mp != NULL);
5638 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0)
5639 return (false);
5640 return (true);
5641 }
5642
5643 /*
5644 * Walk up the mount stack (if any).
5645 *
5646 * Correctness is provided in the following ways:
5647 * - all vnodes are protected from freeing with SMR
5648 * - struct mount objects are type stable making them always safe to access
5649 * - stability of the particular mount is provided by busying it
5650 * - relationship between the vnode which is mounted on and the mount is
5651 * verified with the vnode sequence counter after busying
5652 * - association between root vnode of the mount and the mount is protected
5653 * by busy
5654 *
5655 * From that point on we can read the sequence counter of the root vnode
5656 * and get the next mount on the stack (if any) using the same protection.
5657 *
5658 * By the end of successful walk we are guaranteed the reached state was
5659 * indeed present at least at some point which matches the regular lookup.
5660 */
5661 static int __noinline
cache_fplookup_climb_mount(struct cache_fpl * fpl)5662 cache_fplookup_climb_mount(struct cache_fpl *fpl)
5663 {
5664 struct mount *mp, *prev_mp;
5665 struct mount_pcpu *mpcpu, *prev_mpcpu;
5666 struct vnode *vp;
5667 seqc_t vp_seqc;
5668
5669 vp = fpl->tvp;
5670 vp_seqc = fpl->tvp_seqc;
5671
5672 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp);
5673 mp = atomic_load_ptr(&vp->v_mountedhere);
5674 if (__predict_false(mp == NULL)) {
5675 return (0);
5676 }
5677
5678 prev_mp = NULL;
5679 for (;;) {
5680 if (!vfs_op_thread_enter_crit(mp, mpcpu)) {
5681 if (prev_mp != NULL)
5682 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu);
5683 return (cache_fpl_partial(fpl));
5684 }
5685 if (prev_mp != NULL)
5686 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu);
5687 if (!vn_seqc_consistent(vp, vp_seqc)) {
5688 vfs_op_thread_exit_crit(mp, mpcpu);
5689 return (cache_fpl_partial(fpl));
5690 }
5691 if (!cache_fplookup_mp_supported(mp)) {
5692 vfs_op_thread_exit_crit(mp, mpcpu);
5693 return (cache_fpl_partial(fpl));
5694 }
5695 vp = atomic_load_ptr(&mp->mnt_rootvnode);
5696 if (vp == NULL) {
5697 vfs_op_thread_exit_crit(mp, mpcpu);
5698 return (cache_fpl_partial(fpl));
5699 }
5700 vp_seqc = vn_seqc_read_any(vp);
5701 if (seqc_in_modify(vp_seqc)) {
5702 vfs_op_thread_exit_crit(mp, mpcpu);
5703 return (cache_fpl_partial(fpl));
5704 }
5705 prev_mp = mp;
5706 prev_mpcpu = mpcpu;
5707 mp = atomic_load_ptr(&vp->v_mountedhere);
5708 if (mp == NULL)
5709 break;
5710 }
5711
5712 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu);
5713 fpl->tvp = vp;
5714 fpl->tvp_seqc = vp_seqc;
5715 return (0);
5716 }
5717
5718 static int __noinline
cache_fplookup_cross_mount(struct cache_fpl * fpl)5719 cache_fplookup_cross_mount(struct cache_fpl *fpl)
5720 {
5721 struct mount *mp;
5722 struct mount_pcpu *mpcpu;
5723 struct vnode *vp;
5724 seqc_t vp_seqc;
5725
5726 vp = fpl->tvp;
5727 vp_seqc = fpl->tvp_seqc;
5728
5729 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp);
5730 mp = atomic_load_ptr(&vp->v_mountedhere);
5731 if (__predict_false(mp == NULL)) {
5732 return (0);
5733 }
5734
5735 if (!vfs_op_thread_enter_crit(mp, mpcpu)) {
5736 return (cache_fpl_partial(fpl));
5737 }
5738 if (!vn_seqc_consistent(vp, vp_seqc)) {
5739 vfs_op_thread_exit_crit(mp, mpcpu);
5740 return (cache_fpl_partial(fpl));
5741 }
5742 if (!cache_fplookup_mp_supported(mp)) {
5743 vfs_op_thread_exit_crit(mp, mpcpu);
5744 return (cache_fpl_partial(fpl));
5745 }
5746 vp = atomic_load_ptr(&mp->mnt_rootvnode);
5747 if (__predict_false(vp == NULL)) {
5748 vfs_op_thread_exit_crit(mp, mpcpu);
5749 return (cache_fpl_partial(fpl));
5750 }
5751 vp_seqc = vn_seqc_read_any(vp);
5752 vfs_op_thread_exit_crit(mp, mpcpu);
5753 if (seqc_in_modify(vp_seqc)) {
5754 return (cache_fpl_partial(fpl));
5755 }
5756 mp = atomic_load_ptr(&vp->v_mountedhere);
5757 if (__predict_false(mp != NULL)) {
5758 /*
5759 * There are possibly more mount points on top.
