1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993, 1995 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Poul-Henning Kamp of the FreeBSD Project. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include "opt_ddb.h" 36 #include "opt_ktrace.h" 37 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/capsicum.h> 41 #include <sys/counter.h> 42 #include <sys/filedesc.h> 43 #include <sys/fnv_hash.h> 44 #include <sys/inotify.h> 45 #include <sys/kernel.h> 46 #include <sys/ktr.h> 47 #include <sys/lock.h> 48 #include <sys/malloc.h> 49 #include <sys/fcntl.h> 50 #include <sys/jail.h> 51 #include <sys/mount.h> 52 #include <sys/namei.h> 53 #include <sys/proc.h> 54 #include <sys/seqc.h> 55 #include <sys/sdt.h> 56 #include <sys/smr.h> 57 #include <sys/smp.h> 58 #include <sys/syscallsubr.h> 59 #include <sys/sysctl.h> 60 #include <sys/sysproto.h> 61 #include <sys/vnode.h> 62 #include <ck_queue.h> 63 #ifdef KTRACE 64 #include <sys/ktrace.h> 65 #endif 66 #ifdef INVARIANTS 67 #include <machine/_inttypes.h> 68 #endif 69 70 #include <security/audit/audit.h> 71 #include <security/mac/mac_framework.h> 72 73 #ifdef DDB 74 #include <ddb/ddb.h> 75 #endif 76 77 #include <vm/uma.h> 78 79 /* 80 * High level overview of name caching in the VFS layer. 81 * 82 * Originally caching was implemented as part of UFS, later extracted to allow 83 * use by other filesystems. A decision was made to make it optional and 84 * completely detached from the rest of the kernel, which comes with limitations 85 * outlined near the end of this comment block. 86 * 87 * This fundamental choice needs to be revisited. In the meantime, the current 88 * state is described below. Significance of all notable routines is explained 89 * in comments placed above their implementation. Scattered thoroughout the 90 * file are TODO comments indicating shortcomings which can be fixed without 91 * reworking everything (most of the fixes will likely be reusable). Various 92 * details are omitted from this explanation to not clutter the overview, they 93 * have to be checked by reading the code and associated commentary. 94 * 95 * Keep in mind that it's individual path components which are cached, not full 96 * paths. That is, for a fully cached path "foo/bar/baz" there are 3 entries, 97 * one for each name. 98 * 99 * I. Data organization 100 * 101 * Entries are described by "struct namecache" objects and stored in a hash 102 * table. See cache_get_hash for more information. 103 * 104 * "struct vnode" contains pointers to source entries (names which can be found 105 * when traversing through said vnode), destination entries (names of that 106 * vnode (see "Limitations" for a breakdown on the subject) and a pointer to 107 * the parent vnode. 108 * 109 * The (directory vnode; name) tuple reliably determines the target entry if 110 * it exists. 111 * 112 * Since there are no small locks at this time (all are 32 bytes in size on 113 * LP64), the code works around the problem by introducing lock arrays to 114 * protect hash buckets and vnode lists. 115 * 116 * II. Filesystem integration 117 * 118 * Filesystems participating in name caching do the following: 119 * - set vop_lookup routine to vfs_cache_lookup 120 * - set vop_cachedlookup to whatever can perform the lookup if the above fails 121 * - if they support lockless lookup (see below), vop_fplookup_vexec and 122 * vop_fplookup_symlink are set along with the MNTK_FPLOOKUP flag on the 123 * mount point 124 * - call cache_purge or cache_vop_* routines to eliminate stale entries as 125 * applicable 126 * - call cache_enter to add entries depending on the MAKEENTRY flag 127 * 128 * With the above in mind, there are 2 entry points when doing lookups: 129 * - ... -> namei -> cache_fplookup -- this is the default 130 * - ... -> VOP_LOOKUP -> vfs_cache_lookup -- normally only called by namei 131 * should the above fail 132 * 133 * Example code flow how an entry is added: 134 * ... -> namei -> cache_fplookup -> cache_fplookup_noentry -> VOP_LOOKUP -> 135 * vfs_cache_lookup -> VOP_CACHEDLOOKUP -> ufs_lookup_ino -> cache_enter 136 * 137 * III. Performance considerations 138 * 139 * For lockless case forward lookup avoids any writes to shared areas apart 140 * from the terminal path component. In other words non-modifying lookups of 141 * different files don't suffer any scalability problems in the namecache. 142 * Looking up the same file is limited by VFS and goes beyond the scope of this 143 * file. 144 * 145 * At least on amd64 the single-threaded bottleneck for long paths is hashing 146 * (see cache_get_hash). There are cases where the code issues acquire fence 147 * multiple times, they can be combined on architectures which suffer from it. 148 * 149 * For locked case each encountered vnode has to be referenced and locked in 150 * order to be handed out to the caller (normally that's namei). This 151 * introduces significant hit single-threaded and serialization multi-threaded. 152 * 153 * Reverse lookup (e.g., "getcwd") fully scales provided it is fully cached -- 154 * avoids any writes to shared areas to any components. 155 * 156 * Unrelated insertions are partially serialized on updating the global entry 157 * counter and possibly serialized on colliding bucket or vnode locks. 158 * 159 * IV. Observability 160 * 161 * Note not everything has an explicit dtrace probe nor it should have, thus 162 * some of the one-liners below depend on implementation details. 163 * 164 * Examples: 165 * 166 * # Check what lookups failed to be handled in a lockless manner. Column 1 is 167 * # line number, column 2 is status code (see cache_fpl_status) 168 * dtrace -n 'vfs:fplookup:lookup:done { @[arg1, arg2] = count(); }' 169 * 170 * # Lengths of names added by binary name 171 * dtrace -n 'fbt::cache_enter_time:entry { @[execname] = quantize(args[2]->cn_namelen); }' 172 * 173 * # Same as above but only those which exceed 64 characters 174 * dtrace -n 'fbt::cache_enter_time:entry /args[2]->cn_namelen > 64/ { @[execname] = quantize(args[2]->cn_namelen); }' 175 * 176 * # Who is performing lookups with spurious slashes (e.g., "foo//bar") and what 177 * # path is it 178 * dtrace -n 'fbt::cache_fplookup_skip_slashes:entry { @[execname, stringof(args[0]->cnp->cn_pnbuf)] = count(); }' 179 * 180 * V. Limitations and implementation defects 181 * 182 * - since it is possible there is no entry for an open file, tools like 183 * "procstat" may fail to resolve fd -> vnode -> path to anything 184 * - even if a filesystem adds an entry, it may get purged (e.g., due to memory 185 * shortage) in which case the above problem applies 186 * - hardlinks are not tracked, thus if a vnode is reachable in more than one 187 * way, resolving a name may return a different path than the one used to 188 * open it (even if said path is still valid) 189 * - by default entries are not added for newly created files 190 * - adding an entry may need to evict negative entry first, which happens in 2 191 * distinct places (evicting on lookup, adding in a later VOP) making it 192 * impossible to simply reuse it 193 * - there is a simple scheme to evict negative entries as the cache is approaching 194 * its capacity, but it is very unclear if doing so is a good idea to begin with 195 * - vnodes are subject to being recycled even if target inode is left in memory, 196 * which loses the name cache entries when it perhaps should not. in case of tmpfs 197 * names get duplicated -- kept by filesystem itself and namecache separately 198 * - struct namecache has a fixed size and comes in 2 variants, often wasting 199 * space. now hard to replace with malloc due to dependence on SMR, which 200 * requires UMA zones to opt in 201 * - lack of better integration with the kernel also turns nullfs into a layered 202 * filesystem instead of something which can take advantage of caching 203 * 204 * Appendix A: where is the time lost, expanding on paragraph III 205 * 206 * While some care went into optimizing lookups, there is still plenty of 207 * performance left on the table, most notably from single-threaded standpoint. 208 * Below is a woefully incomplete list of changes which can help. Ideas are 209 * mostly sketched out, no claim is made all kinks or prerequisites are laid 210 * out. 211 * 212 * Note there is performance lost all over VFS. 213 * 214 * === SMR-only lookup 215 * 216 * For commonly used ops like stat(2), when the terminal vnode *is* cached, 217 * lockless lookup could refrain from refing/locking the found vnode and 218 * instead return while within the SMR section. Then a call to, say, 219 * vop_stat_smr could do the work (or fail with EAGAIN), finally the result 220 * would be validated with seqc not changing. This would be faster 221 * single-threaded as it dodges atomics and would provide full scalability for 222 * multicore uses. This would *not* work for open(2) or other calls which need 223 * the vnode to hang around for the long haul, but would work for aforementioned 224 * stat(2) but also access(2), readlink(2), realpathat(2) and probably more. 225 * 226 * === hotpatching for sdt probes 227 * 228 * They result in *tons* of branches all over with rather regrettable codegen 229 * at times. Removing sdt probes altogether gives over 2% boost in lookup rate. 230 * Reworking the code to patch itself at runtime with asm goto would solve it. 231 * asm goto is fully supported by gcc and clang. 232 * 233 * === copyinstr 234 * 235 * On all architectures it operates one byte at a time, while it could be 236 * word-sized instead thanks to the Mycroft trick. 237 * 238 * API itself is rather pessimal for path lookup, accepting arbitrary sizes and 239 * *optionally* filling in the length parameter. 240 * 241 * Instead a new routine (copyinpath?) could be introduced, demanding a buffer 242 * size which is a multiply of the word (and never zero), with the length 243 * always returned. On top of it the routine could be allowed to transform the 244 * buffer in arbitrary ways, most notably writing past the found length (not to 245 * be confused with writing past buffer size) -- this would allow word-sized 246 * movs while checking for '\0' later. 247 * 248 * === detour through namei 249 * 250 * Currently one suffers being called from namei, which then has to check if 251 * things worked out locklessly. Instead the lockless lookup could be the 252 * actual entry point which calls what is currently namei as a fallback. 253 * 254 * === avoidable branches in cache_can_fplookup 255 * 256 * The cache_fast_lookup_enabled flag check could be hotpatchable (in fact if 257 * this is off, none of fplookup code should execute). 258 * 259 * Both audit and capsicum branches can be combined into one, but it requires 260 * paying off a lot of tech debt first. 261 * 262 * ni_startdir could be indicated with a flag in cn_flags, eliminating the 263 * branch. 264 * 265 * === mount stacks 266 * 267 * Crossing a mount requires checking if perhaps something is mounted on top. 268 * Instead, an additional entry could be added to struct mount with a pointer 269 * to the final mount on the stack. This would be recalculated on each 270 * mount/unmount. 271 * 272 * === root vnodes 273 * 274 * It could become part of the API contract to *always* have a rootvnode set in 275 * mnt_rootvnode. Such vnodes are annotated with VV_ROOT and vnlru would have 276 * to be modified to always skip them. 277 * 278 * === inactive on v_usecount reaching 0 279 * 280 * VOP_NEED_INACTIVE should not exist. Filesystems would indicate need for such 281 * processing with a bit in usecount. 282 * 283 * === v_holdcnt 284 * 285 * Hold count should probably get eliminated, but one can argue it is a useful 286 * feature. Even if so, handling of v_usecount could be decoupled from it -- 287 * vnlru et al would consider the vnode not-freeable if has either hold or 288 * usecount on it. 289 * 290 * This would eliminate 2 atomics. 291 */ 292 293 static SYSCTL_NODE(_vfs, OID_AUTO, cache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 294 "Name cache"); 295 296 SDT_PROVIDER_DECLARE(vfs); 297 SDT_PROBE_DEFINE3(vfs, namecache, enter, done, "struct vnode *", "char *", 298 "struct vnode *"); 299 SDT_PROBE_DEFINE3(vfs, namecache, enter, duplicate, "struct vnode *", "char *", 300 "struct vnode *"); 301 SDT_PROBE_DEFINE2(vfs, namecache, enter_negative, done, "struct vnode *", 302 "char *"); 303 SDT_PROBE_DEFINE2(vfs, namecache, fullpath_smr, hit, "struct vnode *", 304 "const char *"); 305 SDT_PROBE_DEFINE4(vfs, namecache, fullpath_smr, miss, "struct vnode *", 306 "struct namecache *", "int", "int"); 307 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, entry, "struct vnode *"); 308 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, hit, "struct vnode *", 309 "char *", "struct vnode *"); 310 SDT_PROBE_DEFINE1(vfs, namecache, fullpath, miss, "struct vnode *"); 311 SDT_PROBE_DEFINE3(vfs, namecache, fullpath, return, "int", 312 "struct vnode *", "char *"); 313 SDT_PROBE_DEFINE3(vfs, namecache, lookup, hit, "struct vnode *", "char *", 314 "struct vnode *"); 315 SDT_PROBE_DEFINE2(vfs, namecache, lookup, hit__negative, 316 "struct vnode *", "char *"); 317 SDT_PROBE_DEFINE2(vfs, namecache, lookup, miss, "struct vnode *", 318 "char *"); 319 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, hit, "struct vnode *", 320 "struct componentname *"); 321 SDT_PROBE_DEFINE2(vfs, namecache, removecnp, miss, "struct vnode *", 322 "struct componentname *"); 323 SDT_PROBE_DEFINE3(vfs, namecache, purge, done, "struct vnode *", "size_t", "size_t"); 324 SDT_PROBE_DEFINE1(vfs, namecache, purge, batch, "int"); 325 SDT_PROBE_DEFINE1(vfs, namecache, purge_negative, done, "struct vnode *"); 326 SDT_PROBE_DEFINE1(vfs, namecache, purgevfs, done, "struct mount *"); 327 SDT_PROBE_DEFINE3(vfs, namecache, zap, done, "struct vnode *", "char *", 328 "struct vnode *"); 329 SDT_PROBE_DEFINE2(vfs, namecache, zap_negative, done, "struct vnode *", 330 "char *"); 331 SDT_PROBE_DEFINE2(vfs, namecache, evict_negative, done, "struct vnode *", 332 "char *"); 333 SDT_PROBE_DEFINE1(vfs, namecache, symlink, alloc__fail, "size_t"); 334 335 SDT_PROBE_DEFINE3(vfs, fplookup, lookup, done, "struct nameidata *", "int", 336 "enum cache_fpl_status"); 337 SDT_PROBE_DECLARE(vfs, namei, lookup, entry); 338 SDT_PROBE_DECLARE(vfs, namei, lookup, return); 339 340 static char __read_frequently cache_fast_lookup_enabled = true; 341 342 /* 343 * This structure describes the elements in the cache of recent 344 * names looked up by namei. 345 */ 346 struct negstate { 347 u_char neg_flag; 348 u_char neg_hit; 349 }; 350 _Static_assert(sizeof(struct negstate) <= sizeof(struct vnode *), 351 "the state must fit in a union with a pointer without growing it"); 352 353 struct namecache { 354 LIST_ENTRY(namecache) nc_src; /* source vnode list */ 355 TAILQ_ENTRY(namecache) nc_dst; /* destination vnode list */ 356 CK_SLIST_ENTRY(namecache) nc_hash;/* hash chain */ 357 struct vnode *nc_dvp; /* vnode of parent of name */ 358 union { 359 struct vnode *nu_vp; /* vnode the name refers to */ 360 struct negstate nu_neg;/* negative entry state */ 361 } n_un; 362 u_char nc_flag; /* flag bits */ 363 u_char nc_nlen; /* length of name */ 364 char nc_name[]; /* segment name + nul */ 365 }; 366 367 /* 368 * struct namecache_ts repeats struct namecache layout up to the 369 * nc_nlen member. 370 * struct namecache_ts is used in place of struct namecache when time(s) need 371 * to be stored. The nc_dotdottime field is used when a cache entry is mapping 372 * both a non-dotdot directory name plus dotdot for the directory's 373 * parent. 374 * 375 * See below for alignment requirement. 376 */ 377 struct namecache_ts { 378 struct timespec nc_time; /* timespec provided by fs */ 379 struct timespec nc_dotdottime; /* dotdot timespec provided by fs */ 380 int nc_ticks; /* ticks value when entry was added */ 381 int nc_pad; 382 struct namecache nc_nc; 383 }; 384 385 TAILQ_HEAD(cache_freebatch, namecache); 386 387 /* 388 * At least mips n32 performs 64-bit accesses to timespec as found 389 * in namecache_ts and requires them to be aligned. Since others 390 * may be in the same spot suffer a little bit and enforce the 391 * alignment for everyone. Note this is a nop for 64-bit platforms. 392 */ 393 #define CACHE_ZONE_ALIGNMENT UMA_ALIGNOF(time_t) 394 395 /* 396 * TODO: the initial value of CACHE_PATH_CUTOFF was inherited from the 397 * 4.4 BSD codebase. Later on struct namecache was tweaked to become 398 * smaller and the value was bumped to retain the total size, but it 399 * was never re-evaluated for suitability. A simple test counting 400 * lengths during package building shows that the value of 45 covers 401 * about 86% of all added entries, reaching 99% at 65. 402 * 403 * Regardless of the above, use of dedicated zones instead of malloc may be 404 * inducing additional waste. This may be hard to address as said zones are 405 * tied to VFS SMR. Even if retaining them, the current split should be 406 * re-evaluated. 407 */ 408 #ifdef __LP64__ 409 #define CACHE_PATH_CUTOFF 45 410 #define CACHE_LARGE_PAD 6 411 #else 412 #define CACHE_PATH_CUTOFF 41 413 #define CACHE_LARGE_PAD 2 414 #endif 415 416 #define CACHE_ZONE_SMALL_SIZE (offsetof(struct namecache, nc_name) + CACHE_PATH_CUTOFF + 1) 417 #define CACHE_ZONE_SMALL_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_SMALL_SIZE) 418 #define CACHE_ZONE_LARGE_SIZE (offsetof(struct namecache, nc_name) + NAME_MAX + 1 + CACHE_LARGE_PAD) 419 #define CACHE_ZONE_LARGE_TS_SIZE (offsetof(struct namecache_ts, nc_nc) + CACHE_ZONE_LARGE_SIZE) 420 421 _Static_assert((CACHE_ZONE_SMALL_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 422 _Static_assert((CACHE_ZONE_SMALL_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 423 _Static_assert((CACHE_ZONE_LARGE_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 424 _Static_assert((CACHE_ZONE_LARGE_TS_SIZE % (CACHE_ZONE_ALIGNMENT + 1)) == 0, "bad zone size"); 425 426 #define nc_vp n_un.nu_vp 427 #define nc_neg n_un.nu_neg 428 429 /* 430 * Flags in namecache.nc_flag 431 */ 432 #define NCF_WHITE 0x01 433 #define NCF_ISDOTDOT 0x02 434 #define NCF_TS 0x04 435 #define NCF_DTS 0x08 436 #define NCF_DVDROP 0x10 437 #define NCF_NEGATIVE 0x20 438 #define NCF_INVALID 0x40 439 #define NCF_WIP 0x80 440 441 /* 442 * Flags in negstate.neg_flag 443 */ 444 #define NEG_HOT 0x01 445 446 static bool cache_neg_evict_cond(u_long lnumcache); 447 448 /* 449 * Mark an entry as invalid. 450 * 451 * This is called before it starts getting deconstructed. 452 */ 453 static void 454 cache_ncp_invalidate(struct namecache *ncp) 455 { 456 457 KASSERT((ncp->nc_flag & NCF_INVALID) == 0, 458 ("%s: entry %p already invalid", __func__, ncp)); 459 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_INVALID); 460 atomic_thread_fence_rel(); 461 } 462 463 /* 464 * Does this entry match the given directory and name? 465 */ 466 static bool 467 cache_ncp_match(struct namecache *ncp, struct vnode *dvp, 468 struct componentname *cnp) 469 { 470 return (ncp->nc_dvp == dvp && 471 ncp->nc_nlen == cnp->cn_namelen && 472 bcmp(ncp->nc_name, cnp->cn_nameptr, cnp->cn_namelen) == 0); 473 } 474 475 /* 476 * Check whether the entry can be safely used. 477 * 478 * All places which elide locks are supposed to call this after they are 479 * done with reading from an entry. 480 */ 481 #define cache_ncp_canuse(ncp) ({ \ 482 struct namecache *_ncp = (ncp); \ 483 u_char _nc_flag; \ 484 \ 485 atomic_thread_fence_acq(); \ 486 _nc_flag = atomic_load_char(&_ncp->nc_flag); \ 487 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP)) == 0); \ 488 }) 489 490 /* 491 * Like the above but also checks NCF_WHITE. 492 */ 493 #define cache_fpl_neg_ncp_canuse(ncp) ({ \ 494 struct namecache *_ncp = (ncp); \ 495 u_char _nc_flag; \ 496 \ 497 atomic_thread_fence_acq(); \ 498 _nc_flag = atomic_load_char(&_ncp->nc_flag); \ 499 __predict_true((_nc_flag & (NCF_INVALID | NCF_WIP | NCF_WHITE)) == 0); \ 500 }) 501 502 VFS_SMR_DECLARE; 503 504 static SYSCTL_NODE(_vfs_cache, OID_AUTO, param, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 505 "Name cache parameters"); 506 507 static u_int __read_mostly ncsize; /* the size as computed on creation or resizing */ 508 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, size, CTLFLAG_RD, &ncsize, 0, 509 "Total namecache capacity"); 510 511 u_int ncsizefactor = 2; 512 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, sizefactor, CTLFLAG_RW, &ncsizefactor, 0, 513 "Size factor for namecache"); 514 515 static u_long __read_mostly ncnegfactor = 5; /* ratio of negative entries */ 516 SYSCTL_ULONG(_vfs_cache_param, OID_AUTO, negfactor, CTLFLAG_RW, &ncnegfactor, 0, 517 "Ratio of negative namecache entries"); 518 519 /* 520 * Negative entry % of namecache capacity above which automatic eviction is allowed. 521 * 522 * Check cache_neg_evict_cond for details. 523 */ 524 static u_int ncnegminpct = 3; 525 526 static u_int __read_mostly neg_min; /* the above recomputed against ncsize */ 527 SYSCTL_UINT(_vfs_cache_param, OID_AUTO, negmin, CTLFLAG_RD, &neg_min, 0, 528 "Negative entry count above which automatic eviction is allowed"); 529 530 /* 531 * Structures associated with name caching. 532 */ 533 #define NCHHASH(hash) \ 534 (&nchashtbl[(hash) & nchash]) 535 static __read_mostly CK_SLIST_HEAD(nchashhead, namecache) *nchashtbl;/* Hash Table */ 536 static u_long __read_mostly nchash; /* size of hash table */ 537 SYSCTL_ULONG(_debug, OID_AUTO, nchash, CTLFLAG_RD, &nchash, 0, 538 "Size of namecache hash table"); 539 static u_long __exclusive_cache_line numneg; /* number of negative entries allocated */ 540 static u_long __exclusive_cache_line numcache;/* number of cache entries allocated */ 541 542 struct nchstats nchstats; /* cache effectiveness statistics */ 543 544 static u_int __exclusive_cache_line neg_cycle; 545 546 #define ncneghash 3 547 #define numneglists (ncneghash + 1) 548 549 struct neglist { 550 struct mtx nl_evict_lock; 551 struct mtx nl_lock __aligned(CACHE_LINE_SIZE); 552 TAILQ_HEAD(, namecache) nl_list; 553 TAILQ_HEAD(, namecache) nl_hotlist; 554 u_long nl_hotnum; 555 } __aligned(CACHE_LINE_SIZE); 556 557 static struct neglist neglists[numneglists]; 558 559 static inline struct neglist * 560 NCP2NEGLIST(struct namecache *ncp) 561 { 562 563 return (&neglists[(((uintptr_t)(ncp) >> 8) & ncneghash)]); 564 } 565 566 static inline struct negstate * 567 NCP2NEGSTATE(struct namecache *ncp) 568 { 569 570 MPASS(atomic_load_char(&ncp->nc_flag) & NCF_NEGATIVE); 571 return (&ncp->nc_neg); 572 } 573 574 #define numbucketlocks (ncbuckethash + 1) 575 static u_int __read_mostly ncbuckethash; 576 static struct mtx_padalign __read_mostly *bucketlocks; 577 #define HASH2BUCKETLOCK(hash) \ 578 ((struct mtx *)(&bucketlocks[((hash) & ncbuckethash)])) 579 580 #define numvnodelocks (ncvnodehash + 1) 581 static u_int __read_mostly ncvnodehash; 582 static struct mtx __read_mostly *vnodelocks; 583 static inline struct mtx * 584 VP2VNODELOCK(struct vnode *vp) 585 { 586 587 return (&vnodelocks[(((uintptr_t)(vp) >> 8) & ncvnodehash)]); 588 } 589 590 /* 591 * Search the hash table for a namecache entry. Either the corresponding bucket 592 * must be locked, or the caller must be in an SMR read section. 593 */ 594 static struct namecache * 595 cache_ncp_find(struct vnode *dvp, struct componentname *cnp, uint32_t hash) 596 { 597 struct namecache *ncp; 598 599 KASSERT(mtx_owned(HASH2BUCKETLOCK(hash)) || VFS_SMR_ENTERED(), 600 ("%s: hash %u not locked", __func__, hash)); 601 CK_SLIST_FOREACH(ncp, NCHHASH(hash), nc_hash) { 602 if (cache_ncp_match(ncp, dvp, cnp)) 603 break; 604 } 605 return (ncp); 606 } 607 608 static void 609 cache_out_ts(struct namecache *ncp, struct timespec *tsp, int *ticksp) 610 { 611 struct namecache_ts *ncp_ts; 612 613 KASSERT((ncp->nc_flag & NCF_TS) != 0 || 614 (tsp == NULL && ticksp == NULL), 615 ("No NCF_TS")); 616 617 if (tsp == NULL) 618 return; 619 620 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 621 *tsp = ncp_ts->nc_time; 622 *ticksp = ncp_ts->nc_ticks; 623 } 624 625 #ifdef DEBUG_CACHE 626 static int __read_mostly doingcache = 1; /* 1 => enable the cache */ 627 SYSCTL_INT(_debug, OID_AUTO, vfscache, CTLFLAG_RW, &doingcache, 0, 628 "VFS namecache enabled"); 629 #endif 630 631 /* Export size information to userland */ 632 SYSCTL_SIZEOF_STRUCT(namecache); 633 634 /* 635 * The new name cache statistics 636 */ 637 static SYSCTL_NODE(_vfs_cache, OID_AUTO, stats, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 638 "Name cache statistics"); 639 640 #define STATNODE_ULONG(name, varname, descr) \ 641 SYSCTL_ULONG(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr); 642 #define STATNODE_COUNTER(name, varname, descr) \ 643 static COUNTER_U64_DEFINE_EARLY(varname); \ 644 SYSCTL_COUNTER_U64(_vfs_cache_stats, OID_AUTO, name, CTLFLAG_RD, &varname, \ 645 descr); 646 STATNODE_ULONG(neg, numneg, "Number of negative cache entries"); 647 STATNODE_ULONG(count, numcache, "Number of cache entries"); 648 STATNODE_COUNTER(heldvnodes, numcachehv, "Number of namecache entries with vnodes held"); 649 STATNODE_COUNTER(drops, numdrops, "Number of dropped entries due to reaching the limit"); 650 STATNODE_COUNTER(miss, nummiss, "Number of cache misses"); 651 STATNODE_COUNTER(misszap, nummisszap, "Number of cache misses we do not want to cache"); 652 STATNODE_COUNTER(poszaps, numposzaps, 653 "Number of cache hits (positive) we do not want to cache"); 654 STATNODE_COUNTER(poshits, numposhits, "Number of cache hits (positive)"); 655 STATNODE_COUNTER(negzaps, numnegzaps, 656 "Number of cache hits (negative) we do not want to cache"); 657 STATNODE_COUNTER(neghits, numneghits, "Number of cache hits (negative)"); 658 /* These count for vn_getcwd(), too. */ 659 STATNODE_COUNTER(fullpathcalls, numfullpathcalls, "Number of fullpath search calls"); 660 STATNODE_COUNTER(fullpathfail2, numfullpathfail2, 661 "Number of fullpath search errors (VOP_VPTOCNP failures)"); 662 STATNODE_COUNTER(fullpathfail4, numfullpathfail4, "Number of fullpath search errors (ENOMEM)"); 663 STATNODE_COUNTER(fullpathfound, numfullpathfound, "Number of successful fullpath calls"); 664 STATNODE_COUNTER(symlinktoobig, symlinktoobig, "Number of times symlink did not fit the cache"); 665 666 /* 667 * Debug or developer statistics. 668 */ 669 static SYSCTL_NODE(_vfs_cache, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 670 "Name cache debugging"); 671 #define DEBUGNODE_ULONG(name, varname, descr) \ 672 SYSCTL_ULONG(_vfs_cache_debug, OID_AUTO, name, CTLFLAG_RD, &varname, 0, descr); 673 static u_long zap_bucket_relock_success; 674 DEBUGNODE_ULONG(zap_bucket_relock_success, zap_bucket_relock_success, 675 "Number of successful removals after relocking"); 676 static u_long zap_bucket_fail; 677 DEBUGNODE_ULONG(zap_bucket_fail, zap_bucket_fail, ""); 678 static u_long zap_bucket_fail2; 679 DEBUGNODE_ULONG(zap_bucket_fail2, zap_bucket_fail2, ""); 680 static u_long cache_lock_vnodes_cel_3_failures; 681 DEBUGNODE_ULONG(vnodes_cel_3_failures, cache_lock_vnodes_cel_3_failures, 682 "Number of times 3-way vnode locking failed"); 683 684 static void cache_zap_locked(struct namecache *ncp); 685 static int vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf, 686 char **retbuf, size_t *buflen, size_t addend); 687 static int vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, 688 char **retbuf, size_t *buflen); 689 static int vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, 690 char **retbuf, size_t *len, size_t addend); 691 692 static MALLOC_DEFINE(M_VFSCACHE, "vfscache", "VFS name cache entries"); 693 694 static inline void 695 cache_assert_vlp_locked(struct mtx *vlp) 696 { 697 698 if (vlp != NULL) 699 mtx_assert(vlp, MA_OWNED); 700 } 701 702 static inline void 703 cache_assert_vnode_locked(struct vnode *vp) 704 { 705 struct mtx *vlp; 706 707 vlp = VP2VNODELOCK(vp); 708 cache_assert_vlp_locked(vlp); 709 } 710 711 /* 712 * Directory vnodes with entries are held for two reasons: 713 * 1. make them less of a target for reclamation in vnlru 714 * 2. suffer smaller performance penalty in locked lookup as requeieing is avoided 715 * 716 * It will be feasible to stop doing it altogether if all filesystems start 717 * supporting lockless lookup. 718 */ 719 static void 720 cache_hold_vnode(struct vnode *vp) 721 { 722 723 cache_assert_vnode_locked(vp); 724 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp); 725 vhold(vp); 726 counter_u64_add(numcachehv, 1); 727 } 728 729 static void 730 cache_drop_vnode(struct vnode *vp) 731 { 732 733 /* 734 * Called after all locks are dropped, meaning we can't assert 735 * on the state of v_cache_src. 736 */ 737 vdrop(vp); 738 counter_u64_add(numcachehv, -1); 739 } 740 741 /* 742 * UMA zones. 743 */ 744 static uma_zone_t __read_mostly cache_zone_small; 745 static uma_zone_t __read_mostly cache_zone_small_ts; 746 static uma_zone_t __read_mostly cache_zone_large; 747 static uma_zone_t __read_mostly cache_zone_large_ts; 748 749 char * 750 cache_symlink_alloc(size_t size, int flags) 751 { 752 753 if (size < CACHE_ZONE_SMALL_SIZE) { 754 return (uma_zalloc_smr(cache_zone_small, flags)); 755 } 756 if (size < CACHE_ZONE_LARGE_SIZE) { 757 return (uma_zalloc_smr(cache_zone_large, flags)); 758 } 759 counter_u64_add(symlinktoobig, 1); 760 SDT_PROBE1(vfs, namecache, symlink, alloc__fail, size); 761 return (NULL); 762 } 763 764 void 765 cache_symlink_free(char *string, size_t size) 766 { 767 768 MPASS(string != NULL); 769 KASSERT(size < CACHE_ZONE_LARGE_SIZE, 770 ("%s: size %zu too big", __func__, size)); 771 772 if (size < CACHE_ZONE_SMALL_SIZE) { 773 uma_zfree_smr(cache_zone_small, string); 774 return; 775 } 776 if (size < CACHE_ZONE_LARGE_SIZE) { 777 uma_zfree_smr(cache_zone_large, string); 778 return; 779 } 780 __assert_unreachable(); 781 } 782 783 static struct namecache * 784 cache_alloc_uma(int len, bool ts) 785 { 786 struct namecache_ts *ncp_ts; 787 struct namecache *ncp; 788 789 if (__predict_false(ts)) { 790 if (len <= CACHE_PATH_CUTOFF) 791 ncp_ts = uma_zalloc_smr(cache_zone_small_ts, M_WAITOK); 792 else 793 ncp_ts = uma_zalloc_smr(cache_zone_large_ts, M_WAITOK); 794 ncp = &ncp_ts->nc_nc; 795 } else { 796 if (len <= CACHE_PATH_CUTOFF) 797 ncp = uma_zalloc_smr(cache_zone_small, M_WAITOK); 798 else 799 ncp = uma_zalloc_smr(cache_zone_large, M_WAITOK); 800 } 801 return (ncp); 802 } 803 804 static void 805 cache_free_uma(struct namecache *ncp) 806 { 807 struct namecache_ts *ncp_ts; 808 809 if (__predict_false(ncp->nc_flag & NCF_TS)) { 810 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 811 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF) 812 uma_zfree_smr(cache_zone_small_ts, ncp_ts); 813 else 814 uma_zfree_smr(cache_zone_large_ts, ncp_ts); 815 } else { 816 if (ncp->nc_nlen <= CACHE_PATH_CUTOFF) 817 uma_zfree_smr(cache_zone_small, ncp); 818 else 819 uma_zfree_smr(cache_zone_large, ncp); 820 } 821 } 822 823 static struct namecache * 824 cache_alloc(int len, bool ts) 825 { 826 u_long lnumcache; 827 828 /* 829 * Avoid blowout in namecache entries. 830 * 831 * Bugs: 832 * 1. filesystems may end up trying to add an already existing entry 833 * (for example this can happen after a cache miss during concurrent 834 * lookup), in which case we will call cache_neg_evict despite not 835 * adding anything. 836 * 2. the routine may fail to free anything and no provisions are made 837 * to make it try harder (see the inside for failure modes) 838 * 3. it only ever looks at negative entries. 839 */ 840 lnumcache = atomic_fetchadd_long(&numcache, 1) + 1; 841 if (cache_neg_evict_cond(lnumcache)) { 842 lnumcache = atomic_load_long(&numcache); 843 } 844 if (__predict_false(lnumcache >= ncsize)) { 845 atomic_subtract_long(&numcache, 1); 846 counter_u64_add(numdrops, 1); 847 return (NULL); 848 } 849 return (cache_alloc_uma(len, ts)); 850 } 851 852 static void 853 cache_free(struct namecache *ncp) 854 { 855 856 MPASS(ncp != NULL); 857 if ((ncp->nc_flag & NCF_DVDROP) != 0) { 858 cache_drop_vnode(ncp->nc_dvp); 859 } 860 cache_free_uma(ncp); 861 atomic_subtract_long(&numcache, 1); 862 } 863 864 static void 865 cache_free_batch(struct cache_freebatch *batch) 866 { 867 struct namecache *ncp, *nnp; 868 int i; 869 870 i = 0; 871 if (TAILQ_EMPTY(batch)) 872 goto out; 873 TAILQ_FOREACH_SAFE(ncp, batch, nc_dst, nnp) { 874 if ((ncp->nc_flag & NCF_DVDROP) != 0) { 875 cache_drop_vnode(ncp->nc_dvp); 876 } 877 cache_free_uma(ncp); 878 i++; 879 } 880 atomic_subtract_long(&numcache, i); 881 out: 882 SDT_PROBE1(vfs, namecache, purge, batch, i); 883 } 884 885 /* 886 * Hashing. 887 * 888 * The code was made to use FNV in 2001 and this choice needs to be revisited. 889 * 890 * Short summary of the difficulty: 891 * The longest name which can be inserted is NAME_MAX characters in length (or 892 * 255 at the time of writing this comment), while majority of names used in 893 * practice are significantly shorter (mostly below 10). More importantly 894 * majority of lookups performed find names are even shorter than that. 895 * 896 * This poses a problem where hashes which do better than FNV past word size 897 * (or so) tend to come with additional overhead when finalizing the result, 898 * making them noticeably slower for the most commonly used range. 899 * 900 * Consider a path like: /usr/obj/usr/src/sys/amd64/GENERIC/vnode_if.c 901 * 902 * When looking it up the most time consuming part by a large margin (at least 903 * on amd64) is hashing. Replacing FNV with something which pessimizes short 904 * input would make the slowest part stand out even more. 905 */ 906 907 /* 908 * TODO: With the value stored we can do better than computing the hash based 909 * on the address. 910 */ 911 static void 912 cache_prehash(struct vnode *vp) 913 { 914 915 vp->v_nchash = fnv_32_buf(&vp, sizeof(vp), FNV1_32_INIT); 916 } 917 918 static uint32_t 919 cache_get_hash(char *name, u_char len, struct vnode *dvp) 920 { 921 922 return (fnv_32_buf(name, len, dvp->v_nchash)); 923 } 924 925 static uint32_t 926 cache_get_hash_iter_start(struct vnode *dvp) 927 { 928 929 return (dvp->v_nchash); 930 } 931 932 static uint32_t 933 cache_get_hash_iter(char c, uint32_t hash) 934 { 935 936 return (fnv_32_buf(&c, 1, hash)); 937 } 938 939 static uint32_t 940 cache_get_hash_iter_finish(uint32_t hash) 941 { 942 943 return (hash); 944 } 945 946 static inline struct nchashhead * 947 NCP2BUCKET(struct namecache *ncp) 948 { 949 uint32_t hash; 950 951 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp); 952 return (NCHHASH(hash)); 953 } 954 955 static inline struct mtx * 956 NCP2BUCKETLOCK(struct namecache *ncp) 957 { 958 uint32_t hash; 959 960 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, ncp->nc_dvp); 961 return (HASH2BUCKETLOCK(hash)); 962 } 963 964 #ifdef INVARIANTS 965 static void 966 cache_assert_bucket_locked(struct namecache *ncp) 967 { 968 struct mtx *blp; 969 970 blp = NCP2BUCKETLOCK(ncp); 971 mtx_assert(blp, MA_OWNED); 972 } 973 974 static void 975 cache_assert_bucket_unlocked(struct namecache *ncp) 976 { 977 struct mtx *blp; 978 979 blp = NCP2BUCKETLOCK(ncp); 980 mtx_assert(blp, MA_NOTOWNED); 981 } 982 #else 983 #define cache_assert_bucket_locked(x) do { } while (0) 984 #define cache_assert_bucket_unlocked(x) do { } while (0) 985 #endif 986 987 #define cache_sort_vnodes(x, y) _cache_sort_vnodes((void **)(x), (void **)(y)) 988 static void 989 _cache_sort_vnodes(void **p1, void **p2) 990 { 991 void *tmp; 992 993 MPASS(*p1 != NULL || *p2 != NULL); 994 995 if (*p1 > *p2) { 996 tmp = *p2; 997 *p2 = *p1; 998 *p1 = tmp; 999 } 1000 } 1001 1002 static void 1003 cache_lock_all_buckets(void) 1004 { 1005 u_int i; 1006 1007 for (i = 0; i < numbucketlocks; i++) 1008 mtx_lock(&bucketlocks[i]); 1009 } 1010 1011 static void 1012 cache_unlock_all_buckets(void) 1013 { 1014 u_int i; 1015 1016 for (i = 0; i < numbucketlocks; i++) 1017 mtx_unlock(&bucketlocks[i]); 1018 } 1019 1020 static void 1021 cache_lock_all_vnodes(void) 1022 { 1023 u_int i; 1024 1025 for (i = 0; i < numvnodelocks; i++) 1026 mtx_lock(&vnodelocks[i]); 1027 } 1028 1029 static void 1030 cache_unlock_all_vnodes(void) 1031 { 1032 u_int i; 1033 1034 for (i = 0; i < numvnodelocks; i++) 1035 mtx_unlock(&vnodelocks[i]); 1036 } 1037 1038 static int 1039 cache_trylock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1040 { 1041 1042 cache_sort_vnodes(&vlp1, &vlp2); 1043 1044 if (vlp1 != NULL) { 1045 if (!mtx_trylock(vlp1)) 1046 return (EAGAIN); 1047 } 1048 if (!mtx_trylock(vlp2)) { 1049 if (vlp1 != NULL) 1050 mtx_unlock(vlp1); 1051 return (EAGAIN); 1052 } 1053 1054 return (0); 1055 } 1056 1057 static void 1058 cache_lock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1059 { 1060 1061 MPASS(vlp1 != NULL || vlp2 != NULL); 1062 MPASS(vlp1 <= vlp2); 1063 1064 if (vlp1 != NULL) 1065 mtx_lock(vlp1); 1066 if (vlp2 != NULL) 1067 mtx_lock(vlp2); 1068 } 1069 1070 static void 1071 cache_unlock_vnodes(struct mtx *vlp1, struct mtx *vlp2) 1072 { 1073 1074 MPASS(vlp1 != NULL || vlp2 != NULL); 1075 1076 if (vlp1 != NULL) 1077 mtx_unlock(vlp1); 1078 if (vlp2 != NULL) 1079 mtx_unlock(vlp2); 1080 } 1081 1082 static int 1083 sysctl_nchstats(SYSCTL_HANDLER_ARGS) 1084 { 1085 struct nchstats snap; 1086 1087 if (req->oldptr == NULL) 1088 return (SYSCTL_OUT(req, 0, sizeof(snap))); 1089 1090 snap = nchstats; 1091 snap.ncs_goodhits = counter_u64_fetch(numposhits); 1092 snap.ncs_neghits = counter_u64_fetch(numneghits); 1093 snap.ncs_badhits = counter_u64_fetch(numposzaps) + 1094 counter_u64_fetch(numnegzaps); 1095 snap.ncs_miss = counter_u64_fetch(nummisszap) + 1096 counter_u64_fetch(nummiss); 1097 1098 return (SYSCTL_OUT(req, &snap, sizeof(snap))); 1099 } 1100 SYSCTL_PROC(_vfs_cache, OID_AUTO, nchstats, CTLTYPE_OPAQUE | CTLFLAG_RD | 1101 CTLFLAG_MPSAFE, 0, 0, sysctl_nchstats, "LU", 1102 "VFS cache effectiveness statistics"); 1103 1104 static int 1105 sysctl_hitpct(SYSCTL_HANDLER_ARGS) 1106 { 1107 long poshits, neghits, miss, total; 1108 long pct; 1109 1110 poshits = counter_u64_fetch(numposhits); 1111 neghits = counter_u64_fetch(numneghits); 1112 miss = counter_u64_fetch(nummiss); 1113 total = poshits + neghits + miss; 1114 1115 pct = 0; 1116 if (total != 0) 1117 pct = ((poshits + neghits) * 100) / total; 1118 return (sysctl_handle_int(oidp, 0, pct, req)); 1119 } 1120 SYSCTL_PROC(_vfs_cache_stats, OID_AUTO, hitpct, 1121 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RD, NULL, 0, sysctl_hitpct, 1122 "I", "Percentage of hits"); 1123 1124 static void 1125 cache_recalc_neg_min(void) 1126 { 1127 1128 neg_min = (ncsize * ncnegminpct) / 100; 1129 } 1130 1131 static int 1132 sysctl_negminpct(SYSCTL_HANDLER_ARGS) 1133 { 1134 u_int val; 1135 int error; 1136 1137 val = ncnegminpct; 1138 error = sysctl_handle_int(oidp, &val, 0, req); 1139 if (error != 0 || req->newptr == NULL) 1140 return (error); 1141 1142 if (val == ncnegminpct) 1143 return (0); 1144 if (val < 0 || val > 99) 1145 return (EINVAL); 1146 ncnegminpct = val; 1147 cache_recalc_neg_min(); 1148 return (0); 1149 } 1150 1151 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, negminpct, 1152 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0, sysctl_negminpct, 1153 "I", "Negative entry \% of namecache capacity above which automatic eviction is allowed"); 1154 1155 #ifdef DEBUG_CACHE 1156 /* 1157 * Grab an atomic snapshot of the name cache hash chain lengths 1158 */ 1159 static SYSCTL_NODE(_debug, OID_AUTO, hashstat, 1160 CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 1161 "hash table stats"); 1162 1163 static int 1164 sysctl_debug_hashstat_rawnchash(SYSCTL_HANDLER_ARGS) 1165 { 1166 struct nchashhead *ncpp; 1167 struct namecache *ncp; 1168 int i, error, n_nchash, *cntbuf; 1169 1170 retry: 1171 n_nchash = nchash + 1; /* nchash is max index, not count */ 1172 if (req->oldptr == NULL) 1173 return SYSCTL_OUT(req, 0, n_nchash * sizeof(int)); 1174 cntbuf = malloc(n_nchash * sizeof(int), M_TEMP, M_ZERO | M_WAITOK); 1175 cache_lock_all_buckets(); 1176 if (n_nchash != nchash + 1) { 1177 cache_unlock_all_buckets(); 1178 free(cntbuf, M_TEMP); 1179 goto retry; 1180 } 1181 /* Scan hash tables counting entries */ 1182 for (ncpp = nchashtbl, i = 0; i < n_nchash; ncpp++, i++) 1183 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) 1184 cntbuf[i]++; 1185 cache_unlock_all_buckets(); 1186 for (error = 0, i = 0; i < n_nchash; i++) 1187 if ((error = SYSCTL_OUT(req, &cntbuf[i], sizeof(int))) != 0) 1188 break; 1189 free(cntbuf, M_TEMP); 1190 return (error); 1191 } 1192 SYSCTL_PROC(_debug_hashstat, OID_AUTO, rawnchash, CTLTYPE_INT|CTLFLAG_RD| 1193 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_rawnchash, "S,int", 1194 "nchash chain lengths"); 1195 1196 static int 1197 sysctl_debug_hashstat_nchash(SYSCTL_HANDLER_ARGS) 1198 { 1199 int error; 1200 struct nchashhead *ncpp; 1201 struct namecache *ncp; 1202 int n_nchash; 1203 int count, maxlength, used, pct; 1204 1205 if (!req->oldptr) 1206 return SYSCTL_OUT(req, 0, 4 * sizeof(int)); 1207 1208 cache_lock_all_buckets(); 1209 n_nchash = nchash + 1; /* nchash is max index, not count */ 1210 used = 0; 1211 maxlength = 0; 1212 1213 /* Scan hash tables for applicable entries */ 1214 for (ncpp = nchashtbl; n_nchash > 0; n_nchash--, ncpp++) { 1215 count = 0; 1216 CK_SLIST_FOREACH(ncp, ncpp, nc_hash) { 1217 count++; 1218 } 1219 if (count) 1220 used++; 1221 if (maxlength < count) 1222 maxlength = count; 1223 } 1224 n_nchash = nchash + 1; 1225 cache_unlock_all_buckets(); 1226 pct = (used * 100) / (n_nchash / 100); 1227 error = SYSCTL_OUT(req, &n_nchash, sizeof(n_nchash)); 1228 if (error) 1229 return (error); 1230 error = SYSCTL_OUT(req, &used, sizeof(used)); 1231 if (error) 1232 return (error); 1233 error = SYSCTL_OUT(req, &maxlength, sizeof(maxlength)); 1234 if (error) 1235 return (error); 1236 error = SYSCTL_OUT(req, &pct, sizeof(pct)); 1237 if (error) 1238 return (error); 1239 return (0); 1240 } 1241 SYSCTL_PROC(_debug_hashstat, OID_AUTO, nchash, CTLTYPE_INT|CTLFLAG_RD| 1242 CTLFLAG_MPSAFE, 0, 0, sysctl_debug_hashstat_nchash, "I", 1243 "nchash statistics (number of total/used buckets, maximum chain length, usage percentage)"); 1244 #endif 1245 1246 /* 1247 * Negative entries management 1248 * 1249 * Various workloads create plenty of negative entries and barely use them 1250 * afterwards. Moreover malicious users can keep performing bogus lookups 1251 * adding even more entries. For example "make tinderbox" as of writing this 1252 * comment ends up with 2.6M namecache entries in total, 1.2M of which are 1253 * negative. 1254 * 1255 * As such, a rather aggressive eviction method is needed. The currently 1256 * employed method is a placeholder. 1257 * 1258 * Entries are split over numneglists separate lists, each of which is further 1259 * split into hot and cold entries. Entries get promoted after getting a hit. 1260 * Eviction happens on addition of new entry. 1261 */ 1262 static SYSCTL_NODE(_vfs_cache, OID_AUTO, neg, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 1263 "Name cache negative entry statistics"); 1264 1265 SYSCTL_ULONG(_vfs_cache_neg, OID_AUTO, count, CTLFLAG_RD, &numneg, 0, 1266 "Number of negative cache entries"); 1267 1268 static COUNTER_U64_DEFINE_EARLY(neg_created); 1269 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, created, CTLFLAG_RD, &neg_created, 1270 "Number of created negative entries"); 1271 1272 static COUNTER_U64_DEFINE_EARLY(neg_evicted); 1273 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evicted, CTLFLAG_RD, &neg_evicted, 1274 "Number of evicted negative entries"); 1275 1276 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_empty); 1277 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_empty, CTLFLAG_RD, 1278 &neg_evict_skipped_empty, 1279 "Number of times evicting failed due to lack of entries"); 1280 1281 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_missed); 1282 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_missed, CTLFLAG_RD, 1283 &neg_evict_skipped_missed, 1284 "Number of times evicting failed due to target entry disappearing"); 1285 1286 static COUNTER_U64_DEFINE_EARLY(neg_evict_skipped_contended); 1287 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, evict_skipped_contended, CTLFLAG_RD, 1288 &neg_evict_skipped_contended, 1289 "Number of times evicting failed due to contention"); 1290 1291 SYSCTL_COUNTER_U64(_vfs_cache_neg, OID_AUTO, hits, CTLFLAG_RD, &numneghits, 1292 "Number of cache hits (negative)"); 1293 1294 static int 1295 sysctl_neg_hot(SYSCTL_HANDLER_ARGS) 1296 { 1297 int i, out; 1298 1299 out = 0; 1300 for (i = 0; i < numneglists; i++) 1301 out += neglists[i].nl_hotnum; 1302 1303 return (SYSCTL_OUT(req, &out, sizeof(out))); 1304 } 1305 SYSCTL_PROC(_vfs_cache_neg, OID_AUTO, hot, CTLTYPE_INT | CTLFLAG_RD | 1306 CTLFLAG_MPSAFE, 0, 0, sysctl_neg_hot, "I", 1307 "Number of hot negative entries"); 1308 1309 static void 1310 cache_neg_init(struct namecache *ncp) 1311 { 1312 struct negstate *ns; 1313 1314 ncp->nc_flag |= NCF_NEGATIVE; 1315 ns = NCP2NEGSTATE(ncp); 1316 ns->neg_flag = 0; 1317 ns->neg_hit = 0; 1318 counter_u64_add(neg_created, 1); 1319 } 1320 1321 #define CACHE_NEG_PROMOTION_THRESH 2 1322 1323 static bool 1324 cache_neg_hit_prep(struct namecache *ncp) 1325 { 1326 struct negstate *ns; 1327 u_char n; 1328 1329 ns = NCP2NEGSTATE(ncp); 1330 n = atomic_load_char(&ns->neg_hit); 1331 for (;;) { 1332 if (n >= CACHE_NEG_PROMOTION_THRESH) 1333 return (false); 1334 if (atomic_fcmpset_8(&ns->neg_hit, &n, n + 1)) 1335 break; 1336 } 1337 return (n + 1 == CACHE_NEG_PROMOTION_THRESH); 1338 } 1339 1340 /* 1341 * Nothing to do here but it is provided for completeness as some 1342 * cache_neg_hit_prep callers may end up returning without even 1343 * trying to promote. 1344 */ 1345 #define cache_neg_hit_abort(ncp) do { } while (0) 1346 1347 static void 1348 cache_neg_hit_finish(struct namecache *ncp) 1349 { 1350 1351 SDT_PROBE2(vfs, namecache, lookup, hit__negative, ncp->nc_dvp, ncp->nc_name); 1352 counter_u64_add(numneghits, 1); 1353 } 1354 1355 /* 1356 * Move a negative entry to the hot list. 1357 */ 1358 static void 1359 cache_neg_promote_locked(struct namecache *ncp) 1360 { 1361 struct neglist *nl; 1362 struct negstate *ns; 1363 1364 ns = NCP2NEGSTATE(ncp); 1365 nl = NCP2NEGLIST(ncp); 1366 mtx_assert(&nl->nl_lock, MA_OWNED); 1367 if ((ns->neg_flag & NEG_HOT) == 0) { 1368 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst); 1369 TAILQ_INSERT_TAIL(&nl->nl_hotlist, ncp, nc_dst); 1370 nl->nl_hotnum++; 1371 ns->neg_flag |= NEG_HOT; 1372 } 1373 } 1374 1375 /* 1376 * Move a hot negative entry to the cold list. 1377 */ 1378 static void 1379 cache_neg_demote_locked(struct namecache *ncp) 1380 { 1381 struct neglist *nl; 1382 struct negstate *ns; 1383 1384 ns = NCP2NEGSTATE(ncp); 1385 nl = NCP2NEGLIST(ncp); 1386 mtx_assert(&nl->nl_lock, MA_OWNED); 1387 MPASS(ns->neg_flag & NEG_HOT); 1388 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst); 1389 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst); 1390 nl->nl_hotnum--; 1391 ns->neg_flag &= ~NEG_HOT; 1392 atomic_store_char(&ns->neg_hit, 0); 1393 } 1394 1395 /* 1396 * Move a negative entry to the hot list if it matches the lookup. 