5760 * Normally this does not happen so for simplicity just start
5761 * over.
5762 */
5763 return (cache_fplookup_climb_mount(fpl));
5764 }
5765
5766 fpl->tvp = vp;
5767 fpl->tvp_seqc = vp_seqc;
5768 return (0);
5769 }
5770
5771 /*
5772 * Check if a vnode is mounted on.
5773 */
5774 static bool
cache_fplookup_is_mp(struct cache_fpl * fpl)5775 cache_fplookup_is_mp(struct cache_fpl *fpl)
5776 {
5777 struct vnode *vp;
5778
5779 vp = fpl->tvp;
5780 return ((vn_irflag_read(vp) & VIRF_MOUNTPOINT) != 0);
5781 }
5782
5783 /*
5784 * Parse the path.
5785 *
5786 * The code was originally copy-pasted from regular lookup and despite
5787 * clean ups leaves performance on the table. Any modifications here
5788 * must take into account that in case off fallback the resulting
5789 * nameidata state has to be compatible with the original.
5790 */
5791
5792 /*
5793 * Debug ni_pathlen tracking.
5794 */
5795 #ifdef INVARIANTS
5796 static void
cache_fpl_pathlen_add(struct cache_fpl * fpl,size_t n)5797 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n)
5798 {
5799
5800 fpl->debug.ni_pathlen += n;
5801 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX,
5802 ("%s: pathlen overflow to %zd\n", __func__, fpl->debug.ni_pathlen));
5803 }
5804
5805 static void
cache_fpl_pathlen_sub(struct cache_fpl * fpl,size_t n)5806 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n)
5807 {
5808
5809 fpl->debug.ni_pathlen -= n;
5810 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX,
5811 ("%s: pathlen underflow to %zd\n", __func__, fpl->debug.ni_pathlen));
5812 }
5813
5814 static void
cache_fpl_pathlen_inc(struct cache_fpl * fpl)5815 cache_fpl_pathlen_inc(struct cache_fpl *fpl)
5816 {
5817
5818 cache_fpl_pathlen_add(fpl, 1);
5819 }
5820
5821 static void
cache_fpl_pathlen_dec(struct cache_fpl * fpl)5822 cache_fpl_pathlen_dec(struct cache_fpl *fpl)
5823 {
5824
5825 cache_fpl_pathlen_sub(fpl, 1);
5826 }
5827 #else
5828 static void
cache_fpl_pathlen_add(struct cache_fpl * fpl,size_t n)5829 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n)
5830 {
5831 }
5832
5833 static void
cache_fpl_pathlen_sub(struct cache_fpl * fpl,size_t n)5834 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n)
5835 {
5836 }
5837
5838 static void
cache_fpl_pathlen_inc(struct cache_fpl * fpl)5839 cache_fpl_pathlen_inc(struct cache_fpl *fpl)
5840 {
5841 }
5842
5843 static void
cache_fpl_pathlen_dec(struct cache_fpl * fpl)5844 cache_fpl_pathlen_dec(struct cache_fpl *fpl)
5845 {
5846 }
5847 #endif
5848
5849 static void
cache_fplookup_parse(struct cache_fpl * fpl)5850 cache_fplookup_parse(struct cache_fpl *fpl)
5851 {
5852 struct nameidata *ndp;
5853 struct componentname *cnp;
5854 struct vnode *dvp;
5855 char *cp;
5856 uint32_t hash;
5857
5858 ndp = fpl->ndp;
5859 cnp = fpl->cnp;
5860 dvp = fpl->dvp;
5861
5862 /*
5863 * Find the end of this path component, it is either / or nul.
5864 *
5865 * Store / as a temporary sentinel so that we only have one character
5866 * to test for. Pathnames tend to be short so this should not be
5867 * resulting in cache misses.
5868 *
5869 * TODO: fix this to be word-sized.
5870 */
5871 MPASS(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] >= cnp->cn_pnbuf);
5872 KASSERT(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] == fpl->nulchar,
5873 ("%s: mismatch between pathlen (%zu) and nulchar (%p != %p), string [%s]\n",
5874 __func__, fpl->debug.ni_pathlen, &cnp->cn_nameptr[fpl->debug.ni_pathlen - 1],
5875 fpl->nulchar, cnp->cn_pnbuf));
5876 KASSERT(*fpl->nulchar == '\0',
5877 ("%s: expected nul at %p; string [%s]\n", __func__, fpl->nulchar,
5878 cnp->cn_pnbuf));
5879 hash = cache_get_hash_iter_start(dvp);
5880 *fpl->nulchar = '/';
5881 for (cp = cnp->cn_nameptr; *cp != '/'; cp++) {
5882 KASSERT(*cp != '\0',
5883 ("%s: encountered unexpected nul; string [%s]\n", __func__,
5884 cnp->cn_nameptr));
5885 hash = cache_get_hash_iter(*cp, hash);
5886 continue;
5887 }
5888 *fpl->nulchar = '\0';
5889 fpl->hash = cache_get_hash_iter_finish(hash);
5890
5891 cnp->cn_namelen = cp - cnp->cn_nameptr;
5892 cache_fpl_pathlen_sub(fpl, cnp->cn_namelen);
5893
5894 #ifdef INVARIANTS
5895 /*
5896 * cache_get_hash only accepts lengths up to NAME_MAX. This is fine since
5897 * we are going to fail this lookup with ENAMETOOLONG (see below).
5898 */
5899 if (cnp->cn_namelen <= NAME_MAX) {
5900 if (fpl->hash != cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp)) {
5901 panic("%s: mismatched hash for [%s] len %ld", __func__,
5902 cnp->cn_nameptr, cnp->cn_namelen);
5903 }
5904 }
5905 #endif
5906
5907 /*
5908 * Hack: we have to check if the found path component's length exceeds
5909 * NAME_MAX. However, the condition is very rarely true and check can
5910 * be elided in the common case -- if an entry was found in the cache,
5911 * then it could not have been too long to begin with.
5912 */
5913 ndp->ni_next = cp;
5914 }
5915
5916 static void
cache_fplookup_parse_advance(struct cache_fpl * fpl)5917 cache_fplookup_parse_advance(struct cache_fpl *fpl)
5918 {
5919 struct nameidata *ndp;
5920 struct componentname *cnp;
5921
5922 ndp = fpl->ndp;
5923 cnp = fpl->cnp;
5924
5925 cnp->cn_nameptr = ndp->ni_next;
5926 KASSERT(*(cnp->cn_nameptr) == '/',
5927 ("%s: should have seen slash at %p ; buf %p [%s]\n", __func__,
5928 cnp->cn_nameptr, cnp->cn_pnbuf, cnp->cn_pnbuf));
5929 cnp->cn_nameptr++;
5930 cache_fpl_pathlen_dec(fpl);
5931 }
5932
5933 /*
5934 * Skip spurious slashes in a pathname (e.g., "foo///bar") and retry.
5935 *
5936 * Lockless lookup tries to elide checking for spurious slashes and should they
5937 * be present is guaranteed to fail to find an entry. In this case the caller
5938 * must check if the name starts with a slash and call this routine. It is
5939 * going to fast forward across the spurious slashes and set the state up for
5940 * retry.