1397 * 1398 * We have to take locks, but they may be contended and in the worst 1399 * case we may need to go off CPU. We don't want to spin within the 1400 * smr section and we can't block with it. Exiting the section means 1401 * the found entry could have been evicted. We are going to look it 1402 * up again. 1403 */ 1404 static bool 1405 cache_neg_promote_cond(struct vnode *dvp, struct componentname *cnp, 1406 struct namecache *oncp, uint32_t hash) 1407 { 1408 struct namecache *ncp; 1409 struct neglist *nl; 1410 u_char nc_flag; 1411 1412 nl = NCP2NEGLIST(oncp); 1413 1414 mtx_lock(&nl->nl_lock); 1415 /* 1416 * For hash iteration. 1417 */ 1418 vfs_smr_enter(); 1419 1420 /* 1421 * Avoid all surprises by only succeeding if we got the same entry and 1422 * bailing completely otherwise. 1423 * XXX There are no provisions to keep the vnode around, meaning we may 1424 * end up promoting a negative entry for a *new* vnode and returning 1425 * ENOENT on its account. This is the error we want to return anyway 1426 * and promotion is harmless. 1427 * 1428 * In particular at this point there can be a new ncp which matches the 1429 * search but hashes to a different neglist. 1430 */ 1431 CK_SLIST_FOREACH(ncp, (NCHHASH(hash)), nc_hash) { 1432 if (ncp == oncp) 1433 break; 1434 } 1435 1436 /* 1437 * No match to begin with. 1438 */ 1439 if (__predict_false(ncp == NULL)) { 1440 goto out_abort; 1441 } 1442 1443 /* 1444 * The newly found entry may be something different... 1445 */ 1446 if (!cache_ncp_match(ncp, dvp, cnp)) { 1447 goto out_abort; 1448 } 1449 1450 /* 1451 * ... and not even negative. 1452 */ 1453 nc_flag = atomic_load_char(&ncp->nc_flag); 1454 if ((nc_flag & NCF_NEGATIVE) == 0) { 1455 goto out_abort; 1456 } 1457 1458 if (!cache_ncp_canuse(ncp)) { 1459 goto out_abort; 1460 } 1461 1462 cache_neg_promote_locked(ncp); 1463 cache_neg_hit_finish(ncp); 1464 vfs_smr_exit(); 1465 mtx_unlock(&nl->nl_lock); 1466 return (true); 1467 out_abort: 1468 vfs_smr_exit(); 1469 mtx_unlock(&nl->nl_lock); 1470 return (false); 1471 } 1472 1473 static void 1474 cache_neg_promote(struct namecache *ncp) 1475 { 1476 struct neglist *nl; 1477 1478 nl = NCP2NEGLIST(ncp); 1479 mtx_lock(&nl->nl_lock); 1480 cache_neg_promote_locked(ncp); 1481 mtx_unlock(&nl->nl_lock); 1482 } 1483 1484 static void 1485 cache_neg_insert(struct namecache *ncp) 1486 { 1487 struct neglist *nl; 1488 1489 MPASS(ncp->nc_flag & NCF_NEGATIVE); 1490 cache_assert_bucket_locked(ncp); 1491 nl = NCP2NEGLIST(ncp); 1492 mtx_lock(&nl->nl_lock); 1493 TAILQ_INSERT_TAIL(&nl->nl_list, ncp, nc_dst); 1494 mtx_unlock(&nl->nl_lock); 1495 atomic_add_long(&numneg, 1); 1496 } 1497 1498 static void 1499 cache_neg_remove(struct namecache *ncp) 1500 { 1501 struct neglist *nl; 1502 struct negstate *ns; 1503 1504 cache_assert_bucket_locked(ncp); 1505 nl = NCP2NEGLIST(ncp); 1506 ns = NCP2NEGSTATE(ncp); 1507 mtx_lock(&nl->nl_lock); 1508 if ((ns->neg_flag & NEG_HOT) != 0) { 1509 TAILQ_REMOVE(&nl->nl_hotlist, ncp, nc_dst); 1510 nl->nl_hotnum--; 1511 } else { 1512 TAILQ_REMOVE(&nl->nl_list, ncp, nc_dst); 1513 } 1514 mtx_unlock(&nl->nl_lock); 1515 atomic_subtract_long(&numneg, 1); 1516 } 1517 1518 static struct neglist * 1519 cache_neg_evict_select_list(void) 1520 { 1521 struct neglist *nl; 1522 u_int c; 1523 1524 c = atomic_fetchadd_int(&neg_cycle, 1) + 1; 1525 nl = &neglists[c % numneglists]; 1526 if (!mtx_trylock(&nl->nl_evict_lock)) { 1527 counter_u64_add(neg_evict_skipped_contended, 1); 1528 return (NULL); 1529 } 1530 return (nl); 1531 } 1532 1533 static struct namecache * 1534 cache_neg_evict_select_entry(struct neglist *nl) 1535 { 1536 struct namecache *ncp, *lncp; 1537 struct negstate *ns, *lns; 1538 int i; 1539 1540 mtx_assert(&nl->nl_evict_lock, MA_OWNED); 1541 mtx_assert(&nl->nl_lock, MA_OWNED); 1542 ncp = TAILQ_FIRST(&nl->nl_list); 1543 if (ncp == NULL) 1544 return (NULL); 1545 lncp = ncp; 1546 lns = NCP2NEGSTATE(lncp); 1547 for (i = 1; i < 4; i++) { 1548 ncp = TAILQ_NEXT(ncp, nc_dst); 1549 if (ncp == NULL) 1550 break; 1551 ns = NCP2NEGSTATE(ncp); 1552 if (ns->neg_hit < lns->neg_hit) { 1553 lncp = ncp; 1554 lns = ns; 1555 } 1556 } 1557 return (lncp); 1558 } 1559 1560 static bool 1561 cache_neg_evict(void) 1562 { 1563 struct namecache *ncp, *ncp2; 1564 struct neglist *nl; 1565 struct vnode *dvp; 1566 struct mtx *dvlp; 1567 struct mtx *blp; 1568 uint32_t hash; 1569 u_char nlen; 1570 bool evicted; 1571 1572 nl = cache_neg_evict_select_list(); 1573 if (nl == NULL) { 1574 return (false); 1575 } 1576 1577 mtx_lock(&nl->nl_lock); 1578 ncp = TAILQ_FIRST(&nl->nl_hotlist); 1579 if (ncp != NULL) { 1580 cache_neg_demote_locked(ncp); 1581 } 1582 ncp = cache_neg_evict_select_entry(nl); 1583 if (ncp == NULL) { 1584 counter_u64_add(neg_evict_skipped_empty, 1); 1585 mtx_unlock(&nl->nl_lock); 1586 mtx_unlock(&nl->nl_evict_lock); 1587 return (false); 1588 } 1589 nlen = ncp->nc_nlen; 1590 dvp = ncp->nc_dvp; 1591 hash = cache_get_hash(ncp->nc_name, nlen, dvp); 1592 dvlp = VP2VNODELOCK(dvp); 1593 blp = HASH2BUCKETLOCK(hash); 1594 mtx_unlock(&nl->nl_lock); 1595 mtx_unlock(&nl->nl_evict_lock); 1596 mtx_lock(dvlp); 1597 mtx_lock(blp); 1598 /* 1599 * Note that since all locks were dropped above, the entry may be 1600 * gone or reallocated to be something else. 1601 */ 1602 CK_SLIST_FOREACH(ncp2, (NCHHASH(hash)), nc_hash) { 1603 if (ncp2 == ncp && ncp2->nc_dvp == dvp && 1604 ncp2->nc_nlen == nlen && (ncp2->nc_flag & NCF_NEGATIVE) != 0) 1605 break; 1606 } 1607 if (ncp2 == NULL) { 1608 counter_u64_add(neg_evict_skipped_missed, 1); 1609 ncp = NULL; 1610 evicted = false; 1611 } else { 1612 MPASS(dvlp == VP2VNODELOCK(ncp->nc_dvp)); 1613 MPASS(blp == NCP2BUCKETLOCK(ncp)); 1614 SDT_PROBE2(vfs, namecache, evict_negative, done, ncp->nc_dvp, 1615 ncp->nc_name); 1616 cache_zap_locked(ncp); 1617 counter_u64_add(neg_evicted, 1); 1618 evicted = true; 1619 } 1620 mtx_unlock(blp); 1621 mtx_unlock(dvlp); 1622 if (ncp != NULL) 1623 cache_free(ncp); 1624 return (evicted); 1625 } 1626 1627 /* 1628 * Maybe evict a negative entry to create more room. 1629 * 1630 * The ncnegfactor parameter limits what fraction of the total count 1631 * can comprise of negative entries. However, if the cache is just 1632 * warming up this leads to excessive evictions. As such, ncnegminpct 1633 * (recomputed to neg_min) dictates whether the above should be 1634 * applied. 1635 * 1636 * Try evicting if the cache is close to full capacity regardless of 1637 * other considerations. 1638 */ 1639 static bool 1640 cache_neg_evict_cond(u_long lnumcache) 1641 { 1642 u_long lnumneg; 1643 1644 if (ncsize - 1000 < lnumcache) 1645 goto out_evict; 1646 lnumneg = atomic_load_long(&numneg); 1647 if (lnumneg < neg_min) 1648 return (false); 1649 if (lnumneg * ncnegfactor < lnumcache) 1650 return (false); 1651 out_evict: 1652 return (cache_neg_evict()); 1653 } 1654 1655 /* 1656 * cache_zap_locked(): 1657 * 1658 * Removes a namecache entry from cache, whether it contains an actual 1659 * pointer to a vnode or if it is just a negative cache entry. 1660 */ 1661 static void 1662 cache_zap_locked(struct namecache *ncp) 1663 { 1664 struct nchashhead *ncpp; 1665 struct vnode *dvp, *vp; 1666 1667 dvp = ncp->nc_dvp; 1668 vp = ncp->nc_vp; 1669 1670 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1671 cache_assert_vnode_locked(vp); 1672 cache_assert_vnode_locked(dvp); 1673 cache_assert_bucket_locked(ncp); 1674 1675 cache_ncp_invalidate(ncp); 1676 1677 ncpp = NCP2BUCKET(ncp); 1678 CK_SLIST_REMOVE(ncpp, ncp, namecache, nc_hash); 1679 if (!(ncp->nc_flag & NCF_NEGATIVE)) { 1680 SDT_PROBE3(vfs, namecache, zap, done, dvp, ncp->nc_name, vp); 1681 TAILQ_REMOVE(&vp->v_cache_dst, ncp, nc_dst); 1682 if (ncp == vp->v_cache_dd) { 1683 atomic_store_ptr(&vp->v_cache_dd, NULL); 1684 } 1685 } else { 1686 SDT_PROBE2(vfs, namecache, zap_negative, done, dvp, ncp->nc_name); 1687 cache_neg_remove(ncp); 1688 } 1689 if (ncp->nc_flag & NCF_ISDOTDOT) { 1690 if (ncp == dvp->v_cache_dd) { 1691 atomic_store_ptr(&dvp->v_cache_dd, NULL); 1692 } 1693 } else { 1694 LIST_REMOVE(ncp, nc_src); 1695 if (LIST_EMPTY(&dvp->v_cache_src)) { 1696 ncp->nc_flag |= NCF_DVDROP; 1697 } 1698 } 1699 } 1700 1701 static void 1702 cache_zap_negative_locked_vnode_kl(struct namecache *ncp, struct vnode *vp) 1703 { 1704 struct mtx *blp; 1705 1706 MPASS(ncp->nc_dvp == vp); 1707 MPASS(ncp->nc_flag & NCF_NEGATIVE); 1708 cache_assert_vnode_locked(vp); 1709 1710 blp = NCP2BUCKETLOCK(ncp); 1711 mtx_lock(blp); 1712 cache_zap_locked(ncp); 1713 mtx_unlock(blp); 1714 } 1715 1716 static bool 1717 cache_zap_locked_vnode_kl2(struct namecache *ncp, struct vnode *vp, 1718 struct mtx **vlpp) 1719 { 1720 struct mtx *pvlp, *vlp1, *vlp2, *to_unlock; 1721 struct mtx *blp; 1722 1723 MPASS(vp == ncp->nc_dvp || vp == ncp->nc_vp); 1724 cache_assert_vnode_locked(vp); 1725 1726 if (ncp->nc_flag & NCF_NEGATIVE) { 1727 if (*vlpp != NULL) { 1728 mtx_unlock(*vlpp); 1729 *vlpp = NULL; 1730 } 1731 cache_zap_negative_locked_vnode_kl(ncp, vp); 1732 return (true); 1733 } 1734 1735 pvlp = VP2VNODELOCK(vp); 1736 blp = NCP2BUCKETLOCK(ncp); 1737 vlp1 = VP2VNODELOCK(ncp->nc_dvp); 1738 vlp2 = VP2VNODELOCK(ncp->nc_vp); 1739 1740 if (*vlpp == vlp1 || *vlpp == vlp2) { 1741 to_unlock = *vlpp; 1742 *vlpp = NULL; 1743 } else { 1744 if (*vlpp != NULL) { 1745 mtx_unlock(*vlpp); 1746 *vlpp = NULL; 1747 } 1748 cache_sort_vnodes(&vlp1, &vlp2); 1749 if (vlp1 == pvlp) { 1750 mtx_lock(vlp2); 1751 to_unlock = vlp2; 1752 } else { 1753 if (!mtx_trylock(vlp1)) 1754 goto out_relock; 1755 to_unlock = vlp1; 1756 } 1757 } 1758 mtx_lock(blp); 1759 cache_zap_locked(ncp); 1760 mtx_unlock(blp); 1761 if (to_unlock != NULL) 1762 mtx_unlock(to_unlock); 1763 return (true); 1764 1765 out_relock: 1766 mtx_unlock(vlp2); 1767 mtx_lock(vlp1); 1768 mtx_lock(vlp2); 1769 MPASS(*vlpp == NULL); 1770 *vlpp = vlp1; 1771 return (false); 1772 } 1773 1774 /* 1775 * If trylocking failed we can get here. We know enough to take all needed locks 1776 * in the right order and re-lookup the entry. 1777 */ 1778 static int 1779 cache_zap_unlocked_bucket(struct namecache *ncp, struct componentname *cnp, 1780 struct vnode *dvp, struct mtx *dvlp, struct mtx *vlp, uint32_t hash, 1781 struct mtx *blp) 1782 { 1783 struct namecache *rncp; 1784 struct mtx *rvlp; 1785 1786 cache_assert_bucket_unlocked(ncp); 1787 1788 cache_sort_vnodes(&dvlp, &vlp); 1789 cache_lock_vnodes(dvlp, vlp); 1790 mtx_lock(blp); 1791 CK_SLIST_FOREACH(rncp, (NCHHASH(hash)), nc_hash) { 1792 if (rncp == ncp && cache_ncp_match(rncp, dvp, cnp)) 1793 break; 1794 } 1795 if (rncp == NULL) 1796 goto out_mismatch; 1797 1798 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1799 rvlp = VP2VNODELOCK(rncp->nc_vp); 1800 else 1801 rvlp = NULL; 1802 if (rvlp != vlp) 1803 goto out_mismatch; 1804 1805 cache_zap_locked(rncp); 1806 mtx_unlock(blp); 1807 cache_unlock_vnodes(dvlp, vlp); 1808 atomic_add_long(&zap_bucket_relock_success, 1); 1809 return (0); 1810 1811 out_mismatch: 1812 mtx_unlock(blp); 1813 cache_unlock_vnodes(dvlp, vlp); 1814 return (EAGAIN); 1815 } 1816 1817 static int __noinline 1818 cache_zap_locked_bucket(struct namecache *ncp, struct componentname *cnp, 1819 uint32_t hash, struct mtx *blp) 1820 { 1821 struct mtx *dvlp, *vlp; 1822 struct vnode *dvp; 1823 1824 cache_assert_bucket_locked(ncp); 1825 1826 dvlp = VP2VNODELOCK(ncp->nc_dvp); 1827 vlp = NULL; 1828 if (!(ncp->nc_flag & NCF_NEGATIVE)) 1829 vlp = VP2VNODELOCK(ncp->nc_vp); 1830 if (cache_trylock_vnodes(dvlp, vlp) == 0) { 1831 cache_zap_locked(ncp); 1832 mtx_unlock(blp); 1833 cache_unlock_vnodes(dvlp, vlp); 1834 return (0); 1835 } 1836 1837 dvp = ncp->nc_dvp; 1838 mtx_unlock(blp); 1839 return (cache_zap_unlocked_bucket(ncp, cnp, dvp, dvlp, vlp, hash, blp)); 1840 } 1841 1842 static __noinline int 1843 cache_remove_cnp(struct vnode *dvp, struct componentname *cnp) 1844 { 1845 struct namecache *ncp; 1846 struct mtx *blp; 1847 struct mtx *dvlp, *dvlp2; 1848 uint32_t hash; 1849 int error; 1850 1851 if (cnp->cn_namelen == 2 && 1852 cnp->cn_nameptr[0] == '.' && cnp->cn_nameptr[1] == '.') { 1853 dvlp = VP2VNODELOCK(dvp); 1854 dvlp2 = NULL; 1855 mtx_lock(dvlp); 1856 retry_dotdot: 1857 ncp = dvp->v_cache_dd; 1858 if (ncp == NULL) { 1859 mtx_unlock(dvlp); 1860 if (dvlp2 != NULL) 1861 mtx_unlock(dvlp2); 1862 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp); 1863 return (0); 1864 } 1865 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) { 1866 if (!cache_zap_locked_vnode_kl2(ncp, dvp, &dvlp2)) 1867 goto retry_dotdot; 1868 MPASS(dvp->v_cache_dd == NULL); 1869 mtx_unlock(dvlp); 1870 if (dvlp2 != NULL) 1871 mtx_unlock(dvlp2); 1872 cache_free(ncp); 1873 } else { 1874 atomic_store_ptr(&dvp->v_cache_dd, NULL); 1875 mtx_unlock(dvlp); 1876 if (dvlp2 != NULL) 1877 mtx_unlock(dvlp2); 1878 } 1879 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp); 1880 return (1); 1881 } 1882 1883 /* 1884 * XXX note that access here is completely unlocked with no provisions 1885 * to keep the hash allocated. If one is sufficiently unlucky a 1886 * parallel cache resize can reallocate the hash, unmap backing pages 1887 * and cause the empty check below to fault. 1888 * 1889 * Fixing this has epsilon priority, but can be done with no overhead 1890 * for this codepath with sufficient effort. 1891 */ 1892 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 1893 blp = HASH2BUCKETLOCK(hash); 1894 retry: 1895 if (CK_SLIST_EMPTY(NCHHASH(hash))) 1896 goto out_no_entry; 1897 1898 mtx_lock(blp); 1899 ncp = cache_ncp_find(dvp, cnp, hash); 1900 if (ncp == NULL) { 1901 mtx_unlock(blp); 1902 goto out_no_entry; 1903 } 1904 1905 error = cache_zap_locked_bucket(ncp, cnp, hash, blp); 1906 if (__predict_false(error != 0)) { 1907 atomic_add_long(&zap_bucket_fail, 1); 1908 goto retry; 1909 } 1910 counter_u64_add(numposzaps, 1); 1911 SDT_PROBE2(vfs, namecache, removecnp, hit, dvp, cnp); 1912 cache_free(ncp); 1913 return (1); 1914 out_no_entry: 1915 counter_u64_add(nummisszap, 1); 1916 SDT_PROBE2(vfs, namecache, removecnp, miss, dvp, cnp); 1917 return (0); 1918 } 1919 1920 static int __noinline 1921 cache_lookup_dot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 1922 struct timespec *tsp, int *ticksp) 1923 { 1924 int ltype; 1925 1926 *vpp = dvp; 1927 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ".", *vpp); 1928 if (tsp != NULL) 1929 timespecclear(tsp); 1930 if (ticksp != NULL) 1931 *ticksp = ticks; 1932 vrefact(*vpp); 1933 /* 1934 * When we lookup "." we still can be asked to lock it 1935 * differently... 1936 */ 1937 ltype = cnp->cn_lkflags & LK_TYPE_MASK; 1938 if (ltype != VOP_ISLOCKED(*vpp)) { 1939 if (ltype == LK_EXCLUSIVE) { 1940 vn_lock(*vpp, LK_UPGRADE | LK_RETRY); 1941 if (VN_IS_DOOMED((*vpp))) { 1942 /* forced unmount */ 1943 vrele(*vpp); 1944 *vpp = NULL; 1945 return (ENOENT); 1946 } 1947 } else 1948 vn_lock(*vpp, LK_DOWNGRADE | LK_RETRY); 1949 } 1950 return (-1); 1951 } 1952 1953 static int __noinline 1954 cache_lookup_dotdot(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 1955 struct timespec *tsp, int *ticksp) 1956 { 1957 struct namecache_ts *ncp_ts; 1958 struct namecache *ncp; 1959 struct mtx *dvlp; 1960 enum vgetstate vs; 1961 int error, ltype; 1962 bool whiteout; 1963 1964 MPASS((cnp->cn_flags & ISDOTDOT) != 0); 1965 1966 if ((cnp->cn_flags & MAKEENTRY) == 0) { 1967 cache_remove_cnp(dvp, cnp); 1968 return (0); 1969 } 1970 1971 retry: 1972 dvlp = VP2VNODELOCK(dvp); 1973 mtx_lock(dvlp); 1974 ncp = dvp->v_cache_dd; 1975 if (ncp == NULL) { 1976 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, ".."); 1977 mtx_unlock(dvlp); 1978 return (0); 1979 } 1980 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) { 1981 if (ncp->nc_flag & NCF_NEGATIVE) 1982 *vpp = NULL; 1983 else 1984 *vpp = ncp->nc_vp; 1985 } else 1986 *vpp = ncp->nc_dvp; 1987 if (*vpp == NULL) 1988 goto negative_success; 1989 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, "..", *vpp); 1990 cache_out_ts(ncp, tsp, ticksp); 1991 if ((ncp->nc_flag & (NCF_ISDOTDOT | NCF_DTS)) == 1992 NCF_DTS && tsp != NULL) { 1993 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 1994 *tsp = ncp_ts->nc_dotdottime; 1995 } 1996 1997 MPASS(dvp != *vpp); 1998 ltype = VOP_ISLOCKED(dvp); 1999 VOP_UNLOCK(dvp); 2000 vs = vget_prep(*vpp); 2001 mtx_unlock(dvlp); 2002 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2003 vn_lock(dvp, ltype | LK_RETRY); 2004 if (VN_IS_DOOMED(dvp)) { 2005 if (error == 0) 2006 vput(*vpp); 2007 *vpp = NULL; 2008 return (ENOENT); 2009 } 2010 if (error) { 2011 *vpp = NULL; 2012 goto retry; 2013 } 2014 return (-1); 2015 negative_success: 2016 if (__predict_false(cnp->cn_nameiop == CREATE)) { 2017 if (cnp->cn_flags & ISLASTCN) { 2018 counter_u64_add(numnegzaps, 1); 2019 cache_zap_negative_locked_vnode_kl(ncp, dvp); 2020 mtx_unlock(dvlp); 2021 cache_free(ncp); 2022 return (0); 2023 } 2024 } 2025 2026 whiteout = (ncp->nc_flag & NCF_WHITE); 2027 cache_out_ts(ncp, tsp, ticksp); 2028 if (cache_neg_hit_prep(ncp)) 2029 cache_neg_promote(ncp); 2030 else 2031 cache_neg_hit_finish(ncp); 2032 mtx_unlock(dvlp); 2033 if (whiteout) 2034 cnp->cn_flags |= ISWHITEOUT; 2035 return (ENOENT); 2036 } 2037 2038 /** 2039 * Lookup a name in the name cache 2040 * 2041 * # Arguments 2042 * 2043 * - dvp: Parent directory in which to search. 2044 * - vpp: Return argument. Will contain desired vnode on cache hit. 2045 * - cnp: Parameters of the name search. The most interesting bits of 2046 * the cn_flags field have the following meanings: 2047 * - MAKEENTRY: If clear, free an entry from the cache rather than look 2048 * it up. 2049 * - ISDOTDOT: Must be set if and only if cn_nameptr == ".." 2050 * - tsp: Return storage for cache timestamp. On a successful (positive 2051 * or negative) lookup, tsp will be filled with any timespec that 2052 * was stored when this cache entry was created. However, it will 2053 * be clear for "." entries. 2054 * - ticks: Return storage for alternate cache timestamp. On a successful 2055 * (positive or negative) lookup, it will contain the ticks value 2056 * that was current when the cache entry was created, unless cnp 2057 * was ".". 2058 * 2059 * Either both tsp and ticks have to be provided or neither of them. 2060 * 2061 * # Returns 2062 * 2063 * - -1: A positive cache hit. vpp will contain the desired vnode. 2064 * - ENOENT: A negative cache hit, or dvp was recycled out from under us due 2065 * to a forced unmount. vpp will not be modified. If the entry 2066 * is a whiteout, then the ISWHITEOUT flag will be set in 2067 * cnp->cn_flags. 2068 * - 0: A cache miss. vpp will not be modified. 2069 * 2070 * # Locking 2071 * 2072 * On a cache hit, vpp will be returned locked and ref'd. If we're looking up 2073 * .., dvp is unlocked. If we're looking up . an extra ref is taken, but the 2074 * lock is not recursively acquired. 2075 */ 2076 static int __noinline 2077 cache_lookup_fallback(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 2078 struct timespec *tsp, int *ticksp) 2079 { 2080 struct namecache *ncp; 2081 struct mtx *blp; 2082 uint32_t hash; 2083 enum vgetstate vs; 2084 int error; 2085 bool whiteout; 2086 2087 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 2088 MPASS((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) != 0); 2089 2090 retry: 2091 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 2092 blp = HASH2BUCKETLOCK(hash); 2093 mtx_lock(blp); 2094 2095 ncp = cache_ncp_find(dvp, cnp, hash); 2096 if (__predict_false(ncp == NULL)) { 2097 mtx_unlock(blp); 2098 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr); 2099 counter_u64_add(nummiss, 1); 2100 return (0); 2101 } 2102 2103 if (ncp->nc_flag & NCF_NEGATIVE) 2104 goto negative_success; 2105 2106 counter_u64_add(numposhits, 1); 2107 *vpp = ncp->nc_vp; 2108 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp); 2109 cache_out_ts(ncp, tsp, ticksp); 2110 MPASS(dvp != *vpp); 2111 vs = vget_prep(*vpp); 2112 mtx_unlock(blp); 2113 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2114 if (error) { 2115 *vpp = NULL; 2116 goto retry; 2117 } 2118 return (-1); 2119 negative_success: 2120 /* 2121 * We don't get here with regular lookup apart from corner cases. 2122 */ 2123 if (__predict_true(cnp->cn_nameiop == CREATE)) { 2124 if (cnp->cn_flags & ISLASTCN) { 2125 counter_u64_add(numnegzaps, 1); 2126 error = cache_zap_locked_bucket(ncp, cnp, hash, blp); 2127 if (__predict_false(error != 0)) { 2128 atomic_add_long(&zap_bucket_fail2, 1); 2129 goto retry; 2130 } 2131 cache_free(ncp); 2132 return (0); 2133 } 2134 } 2135 2136 whiteout = (ncp->nc_flag & NCF_WHITE); 2137 cache_out_ts(ncp, tsp, ticksp); 2138 if (cache_neg_hit_prep(ncp)) 2139 cache_neg_promote(ncp); 2140 else 2141 cache_neg_hit_finish(ncp); 2142 mtx_unlock(blp); 2143 if (whiteout) 2144 cnp->cn_flags |= ISWHITEOUT; 2145 return (ENOENT); 2146 } 2147 2148 int 2149 cache_lookup(struct vnode *dvp, struct vnode **vpp, struct componentname *cnp, 2150 struct timespec *tsp, int *ticksp) 2151 { 2152 struct namecache *ncp; 2153 uint32_t hash; 2154 enum vgetstate vs; 2155 int error; 2156 bool whiteout, neg_promote; 2157 u_short nc_flag; 2158 2159 MPASS((tsp == NULL && ticksp == NULL) || (tsp != NULL && ticksp != NULL)); 2160 2161 #ifdef DEBUG_CACHE 2162 if (__predict_false(!doingcache)) { 2163 cnp->cn_flags &= ~MAKEENTRY; 2164 return (0); 2165 } 2166 #endif 2167 2168 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 2169 if (cnp->cn_namelen == 1) 2170 return (cache_lookup_dot(dvp, vpp, cnp, tsp, ticksp)); 2171 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') 2172 return (cache_lookup_dotdot(dvp, vpp, cnp, tsp, ticksp)); 2173 } 2174 2175 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 2176 2177 if ((cnp->cn_flags & (MAKEENTRY | NC_KEEPPOSENTRY)) == 0) { 2178 cache_remove_cnp(dvp, cnp); 2179 return (0); 2180 } 2181 2182 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 2183 vfs_smr_enter(); 2184 2185 ncp = cache_ncp_find(dvp, cnp, hash); 2186 if (__predict_false(ncp == NULL)) { 2187 vfs_smr_exit(); 2188 SDT_PROBE2(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr); 2189 counter_u64_add(nummiss, 1); 2190 return (0); 2191 } 2192 2193 nc_flag = atomic_load_char(&ncp->nc_flag); 2194 if (nc_flag & NCF_NEGATIVE) 2195 goto negative_success; 2196 2197 counter_u64_add(numposhits, 1); 2198 *vpp = ncp->nc_vp; 2199 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, *vpp); 2200 cache_out_ts(ncp, tsp, ticksp); 2201 MPASS(dvp != *vpp); 2202 if (!cache_ncp_canuse(ncp)) { 2203 vfs_smr_exit(); 2204 *vpp = NULL; 2205 goto out_fallback; 2206 } 2207 vs = vget_prep_smr(*vpp); 2208 vfs_smr_exit(); 2209 if (__predict_false(vs == VGET_NONE)) { 2210 *vpp = NULL; 2211 goto out_fallback; 2212 } 2213 error = vget_finish(*vpp, cnp->cn_lkflags, vs); 2214 if (error) { 2215 *vpp = NULL; 2216 goto out_fallback; 2217 } 2218 return (-1); 2219 negative_success: 2220 if (cnp->cn_nameiop == CREATE) { 2221 if (cnp->cn_flags & ISLASTCN) { 2222 vfs_smr_exit(); 2223 goto out_fallback; 2224 } 2225 } 2226 2227 cache_out_ts(ncp, tsp, ticksp); 2228 whiteout = (atomic_load_char(&ncp->nc_flag) & NCF_WHITE); 2229 neg_promote = cache_neg_hit_prep(ncp); 2230 if (!cache_ncp_canuse(ncp)) { 2231 cache_neg_hit_abort(ncp); 2232 vfs_smr_exit(); 2233 goto out_fallback; 2234 } 2235 if (neg_promote) { 2236 vfs_smr_exit(); 2237 if (!cache_neg_promote_cond(dvp, cnp, ncp, hash)) 2238 goto out_fallback; 2239 } else { 2240 cache_neg_hit_finish(ncp); 2241 vfs_smr_exit(); 2242 } 2243 if (whiteout) 2244 cnp->cn_flags |= ISWHITEOUT; 2245 return (ENOENT); 2246 out_fallback: 2247 return (cache_lookup_fallback(dvp, vpp, cnp, tsp, ticksp)); 2248 } 2249 2250 struct celockstate { 2251 struct mtx *vlp[3]; 2252 struct mtx *blp[2]; 2253 }; 2254 CTASSERT((nitems(((struct celockstate *)0)->vlp) == 3)); 2255 CTASSERT((nitems(((struct celockstate *)0)->blp) == 2)); 2256 2257 static inline void 2258 cache_celockstate_init(struct celockstate *cel) 2259 { 2260 2261 bzero(cel, sizeof(*cel)); 2262 } 2263 2264 static void 2265 cache_lock_vnodes_cel(struct celockstate *cel, struct vnode *vp, 2266 struct vnode *dvp) 2267 { 2268 struct mtx *vlp1, *vlp2; 2269 2270 MPASS(cel->vlp[0] == NULL); 2271 MPASS(cel->vlp[1] == NULL); 2272 MPASS(cel->vlp[2] == NULL); 2273 2274 MPASS(vp != NULL || dvp != NULL); 2275 2276 vlp1 = VP2VNODELOCK(vp); 2277 vlp2 = VP2VNODELOCK(dvp); 2278 cache_sort_vnodes(&vlp1, &vlp2); 2279 2280 if (vlp1 != NULL) { 2281 mtx_lock(vlp1); 2282 cel->vlp[0] = vlp1; 2283 } 2284 mtx_lock(vlp2); 2285 cel->vlp[1] = vlp2; 2286 } 2287 2288 static void 2289 cache_unlock_vnodes_cel(struct celockstate *cel) 2290 { 2291 2292 MPASS(cel->vlp[0] != NULL || cel->vlp[1] != NULL); 2293 2294 if (cel->vlp[0] != NULL) 2295 mtx_unlock(cel->vlp[0]); 2296 if (cel->vlp[1] != NULL) 2297 mtx_unlock(cel->vlp[1]); 2298 if (cel->vlp[2] != NULL) 2299 mtx_unlock(cel->vlp[2]); 2300 } 2301 2302 static bool 2303 cache_lock_vnodes_cel_3(struct celockstate *cel, struct vnode *vp) 2304 { 2305 struct mtx *vlp; 2306 bool ret; 2307 2308 cache_assert_vlp_locked(cel->vlp[0]); 2309 cache_assert_vlp_locked(cel->vlp[1]); 2310 MPASS(cel->vlp[2] == NULL); 2311 2312 MPASS(vp != NULL); 2313 vlp = VP2VNODELOCK(vp); 2314 2315 ret = true; 2316 if (vlp >= cel->vlp[1]) { 2317 mtx_lock(vlp); 2318 } else { 2319 if (mtx_trylock(vlp)) 2320 goto out; 2321 cache_unlock_vnodes_cel(cel); 2322 atomic_add_long(&cache_lock_vnodes_cel_3_failures, 1); 2323 if (vlp < cel->vlp[0]) { 2324 mtx_lock(vlp); 2325 mtx_lock(cel->vlp[0]); 2326 mtx_lock(cel->vlp[1]); 2327 } else { 2328 if (cel->vlp[0] != NULL) 2329 mtx_lock(cel->vlp[0]); 2330 mtx_lock(vlp); 2331 mtx_lock(cel->vlp[1]); 2332 } 2333 ret = false; 2334 } 2335 out: 2336 cel->vlp[2] = vlp; 2337 return (ret); 2338 } 2339 2340 static void 2341 cache_lock_buckets_cel(struct celockstate *cel, struct mtx *blp1, 2342 struct mtx *blp2) 2343 { 2344 2345 MPASS(cel->blp[0] == NULL); 2346 MPASS(cel->blp[1] == NULL); 2347 2348 cache_sort_vnodes(&blp1, &blp2); 2349 2350 if (blp1 != NULL) { 2351 mtx_lock(blp1); 2352 cel->blp[0] = blp1; 2353 } 2354 mtx_lock(blp2); 2355 cel->blp[1] = blp2; 2356 } 2357 2358 static void 2359 cache_unlock_buckets_cel(struct celockstate *cel) 2360 { 2361 2362 if (cel->blp[0] != NULL) 2363 mtx_unlock(cel->blp[0]); 2364 mtx_unlock(cel->blp[1]); 2365 } 2366 2367 /* 2368 * Lock part of the cache affected by the insertion. 2369 * 2370 * This means vnodelocks for dvp, vp and the relevant bucketlock. 2371 * However, insertion can result in removal of an old entry. In this 2372 * case we have an additional vnode and bucketlock pair to lock. 2373 * 2374 * That is, in the worst case we have to lock 3 vnodes and 2 bucketlocks, while 2375 * preserving the locking order (smaller address first). 2376 */ 2377 static void 2378 cache_enter_lock(struct celockstate *cel, struct vnode *dvp, struct vnode *vp, 2379 uint32_t hash) 2380 { 2381 struct namecache *ncp; 2382 struct mtx *blps[2]; 2383 u_char nc_flag; 2384 2385 blps[0] = HASH2BUCKETLOCK(hash); 2386 for (;;) { 2387 blps[1] = NULL; 2388 cache_lock_vnodes_cel(cel, dvp, vp); 2389 if (vp == NULL || vp->v_type != VDIR) 2390 break; 2391 ncp = atomic_load_consume_ptr(&vp->v_cache_dd); 2392 if (ncp == NULL) 2393 break; 2394 nc_flag = atomic_load_char(&ncp->nc_flag); 2395 if ((nc_flag & NCF_ISDOTDOT) == 0) 2396 break; 2397 MPASS(ncp->nc_dvp == vp); 2398 blps[1] = NCP2BUCKETLOCK(ncp); 2399 if ((nc_flag & NCF_NEGATIVE) != 0) 2400 break; 2401 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp)) 2402 break; 2403 /* 2404 * All vnodes got re-locked. Re-validate the state and if 2405 * nothing changed we are done. Otherwise restart. 2406 */ 2407 if (ncp == vp->v_cache_dd && 2408 (ncp->nc_flag & NCF_ISDOTDOT) != 0 && 2409 blps[1] == NCP2BUCKETLOCK(ncp) && 2410 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2]) 2411 break; 2412 cache_unlock_vnodes_cel(cel); 2413 cel->vlp[0] = NULL; 2414 cel->vlp[1] = NULL; 2415 cel->vlp[2] = NULL; 2416 } 2417 cache_lock_buckets_cel(cel, blps[0], blps[1]); 2418 } 2419 2420 static void 2421 cache_enter_lock_dd(struct celockstate *cel, struct vnode *dvp, struct vnode *vp, 2422 uint32_t hash) 2423 { 2424 struct namecache *ncp; 2425 struct mtx *blps[2]; 2426 u_char nc_flag; 2427 2428 blps[0] = HASH2BUCKETLOCK(hash); 2429 for (;;) { 2430 blps[1] = NULL; 2431 cache_lock_vnodes_cel(cel, dvp, vp); 2432 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd); 2433 if (ncp == NULL) 2434 break; 2435 nc_flag = atomic_load_char(&ncp->nc_flag); 2436 if ((nc_flag & NCF_ISDOTDOT) == 0) 2437 break; 2438 MPASS(ncp->nc_dvp == dvp); 2439 blps[1] = NCP2BUCKETLOCK(ncp); 2440 if ((nc_flag & NCF_NEGATIVE) != 0) 2441 break; 2442 if (cache_lock_vnodes_cel_3(cel, ncp->nc_vp)) 2443 break; 2444 if (ncp == dvp->v_cache_dd && 2445 (ncp->nc_flag & NCF_ISDOTDOT) != 0 && 2446 blps[1] == NCP2BUCKETLOCK(ncp) && 2447 VP2VNODELOCK(ncp->nc_vp) == cel->vlp[2]) 2448 break; 2449 cache_unlock_vnodes_cel(cel); 2450 cel->vlp[0] = NULL; 2451 cel->vlp[1] = NULL; 2452 cel->vlp[2] = NULL; 2453 } 2454 cache_lock_buckets_cel(cel, blps[0], blps[1]); 2455 } 2456 2457 static void 2458 cache_enter_unlock(struct celockstate *cel) 2459 { 2460 2461 cache_unlock_buckets_cel(cel); 2462 cache_unlock_vnodes_cel(cel); 2463 } 2464 2465 static void __noinline 2466 cache_enter_dotdot_prep(struct vnode *dvp, struct vnode *vp, 2467 struct componentname *cnp) 2468 { 2469 struct celockstate cel; 2470 struct namecache *ncp; 2471 uint32_t hash; 2472 int len; 2473 2474 if (atomic_load_ptr(&dvp->v_cache_dd) == NULL) 2475 return; 2476 len = cnp->cn_namelen; 2477 cache_celockstate_init(&cel); 2478 hash = cache_get_hash(cnp->cn_nameptr, len, dvp); 2479 cache_enter_lock_dd(&cel, dvp, vp, hash); 2480 ncp = dvp->v_cache_dd; 2481 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT)) { 2482 KASSERT(ncp->nc_dvp == dvp, ("wrong isdotdot parent")); 2483 cache_zap_locked(ncp); 2484 } else { 2485 ncp = NULL; 2486 } 2487 atomic_store_ptr(&dvp->v_cache_dd, NULL); 2488 cache_enter_unlock(&cel); 2489 if (ncp != NULL) 2490 cache_free(ncp); 2491 } 2492 2493 /* 2494 * Add an entry to the cache. 2495 */ 2496 void 2497 cache_enter_time(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, 2498 struct timespec *tsp, struct timespec *dtsp) 2499 { 2500 struct celockstate cel; 2501 struct namecache *ncp, *n2, *ndd; 2502 struct namecache_ts *ncp_ts; 2503 uint32_t hash; 2504 int flag; 2505 int len; 2506 2507 KASSERT(cnp->cn_namelen <= NAME_MAX, 2508 ("%s: passed len %ld exceeds NAME_MAX (%d)", __func__, cnp->cn_namelen, 2509 NAME_MAX)); 2510 VNPASS(!VN_IS_DOOMED(dvp), dvp); 2511 VNPASS(dvp->v_type != VNON, dvp); 2512 if (vp != NULL) { 2513 VNPASS(!VN_IS_DOOMED(vp), vp); 2514 VNPASS(vp->v_type != VNON, vp); 2515 } 2516 if (cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.') { 2517 KASSERT(dvp == vp, 2518 ("%s: different vnodes for dot entry (%p; %p)\n", __func__, 2519 dvp, vp)); 2520 } else { 2521 KASSERT(dvp != vp, 2522 ("%s: same vnode for non-dot entry [%s] (%p)\n", __func__, 2523 cnp->cn_nameptr, dvp)); 2524 } 2525 2526 #ifdef DEBUG_CACHE 2527 if (__predict_false(!doingcache)) 2528 return; 2529 #endif 2530 2531 flag = 0; 2532 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 2533 if (cnp->cn_namelen == 1) 2534 return; 2535 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') { 2536 cache_enter_dotdot_prep(dvp, vp, cnp); 2537 flag = NCF_ISDOTDOT; 2538 } 2539 } 2540 2541 ncp = cache_alloc(cnp->cn_namelen, tsp != NULL); 2542 if (ncp == NULL) 2543 return; 2544 2545 cache_celockstate_init(&cel); 2546 ndd = NULL; 2547 ncp_ts = NULL; 2548 2549 /* 2550 * Calculate the hash key and setup as much of the new 2551 * namecache entry as possible before acquiring the lock. 2552 */ 2553 ncp->nc_flag = flag | NCF_WIP; 2554 ncp->nc_vp = vp; 2555 if (vp == NULL) 2556 cache_neg_init(ncp); 2557 ncp->nc_dvp = dvp; 2558 if (tsp != NULL) { 2559 ncp_ts = __containerof(ncp, struct namecache_ts, nc_nc); 2560 ncp_ts->nc_time = *tsp; 2561 ncp_ts->nc_ticks = ticks; 2562 ncp_ts->nc_nc.nc_flag |= NCF_TS; 2563 if (dtsp != NULL) { 2564 ncp_ts->nc_dotdottime = *dtsp; 2565 ncp_ts->nc_nc.nc_flag |= NCF_DTS; 2566 } 2567 } 2568 len = ncp->nc_nlen = cnp->cn_namelen; 2569 hash = cache_get_hash(cnp->cn_nameptr, len, dvp); 2570 memcpy(ncp->nc_name, cnp->cn_nameptr, len); 2571 ncp->nc_name[len] = '\0'; 2572 cache_enter_lock(&cel, dvp, vp, hash); 2573 2574 /* 2575 * See if this vnode or negative entry is already in the cache 2576 * with this name. This can happen with concurrent lookups of 2577 * the same path name. 2578 */ 2579 n2 = cache_ncp_find(dvp, cnp, hash); 2580 if (n2 != NULL) { 2581 MPASS(cache_ncp_canuse(n2)); 2582 if ((n2->nc_flag & NCF_NEGATIVE) != 0) 2583 KASSERT(vp == NULL, 2584 ("%s: found entry pointing to a different vnode " 2585 "(%p != %p); name [%s]", 2586 __func__, NULL, vp, cnp->cn_nameptr)); 2587 else 2588 KASSERT(n2->nc_vp == vp, 2589 ("%s: found entry pointing to a different vnode " 2590 "(%p != %p); name [%s]", 2591 __func__, n2->nc_vp, vp, cnp->cn_nameptr)); 2592 /* 2593 * Entries are supposed to be immutable unless in the 2594 * process of getting destroyed. Accommodating for 2595 * changing timestamps is possible but not worth it. 2596 * This should be harmless in terms of correctness, in 2597 * the worst case resulting in an earlier expiration. 2598 * Alternatively, the found entry can be replaced 2599 * altogether. 2600 */ 2601 MPASS((n2->nc_flag & (NCF_TS | NCF_DTS)) == 2602 (ncp->nc_flag & (NCF_TS | NCF_DTS))); 2603 #if 0 2604 if (tsp != NULL) { 2605 KASSERT((n2->nc_flag & NCF_TS) != 0, 2606 ("no NCF_TS")); 2607 n2_ts = __containerof(n2, struct namecache_ts, nc_nc); 2608 n2_ts->nc_time = ncp_ts->nc_time; 2609 n2_ts->nc_ticks = ncp_ts->nc_ticks; 2610 if (dtsp != NULL) { 2611 n2_ts->nc_dotdottime = ncp_ts->nc_dotdottime; 2612 n2_ts->nc_nc.nc_flag |= NCF_DTS; 2613 } 2614 } 2615 #endif 2616 SDT_PROBE3(vfs, namecache, enter, duplicate, dvp, ncp->nc_name, 2617 vp); 2618 goto out_unlock_free; 2619 } 2620 2621 if (flag == NCF_ISDOTDOT) { 2622 /* 2623 * See if we are trying to add .. entry, but some other lookup 2624 * has populated v_cache_dd pointer already. 2625 */ 2626 if (dvp->v_cache_dd != NULL) 2627 goto out_unlock_free; 2628 KASSERT(vp == NULL || vp->v_type == VDIR, 2629 ("wrong vnode type %p", vp)); 2630 atomic_thread_fence_rel(); 2631 atomic_store_ptr(&dvp->v_cache_dd, ncp); 2632 } else if (vp != NULL) { 2633 /* 2634 * Take the slow path in INOTIFY(). This flag will be lazily 2635 * cleared by cache_vop_inotify() once all directories referring 2636 * to vp are unwatched. 2637 */ 2638 if (__predict_false((vn_irflag_read(dvp) & VIRF_INOTIFY) != 0)) 2639 vn_irflag_set_cond(vp, VIRF_INOTIFY_PARENT); 2640 2641 /* 2642 * For this case, the cache entry maps both the 2643 * directory name in it and the name ".." for the 2644 * directory's parent. 2645 */ 2646 if ((ndd = vp->v_cache_dd) != NULL) { 2647 if ((ndd->nc_flag & NCF_ISDOTDOT) != 0) 2648 cache_zap_locked(ndd); 2649 else 2650 ndd = NULL; 2651 } 2652 atomic_thread_fence_rel(); 2653 atomic_store_ptr(&vp->v_cache_dd, ncp); 2654 } 2655 2656 if (flag != NCF_ISDOTDOT) { 2657 if (LIST_EMPTY(&dvp->v_cache_src)) { 2658 cache_hold_vnode(dvp); 2659 } 2660 LIST_INSERT_HEAD(&dvp->v_cache_src, ncp, nc_src); 2661 } 2662 2663 /* 2664 * If the entry is "negative", we place it into the 2665 * "negative" cache queue, otherwise, we place it into the 2666 * destination vnode's cache entries queue. 2667 */ 2668 if (vp != NULL) { 2669 TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, nc_dst); 2670 SDT_PROBE3(vfs, namecache, enter, done, dvp, ncp->nc_name, 2671 vp); 2672 } else { 2673 if (cnp->cn_flags & ISWHITEOUT) 2674 atomic_store_char(&ncp->nc_flag, ncp->nc_flag | NCF_WHITE); 2675 cache_neg_insert(ncp); 2676 SDT_PROBE2(vfs, namecache, enter_negative, done, dvp, 2677 ncp->nc_name); 2678 } 2679 2680 /* 2681 * Insert the new namecache entry into the appropriate chain 2682 * within the cache entries table. 2683 */ 2684 CK_SLIST_INSERT_HEAD(NCHHASH(hash), ncp, nc_hash); 2685 2686 atomic_thread_fence_rel(); 2687 /* 2688 * Mark the entry as fully constructed. 2689 * It is immutable past this point until its removal. 2690 */ 2691 atomic_store_char(&ncp->nc_flag, ncp->nc_flag & ~NCF_WIP); 2692 2693 cache_enter_unlock(&cel); 2694 if (ndd != NULL) 2695 cache_free(ndd); 2696 return; 2697 out_unlock_free: 2698 cache_enter_unlock(&cel); 2699 cache_free(ncp); 2700 return; 2701 } 2702 2703 /* 2704 * A variant of the above accepting flags. 2705 * 2706 * - VFS_CACHE_DROPOLD -- if a conflicting entry is found, drop it. 2707 * 2708 * TODO: this routine is a hack. It blindly removes the old entry, even if it 2709 * happens to match and it is doing it in an inefficient manner. It was added 2710 * to accommodate NFS which runs into a case where the target for a given name 2711 * may change from under it. Note this does nothing to solve the following 2712 * race: 2 callers of cache_enter_time_flags pass a different target vnode for 2713 * the same [dvp, cnp]. It may be argued that code doing this is broken. 2714 */ 2715 void 2716 cache_enter_time_flags(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, 2717 struct timespec *tsp, struct timespec *dtsp, int flags) 2718 { 2719 2720 MPASS((flags & ~(VFS_CACHE_DROPOLD)) == 0); 2721 2722 if (flags & VFS_CACHE_DROPOLD) 2723 cache_remove_cnp(dvp, cnp); 2724 cache_enter_time(dvp, vp, cnp, tsp, dtsp); 2725 } 2726 2727 static u_long 2728 cache_roundup_2(u_long val) 2729 { 2730 u_long res; 2731 2732 for (res = 1; res <= val; res <<= 1) 2733 continue; 2734 2735 return (res); 2736 } 2737 2738 static struct nchashhead * 2739 nchinittbl(u_long elements, u_long *hashmask) 2740 { 2741 struct nchashhead *hashtbl; 2742 u_long hashsize, i; 2743 2744 hashsize = cache_roundup_2(elements) / 2; 2745 2746 hashtbl = malloc(hashsize * sizeof(*hashtbl), M_VFSCACHE, M_WAITOK); 2747 for (i = 0; i < hashsize; i++) 2748 CK_SLIST_INIT(&hashtbl[i]); 2749 *hashmask = hashsize - 1; 2750 return (hashtbl); 2751 } 2752 2753 static void 2754 ncfreetbl(struct nchashhead *hashtbl) 2755 { 2756 2757 free(hashtbl, M_VFSCACHE); 2758 } 2759 2760 /* 2761 * Name cache initialization, from vfs_init() when we are booting 2762 */ 2763 static void 2764 nchinit(void *dummy __unused) 2765 { 2766 u_int i; 2767 2768 cache_zone_small = uma_zcreate("S VFS Cache", CACHE_ZONE_SMALL_SIZE, 2769 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2770 cache_zone_small_ts = uma_zcreate("STS VFS Cache", CACHE_ZONE_SMALL_TS_SIZE, 2771 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2772 cache_zone_large = uma_zcreate("L VFS Cache", CACHE_ZONE_LARGE_SIZE, 2773 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2774 cache_zone_large_ts = uma_zcreate("LTS VFS Cache", CACHE_ZONE_LARGE_TS_SIZE, 2775 NULL, NULL, NULL, NULL, CACHE_ZONE_ALIGNMENT, UMA_ZONE_ZINIT); 2776 2777 VFS_SMR_ZONE_SET(cache_zone_small); 2778 VFS_SMR_ZONE_SET(cache_zone_small_ts); 2779 VFS_SMR_ZONE_SET(cache_zone_large); 2780 VFS_SMR_ZONE_SET(cache_zone_large_ts); 2781 2782 ncsize = desiredvnodes * ncsizefactor; 2783 cache_recalc_neg_min(); 2784 nchashtbl = nchinittbl(ncsize, &nchash); 2785 ncbuckethash = cache_roundup_2(mp_ncpus * mp_ncpus) - 1; 2786 if (ncbuckethash < 7) /* arbitrarily chosen to avoid having one lock */ 2787 ncbuckethash = 7; 2788 if (ncbuckethash > nchash) 2789 ncbuckethash = nchash; 2790 bucketlocks = malloc(sizeof(*bucketlocks) * numbucketlocks, M_VFSCACHE, 2791 M_WAITOK | M_ZERO); 2792 for (i = 0; i < numbucketlocks; i++) 2793 mtx_init(&bucketlocks[i], "ncbuc", NULL, MTX_DUPOK | MTX_RECURSE); 2794 ncvnodehash = ncbuckethash; 2795 vnodelocks = malloc(sizeof(*vnodelocks) * numvnodelocks, M_VFSCACHE, 2796 M_WAITOK | M_ZERO); 2797 for (i = 0; i < numvnodelocks; i++) 2798 mtx_init(&vnodelocks[i], "ncvn", NULL, MTX_DUPOK | MTX_RECURSE); 2799 2800 for (i = 0; i < numneglists; i++) { 2801 mtx_init(&neglists[i].nl_evict_lock, "ncnege", NULL, MTX_DEF); 2802 mtx_init(&neglists[i].nl_lock, "ncnegl", NULL, MTX_DEF); 2803 TAILQ_INIT(&neglists[i].nl_list); 2804 TAILQ_INIT(&neglists[i].nl_hotlist); 2805 } 2806 } 2807 SYSINIT(vfs, SI_SUB_VFS, SI_ORDER_SECOND, nchinit, NULL); 2808 2809 void 2810 cache_vnode_init(struct vnode *vp) 2811 { 2812 2813 LIST_INIT(&vp->v_cache_src); 2814 TAILQ_INIT(&vp->v_cache_dst); 2815 vp->v_cache_dd = NULL; 2816 cache_prehash(vp); 2817 } 2818 2819 /* 2820 * Induce transient cache misses for lockless operation in cache_lookup() by 2821 * using a temporary hash table. 2822 * 2823 * This will force a fs lookup. 2824 * 2825 * Synchronisation is done in 2 steps, calling vfs_smr_synchronize each time 2826 * to observe all CPUs not performing the lookup. 2827 */ 2828 static void 2829 cache_changesize_set_temp(struct nchashhead *temptbl, u_long temphash) 2830 { 2831 2832 MPASS(temphash < nchash); 2833 /* 2834 * Change the size. The new size is smaller and can safely be used 2835 * against the existing table. All lookups which now hash wrong will 2836 * result in a cache miss, which all callers are supposed to know how 2837 * to handle. 2838 */ 2839 atomic_store_long(&nchash, temphash); 2840 atomic_thread_fence_rel(); 2841 vfs_smr_synchronize(); 2842 /* 2843 * At this point everyone sees the updated hash value, but they still 2844 * see the old table. 2845 */ 2846 atomic_store_ptr(&nchashtbl, temptbl); 2847 atomic_thread_fence_rel(); 2848 vfs_smr_synchronize(); 2849 /* 2850 * At this point everyone sees the updated table pointer and size pair. 2851 */ 2852 } 2853 2854 /* 2855 * Set the new hash table. 2856 * 2857 * Similarly to cache_changesize_set_temp(), this has to synchronize against 2858 * lockless operation in cache_lookup(). 2859 */ 2860 static void 2861 cache_changesize_set_new(struct nchashhead *new_tbl, u_long new_hash) 2862 { 2863 2864 MPASS(nchash < new_hash); 2865 /* 2866 * Change the pointer first. This wont result in out of bounds access 2867 * since the temporary table is guaranteed to be smaller. 2868 */ 2869 atomic_store_ptr(&nchashtbl, new_tbl); 2870 atomic_thread_fence_rel(); 2871 vfs_smr_synchronize(); 2872 /* 2873 * At this point everyone sees the updated pointer value, but they 2874 * still see the old size. 2875 */ 2876 atomic_store_long(&nchash, new_hash); 2877 atomic_thread_fence_rel(); 2878 vfs_smr_synchronize(); 2879 /* 2880 * At this point everyone sees the updated table pointer and size pair. 2881 */ 2882 } 2883 2884 void 2885 cache_changesize(u_long newmaxvnodes) 2886 { 2887 struct nchashhead *new_nchashtbl, *old_nchashtbl, *temptbl; 2888 u_long new_nchash, old_nchash, temphash; 2889 struct namecache *ncp; 2890 uint32_t hash; 2891 u_long newncsize; 2892 u_long i; 2893 2894 newncsize = newmaxvnodes * ncsizefactor; 2895 newmaxvnodes = cache_roundup_2(newmaxvnodes * 2); 2896 if (newmaxvnodes < numbucketlocks) 2897 newmaxvnodes = numbucketlocks; 2898 2899 new_nchashtbl = nchinittbl(newmaxvnodes, &new_nchash); 2900 /* If same hash table size, nothing to do */ 2901 if (nchash == new_nchash) { 2902 ncfreetbl(new_nchashtbl); 2903 return; 2904 } 2905 2906 temptbl = nchinittbl(1, &temphash); 2907 2908 /* 2909 * Move everything from the old hash table to the new table. 2910 * None of the namecache entries in the table can be removed 2911 * because to do so, they have to be removed from the hash table. 2912 */ 2913 cache_lock_all_vnodes(); 2914 cache_lock_all_buckets(); 2915 old_nchashtbl = nchashtbl; 2916 old_nchash = nchash; 2917 cache_changesize_set_temp(temptbl, temphash); 2918 for (i = 0; i <= old_nchash; i++) { 2919 while ((ncp = CK_SLIST_FIRST(&old_nchashtbl[i])) != NULL) { 2920 hash = cache_get_hash(ncp->nc_name, ncp->nc_nlen, 2921 ncp->nc_dvp); 2922 CK_SLIST_REMOVE(&old_nchashtbl[i], ncp, namecache, nc_hash); 2923 CK_SLIST_INSERT_HEAD(&new_nchashtbl[hash & new_nchash], ncp, nc_hash); 2924 } 2925 } 2926 ncsize = newncsize; 2927 cache_recalc_neg_min(); 2928 cache_changesize_set_new(new_nchashtbl, new_nchash); 2929 cache_unlock_all_buckets(); 2930 cache_unlock_all_vnodes(); 2931 ncfreetbl(old_nchashtbl); 2932 ncfreetbl(temptbl); 2933 } 2934 2935 /* 2936 * Remove all entries from and to a particular vnode. 2937 */ 2938 static void 2939 cache_purge_impl(struct vnode *vp) 2940 { 2941 struct cache_freebatch batch; 2942 struct namecache *ncp; 2943 struct mtx *vlp, *vlp2; 2944 2945 TAILQ_INIT(&batch); 2946 vlp = VP2VNODELOCK(vp); 2947 vlp2 = NULL; 2948 mtx_lock(vlp); 2949 retry: 2950 while (!LIST_EMPTY(&vp->v_cache_src)) { 2951 ncp = LIST_FIRST(&vp->v_cache_src); 2952 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2953 goto retry; 2954 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2955 } 2956 while (!TAILQ_EMPTY(&vp->v_cache_dst)) { 2957 ncp = TAILQ_FIRST(&vp->v_cache_dst); 2958 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2959 goto retry; 2960 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2961 } 2962 ncp = vp->v_cache_dd; 2963 if (ncp != NULL) { 2964 KASSERT(ncp->nc_flag & NCF_ISDOTDOT, 2965 ("lost dotdot link")); 2966 if (!cache_zap_locked_vnode_kl2(ncp, vp, &vlp2)) 2967 goto retry; 2968 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 2969 } 2970 KASSERT(vp->v_cache_dd == NULL, ("incomplete purge")); 2971 mtx_unlock(vlp); 2972 if (vlp2 != NULL) 2973 mtx_unlock(vlp2); 2974 cache_free_batch(&batch); 2975 } 2976 2977 /* 2978 * Opportunistic check to see if there is anything to do. 2979 */ 2980 static bool 2981 cache_has_entries(struct vnode *vp) 2982 { 2983 2984 if (LIST_EMPTY(&vp->v_cache_src) && TAILQ_EMPTY(&vp->v_cache_dst) && 2985 atomic_load_ptr(&vp->v_cache_dd) == NULL) 2986 return (false); 2987 return (true); 2988 } 2989 2990 void 2991 cache_purge(struct vnode *vp) 2992 { 2993 2994 SDT_PROBE1(vfs, namecache, purge, done, vp); 2995 if (!cache_has_entries(vp)) 2996 return; 2997 cache_purge_impl(vp); 2998 } 2999 3000 /* 3001 * Only to be used by vgone. 3002 */ 3003 void 3004 cache_purge_vgone(struct vnode *vp) 3005 { 3006 struct mtx *vlp; 3007 3008 VNPASS(VN_IS_DOOMED(vp), vp); 3009 if (cache_has_entries(vp)) { 3010 cache_purge_impl(vp); 3011 return; 3012 } 3013 3014 /* 3015 * Serialize against a potential thread doing cache_purge. 3016 */ 3017 vlp = VP2VNODELOCK(vp); 3018 mtx_wait_unlocked(vlp); 3019 if (cache_has_entries(vp)) { 3020 cache_purge_impl(vp); 3021 return; 3022 } 3023 return; 3024 } 3025 3026 /* 3027 * Remove all negative entries for a particular directory vnode. 3028 */ 3029 void 3030 cache_purge_negative(struct vnode *vp) 3031 { 3032 struct cache_freebatch batch; 3033 struct namecache *ncp, *nnp; 3034 struct mtx *vlp; 3035 3036 SDT_PROBE1(vfs, namecache, purge_negative, done, vp); 3037 if (LIST_EMPTY(&vp->v_cache_src)) 3038 return; 3039 TAILQ_INIT(&batch); 3040 vlp = VP2VNODELOCK(vp); 3041 mtx_lock(vlp); 3042 LIST_FOREACH_SAFE(ncp, &vp->v_cache_src, nc_src, nnp) { 3043 if (!