5941 */
5942 static int __noinline
cache_fplookup_skip_slashes(struct cache_fpl * fpl)5943 cache_fplookup_skip_slashes(struct cache_fpl *fpl)
5944 {
5945 struct nameidata *ndp;
5946 struct componentname *cnp;
5947
5948 ndp = fpl->ndp;
5949 cnp = fpl->cnp;
5950
5951 MPASS(*(cnp->cn_nameptr) == '/');
5952 do {
5953 cnp->cn_nameptr++;
5954 cache_fpl_pathlen_dec(fpl);
5955 } while (*(cnp->cn_nameptr) == '/');
5956
5957 /*
5958 * Go back to one slash so that cache_fplookup_parse_advance has
5959 * something to skip.
5960 */
5961 cnp->cn_nameptr--;
5962 cache_fpl_pathlen_inc(fpl);
5963
5964 /*
5965 * cache_fplookup_parse_advance starts from ndp->ni_next
5966 */
5967 ndp->ni_next = cnp->cn_nameptr;
5968
5969 /*
5970 * See cache_fplookup_dot.
5971 */
5972 fpl->tvp = fpl->dvp;
5973 fpl->tvp_seqc = fpl->dvp_seqc;
5974
5975 return (0);
5976 }
5977
5978 /*
5979 * Handle trailing slashes (e.g., "foo/").
5980 *
5981 * If a trailing slash is found the terminal vnode must be a directory.
5982 * Regular lookup shortens the path by nulifying the first trailing slash and
5983 * sets the TRAILINGSLASH flag to denote this took place. There are several
5984 * checks on it performed later.
5985 *
5986 * Similarly to spurious slashes, lockless lookup handles this in a speculative
5987 * manner relying on an invariant that a non-directory vnode will get a miss.
5988 * In this case cn_nameptr[0] == '\0' and cn_namelen == 0.
5989 *
5990 * Thus for a path like "foo/bar/" the code unwinds the state back to "bar/"
5991 * and denotes this is the last path component, which avoids looping back.
5992 *
5993 * Only plain lookups are supported for now to restrict corner cases to handle.
5994 */
5995 static int __noinline
cache_fplookup_trailingslash(struct cache_fpl * fpl)5996 cache_fplookup_trailingslash(struct cache_fpl *fpl)
5997 {
5998 #ifdef INVARIANTS
5999 size_t ni_pathlen;
6000 #endif
6001 struct nameidata *ndp;
6002 struct componentname *cnp;
6003 struct namecache *ncp;
6004 struct vnode *tvp;
6005 char *cn_nameptr_orig, *cn_nameptr_slash;
6006 seqc_t tvp_seqc;
6007 u_char nc_flag;
6008
6009 ndp = fpl->ndp;
6010 cnp = fpl->cnp;
6011 tvp = fpl->tvp;
6012 tvp_seqc = fpl->tvp_seqc;
6013
6014 MPASS(fpl->dvp == fpl->tvp);
6015 KASSERT(cache_fpl_istrailingslash(fpl),
6016 ("%s: expected trailing slash at %p; string [%s]\n", __func__, fpl->nulchar - 1,
6017 cnp->cn_pnbuf));
6018 KASSERT(cnp->cn_nameptr[0] == '\0',
6019 ("%s: expected nul char at %p; string [%s]\n", __func__, &cnp->cn_nameptr[0],
6020 cnp->cn_pnbuf));
6021 KASSERT(cnp->cn_namelen == 0,
6022 ("%s: namelen 0 but got %ld; string [%s]\n", __func__, cnp->cn_namelen,
6023 cnp->cn_pnbuf));
6024 MPASS(cnp->cn_nameptr > cnp->cn_pnbuf);
6025
6026 if (cnp->cn_nameiop != LOOKUP) {
6027 return (cache_fpl_aborted(fpl));
6028 }
6029
6030 if (__predict_false(tvp->v_type != VDIR)) {
6031 if (!vn_seqc_consistent(tvp, tvp_seqc)) {
6032 return (cache_fpl_aborted(fpl));
6033 }
6034 cache_fpl_smr_exit(fpl);
6035 return (cache_fpl_handled_error(fpl, ENOTDIR));
6036 }
6037
6038 /*
6039 * Denote the last component.