(ncp->nc_flag & NCF_NEGATIVE)) 3044 continue; 3045 cache_zap_negative_locked_vnode_kl(ncp, vp); 3046 TAILQ_INSERT_TAIL(&batch, ncp, nc_dst); 3047 } 3048 mtx_unlock(vlp); 3049 cache_free_batch(&batch); 3050 } 3051 3052 /* 3053 * Entry points for modifying VOP operations. 3054 */ 3055 void 3056 cache_vop_rename(struct vnode *fdvp, struct vnode *fvp, struct vnode *tdvp, 3057 struct vnode *tvp, struct componentname *fcnp, struct componentname *tcnp) 3058 { 3059 3060 ASSERT_VOP_IN_SEQC(fdvp); 3061 ASSERT_VOP_IN_SEQC(fvp); 3062 ASSERT_VOP_IN_SEQC(tdvp); 3063 if (tvp != NULL) 3064 ASSERT_VOP_IN_SEQC(tvp); 3065 3066 cache_purge(fvp); 3067 if (tvp != NULL) { 3068 cache_purge(tvp); 3069 KASSERT(!cache_remove_cnp(tdvp, tcnp), 3070 ("%s: lingering negative entry", __func__)); 3071 } else { 3072 cache_remove_cnp(tdvp, tcnp); 3073 } 3074 3075 /* 3076 * TODO 3077 * 3078 * Historically renaming was always purging all revelang entries, 3079 * but that's quite wasteful. In particular turns out that in many cases 3080 * the target file is immediately accessed after rename, inducing a cache 3081 * miss. 3082 * 3083 * Recode this to reduce relocking and reuse the existing entry (if any) 3084 * instead of just removing it above and allocating a new one here. 3085 */ 3086 cache_enter(tdvp, fvp, tcnp); 3087 } 3088 3089 void 3090 cache_vop_rmdir(struct vnode *dvp, struct vnode *vp) 3091 { 3092 3093 ASSERT_VOP_IN_SEQC(dvp); 3094 ASSERT_VOP_IN_SEQC(vp); 3095 cache_purge(vp); 3096 } 3097 3098 #ifdef INVARIANTS 3099 /* 3100 * Validate that if an entry exists it matches. 3101 */ 3102 void 3103 cache_validate(struct vnode *dvp, struct vnode *vp, struct componentname *cnp) 3104 { 3105 struct namecache *ncp; 3106 struct mtx *blp; 3107 uint32_t hash; 3108 3109 hash = cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp); 3110 if (CK_SLIST_EMPTY(NCHHASH(hash))) 3111 return; 3112 blp = HASH2BUCKETLOCK(hash); 3113 mtx_lock(blp); 3114 ncp = cache_ncp_find(dvp, cnp, hash); 3115 if (ncp != NULL && ncp->nc_vp != vp) { 3116 panic("%s: mismatch (%p != %p); ncp %p [%s] dvp %p\n", 3117 __func__, vp, ncp->nc_vp, ncp, ncp->nc_name, ncp->nc_dvp); 3118 } 3119 mtx_unlock(blp); 3120 } 3121 3122 void 3123 cache_assert_no_entries(struct vnode *vp) 3124 { 3125 3126 VNPASS(TAILQ_EMPTY(&vp->v_cache_dst), vp); 3127 VNPASS(LIST_EMPTY(&vp->v_cache_src), vp); 3128 VNPASS(vp->v_cache_dd == NULL, vp); 3129 } 3130 #endif 3131 3132 /* 3133 * Flush all entries referencing a particular filesystem. 3134 */ 3135 void 3136 cache_purgevfs(struct mount *mp) 3137 { 3138 struct vnode *vp, *mvp; 3139 size_t visited __sdt_used, purged __sdt_used; 3140 3141 visited = purged = 0; 3142 /* 3143 * Somewhat wasteful iteration over all vnodes. Would be better to 3144 * support filtering and avoid the interlock to begin with. 3145 */ 3146 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { 3147 visited++; 3148 if (!cache_has_entries(vp)) { 3149 VI_UNLOCK(vp); 3150 continue; 3151 } 3152 vholdl(vp); 3153 VI_UNLOCK(vp); 3154 cache_purge(vp); 3155 purged++; 3156 vdrop(vp); 3157 } 3158 3159 SDT_PROBE3(vfs, namecache, purgevfs, done, mp, visited, purged); 3160 } 3161 3162 /* 3163 * Perform canonical checks and cache lookup and pass on to filesystem 3164 * through the vop_cachedlookup only if needed. 3165 */ 3166 3167 int 3168 vfs_cache_lookup(struct vop_lookup_args *ap) 3169 { 3170 struct vnode *dvp; 3171 int error; 3172 struct vnode **vpp = ap->a_vpp; 3173 struct componentname *cnp = ap->a_cnp; 3174 int flags = cnp->cn_flags; 3175 3176 *vpp = NULL; 3177 dvp = ap->a_dvp; 3178 3179 if (dvp->v_type != VDIR) 3180 return (ENOTDIR); 3181 3182 if ((flags & ISLASTCN) && (dvp->v_mount->mnt_flag & MNT_RDONLY) && 3183 (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) 3184 return (EROFS); 3185 3186 error = vn_dir_check_exec(dvp, cnp); 3187 if (error != 0) 3188 return (error); 3189 3190 error = cache_lookup(dvp, vpp, cnp, NULL, NULL); 3191 if (error == 0) 3192 return (VOP_CACHEDLOOKUP(dvp, vpp, cnp)); 3193 if (error == -1) 3194 return (0); 3195 return (error); 3196 } 3197 3198 /* Implementation of the getcwd syscall. */ 3199 int 3200 sys___getcwd(struct thread *td, struct __getcwd_args *uap) 3201 { 3202 char *buf, *retbuf; 3203 size_t buflen; 3204 int error; 3205 3206 buflen = uap->buflen; 3207 if (__predict_false(buflen < 2)) 3208 return (EINVAL); 3209 if (buflen > MAXPATHLEN) 3210 buflen = MAXPATHLEN; 3211 3212 buf = uma_zalloc(namei_zone, M_WAITOK); 3213 error = vn_getcwd(buf, &retbuf, &buflen); 3214 if (error == 0) 3215 error = copyout(retbuf, uap->buf, buflen); 3216 uma_zfree(namei_zone, buf); 3217 return (error); 3218 } 3219 3220 int 3221 vn_getcwd(char *buf, char **retbuf, size_t *buflen) 3222 { 3223 struct pwd *pwd; 3224 int error; 3225 3226 vfs_smr_enter(); 3227 pwd = pwd_get_smr(); 3228 error = vn_fullpath_any_smr(pwd->pwd_cdir, pwd->pwd_rdir, buf, retbuf, 3229 buflen, 0); 3230 VFS_SMR_ASSERT_NOT_ENTERED(); 3231 if (error < 0) { 3232 pwd = pwd_hold(curthread); 3233 error = vn_fullpath_any(pwd->pwd_cdir, pwd->pwd_rdir, buf, 3234 retbuf, buflen); 3235 pwd_drop(pwd); 3236 } 3237 3238 #ifdef KTRACE 3239 if (KTRPOINT(curthread, KTR_NAMEI) && error == 0) 3240 ktrnamei(*retbuf); 3241 #endif 3242 return (error); 3243 } 3244 3245 /* 3246 * Canonicalize a path by walking it forward and back. 3247 * 3248 * BUGS: 3249 * - Nothing guarantees the integrity of the entire chain. Consider the case 3250 * where the path "foo/bar/baz/qux" is passed, but "bar" is moved out of 3251 * "foo" into "quux" during the backwards walk. The result will be 3252 * "quux/bar/baz/qux", which could not have been obtained by an incremental 3253 * walk in userspace. Moreover, the path we return is inaccessible if the 3254 * calling thread lacks permission to traverse "quux". 3255 */ 3256 static int 3257 kern___realpathat(struct thread *td, int fd, const char *path, char *buf, 3258 size_t size, int flags, enum uio_seg pathseg) 3259 { 3260 struct nameidata nd; 3261 char *retbuf, *freebuf; 3262 int error; 3263 3264 if (flags != 0) 3265 return (EINVAL); 3266 NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | WANTPARENT | AUDITVNODE1, 3267 pathseg, path, fd, &cap_fstat_rights); 3268 if ((error = namei(&nd)) != 0) 3269 return (error); 3270 3271 if (nd.ni_vp->v_type == VREG && nd.ni_dvp->v_type != VDIR && 3272 (nd.ni_vp->v_vflag & VV_ROOT) != 0) { 3273 struct vnode *covered_vp; 3274 3275 /* 3276 * This happens if vp is a file mount. The call to 3277 * vn_fullpath_hardlink can panic if path resolution can't be 3278 * handled without the directory. 3279 * 3280 * To resolve this, we find the vnode which was mounted on - 3281 * this should have a unique global path since we disallow 3282 * mounting on linked files. 3283 */ 3284 error = vn_lock(nd.ni_vp, LK_SHARED); 3285 if (error != 0) 3286 goto out; 3287 covered_vp = nd.ni_vp->v_mount->mnt_vnodecovered; 3288 vref(covered_vp); 3289 VOP_UNLOCK(nd.ni_vp); 3290 error = vn_fullpath(covered_vp, &retbuf, &freebuf); 3291 vrele(covered_vp); 3292 } else { 3293 error = vn_fullpath_hardlink(nd.ni_vp, nd.ni_dvp, 3294 nd.ni_cnd.cn_nameptr, nd.ni_cnd.cn_namelen, &retbuf, 3295 &freebuf, &size); 3296 } 3297 if (error == 0) { 3298 size_t len; 3299 3300 len = strlen(retbuf) + 1; 3301 if (size < len) 3302 error = ENAMETOOLONG; 3303 else if (pathseg == UIO_USERSPACE) 3304 error = copyout(retbuf, buf, len); 3305 else 3306 memcpy(buf, retbuf, len); 3307 free(freebuf, M_TEMP); 3308 } 3309 out: 3310 vrele(nd.ni_vp); 3311 vrele(nd.ni_dvp); 3312 NDFREE_PNBUF(&nd); 3313 return (error); 3314 } 3315 3316 int 3317 sys___realpathat(struct thread *td, struct __realpathat_args *uap) 3318 { 3319 3320 return (kern___realpathat(td, uap->fd, uap->path, uap->buf, uap->size, 3321 uap->flags, UIO_USERSPACE)); 3322 } 3323 3324 /* 3325 * Retrieve the full filesystem path that correspond to a vnode from the name 3326 * cache (if available) 3327 */ 3328 int 3329 vn_fullpath(struct vnode *vp, char **retbuf, char **freebuf) 3330 { 3331 struct pwd *pwd; 3332 char *buf; 3333 size_t buflen; 3334 int error; 3335 3336 if (__predict_false(vp == NULL)) 3337 return (EINVAL); 3338 3339 buflen = MAXPATHLEN; 3340 buf = malloc(buflen, M_TEMP, M_WAITOK); 3341 vfs_smr_enter(); 3342 pwd = pwd_get_smr(); 3343 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, &buflen, 0); 3344 VFS_SMR_ASSERT_NOT_ENTERED(); 3345 if (error < 0) { 3346 pwd = pwd_hold(curthread); 3347 error = vn_fullpath_any(vp, pwd->pwd_rdir, buf, retbuf, &buflen); 3348 pwd_drop(pwd); 3349 } 3350 if (error == 0) 3351 *freebuf = buf; 3352 else 3353 free(buf, M_TEMP); 3354 return (error); 3355 } 3356 3357 /* 3358 * This function is similar to vn_fullpath, but it attempts to lookup the 3359 * pathname relative to the global root mount point. This is required for the 3360 * auditing sub-system, as audited pathnames must be absolute, relative to the 3361 * global root mount point. 3362 */ 3363 int 3364 vn_fullpath_global(struct vnode *vp, char **retbuf, char **freebuf) 3365 { 3366 char *buf; 3367 size_t buflen; 3368 int error; 3369 3370 if (__predict_false(vp == NULL)) 3371 return (EINVAL); 3372 buflen = MAXPATHLEN; 3373 buf = malloc(buflen, M_TEMP, M_WAITOK); 3374 vfs_smr_enter(); 3375 error = vn_fullpath_any_smr(vp, rootvnode, buf, retbuf, &buflen, 0); 3376 VFS_SMR_ASSERT_NOT_ENTERED(); 3377 if (error < 0) { 3378 error = vn_fullpath_any(vp, rootvnode, buf, retbuf, &buflen); 3379 } 3380 if (error == 0) 3381 *freebuf = buf; 3382 else 3383 free(buf, M_TEMP); 3384 return (error); 3385 } 3386 3387 static struct namecache * 3388 vn_dd_from_dst(struct vnode *vp) 3389 { 3390 struct namecache *ncp; 3391 3392 cache_assert_vnode_locked(vp); 3393 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) { 3394 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0) 3395 return (ncp); 3396 } 3397 return (NULL); 3398 } 3399 3400 int 3401 vn_vptocnp(struct vnode **vp, char *buf, size_t *buflen) 3402 { 3403 struct vnode *dvp; 3404 struct namecache *ncp; 3405 struct mtx *vlp; 3406 int error; 3407 3408 vlp = VP2VNODELOCK(*vp); 3409 mtx_lock(vlp); 3410 ncp = (*vp)->v_cache_dd; 3411 if (ncp != NULL && (ncp->nc_flag & NCF_ISDOTDOT) == 0) { 3412 KASSERT(ncp == vn_dd_from_dst(*vp), 3413 ("%s: mismatch for dd entry (%p != %p)", __func__, 3414 ncp, vn_dd_from_dst(*vp))); 3415 } else { 3416 ncp = vn_dd_from_dst(*vp); 3417 } 3418 if (ncp != NULL) { 3419 if (*buflen < ncp->nc_nlen) { 3420 mtx_unlock(vlp); 3421 vrele(*vp); 3422 counter_u64_add(numfullpathfail4, 1); 3423 error = ENOMEM; 3424 SDT_PROBE3(vfs, namecache, fullpath, return, error, 3425 vp, NULL); 3426 return (error); 3427 } 3428 *buflen -= ncp->nc_nlen; 3429 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen); 3430 SDT_PROBE3(vfs, namecache, fullpath, hit, ncp->nc_dvp, 3431 ncp->nc_name, vp); 3432 dvp = *vp; 3433 *vp = ncp->nc_dvp; 3434 vref(*vp); 3435 mtx_unlock(vlp); 3436 vrele(dvp); 3437 return (0); 3438 } 3439 SDT_PROBE1(vfs, namecache, fullpath, miss, vp); 3440 3441 mtx_unlock(vlp); 3442 vn_lock(*vp, LK_SHARED | LK_RETRY); 3443 error = VOP_VPTOCNP(*vp, &dvp, buf, buflen); 3444 vput(*vp); 3445 if (error) { 3446 counter_u64_add(numfullpathfail2, 1); 3447 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL); 3448 return (error); 3449 } 3450 3451 *vp = dvp; 3452 if (VN_IS_DOOMED(dvp)) { 3453 /* forced unmount */ 3454 vrele(dvp); 3455 error = ENOENT; 3456 SDT_PROBE3(vfs, namecache, fullpath, return, error, vp, NULL); 3457 return (error); 3458 } 3459 /* 3460 * *vp has its use count incremented still. 3461 */ 3462 3463 return (0); 3464 } 3465 3466 /* 3467 * Resolve a directory to a pathname. 3468 * 3469 * The name of the directory can always be found in the namecache or fetched 3470 * from the filesystem. There is also guaranteed to be only one parent, meaning 3471 * we can just follow vnodes up until we find the root. 3472 * 3473 * The vnode must be referenced. 3474 */ 3475 static int 3476 vn_fullpath_dir(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf, 3477 size_t *len, size_t addend) 3478 { 3479 #ifdef KDTRACE_HOOKS 3480 struct vnode *startvp = vp; 3481 #endif 3482 struct vnode *vp1; 3483 size_t buflen; 3484 int error; 3485 bool slash_prefixed; 3486 3487 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp); 3488 VNPASS(vp->v_usecount > 0, vp); 3489 3490 buflen = *len; 3491 3492 slash_prefixed = true; 3493 if (addend == 0) { 3494 MPASS(*len >= 2); 3495 buflen--; 3496 buf[buflen] = '\0'; 3497 slash_prefixed = false; 3498 } 3499 3500 error = 0; 3501 3502 SDT_PROBE1(vfs, namecache, fullpath, entry, vp); 3503 counter_u64_add(numfullpathcalls, 1); 3504 while (vp != rdir && vp != rootvnode) { 3505 /* 3506 * The vp vnode must be already fully constructed, 3507 * since it is either found in namecache or obtained 3508 * from VOP_VPTOCNP(). We may test for VV_ROOT safely 3509 * without obtaining the vnode lock. 3510 */ 3511 if ((vp->v_vflag & VV_ROOT) != 0) { 3512 vn_lock(vp, LK_RETRY | LK_SHARED); 3513 3514 /* 3515 * With the vnode locked, check for races with 3516 * unmount, forced or not. Note that we 3517 * already verified that vp is not equal to 3518 * the root vnode, which means that 3519 * mnt_vnodecovered can be NULL only for the 3520 * case of unmount. 3521 */ 3522 if (VN_IS_DOOMED(vp) || 3523 (vp1 = vp->v_mount->mnt_vnodecovered) == NULL || 3524 vp1->v_mountedhere != vp->v_mount) { 3525 vput(vp); 3526 error = ENOENT; 3527 SDT_PROBE3(vfs, namecache, fullpath, return, 3528 error, vp, NULL); 3529 break; 3530 } 3531 3532 vref(vp1); 3533 vput(vp); 3534 vp = vp1; 3535 continue; 3536 } 3537 VNPASS(vp->v_type == VDIR || VN_IS_DOOMED(vp), vp); 3538 error = vn_vptocnp(&vp, buf, &buflen); 3539 if (error) 3540 break; 3541 if (buflen == 0) { 3542 vrele(vp); 3543 error = ENOMEM; 3544 SDT_PROBE3(vfs, namecache, fullpath, return, error, 3545 startvp, NULL); 3546 break; 3547 } 3548 buf[--buflen] = '/'; 3549 slash_prefixed = true; 3550 } 3551 if (error) 3552 return (error); 3553 if (!slash_prefixed) { 3554 if (buflen == 0) { 3555 vrele(vp); 3556 counter_u64_add(numfullpathfail4, 1); 3557 SDT_PROBE3(vfs, namecache, fullpath, return, ENOMEM, 3558 startvp, NULL); 3559 return (ENOMEM); 3560 } 3561 buf[--buflen] = '/'; 3562 } 3563 counter_u64_add(numfullpathfound, 1); 3564 vrele(vp); 3565 3566 *retbuf = buf + buflen; 3567 SDT_PROBE3(vfs, namecache, fullpath, return, 0, startvp, *retbuf); 3568 *len -= buflen; 3569 *len += addend; 3570 return (0); 3571 } 3572 3573 /* 3574 * Resolve an arbitrary vnode to a pathname. 3575 * 3576 * Note 2 caveats: 3577 * - hardlinks are not tracked, thus if the vnode is not a directory this can 3578 * resolve to a different path than the one used to find it 3579 * - namecache is not mandatory, meaning names are not guaranteed to be added 3580 * (in which case resolving fails) 3581 */ 3582 static void __inline 3583 cache_rev_failed_impl(int *reason, int line) 3584 { 3585 3586 *reason = line; 3587 } 3588 #define cache_rev_failed(var) cache_rev_failed_impl((var), __LINE__) 3589 3590 static int 3591 vn_fullpath_any_smr(struct vnode *vp, struct vnode *rdir, char *buf, 3592 char **retbuf, size_t *buflen, size_t addend) 3593 { 3594 #ifdef KDTRACE_HOOKS 3595 struct vnode *startvp = vp; 3596 #endif 3597 struct vnode *tvp; 3598 struct mount *mp; 3599 struct namecache *ncp; 3600 size_t orig_buflen; 3601 int reason; 3602 int error; 3603 #ifdef KDTRACE_HOOKS 3604 int i; 3605 #endif 3606 seqc_t vp_seqc, tvp_seqc; 3607 u_char nc_flag; 3608 3609 VFS_SMR_ASSERT_ENTERED(); 3610 3611 if (!atomic_load_char(&cache_fast_lookup_enabled)) { 3612 vfs_smr_exit(); 3613 return (-1); 3614 } 3615 3616 orig_buflen = *buflen; 3617 3618 if (addend == 0) { 3619 MPASS(*buflen >= 2); 3620 *buflen -= 1; 3621 buf[*buflen] = '\0'; 3622 } 3623 3624 if (vp == rdir || vp == rootvnode) { 3625 if (addend == 0) { 3626 *buflen -= 1; 3627 buf[*buflen] = '/'; 3628 } 3629 goto out_ok; 3630 } 3631 3632 #ifdef KDTRACE_HOOKS 3633 i = 0; 3634 #endif 3635 error = -1; 3636 ncp = NULL; /* for sdt probe down below */ 3637 vp_seqc = vn_seqc_read_any(vp); 3638 if (seqc_in_modify(vp_seqc)) { 3639 cache_rev_failed(&reason); 3640 goto out_abort; 3641 } 3642 3643 for (;;) { 3644 #ifdef KDTRACE_HOOKS 3645 i++; 3646 #endif 3647 if ((vp->v_vflag & VV_ROOT) != 0) { 3648 mp = atomic_load_ptr(&vp->v_mount); 3649 if (mp == NULL) { 3650 cache_rev_failed(&reason); 3651 goto out_abort; 3652 } 3653 tvp = atomic_load_ptr(&mp->mnt_vnodecovered); 3654 tvp_seqc = vn_seqc_read_any(tvp); 3655 if (seqc_in_modify(tvp_seqc)) { 3656 cache_rev_failed(&reason); 3657 goto out_abort; 3658 } 3659 if (!vn_seqc_consistent(vp, vp_seqc)) { 3660 cache_rev_failed(&reason); 3661 goto out_abort; 3662 } 3663 vp = tvp; 3664 vp_seqc = tvp_seqc; 3665 continue; 3666 } 3667 ncp = atomic_load_consume_ptr(&vp->v_cache_dd); 3668 if (ncp == NULL) { 3669 cache_rev_failed(&reason); 3670 goto out_abort; 3671 } 3672 nc_flag = atomic_load_char(&ncp->nc_flag); 3673 if ((nc_flag & NCF_ISDOTDOT) != 0) { 3674 cache_rev_failed(&reason); 3675 goto out_abort; 3676 } 3677 if (ncp->nc_nlen >= *buflen) { 3678 cache_rev_failed(&reason); 3679 error = ENOMEM; 3680 goto out_abort; 3681 } 3682 *buflen -= ncp->nc_nlen; 3683 memcpy(buf + *buflen, ncp->nc_name, ncp->nc_nlen); 3684 *buflen -= 1; 3685 buf[*buflen] = '/'; 3686 tvp = ncp->nc_dvp; 3687 tvp_seqc = vn_seqc_read_any(tvp); 3688 if (seqc_in_modify(tvp_seqc)) { 3689 cache_rev_failed(&reason); 3690 goto out_abort; 3691 } 3692 if (!vn_seqc_consistent(vp, vp_seqc)) { 3693 cache_rev_failed(&reason); 3694 goto out_abort; 3695 } 3696 /* 3697 * Acquire fence provided by vn_seqc_read_any above. 3698 */ 3699 if (__predict_false(atomic_load_ptr(&vp->v_cache_dd) != ncp)) { 3700 cache_rev_failed(&reason); 3701 goto out_abort; 3702 } 3703 if (!cache_ncp_canuse(ncp)) { 3704 cache_rev_failed(&reason); 3705 goto out_abort; 3706 } 3707 vp = tvp; 3708 vp_seqc = tvp_seqc; 3709 if (vp == rdir || vp == rootvnode) 3710 break; 3711 } 3712 out_ok: 3713 vfs_smr_exit(); 3714 *retbuf = buf + *buflen; 3715 *buflen = orig_buflen - *buflen + addend; 3716 SDT_PROBE2(vfs, namecache, fullpath_smr, hit, startvp, *retbuf); 3717 return (0); 3718 3719 out_abort: 3720 *buflen = orig_buflen; 3721 SDT_PROBE4(vfs, namecache, fullpath_smr, miss, startvp, ncp, reason, i); 3722 vfs_smr_exit(); 3723 return (error); 3724 } 3725 3726 static int 3727 vn_fullpath_any(struct vnode *vp, struct vnode *rdir, char *buf, char **retbuf, 3728 size_t *buflen) 3729 { 3730 size_t orig_buflen, addend; 3731 int error; 3732 3733 if (*buflen < 2) 3734 return (EINVAL); 3735 3736 orig_buflen = *buflen; 3737 3738 vref(vp); 3739 addend = 0; 3740 if (vp->v_type != VDIR) { 3741 *buflen -= 1; 3742 buf[*buflen] = '\0'; 3743 error = vn_vptocnp(&vp, buf, buflen); 3744 if (error) 3745 return (error); 3746 if (*buflen == 0) { 3747 vrele(vp); 3748 return (ENOMEM); 3749 } 3750 *buflen -= 1; 3751 buf[*buflen] = '/'; 3752 addend = orig_buflen - *buflen; 3753 } 3754 3755 return (vn_fullpath_dir(vp, rdir, buf, retbuf, buflen, addend)); 3756 } 3757 3758 /* 3759 * Resolve an arbitrary vnode to a pathname (taking care of hardlinks). 3760 * 3761 * Since the namecache does not track hardlinks, the caller is expected to 3762 * first look up the target vnode with WANTPARENT flag passed to namei to get 3763 * dvp and vp. 3764 * 3765 * Then we have 2 cases: 3766 * - if the found vnode is a directory, the path can be constructed just by 3767 * following names up the chain 3768 * - otherwise we populate the buffer with the saved name and start resolving 3769 * from the parent 3770 */ 3771 int 3772 vn_fullpath_hardlink(struct vnode *vp, struct vnode *dvp, 3773 const char *hrdl_name, size_t hrdl_name_length, 3774 char **retbuf, char **freebuf, size_t *buflen) 3775 { 3776 char *buf, *tmpbuf; 3777 struct pwd *pwd; 3778 size_t addend; 3779 int error; 3780 __enum_uint8(vtype) type; 3781 3782 if (*buflen < 2) 3783 return (EINVAL); 3784 if (*buflen > MAXPATHLEN) 3785 *buflen = MAXPATHLEN; 3786 3787 buf = malloc(*buflen, M_TEMP, M_WAITOK); 3788 3789 addend = 0; 3790 3791 /* 3792 * Check for VBAD to work around the vp_crossmp bug in lookup(). 3793 * 3794 * For example consider tmpfs on /tmp and realpath /tmp. ni_vp will be 3795 * set to mount point's root vnode while ni_dvp will be vp_crossmp. 3796 * If the type is VDIR (like in this very case) we can skip looking 3797 * at ni_dvp in the first place. However, since vnodes get passed here 3798 * unlocked the target may transition to doomed state (type == VBAD) 3799 * before we get to evaluate the condition. If this happens, we will 3800 * populate part of the buffer and descend to vn_fullpath_dir with 3801 * vp == vp_crossmp. Prevent the problem by checking for VBAD. 3802 */ 3803 type = atomic_load_8(&vp->v_type); 3804 if (type == VBAD) { 3805 error = ENOENT; 3806 goto out_bad; 3807 } 3808 if (type != VDIR) { 3809 addend = hrdl_name_length + 2; 3810 if (*buflen < addend) { 3811 error = ENOMEM; 3812 goto out_bad; 3813 } 3814 *buflen -= addend; 3815 tmpbuf = buf + *buflen; 3816 tmpbuf[0] = '/'; 3817 memcpy(&tmpbuf[1], hrdl_name, hrdl_name_length); 3818 tmpbuf[addend - 1] = '\0'; 3819 vp = dvp; 3820 } 3821 3822 vfs_smr_enter(); 3823 pwd = pwd_get_smr(); 3824 error = vn_fullpath_any_smr(vp, pwd->pwd_rdir, buf, retbuf, buflen, 3825 addend); 3826 VFS_SMR_ASSERT_NOT_ENTERED(); 3827 if (error < 0) { 3828 pwd = pwd_hold(curthread); 3829 vref(vp); 3830 error = vn_fullpath_dir(vp, pwd->pwd_rdir, buf, retbuf, buflen, 3831 addend); 3832 pwd_drop(pwd); 3833 } 3834 if (error != 0) 3835 goto out_bad; 3836 3837 *freebuf = buf; 3838 3839 return (0); 3840 out_bad: 3841 free(buf, M_TEMP); 3842 return (error); 3843 } 3844 3845 struct vnode * 3846 vn_dir_dd_ino(struct vnode *vp) 3847 { 3848 struct namecache *ncp; 3849 struct vnode *ddvp; 3850 struct mtx *vlp; 3851 enum vgetstate vs; 3852 3853 ASSERT_VOP_LOCKED(vp, "vn_dir_dd_ino"); 3854 vlp = VP2VNODELOCK(vp); 3855 mtx_lock(vlp); 3856 TAILQ_FOREACH(ncp, &(vp->v_cache_dst), nc_dst) { 3857 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) 3858 continue; 3859 ddvp = ncp->nc_dvp; 3860 vs = vget_prep(ddvp); 3861 mtx_unlock(vlp); 3862 if (vget_finish(ddvp, LK_SHARED | LK_NOWAIT, vs)) 3863 return (NULL); 3864 return (ddvp); 3865 } 3866 mtx_unlock(vlp); 3867 return (NULL); 3868 } 3869 3870 int 3871 vn_commname(struct vnode *vp, char *buf, u_int buflen) 3872 { 3873 struct namecache *ncp; 3874 struct mtx *vlp; 3875 int l; 3876 3877 vlp = VP2VNODELOCK(vp); 3878 mtx_lock(vlp); 3879 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) 3880 if ((ncp->nc_flag & NCF_ISDOTDOT) == 0) 3881 break; 3882 if (ncp == NULL) { 3883 mtx_unlock(vlp); 3884 return (ENOENT); 3885 } 3886 l = min(ncp->nc_nlen, buflen - 1); 3887 memcpy(buf, ncp->nc_name, l); 3888 mtx_unlock(vlp); 3889 buf[l] = '\0'; 3890 return (0); 3891 } 3892 3893 /* 3894 * This function updates path string to vnode's full global path 3895 * and checks the size of the new path string against the pathlen argument. 3896 * 3897 * Requires a locked, referenced vnode. 3898 * Vnode is re-locked on success or ENODEV, otherwise unlocked. 3899 * 3900 * If vp is a directory, the call to vn_fullpath_global() always succeeds 3901 * because it falls back to the ".." lookup if the namecache lookup fails. 3902 */ 3903 int 3904 vn_path_to_global_path(struct thread *td, struct vnode *vp, char *path, 3905 u_int pathlen) 3906 { 3907 struct nameidata nd; 3908 struct vnode *vp1; 3909 char *rpath, *fbuf; 3910 int error; 3911 3912 ASSERT_VOP_ELOCKED(vp, __func__); 3913 3914 /* Construct global filesystem path from vp. */ 3915 VOP_UNLOCK(vp); 3916 error = vn_fullpath_global(vp, &rpath, &fbuf); 3917 3918 if (error != 0) { 3919 vrele(vp); 3920 return (error); 3921 } 3922 3923 if (strlen(rpath) >= pathlen) { 3924 vrele(vp); 3925 error = ENAMETOOLONG; 3926 goto out; 3927 } 3928 3929 /* 3930 * Re-lookup the vnode by path to detect a possible rename. 3931 * As a side effect, the vnode is relocked. 3932 * If vnode was renamed, return ENOENT. 3933 */ 3934 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path); 3935 error = namei(&nd); 3936 if (error != 0) { 3937 vrele(vp); 3938 goto out; 3939 } 3940 NDFREE_PNBUF(&nd); 3941 vp1 = nd.ni_vp; 3942 vrele(vp); 3943 if (vp1 == vp) 3944 strcpy(path, rpath); 3945 else { 3946 vput(vp1); 3947 error = ENOENT; 3948 } 3949 3950 out: 3951 free(fbuf, M_TEMP); 3952 return (error); 3953 } 3954 3955 /* 3956 * This is similar to vn_path_to_global_path but allows for regular 3957 * files which may not be present in the cache. 3958 * 3959 * Requires a locked, referenced vnode. 3960 * Vnode is re-locked on success or ENODEV, otherwise unlocked. 3961 */ 3962 int 3963 vn_path_to_global_path_hardlink(struct thread *td, struct vnode *vp, 3964 struct vnode *dvp, char *path, u_int pathlen, const char *leaf_name, 3965 size_t leaf_length) 3966 { 3967 struct nameidata nd; 3968 struct vnode *vp1; 3969 char *rpath, *fbuf; 3970 size_t len; 3971 int error; 3972 3973 ASSERT_VOP_ELOCKED(vp, __func__); 3974 3975 /* 3976 * Construct global filesystem path from dvp, vp and leaf 3977 * name. 3978 */ 3979 VOP_UNLOCK(vp); 3980 len = pathlen; 3981 error = vn_fullpath_hardlink(vp, dvp, leaf_name, leaf_length, 3982 &rpath, &fbuf, &len); 3983 3984 if (error != 0) { 3985 vrele(vp); 3986 return (error); 3987 } 3988 3989 if (strlen(rpath) >= pathlen) { 3990 vrele(vp); 3991 error = ENAMETOOLONG; 3992 goto out; 3993 } 3994 3995 /* 3996 * Re-lookup the vnode by path to detect a possible rename. 3997 * As a side effect, the vnode is relocked. 3998 * If vnode was renamed, return ENOENT. 3999 */ 4000 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_SYSSPACE, path); 4001 error = namei(&nd); 4002 if (error != 0) { 4003 vrele(vp); 4004 goto out; 4005 } 4006 NDFREE_PNBUF(&nd); 4007 vp1 = nd.ni_vp; 4008 vrele(vp); 4009 if (vp1 == vp) 4010 strcpy(path, rpath); 4011 else { 4012 vput(vp1); 4013 error = ENOENT; 4014 } 4015 4016 out: 4017 free(fbuf, M_TEMP); 4018 return (error); 4019 } 4020 4021 void 4022 cache_vop_inotify(struct vnode *vp, int event, uint32_t cookie) 4023 { 4024 struct mtx *vlp; 4025 struct namecache *ncp; 4026 int isdir; 4027 bool logged, self; 4028 4029 isdir = vp->v_type == VDIR ? IN_ISDIR : 0; 4030 self = (vn_irflag_read(vp) & VIRF_INOTIFY) != 0 && 4031 (vp->v_type != VDIR || (event & ~_IN_DIR_EVENTS) != 0); 4032 4033 if (self) { 4034 int selfevent; 4035 4036 if (event == _IN_ATTRIB_LINKCOUNT) 4037 selfevent = IN_ATTRIB; 4038 else 4039 selfevent = event; 4040 inotify_log(vp, NULL, 0, selfevent | isdir, cookie); 4041 } 4042 if ((event & IN_ALL_EVENTS) == 0) 4043 return; 4044 4045 logged = false; 4046 vlp = VP2VNODELOCK(vp); 4047 mtx_lock(vlp); 4048 TAILQ_FOREACH(ncp, &vp->v_cache_dst, nc_dst) { 4049 if ((ncp->nc_flag & NCF_ISDOTDOT) != 0) 4050 continue; 4051 if ((vn_irflag_read(ncp->nc_dvp) & VIRF_INOTIFY) != 0) { 4052 /* 4053 * XXX-MJ if the vnode has two links in the same 4054 * dir, we'll log the same event twice. 4055 */ 4056 inotify_log(ncp->nc_dvp, ncp->nc_name, ncp->nc_nlen, 4057 event | isdir, cookie); 4058 logged = true; 4059 } 4060 } 4061 if (!logged && (vn_irflag_read(vp) & VIRF_INOTIFY_PARENT) != 0) { 4062 /* 4063 * We didn't find a watched directory that contains this vnode, 4064 * so stop calling VOP_INOTIFY for operations on the vnode. 4065 */ 4066 vn_irflag_unset(vp, VIRF_INOTIFY_PARENT); 4067 } 4068 mtx_unlock(vlp); 4069 } 4070 4071 #ifdef DDB 4072 static void 4073 db_print_vpath(struct vnode *vp) 4074 { 4075 4076 while (vp != NULL) { 4077 db_printf("%p: ", vp); 4078 if (vp == rootvnode) { 4079 db_printf("/"); 4080 vp = NULL; 4081 } else { 4082 if (vp->v_vflag & VV_ROOT) { 4083 db_printf("<mount point>"); 4084 vp = vp->v_mount->mnt_vnodecovered; 4085 } else { 4086 struct namecache *ncp; 4087 char *ncn; 4088 int i; 4089 4090 ncp = TAILQ_FIRST(&vp->v_cache_dst); 4091 if (ncp != NULL) { 4092 ncn = ncp->nc_name; 4093 for (i = 0; i < ncp->nc_nlen; i++) 4094 db_printf("%c", *ncn++); 4095 vp = ncp->nc_dvp; 4096 } else { 4097 vp = NULL; 4098 } 4099 } 4100 } 4101 db_printf("\n"); 4102 } 4103 4104 return; 4105 } 4106 4107 DB_SHOW_COMMAND(vpath, db_show_vpath) 4108 { 4109 struct vnode *vp; 4110 4111 if (!have_addr) { 4112 db_printf("usage: show vpath <struct vnode *>\n"); 4113 return; 4114 } 4115 4116 vp = (struct vnode *)addr; 4117 db_print_vpath(vp); 4118 } 4119 4120 #endif 4121 4122 static int cache_fast_lookup = 1; 4123 4124 #define CACHE_FPL_FAILED -2020 4125 4126 static int 4127 cache_vop_bad_vexec(struct vop_fplookup_vexec_args *v) 4128 { 4129 vn_printf(v->a_vp, "no proper vop_fplookup_vexec\n"); 4130 panic("no proper vop_fplookup_vexec"); 4131 } 4132 4133 static int 4134 cache_vop_bad_symlink(struct vop_fplookup_symlink_args *v) 4135 { 4136 vn_printf(v->a_vp, "no proper vop_fplookup_symlink\n"); 4137 panic("no proper vop_fplookup_symlink"); 4138 } 4139 4140 void 4141 cache_vop_vector_register(struct vop_vector *v) 4142 { 4143 size_t ops; 4144 4145 ops = 0; 4146 if (v->vop_fplookup_vexec != NULL) { 4147 ops++; 4148 } 4149 if (v->vop_fplookup_symlink != NULL) { 4150 ops++; 4151 } 4152 4153 if (ops == 2) { 4154 return; 4155 } 4156 4157 if (ops == 0) { 4158 v->vop_fplookup_vexec = cache_vop_bad_vexec; 4159 v->vop_fplookup_symlink = cache_vop_bad_symlink; 4160 return; 4161 } 4162 4163 printf("%s: invalid vop vector %p -- either all or none fplookup vops " 4164 "need to be provided", __func__, v); 4165 if (v->vop_fplookup_vexec == NULL) { 4166 printf("%s: missing vop_fplookup_vexec\n", __func__); 4167 } 4168 if (v->vop_fplookup_symlink == NULL) { 4169 printf("%s: missing vop_fplookup_symlink\n", __func__); 4170 } 4171 panic("bad vop vector %p", v); 4172 } 4173 4174 #ifdef INVARIANTS 4175 void 4176 cache_validate_vop_vector(struct mount *mp, struct vop_vector *vops) 4177 { 4178 if (mp == NULL) 4179 return; 4180 4181 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0) 4182 return; 4183 4184 if (vops->vop_fplookup_vexec == NULL || 4185 vops->vop_fplookup_vexec == cache_vop_bad_vexec) 4186 panic("bad vop_fplookup_vexec on vector %p for filesystem %s", 4187 vops, mp->mnt_vfc->vfc_name); 4188 4189 if (vops->vop_fplookup_symlink == NULL || 4190 vops->vop_fplookup_symlink == cache_vop_bad_symlink) 4191 panic("bad vop_fplookup_symlink on vector %p for filesystem %s", 4192 vops, mp->mnt_vfc->vfc_name); 4193 } 4194 #endif 4195 4196 void 4197 cache_fast_lookup_enabled_recalc(void) 4198 { 4199 int lookup_flag; 4200 int mac_on; 4201 4202 #ifdef MAC 4203 mac_on = mac_vnode_check_lookup_enabled(); 4204 mac_on |= mac_vnode_check_readlink_enabled(); 4205 #else 4206 mac_on = 0; 4207 #endif 4208 4209 lookup_flag = atomic_load_int(&cache_fast_lookup); 4210 if (lookup_flag && !mac_on) { 4211 atomic_store_char(&cache_fast_lookup_enabled, true); 4212 } else { 4213 atomic_store_char(&cache_fast_lookup_enabled, false); 4214 } 4215 } 4216 4217 static int 4218 syscal_vfs_cache_fast_lookup(SYSCTL_HANDLER_ARGS) 4219 { 4220 int error, old; 4221 4222 old = atomic_load_int(&cache_fast_lookup); 4223 error = sysctl_handle_int(oidp, arg1, arg2, req); 4224 if (error == 0 && req->newptr && old != atomic_load_int(&cache_fast_lookup)) 4225 cache_fast_lookup_enabled_recalc(); 4226 return (error); 4227 } 4228 SYSCTL_PROC(_vfs_cache_param, OID_AUTO, fast_lookup, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, 4229 &cache_fast_lookup, 0, syscal_vfs_cache_fast_lookup, "IU", ""); 4230 4231 /* 4232 * Components of nameidata (or objects it can point to) which may 4233 * need restoring in case fast path lookup fails. 4234 */ 4235 struct nameidata_outer { 4236 size_t ni_pathlen; 4237 uint64_t cn_flags; 4238 }; 4239 4240 struct nameidata_saved { 4241 #ifdef INVARIANTS 4242 char *cn_nameptr; 4243 size_t ni_pathlen; 4244 #endif 4245 }; 4246 4247 #ifdef INVARIANTS 4248 struct cache_fpl_debug { 4249 size_t ni_pathlen; 4250 }; 4251 #endif 4252 4253 struct cache_fpl { 4254 struct nameidata *ndp; 4255 struct componentname *cnp; 4256 char *nulchar; 4257 struct vnode *dvp; 4258 struct vnode *tvp; 4259 seqc_t dvp_seqc; 4260 seqc_t tvp_seqc; 4261 uint32_t hash; 4262 struct nameidata_saved snd; 4263 struct nameidata_outer snd_outer; 4264 int line; 4265 enum cache_fpl_status status:8; 4266 bool in_smr; 4267 bool fsearch; 4268 struct pwd **pwd; 4269 #ifdef INVARIANTS 4270 struct cache_fpl_debug debug; 4271 #endif 4272 }; 4273 4274 static bool cache_fplookup_mp_supported(struct mount *mp); 4275 static bool cache_fplookup_is_mp(struct cache_fpl *fpl); 4276 static int cache_fplookup_cross_mount(struct cache_fpl *fpl); 4277 static int cache_fplookup_partial_setup(struct cache_fpl *fpl); 4278 static int cache_fplookup_skip_slashes(struct cache_fpl *fpl); 4279 static int cache_fplookup_trailingslash(struct cache_fpl *fpl); 4280 static void cache_fpl_pathlen_dec(struct cache_fpl *fpl); 4281 static void cache_fpl_pathlen_inc(struct cache_fpl *fpl); 4282 static void cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n); 4283 static void cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n); 4284 4285 static void 4286 cache_fpl_cleanup_cnp(struct componentname *cnp) 4287 { 4288 4289 uma_zfree(namei_zone, cnp->cn_pnbuf); 4290 cnp->cn_pnbuf = NULL; 4291 cnp->cn_nameptr = NULL; 4292 } 4293 4294 static struct vnode * 4295 cache_fpl_handle_root(struct cache_fpl *fpl) 4296 { 4297 struct nameidata *ndp; 4298 struct componentname *cnp; 4299 4300 ndp = fpl->ndp; 4301 cnp = fpl->cnp; 4302 4303 MPASS(*(cnp->cn_nameptr) == '/'); 4304 cnp->cn_nameptr++; 4305 cache_fpl_pathlen_dec(fpl); 4306 4307 if (__predict_false(*(cnp->cn_nameptr) == '/')) { 4308 do { 4309 cnp->cn_nameptr++; 4310 cache_fpl_pathlen_dec(fpl); 4311 } while (*(cnp->cn_nameptr) == '/'); 4312 } 4313 4314 return (ndp->ni_rootdir); 4315 } 4316 4317 static void 4318 cache_fpl_checkpoint_outer(struct cache_fpl *fpl) 4319 { 4320 4321 fpl->snd_outer.ni_pathlen = fpl->ndp->ni_pathlen; 4322 fpl->snd_outer.cn_flags = fpl->ndp->ni_cnd.cn_flags; 4323 } 4324 4325 static void 4326 cache_fpl_checkpoint(struct cache_fpl *fpl) 4327 { 4328 4329 #ifdef INVARIANTS 4330 fpl->snd.cn_nameptr = fpl->ndp->ni_cnd.cn_nameptr; 4331 fpl->snd.ni_pathlen = fpl->debug.ni_pathlen; 4332 #endif 4333 } 4334 4335 static void 4336 cache_fpl_restore_partial(struct cache_fpl *fpl) 4337 { 4338 4339 fpl->ndp->ni_cnd.cn_flags = fpl->snd_outer.cn_flags; 4340 #ifdef INVARIANTS 4341 fpl->debug.ni_pathlen = fpl->snd.ni_pathlen; 4342 #endif 4343 } 4344 4345 static void 4346 cache_fpl_restore_abort(struct cache_fpl *fpl) 4347 { 4348 4349 cache_fpl_restore_partial(fpl); 4350 /* 4351 * It is 0 on entry by API contract. 4352 */ 4353 fpl->ndp->ni_resflags = 0; 4354 fpl->ndp->ni_cnd.cn_nameptr = fpl->ndp->ni_cnd.cn_pnbuf; 4355 fpl->ndp->ni_pathlen = fpl->snd_outer.ni_pathlen; 4356 } 4357 4358 #ifdef INVARIANTS 4359 #define cache_fpl_smr_assert_entered(fpl) ({ \ 4360 struct cache_fpl *_fpl = (fpl); \ 4361 MPASS(_fpl->in_smr == true); \ 4362 VFS_SMR_ASSERT_ENTERED(); \ 4363 }) 4364 #define cache_fpl_smr_assert_not_entered(fpl) ({ \ 4365 struct cache_fpl *_fpl = (fpl); \ 4366 MPASS(_fpl->in_smr == false); \ 4367 VFS_SMR_ASSERT_NOT_ENTERED(); \ 4368 }) 4369 static void 4370 cache_fpl_assert_status(struct cache_fpl *fpl) 4371 { 4372 4373 switch (fpl->status) { 4374 case CACHE_FPL_STATUS_UNSET: 4375 __assert_unreachable(); 4376 break; 4377 case CACHE_FPL_STATUS_DESTROYED: 4378 case CACHE_FPL_STATUS_ABORTED: 4379 case CACHE_FPL_STATUS_PARTIAL: 4380 case CACHE_FPL_STATUS_HANDLED: 4381 break; 4382 } 4383 } 4384 #else 4385 #define cache_fpl_smr_assert_entered(fpl) do { } while (0) 4386 #define cache_fpl_smr_assert_not_entered(fpl) do { } while (0) 4387 #define cache_fpl_assert_status(fpl) do { } while (0) 4388 #endif 4389 4390 #define cache_fpl_smr_enter_initial(fpl) ({ \ 4391 struct cache_fpl *_fpl = (fpl); \ 4392 vfs_smr_enter(); \ 4393 _fpl->in_smr = true; \ 4394 }) 4395 4396 #define cache_fpl_smr_enter(fpl) ({ \ 4397 struct cache_fpl *_fpl = (fpl); \ 4398 MPASS(_fpl->in_smr == false); \ 4399 vfs_smr_enter(); \ 4400 _fpl->in_smr = true; \ 4401 }) 4402 4403 #define cache_fpl_smr_exit(fpl) ({ \ 4404 struct cache_fpl *_fpl = (fpl); \ 4405 MPASS(_fpl->in_smr == true); \ 4406 vfs_smr_exit(); \ 4407 _fpl->in_smr = false; \ 4408 }) 4409 4410 static int 4411 cache_fpl_aborted_early_impl(struct cache_fpl *fpl, int line) 4412 { 4413 4414 if (fpl->status != CACHE_FPL_STATUS_UNSET) { 4415 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL, 4416 ("%s: converting to abort from %d at %d, set at %d\n", 4417 __func__, fpl->status, line, fpl->line)); 4418 } 4419 cache_fpl_smr_assert_not_entered(fpl); 4420 fpl->status = CACHE_FPL_STATUS_ABORTED; 4421 fpl->line = line; 4422 return (CACHE_FPL_FAILED); 4423 } 4424 4425 #define cache_fpl_aborted_early(x) cache_fpl_aborted_early_impl((x), __LINE__) 4426 4427 static int __noinline 4428 cache_fpl_aborted_impl(struct cache_fpl *fpl, int line) 4429 { 4430 struct nameidata *ndp; 4431 struct componentname *cnp; 4432 4433 ndp = fpl->ndp; 4434 cnp = fpl->cnp; 4435 4436 if (fpl->status != CACHE_FPL_STATUS_UNSET) { 4437 KASSERT(fpl->status == CACHE_FPL_STATUS_PARTIAL, 4438 ("%s: converting to abort from %d at %d, set at %d\n", 4439 __func__, fpl->status, line, fpl->line)); 4440 } 4441 fpl->status = CACHE_FPL_STATUS_ABORTED; 4442 fpl->line = line; 4443 if (fpl->in_smr) 4444 cache_fpl_smr_exit(fpl); 4445 cache_fpl_restore_abort(fpl); 4446 /* 4447 * Resolving symlinks overwrites data passed by the caller. 4448 * Let namei know. 4449 */ 4450 if (ndp->ni_loopcnt > 0) { 4451 fpl->status = CACHE_FPL_STATUS_DESTROYED; 4452 cache_fpl_cleanup_cnp(cnp); 4453 } 4454 return (CACHE_FPL_FAILED); 4455 } 4456 4457 #define cache_fpl_aborted(x) cache_fpl_aborted_impl((x), __LINE__) 4458 4459 static int __noinline 4460 cache_fpl_partial_impl(struct cache_fpl *fpl, int line) 4461 { 4462 4463 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4464 ("%s: setting to partial at %d, but already set to %d at %d\n", 4465 __func__, line, fpl->status, fpl->line)); 4466 cache_fpl_smr_assert_entered(fpl); 4467 fpl->status = CACHE_FPL_STATUS_PARTIAL; 4468 fpl->line = line; 4469 return (cache_fplookup_partial_setup(fpl)); 4470 } 4471 4472 #define cache_fpl_partial(x) cache_fpl_partial_impl((x), __LINE__) 4473 4474 static int 4475 cache_fpl_handled_impl(struct cache_fpl *fpl, int line) 4476 { 4477 4478 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4479 ("%s: setting to handled at %d, but already set to %d at %d\n", 4480 __func__, line, fpl->status, fpl->line)); 4481 cache_fpl_smr_assert_not_entered(fpl); 4482 fpl->status = CACHE_FPL_STATUS_HANDLED; 4483 fpl->line = line; 4484 return (0); 4485 } 4486 4487 #define cache_fpl_handled(x) cache_fpl_handled_impl((x), __LINE__) 4488 4489 static int 4490 cache_fpl_handled_error_impl(struct cache_fpl *fpl, int error, int line) 4491 { 4492 4493 KASSERT(fpl->status == CACHE_FPL_STATUS_UNSET, 4494 ("%s: setting to handled at %d, but already set to %d at %d\n", 4495 __func__, line, fpl->status, fpl->line)); 4496 MPASS(error != 0); 4497 MPASS(error != CACHE_FPL_FAILED); 4498 cache_fpl_smr_assert_not_entered(fpl); 4499 fpl->status = CACHE_FPL_STATUS_HANDLED; 4500 fpl->line = line; 4501 fpl->dvp = NULL; 4502 fpl->tvp = NULL; 4503 return (error); 4504 } 4505 4506 #define cache_fpl_handled_error(x, e) cache_fpl_handled_error_impl((x), (e), __LINE__) 4507 4508 static bool 4509 cache_fpl_terminated(struct cache_fpl *fpl) 4510 { 4511 4512 return (fpl->status != CACHE_FPL_STATUS_UNSET); 4513 } 4514 4515 #define CACHE_FPL_SUPPORTED_CN_FLAGS \ 4516 (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \ 4517 FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | ISRESTARTED | WILLBEDIR | \ 4518 ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | OPENREAD | \ 4519 OPENWRITE | WANTIOCTLCAPS | NAMEILOOKUP) 4520 4521 #define CACHE_FPL_INTERNAL_CN_FLAGS \ 4522 (ISDOTDOT | MAKEENTRY | ISLASTCN) 4523 4524 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & CACHE_FPL_INTERNAL_CN_FLAGS) == 0, 4525 "supported and internal flags overlap"); 4526 4527 static bool 4528 cache_fpl_islastcn(struct nameidata *ndp) 4529 { 4530 4531 return (*ndp->ni_next == 0); 4532 } 4533 4534 static bool 4535 cache_fpl_istrailingslash(struct cache_fpl *fpl) 4536 { 4537 4538 MPASS(fpl->nulchar > fpl->cnp->cn_pnbuf); 4539 return (*(fpl->nulchar - 1) == '/'); 4540 } 4541 4542 static bool 4543 cache_fpl_isdotdot(struct componentname *cnp) 4544 { 4545 4546 if (cnp->cn_namelen == 2 && 4547 cnp->cn_nameptr[1] == '.' && cnp->cn_nameptr[0] == '.') 4548 return (true); 4549 return (false); 4550 } 4551 4552 static bool 4553 cache_can_fplookup(struct cache_fpl *fpl) 4554 { 4555 struct nameidata *ndp; 4556 struct componentname *cnp; 4557 struct thread *td; 4558 4559 ndp = fpl->ndp; 4560 cnp = fpl->cnp; 4561 td = curthread; 4562 4563 if (!atomic_load_char(&cache_fast_lookup_enabled)) { 4564 cache_fpl_aborted_early(fpl); 4565 return (false); 4566 } 4567 if ((cnp->cn_flags & ~CACHE_FPL_SUPPORTED_CN_FLAGS) != 0) { 4568 cache_fpl_aborted_early(fpl); 4569 return (false); 4570 } 4571 if (IN_CAPABILITY_MODE(td) || CAP_TRACING(td)) { 4572 cache_fpl_aborted_early(fpl); 4573 return (false); 4574 } 4575 if (AUDITING_TD(td)) { 4576 cache_fpl_aborted_early(fpl); 4577 return (false); 4578 } 4579 if (ndp->ni_startdir != NULL) { 4580 cache_fpl_aborted_early(fpl); 4581 return (false); 4582 } 4583 return (true); 4584 } 4585 4586 static int __noinline 4587 cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp) 4588 { 4589 struct nameidata *ndp; 4590 struct componentname *cnp; 4591 int error, flags; 4592 4593 ndp = fpl->ndp; 4594 cnp = fpl->cnp; 4595 4596 error = fgetvp_lookup_smr(ndp, vpp, &flags); 4597 if (__predict_false(error != 0)) { 4598 return (cache_fpl_aborted(fpl)); 4599 } 4600 if (__predict_false((flags & O_RESOLVE_BENEATH) != 0)) { 4601 _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & RBENEATH) == 0, 4602 "RBENEATH supported by fplookup"); 4603 cache_fpl_smr_exit(fpl); 4604 cache_fpl_aborted(fpl); 4605 return (EOPNOTSUPP); 4606 } 4607 fpl->fsearch = (flags & FSEARCH) != 0; 4608 if ((*vpp)->v_type != VDIR) { 4609 if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) { 4610 cache_fpl_smr_exit(fpl); 4611 return (cache_fpl_handled_error(fpl, ENOTDIR)); 4612 } 4613 } 4614 return (0); 4615 } 4616 4617 static int __noinline 4618 cache_fplookup_negative_promote(struct cache_fpl *fpl, struct namecache *oncp, 4619 uint32_t hash) 4620 { 4621 struct componentname *cnp; 4622 struct vnode *dvp; 4623 4624 cnp = fpl->cnp; 4625 dvp = fpl->dvp; 4626 4627 cache_fpl_smr_exit(fpl); 4628 if (cache_neg_promote_cond(dvp, cnp, oncp, hash)) 4629 return (cache_fpl_handled_error(fpl, ENOENT)); 4630 else 4631 return (cache_fpl_aborted(fpl)); 4632 } 4633 4634 /* 4635 * The target vnode is not supported, prepare for the slow path to take over. 4636 */ 4637 static int __noinline 4638 cache_fplookup_partial_setup(struct cache_fpl *fpl) 4639 { 4640 struct nameidata *ndp; 4641 struct componentname *cnp; 4642 enum vgetstate dvs; 4643 struct vnode *dvp; 4644 struct pwd *pwd; 4645 seqc_t dvp_seqc; 4646 4647 ndp = fpl->ndp; 4648 cnp = fpl->cnp; 4649 pwd = *(fpl->pwd); 4650 dvp = fpl->dvp; 4651 dvp_seqc = fpl->dvp_seqc; 4652 4653 if (!pwd_hold_smr(pwd)) { 4654 return (cache_fpl_aborted(fpl)); 4655 } 4656 4657 /* 4658 * Note that seqc is checked before the vnode is locked, so by 4659 * the time regular lookup gets to it it may have moved. 4660 * 4661 * Ultimately this does not affect correctness, any lookup errors 4662 * are userspace racing with itself. It is guaranteed that any 4663 * path which ultimately gets found could also have been found 4664 * by regular lookup going all the way in absence of concurrent 4665 * modifications. 4666 */ 4667 dvs = vget_prep_smr(dvp); 4668 cache_fpl_smr_exit(fpl); 4669 if (__predict_false(dvs == VGET_NONE)) { 4670 pwd_drop(pwd); 4671 return (cache_fpl_aborted(fpl)); 4672 } 4673 4674 vget_finish_ref(dvp, dvs); 4675 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4676 vrele(dvp); 4677 pwd_drop(pwd); 4678 return (cache_fpl_aborted(fpl)); 4679 } 4680 4681 cache_fpl_restore_partial(fpl); 4682 #ifdef INVARIANTS 4683 if (cnp->cn_nameptr != fpl->snd.cn_nameptr) { 4684 panic("%s: cn_nameptr mismatch (%p != %p) full [%s]\n", __func__, 4685 cnp->cn_nameptr, fpl->snd.cn_nameptr, cnp->cn_pnbuf); 4686 } 4687 #endif 4688 4689 ndp->ni_startdir = dvp; 4690 cnp->cn_flags |= MAKEENTRY; 4691 if (cache_fpl_islastcn(ndp)) 4692 cnp->cn_flags |= ISLASTCN; 4693 if (cache_fpl_isdotdot(cnp)) 4694 cnp->cn_flags |= ISDOTDOT; 4695 4696 /* 4697 * Skip potential extra slashes parsing did not take care of. 4698 * cache_fplookup_skip_slashes explains the mechanism. 4699 */ 4700 if (__predict_false(*(cnp->cn_nameptr) == '/')) { 4701 do { 4702 cnp->cn_nameptr++; 4703 cache_fpl_pathlen_dec(fpl); 4704 } while (*(cnp->cn_nameptr) == '/'); 4705 } 4706 4707 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1; 4708 #ifdef INVARIANTS 4709 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) { 4710 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 4711 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 4712 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 4713 } 4714 #endif 4715 return (0); 4716 } 4717 4718 static int 4719 cache_fplookup_final_child(struct cache_fpl *fpl, enum vgetstate tvs) 4720 { 4721 struct componentname *cnp; 4722 struct vnode *tvp; 4723 seqc_t tvp_seqc; 4724 int error, lkflags; 4725 4726 cnp = fpl->cnp; 4727 tvp = fpl->tvp; 4728 tvp_seqc = fpl->tvp_seqc; 4729 4730 if ((cnp->cn_flags & LOCKLEAF) != 0) { 4731 lkflags = LK_SHARED; 4732 if ((cnp->cn_flags & LOCKSHARED) == 0) 4733 lkflags = LK_EXCLUSIVE; 4734 error = vget_finish(tvp, lkflags, tvs); 4735 if (__predict_false(error != 0)) { 4736 return (cache_fpl_aborted(fpl)); 4737 } 4738 } else { 4739 vget_finish_ref(tvp, tvs); 4740 } 4741 4742 if (!vn_seqc_consistent(tvp, tvp_seqc)) { 4743 if ((cnp->cn_flags & LOCKLEAF) != 0) 4744 vput(tvp); 4745 else 4746 vrele(tvp); 4747 return (cache_fpl_aborted(fpl)); 4748 } 4749 4750 return (cache_fpl_handled(fpl)); 4751 } 4752 4753 /* 4754 * They want to possibly modify the state of the namecache. 4755 */ 4756 static int __noinline 4757 cache_fplookup_final_modifying(struct cache_fpl *fpl) 4758 { 4759 struct nameidata *ndp __diagused; 4760 struct componentname *cnp; 4761 enum vgetstate dvs; 4762 struct vnode *dvp, *tvp; 4763 struct mount *mp; 4764 seqc_t dvp_seqc; 4765 int error; 4766 bool docache; 4767 4768 ndp = fpl->ndp; 4769 cnp = fpl->cnp; 4770 dvp = fpl->dvp; 4771 dvp_seqc = fpl->dvp_seqc; 4772 4773 MPASS(*(cnp->cn_nameptr) != '/'); 4774 MPASS(cache_fpl_islastcn(ndp)); 4775 if ((cnp->cn_flags & LOCKPARENT) == 0) 4776 MPASS((cnp->cn_flags & WANTPARENT) != 0); 4777 MPASS((cnp->cn_flags & TRAILINGSLASH) == 0); 4778 MPASS(cnp->cn_nameiop == CREATE || cnp->cn_nameiop == DELETE || 4779 cnp->cn_nameiop == RENAME); 4780 MPASS((cnp->cn_flags & MAKEENTRY) == 0); 4781 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 4782 4783 docache = (cnp->cn_flags & NOCACHE) ^ NOCACHE; 4784 if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME) 4785 docache = false; 4786 4787 /* 4788 * Regular lookup nulifies the slash, which we don't do here. 4789 * Don't take chances with filesystem routines seeing it for 4790 * the last entry. 