6040 */
6041 ndp->ni_next = &cnp->cn_nameptr[0];
6042 MPASS(cache_fpl_islastcn(ndp));
6043
6044 /*
6045 * Unwind trailing slashes.
6046 */
6047 cn_nameptr_orig = cnp->cn_nameptr;
6048 while (cnp->cn_nameptr >= cnp->cn_pnbuf) {
6049 cnp->cn_nameptr--;
6050 if (cnp->cn_nameptr[0] != '/') {
6051 break;
6052 }
6053 }
6054
6055 /*
6056 * Unwind to the beginning of the path component.
6057 *
6058 * Note the path may or may not have started with a slash.
6059 */
6060 cn_nameptr_slash = cnp->cn_nameptr;
6061 while (cnp->cn_nameptr > cnp->cn_pnbuf) {
6062 cnp->cn_nameptr--;
6063 if (cnp->cn_nameptr[0] == '/') {
6064 break;
6065 }
6066 }
6067 if (cnp->cn_nameptr[0] == '/') {
6068 cnp->cn_nameptr++;
6069 }
6070
6071 cnp->cn_namelen = cn_nameptr_slash - cnp->cn_nameptr + 1;
6072 cache_fpl_pathlen_add(fpl, cn_nameptr_orig - cnp->cn_nameptr);
6073 cache_fpl_checkpoint(fpl);
6074
6075 #ifdef INVARIANTS
6076 ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1;
6077 if (ni_pathlen != fpl->debug.ni_pathlen) {
6078 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n",
6079 __func__, ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar,
6080 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf);
6081 }
6082 #endif
6083
6084 /*
6085 * If this was a "./" lookup the parent directory is already correct.
6086 */
6087 if (cnp->cn_nameptr[0] == '.' && cnp->cn_namelen == 1) {
6088 return (0);
6089 }
6090
6091 /*
6092 * Otherwise we need to look it up.
6093 */
6094 tvp = fpl->tvp;
6095 ncp = atomic_load_consume_ptr(&tvp->v_cache_dd);
6096 if (__predict_false(ncp == NULL)) {
6097 return (cache_fpl_aborted(fpl));
6098 }
6099 nc_flag = atomic_load_char(&ncp->nc_flag);
6100 if ((nc_flag & NCF_ISDOTDOT) != 0) {
6101 return (cache_fpl_aborted(fpl));
6102 }
6103 fpl->dvp = ncp->nc_dvp;
6104 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp);
6105 if (seqc_in_modify(fpl->dvp_seqc)) {
6106 return (cache_fpl_aborted(fpl));
6107 }
6108 return (0);
6109 }
6110
6111 /*
6112 * See the API contract for VOP_FPLOOKUP_VEXEC.
6113 */
6114 static int __noinline
cache_fplookup_failed_vexec(struct cache_fpl * fpl,int error)6115 cache_fplookup_failed_vexec(struct cache_fpl *fpl, int error)
6116 {
6117 struct componentname *cnp;
6118 struct vnode *dvp;
6119 seqc_t dvp_seqc;
6120
6121 cnp = fpl->cnp;
6122 dvp = fpl->dvp;
6123 dvp_seqc = fpl->dvp_seqc;
6124
6125 /*
6126 * Hack: delayed empty path checking.
6127 */
6128 if (cnp->cn_pnbuf[0] == '\0') {
6129 return (cache_fplookup_emptypath(fpl));
6130 }
6131
6132 /*
6133 * TODO: Due to ignoring trailing slashes lookup will perform a
6134 * permission check on the last dir when it should not be doing it. It
6135 * may fail, but said failure should be ignored. It is possible to fix
6136 * it up fully without resorting to regular lookup, but for now just
6137 * abort.