4791 */ 4792 if (cache_fpl_istrailingslash(fpl)) { 4793 return (cache_fpl_partial(fpl)); 4794 } 4795 4796 mp = atomic_load_ptr(&dvp->v_mount); 4797 if (__predict_false(mp == NULL)) { 4798 return (cache_fpl_aborted(fpl)); 4799 } 4800 4801 if (__predict_false(mp->mnt_flag & MNT_RDONLY)) { 4802 cache_fpl_smr_exit(fpl); 4803 /* 4804 * Original code keeps not checking for CREATE which 4805 * might be a bug. For now let the old lookup decide. 4806 */ 4807 if (cnp->cn_nameiop == CREATE) { 4808 return (cache_fpl_aborted(fpl)); 4809 } 4810 return (cache_fpl_handled_error(fpl, EROFS)); 4811 } 4812 4813 if (fpl->tvp != NULL && (cnp->cn_flags & FAILIFEXISTS) != 0) { 4814 cache_fpl_smr_exit(fpl); 4815 return (cache_fpl_handled_error(fpl, EEXIST)); 4816 } 4817 4818 /* 4819 * Secure access to dvp; check cache_fplookup_partial_setup for 4820 * reasoning. 4821 * 4822 * XXX At least UFS requires its lookup routine to be called for 4823 * the last path component, which leads to some level of complication 4824 * and inefficiency: 4825 * - the target routine always locks the target vnode, but our caller 4826 * may not need it locked 4827 * - some of the VOP machinery asserts that the parent is locked, which 4828 * once more may be not required 4829 * 4830 * TODO: add a flag for filesystems which don't need this. 4831 */ 4832 dvs = vget_prep_smr(dvp); 4833 cache_fpl_smr_exit(fpl); 4834 if (__predict_false(dvs == VGET_NONE)) { 4835 return (cache_fpl_aborted(fpl)); 4836 } 4837 4838 vget_finish_ref(dvp, dvs); 4839 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4840 vrele(dvp); 4841 return (cache_fpl_aborted(fpl)); 4842 } 4843 4844 error = vn_lock(dvp, LK_EXCLUSIVE); 4845 if (__predict_false(error != 0)) { 4846 vrele(dvp); 4847 return (cache_fpl_aborted(fpl)); 4848 } 4849 4850 tvp = NULL; 4851 cnp->cn_flags |= ISLASTCN; 4852 if (docache) 4853 cnp->cn_flags |= MAKEENTRY; 4854 if (cache_fpl_isdotdot(cnp)) 4855 cnp->cn_flags |= ISDOTDOT; 4856 cnp->cn_lkflags = LK_EXCLUSIVE; 4857 error = VOP_LOOKUP(dvp, &tvp, cnp); 4858 switch (error) { 4859 case EJUSTRETURN: 4860 case 0: 4861 break; 4862 case ENOTDIR: 4863 case ENOENT: 4864 vput(dvp); 4865 return (cache_fpl_handled_error(fpl, error)); 4866 default: 4867 vput(dvp); 4868 return (cache_fpl_aborted(fpl)); 4869 } 4870 4871 fpl->tvp = tvp; 4872 4873 if (tvp == NULL) { 4874 MPASS(error == EJUSTRETURN); 4875 if ((cnp->cn_flags & LOCKPARENT) == 0) { 4876 VOP_UNLOCK(dvp); 4877 } 4878 return (cache_fpl_handled(fpl)); 4879 } 4880 4881 /* 4882 * There are very hairy corner cases concerning various flag combinations 4883 * and locking state. In particular here we only hold one lock instead of 4884 * two. 4885 * 4886 * Skip the complexity as it is of no significance for normal workloads. 4887 */ 4888 if (__predict_false(tvp == dvp)) { 4889 vput(dvp); 4890 vrele(tvp); 4891 return (cache_fpl_aborted(fpl)); 4892 } 4893 4894 /* 4895 * If they want the symlink itself we are fine, but if they want to 4896 * follow it regular lookup has to be engaged. 4897 */ 4898 if (tvp->v_type == VLNK) { 4899 if ((cnp->cn_flags & FOLLOW) != 0) { 4900 vput(dvp); 4901 vput(tvp); 4902 return (cache_fpl_aborted(fpl)); 4903 } 4904 } 4905 4906 /* 4907 * Since we expect this to be the terminal vnode it should almost never 4908 * be a mount point. 4909 */ 4910 if (__predict_false(cache_fplookup_is_mp(fpl))) { 4911 vput(dvp); 4912 vput(tvp); 4913 return (cache_fpl_aborted(fpl)); 4914 } 4915 4916 if ((cnp->cn_flags & FAILIFEXISTS) != 0) { 4917 vput(dvp); 4918 vput(tvp); 4919 return (cache_fpl_handled_error(fpl, EEXIST)); 4920 } 4921 4922 if ((cnp->cn_flags & LOCKLEAF) == 0) { 4923 VOP_UNLOCK(tvp); 4924 } 4925 4926 if ((cnp->cn_flags & LOCKPARENT) == 0) { 4927 VOP_UNLOCK(dvp); 4928 } 4929 4930 return (cache_fpl_handled(fpl)); 4931 } 4932 4933 static int __noinline 4934 cache_fplookup_modifying(struct cache_fpl *fpl) 4935 { 4936 struct nameidata *ndp; 4937 4938 ndp = fpl->ndp; 4939 4940 if (!cache_fpl_islastcn(ndp)) { 4941 return (cache_fpl_partial(fpl)); 4942 } 4943 return (cache_fplookup_final_modifying(fpl)); 4944 } 4945 4946 static int __noinline 4947 cache_fplookup_final_withparent(struct cache_fpl *fpl) 4948 { 4949 struct componentname *cnp; 4950 enum vgetstate dvs, tvs; 4951 struct vnode *dvp, *tvp; 4952 seqc_t dvp_seqc; 4953 int error; 4954 4955 cnp = fpl->cnp; 4956 dvp = fpl->dvp; 4957 dvp_seqc = fpl->dvp_seqc; 4958 tvp = fpl->tvp; 4959 4960 MPASS((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0); 4961 4962 /* 4963 * This is less efficient than it can be for simplicity. 4964 */ 4965 dvs = vget_prep_smr(dvp); 4966 if (__predict_false(dvs == VGET_NONE)) { 4967 return (cache_fpl_aborted(fpl)); 4968 } 4969 tvs = vget_prep_smr(tvp); 4970 if (__predict_false(tvs == VGET_NONE)) { 4971 cache_fpl_smr_exit(fpl); 4972 vget_abort(dvp, dvs); 4973 return (cache_fpl_aborted(fpl)); 4974 } 4975 4976 cache_fpl_smr_exit(fpl); 4977 4978 if ((cnp->cn_flags & LOCKPARENT) != 0) { 4979 error = vget_finish(dvp, LK_EXCLUSIVE, dvs); 4980 if (__predict_false(error != 0)) { 4981 vget_abort(tvp, tvs); 4982 return (cache_fpl_aborted(fpl)); 4983 } 4984 } else { 4985 vget_finish_ref(dvp, dvs); 4986 } 4987 4988 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 4989 vget_abort(tvp, tvs); 4990 if ((cnp->cn_flags & LOCKPARENT) != 0) 4991 vput(dvp); 4992 else 4993 vrele(dvp); 4994 return (cache_fpl_aborted(fpl)); 4995 } 4996 4997 error = cache_fplookup_final_child(fpl, tvs); 4998 if (__predict_false(error != 0)) { 4999 MPASS(fpl->status == CACHE_FPL_STATUS_ABORTED || 5000 fpl->status == CACHE_FPL_STATUS_DESTROYED); 5001 if ((cnp->cn_flags & LOCKPARENT) != 0) 5002 vput(dvp); 5003 else 5004 vrele(dvp); 5005 return (error); 5006 } 5007 5008 MPASS(fpl->status == CACHE_FPL_STATUS_HANDLED); 5009 return (0); 5010 } 5011 5012 static int 5013 cache_fplookup_final(struct cache_fpl *fpl) 5014 { 5015 struct componentname *cnp; 5016 enum vgetstate tvs; 5017 struct vnode *dvp, *tvp; 5018 seqc_t dvp_seqc; 5019 5020 cnp = fpl->cnp; 5021 dvp = fpl->dvp; 5022 dvp_seqc = fpl->dvp_seqc; 5023 tvp = fpl->tvp; 5024 5025 MPASS(*(cnp->cn_nameptr) != '/'); 5026 5027 if (cnp->cn_nameiop != LOOKUP) { 5028 return (cache_fplookup_final_modifying(fpl)); 5029 } 5030 5031 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) 5032 return (cache_fplookup_final_withparent(fpl)); 5033 5034 tvs = vget_prep_smr(tvp); 5035 if (__predict_false(tvs == VGET_NONE)) { 5036 return (cache_fpl_partial(fpl)); 5037 } 5038 5039 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5040 cache_fpl_smr_exit(fpl); 5041 vget_abort(tvp, tvs); 5042 return (cache_fpl_aborted(fpl)); 5043 } 5044 5045 cache_fpl_smr_exit(fpl); 5046 return (cache_fplookup_final_child(fpl, tvs)); 5047 } 5048 5049 /* 5050 * Comment from locked lookup: 5051 * Check for degenerate name (e.g. / or "") which is a way of talking about a 5052 * directory, e.g. like "/." or ".". 5053 */ 5054 static int __noinline 5055 cache_fplookup_degenerate(struct cache_fpl *fpl) 5056 { 5057 struct componentname *cnp; 5058 struct vnode *dvp; 5059 enum vgetstate dvs; 5060 int error, lkflags; 5061 #ifdef INVARIANTS 5062 char *cp; 5063 #endif 5064 5065 fpl->tvp = fpl->dvp; 5066 fpl->tvp_seqc = fpl->dvp_seqc; 5067 5068 cnp = fpl->cnp; 5069 dvp = fpl->dvp; 5070 5071 #ifdef INVARIANTS 5072 for (cp = cnp->cn_pnbuf; *cp != '\0'; cp++) { 5073 KASSERT(*cp == '/', 5074 ("%s: encountered non-slash; string [%s]\n", __func__, 5075 cnp->cn_pnbuf)); 5076 } 5077 #endif 5078 5079 if (__predict_false(cnp->cn_nameiop != LOOKUP)) { 5080 cache_fpl_smr_exit(fpl); 5081 return (cache_fpl_handled_error(fpl, EISDIR)); 5082 } 5083 5084 if ((cnp->cn_flags & (LOCKPARENT|WANTPARENT)) != 0) { 5085 return (cache_fplookup_final_withparent(fpl)); 5086 } 5087 5088 dvs = vget_prep_smr(dvp); 5089 cache_fpl_smr_exit(fpl); 5090 if (__predict_false(dvs == VGET_NONE)) { 5091 return (cache_fpl_aborted(fpl)); 5092 } 5093 5094 if ((cnp->cn_flags & LOCKLEAF) != 0) { 5095 lkflags = LK_SHARED; 5096 if ((cnp->cn_flags & LOCKSHARED) == 0) 5097 lkflags = LK_EXCLUSIVE; 5098 error = vget_finish(dvp, lkflags, dvs); 5099 if (__predict_false(error != 0)) { 5100 return (cache_fpl_aborted(fpl)); 5101 } 5102 } else { 5103 vget_finish_ref(dvp, dvs); 5104 } 5105 return (cache_fpl_handled(fpl)); 5106 } 5107 5108 static int __noinline 5109 cache_fplookup_emptypath(struct cache_fpl *fpl) 5110 { 5111 struct nameidata *ndp; 5112 struct componentname *cnp; 5113 enum vgetstate tvs; 5114 struct vnode *tvp; 5115 int error, lkflags; 5116 5117 fpl->tvp = fpl->dvp; 5118 fpl->tvp_seqc = fpl->dvp_seqc; 5119 5120 ndp = fpl->ndp; 5121 cnp = fpl->cnp; 5122 tvp = fpl->tvp; 5123 5124 MPASS(*cnp->cn_pnbuf == '\0'); 5125 5126 if (__predict_false((cnp->cn_flags & EMPTYPATH) == 0)) { 5127 cache_fpl_smr_exit(fpl); 5128 return (cache_fpl_handled_error(fpl, ENOENT)); 5129 } 5130 5131 MPASS((cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0); 5132 5133 tvs = vget_prep_smr(tvp); 5134 cache_fpl_smr_exit(fpl); 5135 if (__predict_false(tvs == VGET_NONE)) { 5136 return (cache_fpl_aborted(fpl)); 5137 } 5138 5139 if ((cnp->cn_flags & LOCKLEAF) != 0) { 5140 lkflags = LK_SHARED; 5141 if ((cnp->cn_flags & LOCKSHARED) == 0) 5142 lkflags = LK_EXCLUSIVE; 5143 error = vget_finish(tvp, lkflags, tvs); 5144 if (__predict_false(error != 0)) { 5145 return (cache_fpl_aborted(fpl)); 5146 } 5147 } else { 5148 vget_finish_ref(tvp, tvs); 5149 } 5150 5151 ndp->ni_resflags |= NIRES_EMPTYPATH; 5152 return (cache_fpl_handled(fpl)); 5153 } 5154 5155 static int __noinline 5156 cache_fplookup_noentry(struct cache_fpl *fpl) 5157 { 5158 struct nameidata *ndp; 5159 struct componentname *cnp; 5160 enum vgetstate dvs; 5161 struct vnode *dvp, *tvp; 5162 seqc_t dvp_seqc; 5163 int error; 5164 5165 ndp = fpl->ndp; 5166 cnp = fpl->cnp; 5167 dvp = fpl->dvp; 5168 dvp_seqc = fpl->dvp_seqc; 5169 5170 MPASS((cnp->cn_flags & MAKEENTRY) == 0); 5171 MPASS((cnp->cn_flags & ISDOTDOT) == 0); 5172 if (cnp->cn_nameiop == LOOKUP) 5173 MPASS((cnp->cn_flags & NOCACHE) == 0); 5174 MPASS(!cache_fpl_isdotdot(cnp)); 5175 5176 /* 5177 * Hack: delayed name len checking. 5178 */ 5179 if (__predict_false(cnp->cn_namelen > NAME_MAX)) { 5180 cache_fpl_smr_exit(fpl); 5181 return (cache_fpl_handled_error(fpl, ENAMETOOLONG)); 5182 } 5183 5184 if (cnp->cn_nameptr[0] == '/') { 5185 return (cache_fplookup_skip_slashes(fpl)); 5186 } 5187 5188 if (cnp->cn_pnbuf[0] == '\0') { 5189 return (cache_fplookup_emptypath(fpl)); 5190 } 5191 5192 if (cnp->cn_nameptr[0] == '\0') { 5193 if (fpl->tvp == NULL) { 5194 return (cache_fplookup_degenerate(fpl)); 5195 } 5196 return (cache_fplookup_trailingslash(fpl)); 5197 } 5198 5199 if (cnp->cn_nameiop != LOOKUP) { 5200 fpl->tvp = NULL; 5201 return (cache_fplookup_modifying(fpl)); 5202 } 5203 5204 /* 5205 * Only try to fill in the component if it is the last one, 5206 * otherwise not only there may be several to handle but the 5207 * walk may be complicated. 5208 */ 5209 if (!cache_fpl_islastcn(ndp)) { 5210 return (cache_fpl_partial(fpl)); 5211 } 5212 5213 /* 5214 * Regular lookup nulifies the slash, which we don't do here. 5215 * Don't take chances with filesystem routines seeing it for 5216 * the last entry. 5217 */ 5218 if (cache_fpl_istrailingslash(fpl)) { 5219 return (cache_fpl_partial(fpl)); 5220 } 5221 5222 /* 5223 * Secure access to dvp; check cache_fplookup_partial_setup for 5224 * reasoning. 5225 */ 5226 dvs = vget_prep_smr(dvp); 5227 cache_fpl_smr_exit(fpl); 5228 if (__predict_false(dvs == VGET_NONE)) { 5229 return (cache_fpl_aborted(fpl)); 5230 } 5231 5232 vget_finish_ref(dvp, dvs); 5233 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 5234 vrele(dvp); 5235 return (cache_fpl_aborted(fpl)); 5236 } 5237 5238 error = vn_lock(dvp, LK_SHARED); 5239 if (__predict_false(error != 0)) { 5240 vrele(dvp); 5241 return (cache_fpl_aborted(fpl)); 5242 } 5243 5244 tvp = NULL; 5245 /* 5246 * TODO: provide variants which don't require locking either vnode. 5247 */ 5248 cnp->cn_flags |= ISLASTCN | MAKEENTRY; 5249 cnp->cn_lkflags = LK_SHARED; 5250 if ((cnp->cn_flags & LOCKSHARED) == 0) { 5251 cnp->cn_lkflags = LK_EXCLUSIVE; 5252 } 5253 error = VOP_LOOKUP(dvp, &tvp, cnp); 5254 switch (error) { 5255 case EJUSTRETURN: 5256 case 0: 5257 break; 5258 case ENOTDIR: 5259 case ENOENT: 5260 vput(dvp); 5261 return (cache_fpl_handled_error(fpl, error)); 5262 default: 5263 vput(dvp); 5264 return (cache_fpl_aborted(fpl)); 5265 } 5266 5267 fpl->tvp = tvp; 5268 5269 if (tvp == NULL) { 5270 MPASS(error == EJUSTRETURN); 5271 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) { 5272 vput(dvp); 5273 } else if ((cnp->cn_flags & LOCKPARENT) == 0) { 5274 VOP_UNLOCK(dvp); 5275 } 5276 return (cache_fpl_handled(fpl)); 5277 } 5278 5279 if (tvp->v_type == VLNK) { 5280 if ((cnp->cn_flags & FOLLOW) != 0) { 5281 vput(dvp); 5282 vput(tvp); 5283 return (cache_fpl_aborted(fpl)); 5284 } 5285 } 5286 5287 if (__predict_false(cache_fplookup_is_mp(fpl))) { 5288 vput(dvp); 5289 vput(tvp); 5290 return (cache_fpl_aborted(fpl)); 5291 } 5292 5293 if ((cnp->cn_flags & LOCKLEAF) == 0) { 5294 VOP_UNLOCK(tvp); 5295 } 5296 5297 if ((cnp->cn_flags & (WANTPARENT | LOCKPARENT)) == 0) { 5298 vput(dvp); 5299 } else if ((cnp->cn_flags & LOCKPARENT) == 0) { 5300 VOP_UNLOCK(dvp); 5301 } 5302 return (cache_fpl_handled(fpl)); 5303 } 5304 5305 static int __noinline 5306 cache_fplookup_dot(struct cache_fpl *fpl) 5307 { 5308 int error; 5309 5310 MPASS(!seqc_in_modify(fpl->dvp_seqc)); 5311 5312 if (__predict_false(fpl->dvp->v_type != VDIR)) { 5313 cache_fpl_smr_exit(fpl); 5314 return (cache_fpl_handled_error(fpl, ENOTDIR)); 5315 } 5316 5317 /* 5318 * Just re-assign the value. seqc will be checked later for the first 5319 * non-dot path component in line and/or before deciding to return the 5320 * vnode. 5321 */ 5322 fpl->tvp = fpl->dvp; 5323 fpl->tvp_seqc = fpl->dvp_seqc; 5324 5325 SDT_PROBE3(vfs, namecache, lookup, hit, fpl->dvp, ".", fpl->dvp); 5326 5327 error = 0; 5328 if (cache_fplookup_is_mp(fpl)) { 5329 error = cache_fplookup_cross_mount(fpl); 5330 } 5331 return (error); 5332 } 5333 5334 static int __noinline 5335 cache_fplookup_dotdot(struct cache_fpl *fpl) 5336 { 5337 struct nameidata *ndp; 5338 struct namecache *ncp; 5339 struct vnode *dvp; 5340 u_char nc_flag; 5341 5342 ndp = fpl->ndp; 5343 dvp = fpl->dvp; 5344 5345 MPASS(cache_fpl_isdotdot(fpl->cnp)); 5346 5347 /* 5348 * XXX this is racy the same way regular lookup is 5349 */ 5350 if (vfs_lookup_isroot(ndp, dvp)) { 5351 fpl->tvp = dvp; 5352 fpl->tvp_seqc = vn_seqc_read_any(dvp); 5353 if (seqc_in_modify(fpl->tvp_seqc)) { 5354 return (cache_fpl_aborted(fpl)); 5355 } 5356 return (0); 5357 } 5358 5359 if ((dvp->v_vflag & VV_ROOT) != 0) { 5360 /* 5361 * TODO 5362 * The opposite of climb mount is needed here. 5363 */ 5364 return (cache_fpl_partial(fpl)); 5365 } 5366 5367 if (__predict_false(dvp->v_type != VDIR)) { 5368 cache_fpl_smr_exit(fpl); 5369 return (cache_fpl_handled_error(fpl, ENOTDIR)); 5370 } 5371 5372 ncp = atomic_load_consume_ptr(&dvp->v_cache_dd); 5373 if (ncp == NULL) { 5374 return (cache_fpl_aborted(fpl)); 5375 } 5376 5377 nc_flag = atomic_load_char(&ncp->nc_flag); 5378 if ((nc_flag & NCF_ISDOTDOT) != 0) { 5379 if ((nc_flag & NCF_NEGATIVE) != 0) 5380 return (cache_fpl_aborted(fpl)); 5381 fpl->tvp = ncp->nc_vp; 5382 } else { 5383 fpl->tvp = ncp->nc_dvp; 5384 } 5385 5386 fpl->tvp_seqc = vn_seqc_read_any(fpl->tvp); 5387 if (seqc_in_modify(fpl->tvp_seqc)) { 5388 return (cache_fpl_partial(fpl)); 5389 } 5390 5391 /* 5392 * Acquire fence provided by vn_seqc_read_any above. 5393 */ 5394 if (__predict_false(atomic_load_ptr(&dvp->v_cache_dd) != ncp)) { 5395 return (cache_fpl_aborted(fpl)); 5396 } 5397 5398 if (!cache_ncp_canuse(ncp)) { 5399 return (cache_fpl_aborted(fpl)); 5400 } 5401 5402 return (0); 5403 } 5404 5405 static int __noinline 5406 cache_fplookup_neg(struct cache_fpl *fpl, struct namecache *ncp, uint32_t hash) 5407 { 5408 u_char nc_flag __diagused; 5409 bool neg_promote; 5410 5411 #ifdef INVARIANTS 5412 nc_flag = atomic_load_char(&ncp->nc_flag); 5413 MPASS((nc_flag & NCF_NEGATIVE) != 0); 5414 #endif 5415 /* 5416 * If they want to create an entry we need to replace this one. 5417 */ 5418 if (__predict_false(fpl->cnp->cn_nameiop != LOOKUP)) { 5419 fpl->tvp = NULL; 5420 return (cache_fplookup_modifying(fpl)); 5421 } 5422 neg_promote = cache_neg_hit_prep(ncp); 5423 if (!cache_fpl_neg_ncp_canuse(ncp)) { 5424 cache_neg_hit_abort(ncp); 5425 return (cache_fpl_partial(fpl)); 5426 } 5427 if (neg_promote) { 5428 return (cache_fplookup_negative_promote(fpl, ncp, hash)); 5429 } 5430 cache_neg_hit_finish(ncp); 5431 cache_fpl_smr_exit(fpl); 5432 return (cache_fpl_handled_error(fpl, ENOENT)); 5433 } 5434 5435 /* 5436 * Resolve a symlink. Called by filesystem-specific routines. 5437 * 5438 * Code flow is: 5439 * ... -> cache_fplookup_symlink -> VOP_FPLOOKUP_SYMLINK -> cache_symlink_resolve 5440 */ 5441 int 5442 cache_symlink_resolve(struct cache_fpl *fpl, const char *string, size_t len) 5443 { 5444 struct nameidata *ndp; 5445 struct componentname *cnp; 5446 size_t adjust; 5447 5448 ndp = fpl->ndp; 5449 cnp = fpl->cnp; 5450 5451 if (__predict_false(len == 0)) { 5452 return (ENOENT); 5453 } 5454 5455 if (__predict_false(len > MAXPATHLEN - 2)) { 5456 if (cache_fpl_istrailingslash(fpl)) { 5457 return (EAGAIN); 5458 } 5459 } 5460 5461 ndp->ni_pathlen = fpl->nulchar - cnp->cn_nameptr - cnp->cn_namelen + 1; 5462 #ifdef INVARIANTS 5463 if (ndp->ni_pathlen != fpl->debug.ni_pathlen) { 5464 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 5465 __func__, ndp->ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 5466 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 5467 } 5468 #endif 5469 5470 if (__predict_false(len + ndp->ni_pathlen > MAXPATHLEN)) { 5471 return (ENAMETOOLONG); 5472 } 5473 5474 if (__predict_false(ndp->ni_loopcnt++ >= MAXSYMLINKS)) { 5475 return (ELOOP); 5476 } 5477 5478 adjust = len; 5479 if (ndp->ni_pathlen > 1) { 5480 bcopy(ndp->ni_next, cnp->cn_pnbuf + len, ndp->ni_pathlen); 5481 } else { 5482 if (cache_fpl_istrailingslash(fpl)) { 5483 adjust = len + 1; 5484 cnp->cn_pnbuf[len] = '/'; 5485 cnp->cn_pnbuf[len + 1] = '\0'; 5486 } else { 5487 cnp->cn_pnbuf[len] = '\0'; 5488 } 5489 } 5490 bcopy(string, cnp->cn_pnbuf, len); 5491 5492 ndp->ni_pathlen += adjust; 5493 cache_fpl_pathlen_add(fpl, adjust); 5494 cnp->cn_nameptr = cnp->cn_pnbuf; 5495 fpl->nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1]; 5496 fpl->tvp = NULL; 5497 return (0); 5498 } 5499 5500 static int __noinline 5501 cache_fplookup_symlink(struct cache_fpl *fpl) 5502 { 5503 struct mount *mp; 5504 struct nameidata *ndp; 5505 struct componentname *cnp; 5506 struct vnode *dvp, *tvp; 5507 struct pwd *pwd; 5508 int error; 5509 5510 ndp = fpl->ndp; 5511 cnp = fpl->cnp; 5512 dvp = fpl->dvp; 5513 tvp = fpl->tvp; 5514 pwd = *(fpl->pwd); 5515 5516 if (cache_fpl_islastcn(ndp)) { 5517 if ((cnp->cn_flags & FOLLOW) == 0) { 5518 return (cache_fplookup_final(fpl)); 5519 } 5520 } 5521 5522 mp = atomic_load_ptr(&dvp->v_mount); 5523 if (__predict_false(mp == NULL)) { 5524 return (cache_fpl_aborted(fpl)); 5525 } 5526 5527 /* 5528 * Note this check races against setting the flag just like regular 5529 * lookup. 5530 */ 5531 if (__predict_false((mp->mnt_flag & MNT_NOSYMFOLLOW) != 0)) { 5532 cache_fpl_smr_exit(fpl); 5533 return (cache_fpl_handled_error(fpl, EACCES)); 5534 } 5535 5536 error = VOP_FPLOOKUP_SYMLINK(tvp, fpl); 5537 if (__predict_false(error != 0)) { 5538 switch (error) { 5539 case EAGAIN: 5540 return (cache_fpl_partial(fpl)); 5541 case ENOENT: 5542 case ENAMETOOLONG: 5543 case ELOOP: 5544 cache_fpl_smr_exit(fpl); 5545 return (cache_fpl_handled_error(fpl, error)); 5546 default: 5547 return (cache_fpl_aborted(fpl)); 5548 } 5549 } 5550 5551 if (*(cnp->cn_nameptr) == '/') { 5552 fpl->dvp = cache_fpl_handle_root(fpl); 5553 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp); 5554 if (seqc_in_modify(fpl->dvp_seqc)) { 5555 return (cache_fpl_aborted(fpl)); 5556 } 5557 /* 5558 * The main loop assumes that ->dvp points to a vnode belonging 5559 * to a filesystem which can do lockless lookup, but the absolute 5560 * symlink can be wandering off to one which does not. 5561 */ 5562 mp = atomic_load_ptr(&fpl->dvp->v_mount); 5563 if (__predict_false(mp == NULL)) { 5564 return (cache_fpl_aborted(fpl)); 5565 } 5566 if (!cache_fplookup_mp_supported(mp)) { 5567 cache_fpl_checkpoint(fpl); 5568 return (cache_fpl_partial(fpl)); 5569 } 5570 if (__predict_false(pwd->pwd_adir != pwd->pwd_rdir)) { 5571 return (cache_fpl_aborted(fpl)); 5572 } 5573 } 5574 return (0); 5575 } 5576 5577 static int 5578 cache_fplookup_next(struct cache_fpl *fpl) 5579 { 5580 struct componentname *cnp; 5581 struct namecache *ncp; 5582 struct vnode *dvp, *tvp; 5583 u_char nc_flag; 5584 uint32_t hash; 5585 int error; 5586 5587 cnp = fpl->cnp; 5588 dvp = fpl->dvp; 5589 hash = fpl->hash; 5590 5591 if (__predict_false(cnp->cn_nameptr[0] == '.')) { 5592 if (cnp->cn_namelen == 1) { 5593 return (cache_fplookup_dot(fpl)); 5594 } 5595 if (cnp->cn_namelen == 2 && cnp->cn_nameptr[1] == '.') { 5596 return (cache_fplookup_dotdot(fpl)); 5597 } 5598 } 5599 5600 MPASS(!cache_fpl_isdotdot(cnp)); 5601 5602 ncp = cache_ncp_find(dvp, cnp, hash); 5603 if (__predict_false(ncp == NULL)) { 5604 return (cache_fplookup_noentry(fpl)); 5605 } 5606 5607 tvp = atomic_load_ptr(&ncp->nc_vp); 5608 nc_flag = atomic_load_char(&ncp->nc_flag); 5609 if ((nc_flag & NCF_NEGATIVE) != 0) { 5610 return (cache_fplookup_neg(fpl, ncp, hash)); 5611 } 5612 5613 if (!cache_ncp_canuse(ncp)) { 5614 return (cache_fpl_partial(fpl)); 5615 } 5616 5617 fpl->tvp = tvp; 5618 fpl->tvp_seqc = vn_seqc_read_any(tvp); 5619 if (seqc_in_modify(fpl->tvp_seqc)) { 5620 return (cache_fpl_partial(fpl)); 5621 } 5622 5623 counter_u64_add(numposhits, 1); 5624 SDT_PROBE3(vfs, namecache, lookup, hit, dvp, ncp->nc_name, tvp); 5625 5626 error = 0; 5627 if (cache_fplookup_is_mp(fpl)) { 5628 error = cache_fplookup_cross_mount(fpl); 5629 } 5630 return (error); 5631 } 5632 5633 static bool 5634 cache_fplookup_mp_supported(struct mount *mp) 5635 { 5636 5637 MPASS(mp != NULL); 5638 if ((mp->mnt_kern_flag & MNTK_FPLOOKUP) == 0) 5639 return (false); 5640 return (true); 5641 } 5642 5643 /* 5644 * Walk up the mount stack (if any). 5645 * 5646 * Correctness is provided in the following ways: 5647 * - all vnodes are protected from freeing with SMR 5648 * - struct mount objects are type stable making them always safe to access 5649 * - stability of the particular mount is provided by busying it 5650 * - relationship between the vnode which is mounted on and the mount is 5651 * verified with the vnode sequence counter after busying 5652 * - association between root vnode of the mount and the mount is protected 5653 * by busy 5654 * 5655 * From that point on we can read the sequence counter of the root vnode 5656 * and get the next mount on the stack (if any) using the same protection. 5657 * 5658 * By the end of successful walk we are guaranteed the reached state was 5659 * indeed present at least at some point which matches the regular lookup. 