6138 */
6139 if (cache_fpl_istrailingslash(fpl)) {
6140 return (cache_fpl_aborted(fpl));
6141 }
6142
6143 /*
6144 * Hack: delayed degenerate path checking.
6145 */
6146 if (cnp->cn_nameptr[0] == '\0' && fpl->tvp == NULL) {
6147 return (cache_fplookup_degenerate(fpl));
6148 }
6149
6150 /*
6151 * Hack: delayed name len checking.
6152 */
6153 if (__predict_false(cnp->cn_namelen > NAME_MAX)) {
6154 cache_fpl_smr_exit(fpl);
6155 return (cache_fpl_handled_error(fpl, ENAMETOOLONG));
6156 }
6157
6158 /*
6159 * Hack: they may be looking up foo/bar, where foo is not a directory.
6160 * In such a case we need to return ENOTDIR, but we may happen to get
6161 * here with a different error.
6162 */
6163 if (dvp->v_type != VDIR) {
6164 error = ENOTDIR;
6165 }
6166
6167 /*
6168 * Hack: handle O_SEARCH.
6169 *
6170 * Open Group Base Specifications Issue 7, 2018 edition states:
6171 * <quote>
6172 * If the access mode of the open file description associated with the
6173 * file descriptor is not O_SEARCH, the function shall check whether
6174 * directory searches are permitted using the current permissions of
6175 * the directory underlying the file descriptor. If the access mode is
6176 * O_SEARCH, the function shall not perform the check.
6177 * </quote>
6178 *
6179 * Regular lookup tests for the NOEXECCHECK flag for every path
6180 * component to decide whether to do the permission check. However,
6181 * since most lookups never have the flag (and when they do it is only
6182 * present for the first path component), lockless lookup only acts on
6183 * it if there is a permission problem. Here the flag is represented
6184 * with a boolean so that we don't have to clear it on the way out.
6185 *
6186 * For simplicity this always aborts.
6187 * TODO: check if this is the first lookup and ignore the permission
6188 * problem. Note the flag has to survive fallback (if it happens to be
6189 * performed).
6190 */
6191 if (fpl->fsearch) {
6192 return (cache_fpl_aborted(fpl));
6193 }
6194
6195 switch (error) {
6196 case EAGAIN:
6197 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
6198 error = cache_fpl_aborted(fpl);
6199 } else {
6200 cache_fpl_partial(fpl);
6201 }
6202 break;
6203 default:
6204 if (!vn_seqc_consistent(dvp, dvp_seqc)) {
6205 error = cache_fpl_aborted(fpl);
6206 } else {
6207 cache_fpl_smr_exit(fpl);
6208 cache_fpl_handled_error(fpl, error);
6209 }
6210 break;
6211 }
6212 return (error);
6213 }
6214
6215 static int
cache_fplookup_impl(struct vnode * dvp,struct cache_fpl * fpl)6216 cache_fplookup_impl(struct vnode *dvp, struct cache_fpl *fpl)
6217 {
6218 struct nameidata *ndp;
6219 struct componentname *cnp;
6220 struct mount *mp;
6221 int error;
6222
6223 ndp = fpl->ndp;
6224 cnp = fpl->cnp;
6225
6226 cache_fpl_checkpoint(fpl);
6227
6228 /*
6229 * The vnode at hand is almost always stable, skip checking for it.
6230 * Worst case this postpones the check towards the end of the iteration
6231 * of the main loop.
6232 */
6233 fpl->dvp = dvp;
6234 fpl->dvp_seqc = vn_seqc_read_notmodify(fpl->dvp);
6235
6236 mp = atomic_load_ptr(&dvp->v_mount);
6237 if (__predict_false(mp == NULL || !cache_fplookup_mp_supported(mp))) {
6238 return (cache_fpl_aborted(fpl));
6239 }
6240
6241 MPASS(fpl->tvp == NULL);
6242
6243 for (;;) {
6244 cache_fplookup_parse(fpl);
6245
6246 error = VOP_FPLOOKUP_VEXEC(fpl->dvp, cnp->cn_cred);
6247 if (__predict_false(error != 0)) {
6248 error = cache_fplookup_failed_vexec(fpl, error);
6249 break;
6250 }
6251
6252 error = cache_fplookup_next(fpl);
6253 if (__predict_false(cache_fpl_terminated(fpl))) {
6254 break;
6255 }
6256
6257 VNPASS(!seqc_in_modify(fpl->tvp_seqc), fpl->tvp);
6258
6259 if (fpl->tvp->v_type == VLNK) {
6260 error = cache_fplookup_symlink(fpl);
6261 if (cache_fpl_terminated(fpl)) {
6262 break;
6263 }
6264 } else {
6265 if (cache_fpl_islastcn(ndp)) {
6266 error = cache_fplookup_final(fpl);
6267 break;
6268 }
6269
6270 if (!vn_seqc_consistent(fpl->dvp, fpl->dvp_seqc)) {
6271 error = cache_fpl_aborted(fpl);
6272 break;
6273 }
6274
6275 fpl->dvp = fpl->tvp;
6276 fpl->dvp_seqc = fpl->tvp_seqc;
6277 cache_fplookup_parse_advance(fpl);
6278 }
6279
6280 cache_fpl_checkpoint(fpl);
6281 }
6282
6283 return (error);
6284 }
6285
6286 /*
6287 * Fast path lookup protected with SMR and sequence counters.
6288 *
6289 * Note: all VOP_FPLOOKUP_VEXEC routines have a comment referencing this one.
6290 *
6291 * Filesystems can opt in by setting the MNTK_FPLOOKUP flag and meeting criteria
6292 * outlined below.
6293 *
6294 * Traditional vnode lookup conceptually looks like this:
6295 *
6296 * vn_lock(current);
6297 * for (;;) {
6298 * next = find();
6299 * vn_lock(next);
6300 * vn_unlock(current);
6301 * current = next;
6302 * if (last)
6303 * break;
6304 * }
6305 * return (current);
6306 *
6307 * Each jump to the next vnode is safe memory-wise and atomic with respect to
6308 * any modifications thanks to holding respective locks.
6309 *
6310 * The same guarantee can be provided with a combination of safe memory
6311 * reclamation and sequence counters instead. If all operations which affect
6312 * the relationship between the current vnode and the one we are looking for
6313 * also modify the counter, we can verify whether all the conditions held as
6314 * we made the jump. This includes things like permissions, mount points etc.
6315 * Counter modification is provided by enclosing relevant places in
6316 * vn_seqc_write_begin()/end() calls.
6317 *
6318 * Thus this translates to:
6319 *
6320 * vfs_smr_enter();
6321 * dvp_seqc = seqc_read_any(dvp);
6322 * if (seqc_in_modify(dvp_seqc)) // someone is altering the vnode
6323 * abort();
6324 * for (;;) {
6325 * tvp = find();
6326 * tvp_seqc = seqc_read_any(tvp);
6327 * if (seqc_in_modify(tvp_seqc)) // someone is altering the target vnode
6328 * abort();
6329 * if (!seqc_consistent(dvp, dvp_seqc) // someone is altering the vnode
6330 * abort();
6331 * dvp = tvp; // we know nothing of importance has changed
6332 * dvp_seqc = tvp_seqc; // store the counter for the tvp iteration
6333 * if (last)
6334 * break;
6335 * }
6336 * vget(); // secure the vnode
6337 * if (!seqc_consistent(tvp, tvp_seqc) // final check
6338 * abort();
6339 * // at this point we know nothing has changed for any parent<->child pair
6340 * // as they were crossed during the lookup, meaning we matched the guarantee
6341 * // of the locked variant
6342 * return (tvp);
6343 *
6344 * The API contract for VOP_FPLOOKUP_VEXEC routines is as follows:
6345 * - they are called while within vfs_smr protection which they must never exit
6346 * - EAGAIN can be returned to denote checking could not be performed, it is
6347 * always valid to return it
6348 * - if the sequence counter has not changed the result must be valid
6349 * - if the sequence counter has changed both false positives and false negatives
6350 * are permitted (since the result will be rejected later)
6351 * - for simple cases of unix permission checks vaccess_vexec_smr can be used
6352 *
6353 * Caveats to watch out for:
6354 * - vnodes are passed unlocked and unreferenced with nothing stopping
6355 * VOP_RECLAIM, in turn meaning that ->v_data can become NULL. It is advised
6356 * to use atomic_load_ptr to fetch it.