5660 */ 5661 static int __noinline 5662 cache_fplookup_climb_mount(struct cache_fpl *fpl) 5663 { 5664 struct mount *mp, *prev_mp; 5665 struct mount_pcpu *mpcpu, *prev_mpcpu; 5666 struct vnode *vp; 5667 seqc_t vp_seqc; 5668 5669 vp = fpl->tvp; 5670 vp_seqc = fpl->tvp_seqc; 5671 5672 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp); 5673 mp = atomic_load_ptr(&vp->v_mountedhere); 5674 if (__predict_false(mp == NULL)) { 5675 return (0); 5676 } 5677 5678 prev_mp = NULL; 5679 for (;;) { 5680 if (!vfs_op_thread_enter_crit(mp, mpcpu)) { 5681 if (prev_mp != NULL) 5682 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5683 return (cache_fpl_partial(fpl)); 5684 } 5685 if (prev_mp != NULL) 5686 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5687 if (!vn_seqc_consistent(vp, vp_seqc)) { 5688 vfs_op_thread_exit_crit(mp, mpcpu); 5689 return (cache_fpl_partial(fpl)); 5690 } 5691 if (!cache_fplookup_mp_supported(mp)) { 5692 vfs_op_thread_exit_crit(mp, mpcpu); 5693 return (cache_fpl_partial(fpl)); 5694 } 5695 vp = atomic_load_ptr(&mp->mnt_rootvnode); 5696 if (vp == NULL) { 5697 vfs_op_thread_exit_crit(mp, mpcpu); 5698 return (cache_fpl_partial(fpl)); 5699 } 5700 vp_seqc = vn_seqc_read_any(vp); 5701 if (seqc_in_modify(vp_seqc)) { 5702 vfs_op_thread_exit_crit(mp, mpcpu); 5703 return (cache_fpl_partial(fpl)); 5704 } 5705 prev_mp = mp; 5706 prev_mpcpu = mpcpu; 5707 mp = atomic_load_ptr(&vp->v_mountedhere); 5708 if (mp == NULL) 5709 break; 5710 } 5711 5712 vfs_op_thread_exit_crit(prev_mp, prev_mpcpu); 5713 fpl->tvp = vp; 5714 fpl->tvp_seqc = vp_seqc; 5715 return (0); 5716 } 5717 5718 static int __noinline 5719 cache_fplookup_cross_mount(struct cache_fpl *fpl) 5720 { 5721 struct mount *mp; 5722 struct mount_pcpu *mpcpu; 5723 struct vnode *vp; 5724 seqc_t vp_seqc; 5725 5726 vp = fpl->tvp; 5727 vp_seqc = fpl->tvp_seqc; 5728 5729 VNPASS(vp->v_type == VDIR || vp->v_type == VREG || vp->v_type == VBAD, vp); 5730 mp = atomic_load_ptr(&vp->v_mountedhere); 5731 if (__predict_false(mp == NULL)) { 5732 return (0); 5733 } 5734 5735 if (!vfs_op_thread_enter_crit(mp, mpcpu)) { 5736 return (cache_fpl_partial(fpl)); 5737 } 5738 if (!vn_seqc_consistent(vp, vp_seqc)) { 5739 vfs_op_thread_exit_crit(mp, mpcpu); 5740 return (cache_fpl_partial(fpl)); 5741 } 5742 if (!cache_fplookup_mp_supported(mp)) { 5743 vfs_op_thread_exit_crit(mp, mpcpu); 5744 return (cache_fpl_partial(fpl)); 5745 } 5746 vp = atomic_load_ptr(&mp->mnt_rootvnode); 5747 if (__predict_false(vp == NULL)) { 5748 vfs_op_thread_exit_crit(mp, mpcpu); 5749 return (cache_fpl_partial(fpl)); 5750 } 5751 vp_seqc = vn_seqc_read_any(vp); 5752 vfs_op_thread_exit_crit(mp, mpcpu); 5753 if (seqc_in_modify(vp_seqc)) { 5754 return (cache_fpl_partial(fpl)); 5755 } 5756 mp = atomic_load_ptr(&vp->v_mountedhere); 5757 if (__predict_false(mp != NULL)) { 5758 /* 5759 * There are possibly more mount points on top. 5760 * Normally this does not happen so for simplicity just start 5761 * over. 5762 */ 5763 return (cache_fplookup_climb_mount(fpl)); 5764 } 5765 5766 fpl->tvp = vp; 5767 fpl->tvp_seqc = vp_seqc; 5768 return (0); 5769 } 5770 5771 /* 5772 * Check if a vnode is mounted on. 5773 */ 5774 static bool 5775 cache_fplookup_is_mp(struct cache_fpl *fpl) 5776 { 5777 struct vnode *vp; 5778 5779 vp = fpl->tvp; 5780 return ((vn_irflag_read(vp) & VIRF_MOUNTPOINT) != 0); 5781 } 5782 5783 /* 5784 * Parse the path. 5785 * 5786 * The code was originally copy-pasted from regular lookup and despite 5787 * clean ups leaves performance on the table. Any modifications here 5788 * must take into account that in case off fallback the resulting 5789 * nameidata state has to be compatible with the original. 5790 */ 5791 5792 /* 5793 * Debug ni_pathlen tracking. 5794 */ 5795 #ifdef INVARIANTS 5796 static void 5797 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n) 5798 { 5799 5800 fpl->debug.ni_pathlen += n; 5801 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX, 5802 ("%s: pathlen overflow to %zd\n", __func__, fpl->debug.ni_pathlen)); 5803 } 5804 5805 static void 5806 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n) 5807 { 5808 5809 fpl->debug.ni_pathlen -= n; 5810 KASSERT(fpl->debug.ni_pathlen <= PATH_MAX, 5811 ("%s: pathlen underflow to %zd\n", __func__, fpl->debug.ni_pathlen)); 5812 } 5813 5814 static void 5815 cache_fpl_pathlen_inc(struct cache_fpl *fpl) 5816 { 5817 5818 cache_fpl_pathlen_add(fpl, 1); 5819 } 5820 5821 static void 5822 cache_fpl_pathlen_dec(struct cache_fpl *fpl) 5823 { 5824 5825 cache_fpl_pathlen_sub(fpl, 1); 5826 } 5827 #else 5828 static void 5829 cache_fpl_pathlen_add(struct cache_fpl *fpl, size_t n) 5830 { 5831 } 5832 5833 static void 5834 cache_fpl_pathlen_sub(struct cache_fpl *fpl, size_t n) 5835 { 5836 } 5837 5838 static void 5839 cache_fpl_pathlen_inc(struct cache_fpl *fpl) 5840 { 5841 } 5842 5843 static void 5844 cache_fpl_pathlen_dec(struct cache_fpl *fpl) 5845 { 5846 } 5847 #endif 5848 5849 static void 5850 cache_fplookup_parse(struct cache_fpl *fpl) 5851 { 5852 struct nameidata *ndp; 5853 struct componentname *cnp; 5854 struct vnode *dvp; 5855 char *cp; 5856 uint32_t hash; 5857 5858 ndp = fpl->ndp; 5859 cnp = fpl->cnp; 5860 dvp = fpl->dvp; 5861 5862 /* 5863 * Find the end of this path component, it is either / or nul. 5864 * 5865 * Store / as a temporary sentinel so that we only have one character 5866 * to test for. Pathnames tend to be short so this should not be 5867 * resulting in cache misses. 5868 * 5869 * TODO: fix this to be word-sized. 5870 */ 5871 MPASS(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] >= cnp->cn_pnbuf); 5872 KASSERT(&cnp->cn_nameptr[fpl->debug.ni_pathlen - 1] == fpl->nulchar, 5873 ("%s: mismatch between pathlen (%zu) and nulchar (%p != %p), string [%s]\n", 5874 __func__, fpl->debug.ni_pathlen, &cnp->cn_nameptr[fpl->debug.ni_pathlen - 1], 5875 fpl->nulchar, cnp->cn_pnbuf)); 5876 KASSERT(*fpl->nulchar == '\0', 5877 ("%s: expected nul at %p; string [%s]\n", __func__, fpl->nulchar, 5878 cnp->cn_pnbuf)); 5879 hash = cache_get_hash_iter_start(dvp); 5880 *fpl->nulchar = '/'; 5881 for (cp = cnp->cn_nameptr; *cp != '/'; cp++) { 5882 KASSERT(*cp != '\0', 5883 ("%s: encountered unexpected nul; string [%s]\n", __func__, 5884 cnp->cn_nameptr)); 5885 hash = cache_get_hash_iter(*cp, hash); 5886 continue; 5887 } 5888 *fpl->nulchar = '\0'; 5889 fpl->hash = cache_get_hash_iter_finish(hash); 5890 5891 cnp->cn_namelen = cp - cnp->cn_nameptr; 5892 cache_fpl_pathlen_sub(fpl, cnp->cn_namelen); 5893 5894 #ifdef INVARIANTS 5895 /* 5896 * cache_get_hash only accepts lengths up to NAME_MAX. This is fine since 5897 * we are going to fail this lookup with ENAMETOOLONG (see below). 5898 */ 5899 if (cnp->cn_namelen <= NAME_MAX) { 5900 if (fpl->hash != cache_get_hash(cnp->cn_nameptr, cnp->cn_namelen, dvp)) { 5901 panic("%s: mismatched hash for [%s] len %ld", __func__, 5902 cnp->cn_nameptr, cnp->cn_namelen); 5903 } 5904 } 5905 #endif 5906 5907 /* 5908 * Hack: we have to check if the found path component's length exceeds 5909 * NAME_MAX. However, the condition is very rarely true and check can 5910 * be elided in the common case -- if an entry was found in the cache, 5911 * then it could not have been too long to begin with. 5912 */ 5913 ndp->ni_next = cp; 5914 } 5915 5916 static void 5917 cache_fplookup_parse_advance(struct cache_fpl *fpl) 5918 { 5919 struct nameidata *ndp; 5920 struct componentname *cnp; 5921 5922 ndp = fpl->ndp; 5923 cnp = fpl->cnp; 5924 5925 cnp->cn_nameptr = ndp->ni_next; 5926 KASSERT(*(cnp->cn_nameptr) == '/', 5927 ("%s: should have seen slash at %p ; buf %p [%s]\n", __func__, 5928 cnp->cn_nameptr, cnp->cn_pnbuf, cnp->cn_pnbuf)); 5929 cnp->cn_nameptr++; 5930 cache_fpl_pathlen_dec(fpl); 5931 } 5932 5933 /* 5934 * Skip spurious slashes in a pathname (e.g., "foo///bar") and retry. 5935 * 5936 * Lockless lookup tries to elide checking for spurious slashes and should they 5937 * be present is guaranteed to fail to find an entry. In this case the caller 5938 * must check if the name starts with a slash and call this routine. It is 5939 * going to fast forward across the spurious slashes and set the state up for 5940 * retry. 5941 */ 5942 static int __noinline 5943 cache_fplookup_skip_slashes(struct cache_fpl *fpl) 5944 { 5945 struct nameidata *ndp; 5946 struct componentname *cnp; 5947 5948 ndp = fpl->ndp; 5949 cnp = fpl->cnp; 5950 5951 MPASS(*(cnp->cn_nameptr) == '/'); 5952 do { 5953 cnp->cn_nameptr++; 5954 cache_fpl_pathlen_dec(fpl); 5955 } while (*(cnp->cn_nameptr) == '/'); 5956 5957 /* 5958 * Go back to one slash so that cache_fplookup_parse_advance has 5959 * something to skip. 5960 */ 5961 cnp->cn_nameptr--; 5962 cache_fpl_pathlen_inc(fpl); 5963 5964 /* 5965 * cache_fplookup_parse_advance starts from ndp->ni_next 5966 */ 5967 ndp->ni_next = cnp->cn_nameptr; 5968 5969 /* 5970 * See cache_fplookup_dot. 5971 */ 5972 fpl->tvp = fpl->dvp; 5973 fpl->tvp_seqc = fpl->dvp_seqc; 5974 5975 return (0); 5976 } 5977 5978 /* 5979 * Handle trailing slashes (e.g., "foo/"). 5980 * 5981 * If a trailing slash is found the terminal vnode must be a directory. 5982 * Regular lookup shortens the path by nulifying the first trailing slash and 5983 * sets the TRAILINGSLASH flag to denote this took place. There are several 5984 * checks on it performed later. 5985 * 5986 * Similarly to spurious slashes, lockless lookup handles this in a speculative 5987 * manner relying on an invariant that a non-directory vnode will get a miss. 5988 * In this case cn_nameptr[0] == '\0' and cn_namelen == 0. 5989 * 5990 * Thus for a path like "foo/bar/" the code unwinds the state back to "bar/" 5991 * and denotes this is the last path component, which avoids looping back. 5992 * 5993 * Only plain lookups are supported for now to restrict corner cases to handle. 5994 */ 5995 static int __noinline 5996 cache_fplookup_trailingslash(struct cache_fpl *fpl) 5997 { 5998 #ifdef INVARIANTS 5999 size_t ni_pathlen; 6000 #endif 6001 struct nameidata *ndp; 6002 struct componentname *cnp; 6003 struct namecache *ncp; 6004 struct vnode *tvp; 6005 char *cn_nameptr_orig, *cn_nameptr_slash; 6006 seqc_t tvp_seqc; 6007 u_char nc_flag; 6008 6009 ndp = fpl->ndp; 6010 cnp = fpl->cnp; 6011 tvp = fpl->tvp; 6012 tvp_seqc = fpl->tvp_seqc; 6013 6014 MPASS(fpl->dvp == fpl->tvp); 6015 KASSERT(cache_fpl_istrailingslash(fpl), 6016 ("%s: expected trailing slash at %p; string [%s]\n", __func__, fpl->nulchar - 1, 6017 cnp->cn_pnbuf)); 6018 KASSERT(cnp->cn_nameptr[0] == '\0', 6019 ("%s: expected nul char at %p; string [%s]\n", __func__, &cnp->cn_nameptr[0], 6020 cnp->cn_pnbuf)); 6021 KASSERT(cnp->cn_namelen == 0, 6022 ("%s: namelen 0 but got %ld; string [%s]\n", __func__, cnp->cn_namelen, 6023 cnp->cn_pnbuf)); 6024 MPASS(cnp->cn_nameptr > cnp->cn_pnbuf); 6025 6026 if (cnp->cn_nameiop != LOOKUP) { 6027 return (cache_fpl_aborted(fpl)); 6028 } 6029 6030 if (__predict_false(tvp->v_type != VDIR)) { 6031 if (!vn_seqc_consistent(tvp, tvp_seqc)) { 6032 return (cache_fpl_aborted(fpl)); 6033 } 6034 cache_fpl_smr_exit(fpl); 6035 return (cache_fpl_handled_error(fpl, ENOTDIR)); 6036 } 6037 6038 /* 6039 * Denote the last component. 6040 */ 6041 ndp->ni_next = &cnp->cn_nameptr[0]; 6042 MPASS(cache_fpl_islastcn(ndp)); 6043 6044 /* 6045 * Unwind trailing slashes. 6046 */ 6047 cn_nameptr_orig = cnp->cn_nameptr; 6048 while (cnp->cn_nameptr >= cnp->cn_pnbuf) { 6049 cnp->cn_nameptr--; 6050 if (cnp->cn_nameptr[0] != '/') { 6051 break; 6052 } 6053 } 6054 6055 /* 6056 * Unwind to the beginning of the path component. 6057 * 6058 * Note the path may or may not have started with a slash. 6059 */ 6060 cn_nameptr_slash = cnp->cn_nameptr; 6061 while (cnp->cn_nameptr > cnp->cn_pnbuf) { 6062 cnp->cn_nameptr--; 6063 if (cnp->cn_nameptr[0] == '/') { 6064 break; 6065 } 6066 } 6067 if (cnp->cn_nameptr[0] == '/') { 6068 cnp->cn_nameptr++; 6069 } 6070 6071 cnp->cn_namelen = cn_nameptr_slash - cnp->cn_nameptr + 1; 6072 cache_fpl_pathlen_add(fpl, cn_nameptr_orig - cnp->cn_nameptr); 6073 cache_fpl_checkpoint(fpl); 6074 6075 #ifdef INVARIANTS 6076 ni_pathlen = fpl->nulchar - cnp->cn_nameptr + 1; 6077 if (ni_pathlen != fpl->debug.ni_pathlen) { 6078 panic("%s: mismatch (%zu != %zu) nulchar %p nameptr %p [%s] ; full string [%s]\n", 6079 __func__, ni_pathlen, fpl->debug.ni_pathlen, fpl->nulchar, 6080 cnp->cn_nameptr, cnp->cn_nameptr, cnp->cn_pnbuf); 6081 } 6082 #endif 6083 6084 /* 6085 * If this was a "./" lookup the parent directory is already correct. 6086 */ 6087 if (cnp->cn_nameptr[0] == '.' && cnp->cn_namelen == 1) { 6088 return (0); 6089 } 6090 6091 /* 6092 * Otherwise we need to look it up. 6093 */ 6094 tvp = fpl->tvp; 6095 ncp = atomic_load_consume_ptr(&tvp->v_cache_dd); 6096 if (__predict_false(ncp == NULL)) { 6097 return (cache_fpl_aborted(fpl)); 6098 } 6099 nc_flag = atomic_load_char(&ncp->nc_flag); 6100 if ((nc_flag & NCF_ISDOTDOT) != 0) { 6101 return (cache_fpl_aborted(fpl)); 6102 } 6103 fpl->dvp = ncp->nc_dvp; 6104 fpl->dvp_seqc = vn_seqc_read_any(fpl->dvp); 6105 if (seqc_in_modify(fpl->dvp_seqc)) { 6106 return (cache_fpl_aborted(fpl)); 6107 } 6108 return (0); 6109 } 6110 6111 /* 6112 * See the API contract for VOP_FPLOOKUP_VEXEC. 6113 */ 6114 static int __noinline 6115 cache_fplookup_failed_vexec(struct cache_fpl *fpl, int error) 6116 { 6117 struct componentname *cnp; 6118 struct vnode *dvp; 6119 seqc_t dvp_seqc; 6120 6121 cnp = fpl->cnp; 6122 dvp = fpl->dvp; 6123 dvp_seqc = fpl->dvp_seqc; 6124 6125 /* 6126 * Hack: delayed empty path checking. 6127 */ 6128 if (cnp->cn_pnbuf[0] == '\0') { 6129 return (cache_fplookup_emptypath(fpl)); 6130 } 6131 6132 /* 6133 * TODO: Due to ignoring trailing slashes lookup will perform a 6134 * permission check on the last dir when it should not be doing it. It 6135 * may fail, but said failure should be ignored. It is possible to fix 6136 * it up fully without resorting to regular lookup, but for now just 6137 * abort. 6138 */ 6139 if (cache_fpl_istrailingslash(fpl)) { 6140 return (cache_fpl_aborted(fpl)); 6141 } 6142 6143 /* 6144 * Hack: delayed degenerate path checking. 6145 */ 6146 if (cnp->cn_nameptr[0] == '\0' && fpl->tvp == NULL) { 6147 return (cache_fplookup_degenerate(fpl)); 6148 } 6149 6150 /* 6151 * Hack: delayed name len checking. 6152 */ 6153 if (__predict_false(cnp->cn_namelen > NAME_MAX)) { 6154 cache_fpl_smr_exit(fpl); 6155 return (cache_fpl_handled_error(fpl, ENAMETOOLONG)); 6156 } 6157 6158 /* 6159 * Hack: they may be looking up foo/bar, where foo is not a directory. 6160 * In such a case we need to return ENOTDIR, but we may happen to get 6161 * here with a different error. 6162 */ 6163 if (dvp->v_type != VDIR) { 6164 error = ENOTDIR; 6165 } 6166 6167 /* 6168 * Hack: handle O_SEARCH. 6169 * 6170 * Open Group Base Specifications Issue 7, 2018 edition states: 6171 * <quote> 6172 * If the access mode of the open file description associated with the 6173 * file descriptor is not O_SEARCH, the function shall check whether 6174 * directory searches are permitted using the current permissions of 6175 * the directory underlying the file descriptor. If the access mode is 6176 * O_SEARCH, the function shall not perform the check. 6177 * </quote> 6178 * 6179 * Regular lookup tests for the NOEXECCHECK flag for every path 6180 * component to decide whether to do the permission check. However, 6181 * since most lookups never have the flag (and when they do it is only 6182 * present for the first path component), lockless lookup only acts on 6183 * it if there is a permission problem. Here the flag is represented 6184 * with a boolean so that we don't have to clear it on the way out. 6185 * 6186 * For simplicity this always aborts. 6187 * TODO: check if this is the first lookup and ignore the permission 6188 * problem. Note the flag has to survive fallback (if it happens to be 6189 * performed). 6190 */ 6191 if (fpl->fsearch) { 6192 return (cache_fpl_aborted(fpl)); 6193 } 6194 6195 switch (error) { 6196 case EAGAIN: 6197 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 6198 error = cache_fpl_aborted(fpl); 6199 } else { 6200 cache_fpl_partial(fpl); 6201 } 6202 break; 6203 default: 6204 if (!vn_seqc_consistent(dvp, dvp_seqc)) { 6205 error = cache_fpl_aborted(fpl); 6206 } else { 6207 cache_fpl_smr_exit(fpl); 6208 cache_fpl_handled_error(fpl, error); 6209 } 6210 break; 6211 } 6212 return (error); 6213 } 6214 6215 static int 6216 cache_fplookup_impl(struct vnode *dvp, struct cache_fpl *fpl) 6217 { 6218 struct nameidata *ndp; 6219 struct componentname *cnp; 6220 struct mount *mp; 6221 int error; 6222 6223 ndp = fpl->ndp; 6224 cnp = fpl->cnp; 6225 6226 cache_fpl_checkpoint(fpl); 6227 6228 /* 6229 * The vnode at hand is almost always stable, skip checking for it. 6230 * Worst case this postpones the check towards the end of the iteration 6231 * of the main loop. 6232 */ 6233 fpl->dvp = dvp; 6234 fpl->dvp_seqc = vn_seqc_read_notmodify(fpl->dvp); 6235 6236 mp = atomic_load_ptr(&dvp->v_mount); 6237 if (__predict_false(mp == NULL || !cache_fplookup_mp_supported(mp))) { 6238 return (cache_fpl_aborted(fpl)); 6239 } 6240 6241 MPASS(fpl->tvp == NULL); 6242 6243 for (;;) { 6244 cache_fplookup_parse(fpl); 6245 6246 error = VOP_FPLOOKUP_VEXEC(fpl->dvp, cnp->cn_cred); 6247 if (__predict_false(error != 0)) { 6248 error = cache_fplookup_failed_vexec(fpl, error); 6249 break; 6250 } 6251 6252 error = cache_fplookup_next(fpl); 6253 if (__predict_false(cache_fpl_terminated(fpl))) { 6254 break; 6255 } 6256 6257 VNPASS(!seqc_in_modify(fpl->tvp_seqc), fpl->tvp); 6258 6259 if (fpl->tvp->v_type == VLNK) { 6260 error = cache_fplookup_symlink(fpl); 6261 if (cache_fpl_terminated(fpl)) { 6262 break; 6263 } 6264 } else { 6265 if (cache_fpl_islastcn(ndp)) { 6266 error = cache_fplookup_final(fpl); 6267 break; 6268 } 6269 6270 if (!vn_seqc_consistent(fpl->dvp, fpl->dvp_seqc)) { 6271 error = cache_fpl_aborted(fpl); 6272 break; 6273 } 6274 6275 fpl->dvp = fpl->tvp; 6276 fpl->dvp_seqc = fpl->tvp_seqc; 6277 cache_fplookup_parse_advance(fpl); 6278 } 6279 6280 cache_fpl_checkpoint(fpl); 6281 } 6282 6283 return (error); 6284 } 6285 6286 /* 6287 * Fast path lookup protected with SMR and sequence counters. 6288 * 6289 * Note: all VOP_FPLOOKUP_VEXEC routines have a comment referencing this one. 6290 * 6291 * Filesystems can opt in by setting the MNTK_FPLOOKUP flag and meeting criteria 6292 * outlined below. 6293 * 6294 * Traditional vnode lookup conceptually looks like this: 6295 * 6296 * vn_lock(current); 6297 * for (;;) { 6298 * next = find(); 6299 * vn_lock(next); 6300 * vn_unlock(current); 6301 * current = next; 6302 * if (last) 6303 * break; 6304 * } 6305 * return (current); 6306 * 6307 * Each jump to the next vnode is safe memory-wise and atomic with respect to 6308 * any modifications thanks to holding respective locks. 6309 * 6310 * The same guarantee can be provided with a combination of safe memory 6311 * reclamation and sequence counters instead. If all operations which affect 6312 * the relationship between the current vnode and the one we are looking for 6313 * also modify the counter, we can verify whether all the conditions held as 6314 * we made the jump. This includes things like permissions, mount points etc. 6315 * Counter modification is provided by enclosing relevant places in 6316 * vn_seqc_write_begin()/end() calls. 6317 * 6318 * Thus this translates to: 6319 * 6320 * vfs_smr_enter(); 6321 * dvp_seqc = seqc_read_any(dvp); 6322 * if (seqc_in_modify(dvp_seqc)) // someone is altering the vnode 6323 * abort(); 6324 * for (;;) { 6325 * tvp = find(); 6326 * tvp_seqc = seqc_read_any(tvp); 6327 * if (seqc_in_modify(tvp_seqc)) // someone is altering the target vnode 6328 * abort(); 6329 * if (!seqc_consistent(dvp, dvp_seqc) // someone is altering the vnode 6330 * abort(); 6331 * dvp = tvp; // we know nothing of importance has changed 6332 * dvp_seqc = tvp_seqc; // store the counter for the tvp iteration 6333 * if (last) 6334 * break; 6335 * } 6336 * vget(); // secure the vnode 6337 * if (!seqc_consistent(tvp, tvp_seqc) // final check 6338 * abort(); 6339 * // at this point we know nothing has changed for any parent<->child pair 6340 * // as they were crossed during the lookup, meaning we matched the guarantee 6341 * // of the locked variant 6342 * return (tvp); 6343 * 6344 * The API contract for VOP_FPLOOKUP_VEXEC routines is as follows: 6345 * - they are called while within vfs_smr protection which they must never exit 6346 * - EAGAIN can be returned to denote checking could not be performed, it is 6347 * always valid to return it 6348 * - if the sequence counter has not changed the result must be valid 6349 * - if the sequence counter has changed both false positives and false negatives 6350 * are permitted (since the result will be rejected later) 6351 * - for simple cases of unix permission checks vaccess_vexec_smr can be used 6352 * 6353 * Caveats to watch out for: 6354 * - vnodes are passed unlocked and unreferenced with nothing stopping 6355 * VOP_RECLAIM, in turn meaning that ->v_data can become NULL. It is advised 6356 * to use atomic_load_ptr to fetch it. 6357 * - the aforementioned object can also get freed, meaning absent other means it 6358 * should be protected with vfs_smr 6359 * - either safely checking permissions as they are modified or guaranteeing 6360 * their stability is left to the routine 6361 */ 6362 int 6363 cache_fplookup(struct nameidata *ndp, enum cache_fpl_status *status, 6364 struct pwd **pwdp) 6365 { 6366 struct cache_fpl fpl; 6367 struct pwd *pwd; 6368 struct vnode *dvp; 6369 struct componentname *cnp; 6370 int error; 6371 6372 fpl.status = CACHE_FPL_STATUS_UNSET; 6373 fpl.in_smr = false; 6374 fpl.ndp = ndp; 6375 fpl.cnp = cnp = &ndp->ni_cnd; 6376 MPASS(ndp->ni_lcf == 0); 6377 KASSERT ((cnp->cn_flags & CACHE_FPL_INTERNAL_CN_FLAGS) == 0, 6378 ("%s: internal flags found in cn_flags %" PRIx64, __func__, 6379 cnp->cn_flags)); 6380 MPASS(cnp->cn_nameptr == cnp->cn_pnbuf); 6381 MPASS(ndp->ni_resflags == 0); 6382 6383 if (__predict_false(!cache_can_fplookup(&fpl))) { 6384 *status = fpl.status; 6385 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status); 6386 return (EOPNOTSUPP); 6387 } 6388 6389 cache_fpl_checkpoint_outer(&fpl); 6390 6391 cache_fpl_smr_enter_initial(&fpl); 6392 #ifdef INVARIANTS 6393 fpl.debug.ni_pathlen = ndp->ni_pathlen; 6394 #endif 6395 fpl.nulchar = &cnp->cn_nameptr[ndp->ni_pathlen - 1]; 6396 fpl.fsearch = false; 6397 fpl.tvp = NULL; /* for degenerate path handling */ 6398 fpl.pwd = pwdp; 6399 pwd = pwd_get_smr(); 6400 *(fpl.pwd) = pwd; 6401 namei_setup_rootdir(ndp, cnp, pwd); 6402 ndp->ni_topdir = pwd->pwd_jdir; 6403 6404 if (cnp->cn_pnbuf[0] == '/') { 6405 dvp = cache_fpl_handle_root(&fpl); 6406 ndp->ni_resflags = NIRES_ABS; 6407 } else { 6408 if (ndp->ni_dirfd == AT_FDCWD) { 6409 dvp = pwd->pwd_cdir; 6410 } else { 6411 error = cache_fplookup_dirfd(&fpl, &dvp); 6412 if (__predict_false(error != 0)) { 6413 goto out; 6414 } 6415 } 6416 } 6417 6418 SDT_PROBE4(vfs, namei, lookup, entry, dvp, cnp->cn_pnbuf, cnp->cn_flags, true); 6419 error = cache_fplookup_impl(dvp, &fpl); 6420 out: 6421 cache_fpl_smr_assert_not_entered(&fpl); 6422 cache_fpl_assert_status(&fpl); 6423 *status = fpl.status; 6424 if (SDT_PROBES_ENABLED()) { 6425 SDT_PROBE3(vfs, fplookup, lookup, done, ndp, fpl.line, fpl.status); 6426 if (fpl.status == CACHE_FPL_STATUS_HANDLED) 6427 SDT_PROBE4(vfs, namei, lookup, return, error, ndp->ni_vp, true, 6428 ndp); 6429 } 6430 6431 if (__predict_true(fpl.status == CACHE_FPL_STATUS_HANDLED)) { 6432 MPASS(error != CACHE_FPL_FAILED); 6433 if (error != 0) { 6434 cache_fpl_cleanup_cnp(fpl.cnp); 6435 MPASS(fpl.dvp == NULL); 6436 MPASS(fpl.tvp == NULL); 6437 } 6438 ndp->ni_dvp = fpl.dvp; 6439 ndp->ni_vp = fpl.tvp; 6440 } 6441 return (error); 6442 } 6443