6357 * - the aforementioned object can also get freed, meaning absent other means it
6358 * should be protected with vfs_smr
6359 * - either safely checking permissions as they are modified or guaranteeing
6360 * their stability is left to the routine
6361 */
6362 int
cache_fplookup(struct nameidata * ndp,enum cache_fpl_status * status,struct pwd ** pwdp)6363 cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status,
6364 struct pwd **pwdp)
6365 {
6366 struct cache_fpl fpl;
6367 struct pwd *pwd;
6368 struct vnode *dvp;
6369 struct componentname *cnp;
6370 int error;
6371
6372 fpl.status = CACHE_FPL_STATUS_UNSET;
6373 fpl.in_smr = false;
6374 fpl.ndp = ndp;
6375 fpl.cnp = cnp = &ndp->ni_cnd;
6376 MPASS(ndp->ni_lcf == 0);
6377 KASSERT ((cnp->cn_flags & CACHE_FPL_INTERNAL_CN_FLAGS) == 0,
6378 ("%s: internal flags found in cn_flags %" PRIx64, __func__,
6379 cnp->cn_flags));
6380 MPASS(cnp->cn_nameptr == cnp->cn_pnbuf);
6381 MPASS(ndp->ni_resflags == 0);
6382
6383 if (__predict_false(!cache_can_fplookup(&fpl))) {
6384 *status = fpl.status;
6385 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status);
6386 return (EOPNOTSUPP);
6387 }
6388
6389 cache_fpl_checkpoint_outer(&fpl);
6390
6391 cache_fpl_smr_enter_initial(&fpl);
6392 #ifdef INVARIANTS
6393 fpl.debug.ni_pathlen = ndp->ni_pathlen;
6394 #endif
6395 fpl.nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1];
6396 fpl.fsearch = false;
6397 fpl.tvp = NULL; /* for degenerate path handling */
6398 fpl.pwd = pwdp;
6399 pwd = pwd_get_smr();
6400 *(fpl.pwd) = pwd;
6401 namei_setup_rootdir(ndp, cnp, pwd);
6402 ndp->ni_topdir = pwd->pwd_jdir;
6403
6404 if (cnp->cn_pnbuf[0] == '/') {
6405 dvp = cache_fpl_handle_root(&fpl);
6406 ndp->ni_resflags = NIRES_ABS;
6407 } else {
6408 if (ndp->ni_dirfd == AT_FDCWD) {
6409 dvp = pwd->pwd_cdir;
6410 } else {
6411 error = cache_fplookup_dirfd(&fpl, &dvp);
6412 if (__predict_false(error != 0)) {
6413 goto out;
6414 }
6415 }
6416 }
6417
6418 SDT_PROBE4(vfs, namei, lookup, entry, dvp, cnp->cn_pnbuf, cnp->cn_flags, true);
6419 error = cache_fplookup_impl(dvp, &fpl);
6420 out:
6421 cache_fpl_smr_assert_not_entered(&fpl);
6422 cache_fpl_assert_status(&fpl);
6423 *status = fpl.status;
6424 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status);
6425 if (__predict_true(fpl.status == CACHE_FPL_STATUS_HANDLED)) {
6426 MPASS(error != CACHE_FPL_FAILED);
6427 SDT_PROBE4(vfs, namei, lookup, return, error, ndp->ni_vp, true,
6428 ndp);
6429 if (error != 0) {
6430 cache_fpl_cleanup_cnp(fpl.cnp);
6431 MPASS(fpl.dvp == NULL);
6432 MPASS(fpl.tvp == NULL);
6433 }
6434 ndp->ni_dvp = fpl.dvp;
6435 ndp->ni_vp = fpl.tvp;
6436 }
6437 return (error);
6438 }
6439